VMworld 2015: The Practical Path To NSX

I came into this session looking for exactly what the title was claiming–a practical path to NSX–which would help me to identify a practical reason for it. Using that as the bar for judgment, I would say that the speakers succeeded, with some qualifications.

The most valuable “proof” of success was the initial demo that isolated Windows Server 2003 guests by grouping them and applying a security policy, rather than the non-NSX alternative of re-IP’ing in a separate VLAN and firewalling that way. It was clean and if it was my use case, I’d vote for NSX as the way.

The next demo bridged server/rack pods and attempted to prove similar simplicity, but fell short. Sure, the engineer clicked and typed very quickly such that he accomplished his objective in <4 minutes, but that speed implied a lot of knowledge and training on implementing NSX. That’s not the same as being easy. That’s partly okay, because everything isn’t easy. They would have been better to state that.

My personal takeaway was the value of NSX as applied to forming a seamless L2 or L3 network out of multiple data centers. That’s a use case I can take to the bank. Considering the unstated cost of NSX, I think a bank may indeed be an integral step :). Anyways, this was a session worth attending, or if you’re reading this later, a session worth watching online. Enjoy.

Notes & Commentary

Internal & external forces

  • Better security: especially with lateral movement & degrees of separation (or lack thereof)
  • Faster time to market: decoupled from physical infrastructure and obstacles
  • Higher availability: network transparency and mobility across data centers

What’s Next in NSX 6.2

  • Expanded security
  • Deeper integration
  • Application continuity

Driving Value

  • Inherently secure infrastructure: micro-segmentation of servers, applications and services

Case study: Windows 2003 Isolation

  • Without (days, downtime):
    • Identify machines
    • Create new VLANs
    • Change IPs
    • Troubleshoot things that don’t play with re-IP
  • With (minutes, no downtime):
    • NSX dynamic security group based on OS (Windows 2003)
    • Create security policy to secure Windows 2003 machines
    • Apply policy to NSX security group
    • Apply new security policy to security group to redirect all traffic to IPS (i.e. TrendMicro Deep Security)

Case study: Connecting rack pods

  • A lot of fast clicking w/ NSX Edge bridging (fast, but not necessarily “practical” in proving ease)

(truly) Practical use cases:

  • Metro pooling: make multiple data centers appear as one
  • Disaster recovery: copy configuration to DR site so no re-IP
  • Hybrid cloud networking: extending network to cloud at L2 or L3

Operations Excellence: Accelerating Path to Production

  • Tools: NSX API, Syslog, IPFIX, Traceflow, SNMP, etc
    • Traceflow: new in 6.2, tests path/flow between two VMs
    • Physical visibility with vRealize Operations
  • Process: Maintain SLA
    • Documented run books, reference architecture
    • Operations and troubleshooting guides, new and updated reference architectures, new service offerings
  • People: Training and certification
    • Productivity: retain and attract talent
    • New courseware
    • Three levels of certification

Be First to Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.