Welcome this Ask the Expert event. During this discussion we will dissect functions of Vmware NSX components, services and features offered to virtualize Networking in Virtual datacenter based on Vmware vSphere, use case and benefits of using NSX.
Meet Your Expert:
Senior Consultant - VMware
Raymundo works as a Senior Consultant at VMware Professional Services Office for the LATAM Region. He is an experienced architect and has worked installing broad cloud solutions based on VMware products. Recently he was awarded as a VMware vExpert. Currently in his career his focus is on NSX which he says it has become his second love after vMotion. Twitter: @elnemesisdivina. LinkedIn: https://mx.linkedin.com/pub/raymundo-escobar.
This discussion takes place from November 2nd to 20th. Get ready by bookmarking this page or signing up for e-mail notifications.
Share this event on Twitter or LinkedIn:
>> Join our Ask the Expert: VMware NSX definition and features http://bit.ly/1Rt188g #EMCATE <<
This Ask the Expert session is now open for questions. For the next couple of weeks our Subject Matter Expert will be around to reply to your questions, comments or inquiries about our topic.
Let’s make this conversation useful, respectful and entertaining for all. Enjoy!
The main difference is that NSX does not require multicast mode to make the Virtual Extensible LAN (vXLAN) or the virtual wires of vXLAN, in addition you can have more granular security, the vCloud network and Security does not support dynamic routing and NSX is able to work with routing protocols like OSP and BGP.
While products like vCloud Director (VCD) leverage of vCNS as an integral product of public cloud solution from VMware, at present only vCD is out of sale and end of support, but there is an exclusive version for service providers vCD -SP which continues to use vNCS but even supporting it until version 5.5.3 of vCNS, indicating that the NSX is the evolution of vCNS, something like vCNS with steroids, vCNS in its flavours vShield App, vShield Edge and vShield endpoint from the perspective of functionality were improved and correspondingly mapped to NSX Firewall, NSX Edge Gateway and NSX endpoint , and are generated from the NSX Manager before vShield Manager , more over, many of the logs and semantics of APIs NSX have labels regarding " vShield " .
From a holistic perspective, the NSX is a core piece both in the solutions of public cloud, hybrid or private, first hybrid cloud or public cloud mainly composed of vCloud Director and vCloud Air VMware NSX is not only an element in the underlying all the virtual network infrastructure but also provides advanced network services, namely translation of IP addresses, DHCP, firewall, routing, VPN "site to site" ipsec VPN or extensibility to other data centers or cloud based on VMware vSphere with NSX also have a level of security that no one has at hypervisor level, distributed routing as well as abstraction of network segments in layer 2 (OSI) by means of logical switches (VXLAN).
The issue of virtual networks is not new within the VMware cloud computing, however VMware NSX potentiates the possibilities of setting up virtual networks, making more simplified the complexity of operation and implementation, and are profitable costs against the benefits of purchasing hardware for managing a multi-tenant service in terms of physical network, ie can provide even more services network independent of physical network topology.
As VCD-SP is in my opinion, 90% networking virtual NSX gives us a cloud solution less complicated and more complete, sticking not only the functions Commercial papers to but can provide the necessary service provisioning elasticity Network to virtual machines.
In the field of private cloud with VRA (vRealize Automation) in conjunction with NSX results in a greater degree of control over the services of virtualized to provide network, such as talking about a tier virtual machines or applications, it can be a demand to provide services such as networking pack, routing to demand, demand security, load balancing among others, and even more integration with third-party software through the API's (the dvfilter) shades are possible; also through the plug-in NSX VRO (vRealize Orchestrator) "zero trust model" -Forrester- a virtual level possible.
In conclusion VMware NSX gives us a different way of services as they have always been on the market, where technically possible schemes never seen before are provided, and a degree of control, integration and operation very important intra / inter clouds like for example DRP to cloud, cloud extensibility between virtual data center, and very soon hypersegmentacion and hybrid networking.
-In the story "Goldilocks and the Three Bears," a little girl named Goldilocks liked everything just right. Her porridge couldn't be too hot or too cold. And her bed couldn't be too hard or too soft. On Earth, everything is just right for living things. It's warm, but not too warm. And it has water, but not too much water-.
Then Planet Earth is a goldilocks planet or a planet in the goldilocks zone, according to NASA definition, in short, the planer earth has the duality in conditions mutually exclusive which gives the sustainability of life.
So if we made the extrapolation of concepts in terms of security, the duality mutually exclusive of properties for secure the apps running in a VM by taken the security as near as the VM, but not so far to not control the physical network to not to know what is the application, what is the data and users accessing that application.
Let me try to be concise on his point, the hypervisor is the goldilocks zone for the security, which means that we can have nowadays thanks to NSX and nobody has it, let’s called security zone running inside the hypervisor been able to be enough isolated like the memory management mechanisms does for VM’s, for nor to be in the same attack zone in same “wire” or communication channel of threats, this is called isolation or micro-segmentation, at the same time we have a channel of communication inside the VM to know what is going on, again like the memory management mechanism in VMware vSphere does for instance for ballooning driver, so we can have the ability to control everything thanks to the universe of third party vendors for wherever security condition, thanks again to API’s (netX or EPSec API’s) exposure of VMware NSX. Where in addition can take actions or orchestrate what to do in presence of some conditions.
So VMware NSX empowers security to be everywhere at same time in VMware hypervisor turning in VMware vSphere hypervisor into the Virtual Networking and Security hypervisor, for the Software Defined Datacenter.
First, doing a little bit of history, VMware is not new to virtualization as it is known by everyone in the same way has continued in parallel the development of solutions initially network virtualization in a virtual environment of vSphere, from the characteristics in VSS (vSphere Standard Switch) and VDS (vSphere Distributed Switch), things that today are taken for granted without a virtual data center simply would not be complete, following in this regard the development of management technologies networks became more and more sophisticated, it realize products like vShield, which brought changes to the network services of the hand of the already existing natural behavior of vSphere Virtual Network finally in this last wave with Nicira acquisition, VMware is betting on the abstraction of the network and network services, making a merger between vShield and the NPV (Network virtualization platform), resulting VMware NSX.
As a platform for software defined networks, NSX comes to add more abstraction functions that only a check box or button on a nice GUI, NSX is embedded in the most determinant level of performance of VMware virtualization, ie the hypervisor, in the days of the switches distributed N1KV, this pointed to physical network functions and security would be reduced to a special purpose virtual machine (security or switching), and that the market would remain gray and shades,as per today NSX moved in all that security and network control to the hypervisor, see your proposed solutions with third party vendror as IDS, NGFWs, among others. VMware NSX as solution SDN although not only is the most disruptive in many ways, and its main difference between all solutions is basically the way works to the SDN within a data center defined by software, not the aggregation of another layer to the hypervisor, nor a passive intermediary between virtual machines and the Kingdom of the network, it is the network itself, it is the security running in the hypervisor at service of Virtual Machines.