VMware 2015: Next Horizon for Cloud Networking and Security

50 %
50 %
Information about VMware 2015: Next Horizon for Cloud Networking and Security

Published on July 8, 2016

Author: VMworld

Source: slideshare.net

1. The Next Horizon for Cloud Networking and Security Guido Appenzeller, VMware, Inc NET6639-S #NET6639

2. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer CONFIDENTIAL 2

3. The Next Horizon for Cloud Networking and Security Guido Appenzeller Chief Technology & Strategy Officer Networking & Security VMware

4. NSX Customer and Business Momentum Organizations have invested $1M+ in NSX 65+ NSX Customers 700+ Production Deployments (adding 25-50 per quarter) 100+

5. Networking is a Software Industry

6. Two Tier Infrastructure Model VM or server workloads and network are separate security domains Physical Servers Physical Network Infrastructure Internet

7. Two Tier Infrastructure Model VM or server workloads and network are separate security domains Virtual Machines Physical Network Infrastructure Internet

8. Virtual Machines Physical Network Infrastructure Internet Network Virtualization NSX provides connectivity, security and services across your end points Virtual Machines Physical Network Infrastructure Internet Virtual Infrastructure Application Demands • Many different Applications • Different Compliance & Security Needs • Frequent Change Hardware Complexity • Multiple Vendors • Different Architectures • Multiple Locations NSX Network Virtualization • Speed & Automation • Agility • Security & Policy

9. Virtual Machines Physical Network Infrastructure Internet Applications Physical Network Infrastructure Internet Virtual Infrastructure Multiple Hypervisor Support • vSphere/ESXi • KVM Hardware Complexity • Multiple Vendors • Different Architectures • Multiple Locations NSX Network Virtualization • Automation • Security & Policy • Service Insertion Network Virtualization NSX provides connectivity, security and services across your end points

10. NSX in Open Source Environments Organizations Contributing to Open vSwitch 60 Of NSX Production Deployments use OpenStack 20% KVM VMs in a single NSX deployment 100k+

11. Virtual Machines Physical Network Infrastructure Internet Applications Physical Network Infrastructure Internet Virtual Infrastructure NSX – The market leader for Virtual Networking For ESX and Open Source

12. Where do we go from here?

13. Host Hypervisor Containers Containers are emerging as the application management layer of choice App bin/libs OS App bin/libs OS App bin/libs OS bin/libs OS Application ContainersVM Applications Application Containers Host App App App App App App App App App Containers bin/libs

14. NSX Container Deployments Today Containers run inside of VMs • Group containers of one application inside a VM • Containers often behind NAT • No container level networking Does this make sense? It actually does… 14 This is how Enterprises are using NSX containers VM Container Container Container Container Hypervisor VM Container Container Container Container vSwitch

15. Container Security 15 Vulnerable Application Vault Vault Website Website Website Website Internet Database Port 80 Internal network

16. Application Level Vulnerability 16 “Improving” the capacity indicator

17. Containers – do we still need a Hypervisor? 17 Lack of isolation allows an attacker to move around Vault Vault Website Website Website Website Internet Database Port 80 Internal network Confidential Information

18. Containers – do we still need a Hypervisor? 18 Privilege escalation can lead to container host compromise Vault Vault Website Website Website Website Internet Database Port 80 Internal network Confidential Information

19. Containers – do we still need a Hypervisor? 19 NSX provides segmentation, visibility and integration Website Website Website Website Internet Port 80 Internal network Physical Network Infrastructure Vault Vault Database Datacenter HONEY POT VULNERABILITY SCANNER Micro- segmentation Alert Connection to data center

20. 20

21. Micro- segmentation Alert Connection to data center Why NSX for Containers? 21 • Segment Applications • Stateful Firewall • Limit Attacker’s Movement • Per-flow tracking • Alerts for suspicious behavior • Virtual taps • Monitoring • Security, Incident Response, Forensics • Access to backend systems

22. Virtual Machines Physical Network Infrastructure Internet Network Virtualization NSX provides support for third generation applications Applications Physical Network Infrastructure Internet Virtual Infrastructure Application Demands • vSphere/ESXi • KVM • Third Generation Applications Hardware Complexity • Multiple Vendors • Different Architectures • Multiple Locations NSX Network Virtualization • Automation • Security & Policy • Service Insertion

23. The Public Cloud New Opportunities: • On-demand resources • Capacity in any geography • Instant provisioning New Challenges: • Security & Compliance • Connectivity with on-premises • Cloud lock-in

24. Power of Cloud: Workload Mobility

25. Lock-In Through Services Storage Service Load Balancing Service Firewall Service Storage Service Load Balancing Service Firewall Service Storage Service Load Balancing Service Firewall Service

26. Cloud: Just New Silos? Storage Service Load Balancing Service Firewall Service Storage Service Load Balancing Service Firewall Service Storage Service Load Balancing Service Firewall Service

27. NSX BYOI – Bring Your Own Infrastructure Storage Service Load Balancing Service Firewall Service Storage Service Load Balancing Service Firewall Service Storage Service Load Balancing Service Firewall Service

28. Tech-Preview: NSX for Amazon Web Services 28 Native support for AWS instances with coherent services and security posture for on and off-premise 2828 Data Center Web Server HR Server IT Administrator Defines network and security policy Internet

29. NSX for Amazon Web Services 29 Native support for AWS instances with coherent services and security posture for on and off-premise 29 Data Center Web Server HR Server IT Administrator Defines network and security policy Internet

30. NSX for Amazon Web Services On-Premise NSX/vSphere • AWS instances are added to logical switch • Consistent security posture on-premise and in cloud • AWS instances leverage services 30 Native support for AWS instances with coherent services and security posture for on and off-premise 30 AWS Cloud Data Center Web Server HR Server Developer Launches instances via Amazon console Amazon Web Services • Native AWS Server instances (AMI’s) • Added to NSX virtual networks via policy … IT Administrator Defines network and security policy Internet

31. NSX Tomorrow: Virtual Networking for all Platforms Wherever you go, NSX is there to help you. Physical Network Virtual Infrastructure Hyper-V

32. NSX Tomorrow 32 Speed Provision connectivity for any endpoint across different domains. Agility Automate provisioning via templates and rich APIs. Security Consistent security posture and visibility across all types of endpoints. On-Premise Data Center 3rd Generation Apps Public Clouds Virtual Desktop Mobile Devices Hyper-V

33. Thank you!

34. Thank you!

35. Containers + Public Cloud + NSX

36. NSX + Public Cloud + Containers 36 Sydney Hong Kong Palo Alto Chicago Dallas Virginia Seattle 500 Web Servers 7 data centers 3 continents 2 public clouds + 1 on premise …in 5 minutes

37. 37 Hyper-V On-Premise Data Center 3rd Generation Apps Public Clouds Virtual Desktop Mobile Devices

38. 38

39. The Next Horizon for Cloud Networking and Security Guido Appenzeller, VMware, Inc NET6639-S #NET6639

Add a comment

Related pages

The Next Horizon for Cloud Networking & Security - The ...

VMware NSX has been around for more than two years now, and in that time software-defined networking and network virtualization have become ...
Read more

VMworld 2015: NET6639 - Next Horizon for Cloud Networking ...

How will network virtualization impact the next horizon for cloud networking and security? ... next. Up next ... 2015: MGT6623 - VMware Cloud ...
Read more

November 2015 - The Network Virtualization Blog

2015; November; Security for the New ... The Next Horizon for Cloud Networking & Security. November 18, 2015; No Comment; VMware NSX has been around for ...
Read more

The Next Horizon for Cloud Networking & Security - The ...

The Next Horizon for Cloud Networking & Security. ... 2015; Comments Off on The Next Horizon for Cloud ... , Security, The Cloud in The News, VMware ...
Read more

VMworld 2015 Networking and Security Sessions – Part II ...

... The Next Horizon for Cloud Networking and Security 1 ... The Cloud Network; About . ... Comments Off on VMworld 2015 Networking and Security Sessions ...
Read more

VMware Transforms Hybrid Cloud Security for Mobile Users

... AirWatch® by VMware and VMware Horizon®. Next week at RSA ... Networking & Security; NSX; ... VMware Transforms Hybrid Cloud Security for Mobile Users.
Read more

How deploying virtual infrastructures address security ...

titled “The Next Horizon for Cloud Networking and Security ... Officer for Networking & Security at VMware, ... forward in security.” Clouded Leopard ...
Read more

FINAL Keynote Presentation The Next Horizon for Cloud ...

San Francisco, USA - 23 & 24 April, 2015 1 NETEVENTS CLOUD INNOVATION SUMMIT FINAL Keynote Presentation The Next Horizon for Cloud Networking and Security
Read more

VMware Virtualization for Desktop & Server, Application ...

VMware, a global leader in cloud infrastructure and business mobility, accelerates your enterprise’s digital transformation journey by helping you ...
Read more