VMware NSX Introduction
IT organizations have gained significant benefits as a direct result of server virtualization. Server consolidation reduced physical complexity, increased operational efficiency and the ability to dynamically repurpose underlying resources to quickly and optimally meet the needs of increasingly dynamic business applications.
VMware’s Software Defined Data Center (SDDC) architecture is now extending virtualization technologies across the entire physical data center infrastructure. NSX for vSphere is a key product in the SDDC architecture. With NSX for vSphere, virtualization delivers for networking what it has already delivered for compute and storage. In much the same way that server virtualization programmatically creates, snapshots, deletes, and restores software-based virtual machines (VMs), NSX for vSphere network virtualization programmatically creates, snapshots, deletes, and restores software-based virtual networks. The result is a transformative approach to networking that not only enables data center managers to achieve orders of magnitude better agility and economics, but also allows for a vastly simplified operational model for the underlying physical network. With the ability to be deployed on any IP network, including both existing traditional networking models and next-generation fabric architectures from any vendor, NSX for vSphere is a non-disruptive solution. In fact, with NSX for vSphere, the physical network infrastructure you already have is all you need to deploy a software-defined data center.
NSX Components
NSX can be configured through the vSphere Web Client, a command line interface (CLI), and REST API.
Interaction between NSX components.
NSX Manager
The NSX Manager is the centralized network management component of NSX, and is installed as a virtual appliance on any ESXTM host in your vCenter Server environment. It provides an aggregated system view. One NSX Manager Maps to a single vCenter Server environment and multiple NSX Edge, vShield Endpoint, and NSX Data Security instances.
NSX vSwitch
NSX vSwitch is the software that operates in server hypervisors to form a software abstraction layer between servers and the physical network. As the demands on datacenters continue to grow and accelerate, requirements related to speed and access to the data itself continue to grow as well. In most infrastructures, virtual machine access and mobility usually depend on physical networking infrastructure and the physical networking environments they reside in. This can force virtual workloads into less than ideal environments due to potential layer 2 or layer 3 boundaries, such as being tied to specific VLANs. NSX vSwitch allows you to place these virtual workloads on any available infrastructure in the datacenter regardless of the underlying physical network infrastructure. This not only allows increased flexibility and mobility, but increased availability and resilience.
NSX Controller
NSX controller is an advanced distributed state management system that controls virtual networks and overlay transport tunnels. NSX controller is the central control point for all logical switches within a network and maintains information of all virtual machines, hosts, logical switches, and VXLANs. The controller supports two new logical switch control plane modes, Unicast and Hybrid. These modes decouple NSX from the physical network. VXLANs no longer require the physical network to support multicast in order to handle the Broadcast, Unknown unicast, and Multicast (BUM) traffic within a logical switch. The unicast mode replicates all the BUM traffic locally on the host and requires no physical network configuration. In the hybrid mode, some of the BUM traffic replication is offloaded to the first hop physical switch to achieve better performance.
NSX Edge
NSX Edge provides network edge security and gateway services to isolate a virtualized network. You can install an NSX Edge either as a logical (distributed) router or as a services gateway. The NSX Edge logical (distributed) router provides East-West distributed routing with tenant IP address space and data path isolation. Virtual machines or workloads that reside on the same host on different subnets can communicate with one another without having to traverse a traditional routing interface.
The NSX Edge gateway connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of NSX Edge include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the NSX Edge creates virtual boundaries for each tenant.
The NSX Edge gateway connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of NSX Edge include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the NSX Edge creates virtual boundaries for each tenant.
NSX Edge Services
Dynamic Routing: Provides the necessary forwarding information between layer 2 broadcast domains, thereby allowing you to decrease layer 2 broadcast domains and improve network efficiency and scale. NSX extends this intelligence to where the workloads reside for doing East-West routing. This allows more direct virtual machine to virtual machine communication without the costly or timely need to extend hops. At the same time, NSX also provides North-South connectivity, thereby enabling tenants to access public networks.
Firewall: Supported rules include IP 5-tuple configuration with IP and port ranges for stateful inspection for all protocols.
Network Address Translation: Separate controls for Source and Destination IP addresses, as well as port translation.
Dynamic Host Configuration Protocol ((DHCP): Configuration of IP pools, gateways, DNS servers, and search domains.
Site-to-Site Virtual Private Network (VPN): Uses standardized IPsec protocol settings to interoperate with all major VPN vendors.
L2 VPN: Provides the ability to stretch your L2 network.
SSL VPN-Plus: SSL VPN-Plus enables remote users to connect securely to private networks behind a NSX Edge gateway.
Load Balancing: Simple and dynamically configurable virtual IP addresses and server groups.
High Availability: High availability ensures an active NSX Edge on the network in case the primary NSX Edge virtual machine is unavailable.
NSX Edge supports syslog export for all services to remote servers.
NSX Edge supports syslog export for all services to remote servers.
Distributed Firewall
NSX Distributed Firewall is a hypervisor kernel-embedded firewall that provides visibility and control for virtualized workloads and networks. You can create access control policies based on VMware vCenter objects like datacenters and clusters, virtual machine names and tags, network constructs such as IP/VLAN/VXLAN addresses, as well as user group identity from Active Directory. Consistent access control policy is now enforced when a virtual machine gets vMotioned across physical hosts without the need to rewrite firewall rules. Since Distributed Firewall is hypervisor-embedded, it delivers close to line rate throughput to enable higher workload consolidation on physical servers. The distributed nature of the firewall provides a scale-out architecture that automatically extends firewall capacity when additional hosts are added to a datacenter.
No comments:
Post a Comment