This presentation may contain product features that are currently under development.
This overview of new technology represents no commitment from VMware to deliver these
been determined.
CONFIDENTIAL
Agenda
1
2
3
Firewalling/Security services
Load Balancing services
VPN services
CONFIDENTIAL
Agenda
1
2
3
Firewalling/Security services
Load Balancing services
VPN services
CONFIDENTIAL
Routing / NAT
Firewalling
Dynamic Routing
Load Balancing
.1
Router/ Firewall / Inline Load Balancer / VPN
L2 and L3 VPN
.1
.1
.1
Web-Tier-01
10.0.1.0/24
THAT'S IT!!!!
OneArm LB
web-01
web-02
App-Tier-01
10.0.2.0/24
app-01
app-02
DB -Tier-01
10.0.3.0/24
db-01
NSX offers all those Network & Security services with central configuration and automation
Let's focus here on Firewalling, Load Balancing, and VPN
CONFIDENTIAL
Agenda
1
2
3
Firewalling/Security services
Load Balancing services
VPN services
CONFIDENTIAL
Pros:
FW is distributed between all ESXi: Amazing firewalling scale!
Offer security even within the same IP subnet / logical switch
STOP
.11
Web LS
10.0.1.0/24
.12
VM2
VM1
.1
Web to App
TCP/8443
App LS
10.0.2.0/24
.11
.12
VM1
VM2
.1
192.168.10.0/29
.1
CONFIDENTIAL
Pros:
Ease-of-use
VM2
VM1
App-LS1 10.0.2.0/24
VM2
VM1
Web-LS1 10.0.1.0/24
192.168.150.51
192.168.150.52
192.168.250.51
CONFIDENTIAL
Pros:
Ease-of-use
VM2
VM1
App-LS1 10.0.2.0/24
VM2
VM1
Web-LS1 10.0.1.0/24
192.168.150.51
192.168.150.52
192.168.250.51
CONFIDENTIAL
Pros:
Agility
Service Compliance
Security Groups
APPLY
10
VM1
VM2
VM3
VM4
Test
Setup
10G
Interfaces
10G
Interfaces
CONFIDENTIAL
11
12
Firewalling/Security Demo
Dynamic firewalling
Access
Access
Linux update
servers
Windows
update
servers
Compliance Demo
.1
.1
.1
.1
Web-Tier-01
10.0.1.0/24
linux-03
linux-01
linux-02
win-01
win-02
App-Tier-01
10.0.2.0/24
app-01
app-02
DB -Tier-01
10.0.3.0/24
db-01
Servers Windows
13
Firewalling/Security Demo
14
15
Agenda
1
2
3
Firewalling/Security services
Load Balancing services
VPN services
CONFIDENTIAL
16
Pros:
Flexibilty
.1
.1
.1
.1
.1
Web-Tier-01
10.0.1.0/24
OneArm LB
web-01
web-02
App-Tier-01
10.0.2.0/24
app-01
app-02
.1
Web-Tier-01
10.0.1.0/24
web-01
web-02
App-Tier-01
10.0.2.0/24
app-01
app-02
Protocols
TCP / UDP
FTP
HTTP
HTTPS (SSL-Passthrough)
HTTPS (SSL Offload)
LB methods
Round Robin
Source IP hash
Least Connection
URI/HTTP header/URL
Health Checks
Load Balancer checks the
application health of each back-end
server.
Persistence
All connections from the same enduser go to the same back-end
server.
TCP/UDP/ICMP
HTTP (GET, OPTION, POST)
HTTPS (GET, OPTION, POST)
TCP: SourceIP, MSRDP
HTTP: SourceIP, Cookie,
HTTPS: SourceIP, Cookie, ssl_session_id
18
Connection
throttling
Limit the connections to the VIP
/ to the back-end servers.
Client side:
. Max conc. connections
. Max new conn / sec
Server side:
. Max conc. Connections
High Availability
Yes.
Monitoring
L7 manipulation
19
9.23 Gbps
# conc. sessions
1M
# sessions/sec
131k cps
L7 - HTTP
L7 - HTTPS
Throughput
6.59 Gbps
Throughput
2.07 Gbps
# conc. sessions
60k
# conc. sessions
60k
# sessions/sec
45k cps
# sessions/sec
607 cps
Reqs/sec
82.3k rps
Reqs/sec
35.0k rps
20
HTTPS
.1
HTTP
.1
.1
.1
Web-Tier-01
10.0.1.0/24
web-01
web-02
App-Tier-01
10.0.2.0/24
app-01
app-02
DB -Tier-01
10.0.3.0/24
db-01
21
22
app2.acme.com
app1.acme.com
app3.acme.com == VIP1@
VIP1@
app1.acme.comapp2.acme.com
.1
app3.acme.com
.1
.1
.1
Web-Tier-01
10.0.1.0/24
web-01
web-02
Pool1
web-03
web-04
Pool2
web-05
web-06
Pool3
App-Tier-01
10.0.2.0/24
app-01
app-02
DB -Tier-01
10.0.3.0/24
db-01
Demos (2/2)
25
Agenda
1
2
3
Firewalling/Security services
Load Balancing services
VPN services
CONFIDENTIAL
26
Internet/
WAN
Cloud to Corporate
Cloud On-boarding
Remote Office/Branch Office
Remote Management
Features
Internet/
WAN
VM
VM
VM
VLAN/VXLAN
VLAN/VXLAN
Internet/
WAN
Public
Cloud
Features
SSL-based
Web-proxy Support
L2 Extension to Cloud
Broadcast support
Extend multiple L2 Segments with a single pair of
L2 VPN Appliances
Agenda
1
Firewalling/Security services
Load Balancing services
VPN services
CONFIDENTIAL
29
Malware Protection
Vulnerability Management
Next-Generation Firewall
Malware Protection
CONFIDENTIAL
30
Radware is a provider of
integrated application delivery / load
balancing and application & network
security solutions for virtual and cloud data
centers.
Network Operations
Network Operations
Network Operations
Gigamon and VMware are extending their
partnership to provide pervasive and
intelligent visibility into the physical and virtual
networks by integrating the Gigamon Visibility
Fabric with VMware NSX platform
CONFIDENTIAL
32
CONFIDENTIAL
33
How to test?
Hands on lab available:
http://labs.hol.vmware.com/HOL/catalogs/
CONFIDENTIAL
35
Firewalling / Load Balancing / VPN services are offered natively with unique benefits
in security with micro-segmentation
in scale with distribution of services
in ease-of-use
And automation capabilities
And NSX services can be enhanced with 3rd party vendors
CONFIDENTIAL
36