An explanation of what VMware NSX really is and how it can be used to provide the last needed piece in a Software Defined Datacenter. Learn that the benefits of using NSX include those in relation to networking as well as those in relation to security.
- [Narrator] There are two main benefits to a VMware NSX implementation. The first is that it's the final piece of a Software Defined data center for many organizations, and the second is that it allows for microsegmentation of security. So let's take a closer look at each of these benefits. First, in regards to IT, organizations can't continue to do what they've done in the past because of the growth of the cloud, which is really just resources, it's not a magical area where we can suddenly put something out on the cloud and nobody has to take care of it, it's actually resources that somebody has to take care of.
And because of the fact that we're putting hundreds or thousands of applications out onto the cloud, somebody has got to be able to manage all of that. So organizations are faced with a choice. Either they come up with some type of new IT, or they have no IT at all. By no IT at all, I don't mean that they don't have any information technology in their organization, I mean that they outsource it, and then if you're one of the companies that they outsource it to, well then you've certainly got a big job on your hands.
So let's talk about the new IT that could be used for a new type of network. Instead of using a hardware defined data center, what if we moved to a software defined data center. So what would be the difference between a software defined data center and a hardware defined data center? Well, if we have a hardware defined data center, all of the intelligence is in the application-specific integrated circuits, ASICs. The devices are made to do specific functions for the organization and for the network.
Typically, they're dedicated and they're vendor-specific. There's vertical integration, in other words, you buy certain components from a certain vendor, and they work best with that vendor's components. Also, there's manual configuration and management. Every time I need a new network, I need to make changes to multiple areas, to multiple components. That's the old way. But with a Software Defined Network, the intelligence is moved into the software.
It becomes hardware independent, which means we can use whatever we want to use in regards to hardware. And there is an automation in regards to setting up a new network, in other words, I can software programmatically control my system. I can just say I want a new network and I have a new network in my software, and I don't have to make that change in the hardware. That kind of agility is what has made gigantic companies like Google and Amazon be able to succeed and to grow the way that they have.
So when we talk about a Software Defined Network, we're not talking about a brand brand new concept, we're talking about something that's proven itself over the years for more than a decade, but NSX allows organizations that have not been able to use this in the past to be able to take advantage of a Software Defined Network. So really, what is a Software Defined Network then, and what is a Software Defined data center? Well, in a Software Defined data center, you have software programmatability of every single one of your resources.
For example, you may be familiar with virtual machines, and virtual machines use compute capacity, and I can take the compute capacity from whatever host I want, from whatever cluster I want, and create virtual machines and use them wherever I want. So I have location independence with that compute capacity. With virtual storage, we have storage capacity, and it can be location independent as well, we've got more and more storage options available Just through vSphere we've got virtual SAN, we've got virtual volumes, there are more and more options for storage capacity.
But networking is the one that is sort of lagging behind. We've been able to create virtual machines in minutes, have the virtual storage available for them, but then we've had to wait for the network administrators to do their part, to make the changes on the routers and the switches. But what if we could have virtual networks that just used network capacity? So all we really want then from the routers and the switches is to do what they do best, which is just pass packets. That means that then the virtual machine that we put onto that virtual network would also be location independent.
It wouldn't matter anymore where that virtual machine is, what matters is what that virtual machine wants to do. And then from the consumption side, we could consume this capacity from any type of device, from desktop, Internet, virtual desktop, laptop, tablet or something yet to be invented. So that's the true power of a Software Defined data center is that software programmatability. But we have to have all four of the core four, CPU and memory, which is called compute capacity, storage capacity, as well as network capacity.
NSX allows an organization to have that. The other main benefit is microsegmentation of security. There's three things I want to talk about in regards to microsegmentation of security. First is that we have the capability to set up logical switches that can provide up to 16 million segments. Now, that's going to be limited to what vSphere's maximums are, but we've got the capability for growth, and we already have tremendously more than what we've had in the past, for example, just with VLANs.
So it can be used down to the application or even business context of each company, even with multitenant cloud-based organizations. So we've got the capability to secure each application and secure each virtual network interface card on our virtual network so that we can determine what it can connect to and what can connect to it. Then to connect the networks, to connect the segments, we've got distributed logical routers, which provide for efficient and secure routing of the packets between the domains.
And that sets up what we call East/West traffic, which is traffic within our Software Defined Network. Then to get into and out of the Software Defined Network, we have what are called edges. And edges provide for security, as well as just the data path, to go into and out of the Software Defined Network. That's what we call North-South traffic. Now, all of this can be made more secure by the fact that we can have a distributed firewall, and we'll talk about the distributed firewall later in this training.
But right now I just want to focus on what the distributed firewall actually does. Distributed firewall is a totally different type of firewall that provides essentially a separate configurable firewall for every single connection. So what I'm doing then is, instead of having this concept of a virtual machine that's on one side of the firewall or another side of the firewall, or there's a DMZ. Instead of having all of those traditional firewall models and traditional firewall concepts, basically what I have is for every virtual machine's connection, it has its own firewall connection.
In other words, it has its own firewall for that connection. So security follows the connection wherever it goes, and therefore it truly doesn't matter where the virtual machine is, what host it's on. All that matters is what it wants to do. That's a totally different kind of security than what we've had in the past. So when we discuss a firewall, you may have seen configuration on firewalls such as IP addresses, subnet information, protocol information, port information, and certainly we can do that.
But even more powerful than that, we can use virtualization and application-aware policies for our firewalls. So we can, by business context, by what it really is, we can, for example, use VM name, operating system name, data center, cluster, resource pool, port group, logical switch, vApp, distributed port group. And those are just nine examples, but don't think that that's nine things that I can do, because we can mix and match this any way that we want, right? This VM name can talk to this VM name but not this one, or this data center to this port group.
So we've got nine different possibilities here, but a tremendous number of combinations that I could put together. And basically, instead of worrying about where a virtual machine is, that whole concept goes away. All we want to know about is logically, what does it want to do? What is it connected to? So the two main benefits of using NSX are that we truly get a Software Defined data center because we complete it with the Software Defined Network component, and that we get microsegmentation of security.
- VCP6-NV certification requirements
- Technology and architecture
- Physical infrastructure
- Installation and upgrading
- Virtual network configuration
- Network services
- Network security administration
- Operational tasks in a VMware NSX environment
- VMware network virtualization troubleshooting