I recently attended the annual VMworld Europe event and, due to the current focus in my day job, decided to formulate a session schedule largely based on VMware’s NSX for vSphere (NSX-v). My goal was to build on the experience that I’ve gained from working with NSX for the best part of the last year and also learn about the future of the platform along with both VMware and third-party integrations.
The MGT1969 session with Ray Budavari and Zackary Kielich gave an update on the recently rebranded vRealize Automation (formerly vCAC) and its latest integrations with NSX-v. This included native NSX functions that previously relied on vCNS behind the scenes plus the powerful new vRealize Orchestrator plugin for NSX that now drives the REST API-based communications for automation. I also witnessed an impressive demo (NET1949) by Scott Lowe and Aaron Rosen on deploying elastic applications using Docker where NSX-MH (multi-hypervisor) provided the logical network provisioning agility required to scale to this demanding degree.
Attending Dimitri Desmidt and Max Ardica’s session (NET1586) on Advanced Network Services with NSX was a refresher for me due to the fact I had originally trained with them at VMware. It was a useful revision exercise with a comprehensive overview of NSX logical network functions including logical firewalling, load balancing and VPN. Some good questions came up that also forced me to reevaluate my knowledge on a couple of topics and provided me with some test cases to investigate upon returning to my lab environment.
The first day finished with Anirban Sengupta and Srinivas Nimmagadda’s session (SEC2238) on Micro-Segmentation Use Cases with the NSX Distributed Firewall (DFW). I’ve been working with this tool a fair amount and micro-segmentation is one of the most compelling reasons to deploy NSX for a lot of companies. The DFW allows granular vNIC-level firewalling on Virtual Machines, distributed at the Hypervisor layer. The typical model of trust zones, common to traditional data centre firewalling, only really cater for perimeter security and do not address the possibility of lateral attacks once the inside of the network is compromised. NSX facilitates an extremely powerful approach by inspecting traffic directly at source i.e. the vNIC. Integration with Tufin Orchestration Suite was also announced with features including change management and real-time compliance checking for the DFW.
The MGT1878 session by Vyenkatesh Deshpande and Jai Malkani was a highly interesting deep dive into the new vRealize Operations integration with NSX-v. This allows previously unheard of centralised visibility into the platform for monitoring purposes such as tracing both physical and logical topologies for VMs for troubleshooting purposes. Traditional networking opinion may have concerns that overlay technologies such as VXLAN are too opaque from the monitoring perspective but this session did wonders to dispel that perception.
Scott Lowe and Brad Hedlund’s session (NET1468) on IT Operations with VMware NSX covered how to approach delegating administrative access to NSX-v for both network and server admins and gave me some immediately usable material around Role Based Access Control. It was also a very entertaining and well-presented session! Possibly the session I gained the most from was Nimesh Desai’s talk on the NSX-v reference design for SDDC (NET1589). This was a relatively advanced session with good coverage of topics such as VTEP teaming recommendations, NSX Edge scale out with ECMP and physical data centre topologies and how to map NSX-v deployments to them.
Other sessions of note included Francois Tallet’s vSphere Distributed Switch Best Practices for NSX (NET1401) and Ray Budavari’s session on Multi-Site NSX (NET1974). The latter is a topic that is very much of note as currently NSX-v maintains a mapping to a single vCenter server and out of the box implies a single-site configuration. There are, however, multiple means by which a multi-site configuration for disaster avoidance or recovery can be architected when involving technologies such as vSphere Metro Storage Cluster, NSX’s L2 VPN and when considering optimising egress traffic using NSX Edge Service Gateways.
Overall it seemed that, despite the recently debuted technologies such as EVO:RAIL and VMware Integrated OpenStack there was a huge buzz around NSX at VMworld Europe 2014. The goal of rapidly deploying applications in the data centre cannot easily be achieved when network provisioning lags behind compute in its agility. NSX is rapidly developing a rich feature set building upon its core network hypervisor and network function virtualisation and is experiencing tighter integration with VMware’s core toolsets in the vRealize suite that facilitate automation and monitoring. This will surely see it become deployed in more and more data centres and I relish the opportunity to continue architecting these solutions for our customers.
If you would like to learn more about our cloud solutions, or wish to discuss your workspace challenges, we can help - please contact us today.