Transcription
These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
NetworkVirtualizationVMware Special Editionby Mora GozaniThese materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Network Virtualization For Dummies , VMware Special EditionPublished byJohn Wiley & Sons, Inc.111 River St.Hoboken, NJ 07030‐5774www.wiley.comCopyright 2016 by John Wiley & Sons, Inc., Hoboken, New JerseyNo part of this publication may be reproduced, stored in a retrieval system or transmitted in anyform or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise,except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without theprior written permission of the Publisher. Requests to the Publisher for permission should beaddressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ07030, (201) 748‐6011, fax (201) 748‐6008, or online at http://www.wiley.com/go/permissions.Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com,Making Everything Easier, and related trade dress are trademarks or registered trademarks of JohnWiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be usedwithout written permission. VMware, vSphere, and vRealize are registered trademarks and VMwareNSX and VMware vRealize Operations, and vRealize Automation are trademarks of VMware, Inc. Allother trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book.LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKENO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY ORCOMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALLWARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR APARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES ORPROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BESUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THEPUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONALSERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENTPROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHORSHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATIONOR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCEOF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHERENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE ORRECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNETWEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHENTHIS WORK WAS WRITTEN AND WHEN IT IS READ.For general information on our other products and services, or how to create a custom For Dummiesbook for your business or organization, please contact our Business Development Department in theU.S. at 877‐409‐4177, contact info@dummies.biz, or visit www.wiley.com/go/custompub. For information about licensing the For Dummies brand for products or services, contact BrandedRights&Licenses@Wiley.com.ISBN 978‐1‐119‐12583‐9 (pbk); ISBN 978‐1‐119‐12585‐3 (ebk)Manufactured in the United States of America10 9 8 7 6 5 4 3 2 1Publisher’s AcknowledgmentsSome of the people who helped bring this book to market include the following:Development Editor: Becky WhitneyProject Editor: Elizabeth KuballAcquisitions Editor: Katie MohrEditorial Manager: Rev MengleBusiness Development Representative:Karen HattanDummies Marketing: Jennifer WebbProduction Editor: Siddique ShaikThese materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Table of ContentsIntroduction. 1About This Book. 1Foolish Assumptions. 1Icons Used in This Book. 2Where to Go from Here. 2Chapter 1: The Next Evolution of Networking:The Rise of the Software‐Defined Data Center. . . . . . 3The Business Needs Speed. 4Security Requirements Are Rising. 5Apps Need to Move Around. 6Network Architectures Rooted in Hardware Can’tKeep Up with the SDDC. 7Network provisioning is slow. 7Workload placement and mobility are limited. 8Hardware limitations and lock‐ins breedcomplexity and rigidity. 9Configuration processes are manual, slow,and error prone. 9OpEx and CapEx are too high. 10You can’t leverage hybrid cloud resources. 11Networks have inadequate defenses. 12Chapter 2: It’s Time to Virtualize the Network. . . . . . . . 13How Network Virtualization Works. 13Network Virtualization versus Software‐DefinedNetworking. 18Virtual Appliances versus Integration in theHypervisor. 19Why the Time Is Right for Network Virtualization. 19Meeting the demands of a dynamic business. 20Increasing flexibility with hardware abstraction. 20Increasing security with networkmicro‐segmentation. 21Establishing a platform for the SDDC. 22Rethinking the Network. 22These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
ivNetwork Virtualization For Dummies, VMware Special Edition Chapter 3: Transforming the Network. . . . . . . . . . . . . . . 25The Key Functionalities of a Virtualized Network. 25Overlays. 25A VXLAN primer. 27The Big Payoff. 29Meet VMware NSX: Networking for the SDDC. 30How It Works. 30The NSX architecture. 30Integration with existingnetwork infrastructure. 31Simplified networking. 31Extreme flexibility and extensibility. 32What It Does: The Key Capabilities of NSX. 32Everything in software. 33Essential isolation, segmentation, andadvanced security services. 33Performance and scale. 34Unparalleled network visibility. 35The Key Benefits of VMware NSX. 36Functional benefits. 36Economic benefits. 37Chapter 4: Network Virtualization Use Cases . . . . . . . . 39Securing the Data Center. 39Limiting lateral movement withinthe data center. 40The growth of east–west traffic within thedata center. 41Visibility and context. 41Isolation. 42Segmentation. 44Automation. 44Secure user environments: Micro‐segmentationfor VDI. 45Automating IT Processes. 46IT automation. 46Developer cloud. 47Multitenant infrastructure. 47Enabling Application Continuity. 48Disaster recovery. 48Metro pooling. 48Hybrid cloud networking. 49These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Table of ContentsvChapter 5: Operationalizing Network Virtualization. . . . 51Operations Investment Areas. 52Organization and people. 52Processes and tooling. 53Architecture and infrastructure. 55Focus on the Big Picture. 57Chapter 6: Ten (Or So) Ways to Get Started withNetwork Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . 59Don’t Miss the Essential Resources. 59Boning up on the basics. 60Taking a deeper dive. 60Chatting with bloggers. 61Taking an NSX test drive with Hands‐on Labs. 61Learning how to deploy NSX in yourenvironment. 62Touring the Platform via NSX Product Walkthrough. 62Diving Down into the Technical Details. 63Deploying NSX with Cisco UCS and Nexus 9000Infrastructure. 64Integrating NSX with Your Existing NetworkInfrastructure. 65Integrating with Your Networking ServicesEcosystem Partners. 66These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
viNetwork Virtualization For Dummies, VMware Special Edition These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
IntroductionWelcome to Network Virtualization For Dummies, yourguide to a new and greatly improved approach to datacenter networking.Before I start getting to the heart of the matter of network virtualization, I briefly describe some topics that I cover withinthese pages. All the following requirements build the case formoving out of the hardwired network past and into the flexible world of network virtualization, which I describe in depthin Chapter 1: The network needs to move as fast as the business. Network security needs to move faster than cybercriminals do. Applications need the flexibility to move across data centers.So, how do you get there? The first step is to immerse yourself in the concepts of this new approach to data center networking. That’s what this book is all about.About This BookDon’t let the small footprint fool you. This book is loaded withinformation that can help you understand and capitalize onnetwork virtualization. In plain and simple language, I explainwhat network virtualization is, why it’s such a hot topic, howyou can get started, and steps you can take to get the bestbang for your IT buck.Foolish AssumptionsIn writing this book, I’ve made some assumptions about you. Iassume thatThese materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
2Network Virtualization For Dummies, VMware Special Edition You work in an IT shop. You’re familiar with network terminology. You understand the concept of virtualization.Icons Used in This BookTo make it even easier to navigate to the most useful information, these icons highlight key text:Take careful note of these key “takeaway” points.Read these optional passages if you crave a more technicalexplanation.Follow the target for tips that can save you time and effort.Where to Go from HereThe book is written as a reference guide, so you can read itfrom cover to cover or jump straight to the topics you’re mostinterested in. Whichever way you choose, you can’t go wrong.Both paths lead to the same outcome: a better understanding of network virtualization and how it can help you increasebusiness agility, data center security, and application mobility.These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 1The Next Evolution ofNetworking: The Riseof the Software‐DefinedData CenterIn This Chapter Introducing the software‐defined data center Building the case for network virtualization Exploring today’s networking challengesWhy should you care about network virtualization? Thatquestion has more than a single answer. In fact, in thischapter, I describe several themes that point to a single over arching need: It’s time to move out of the hardwired past andinto the era of the virtualized network. Here’s why: To stay competitive, businesses need the agility of thesoftware‐defined data center (SDDC). Antiquated network architectures are blocking the roadto the SDDC. Legacy network architectures limit business agility, leavesecurity threats unchecked, and drive up costs.The SDDC is rewriting the rules for the way IT services aredelivered. The SDDC approach moves data centers fromstatic, inflexible, and inefficient to dynamic, agile, and optimized.These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
4Network Virtualization For Dummies, VMware Special Edition In this new world, virtualization enables the intelligence of thedata center infrastructure to move from hardware to software.All IT infrastructure elements — including compute, network ing, and storage — are virtualized and grouped into poolsof resources. These resources can then be automaticallydeployed, with little or no human involvement. Everything isflexible, automated, and controlled by software.In a SDDC, you can forget about spending days or weeks pro visioning the infrastructure to support a new application. Youcan now get an app up and running in minutes, for rapid timeto value.The software‐defined approach is really a much‐needed frame work for greater IT agility and more responsive IT servicedelivery, all at a lower cost. It’s the key to the data center ofthe future.One recent study (in June 2014) by the Taneja Group, “Trans forming the Datacenter with VMware’s Software‐Defined DataCenter vCloud Suite,” found that SDDCs deliver a 56 percentreduction in annual operational costs for provisioning andmanagement. Even better, software‐defined approaches canslash the time required to provision a production networkfor a new application from three or four weeks to a matter ofminutes.The Business Needs SpeedThe chapter opener presents all the good news about software‐based data centers. Here’s the catch: Network architecturesrooted in hardware can’t match the speed and agility of SDDCs.For large companies, the pace of business is pretty crazy, andthe pace of change is only increasing. Everything needs tobe done yesterday. And everything now revolves around IT’sability to support the business. This new reality has big impli cations for the network.When a business wants to wow its customers with a new app,roll out a hotly competitive promotion, or take a new routeto market, it needs the supporting IT services right away —These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 1: The Next Evolution of Networking5not in weeks or months. In today’s world, you either go for itor you miss out. We’re in the era of the incredible shrinkingwindow of opportunity.When the business turns to the IT organization for essentialservices, it wants to hear, “We’ll get it done. We’ll have it upand running right away,” and not, “Well, we can’t do that justyet because we would first need to do blah, blah, blah to thenetwork, and that will take us at least a few weeks.” That’s notgood enough. When business leaders hear that kind of talk,they’re likely to walk away from in‐house IT and walk rightinto the arms of a public cloud provider.The velocity of business won’t slow down. It’s all one big race track out there, with people trying to change a full set of tiresand fuel up the car in seven seconds. That means IT needsto move a lot faster. Networks now need to change at theturbocharged speed of a digitally driven business. And thatrequires big changes in the current hardwired approaches tothe network.Security RequirementsAre RisingLong ago, a young Bob Dylan advised the world, “You don’tneed a weatherman to know which way the wind blows.”Today, you could say pretty much the same thing about net work security. In today’s enterprises, a roaring wind is blow ing in the direction of increased network security.Everyone knows that we need to do more to avoid costlybreaches that put sensitive information into the hands ofcybercriminals. And no company is immune to the threat. Justconsider some of the headline‐grabbing security breaches ofthe past few years — breaches that have brought corporategiants to their knees. From healthcare and investment bank ing to retail and entertainment, all companies are now caughtup in the same costly battle to defend the network.It’s like one big war game. A company fortifies its data centerwith a tough new firewall and the cybercriminals slip inThese materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
6Network Virtualization For Dummies, VMware Special Edition through a previously unknown back door — like a simple vulnerability in a client system — and run wild in the datacenter. The traditional strategy of defending the perimeterneeds to be updated to include much more protection insidethe data center as well.All the while, the costs keep rising — in terms of damage tobrand reputation and actual out‐of‐pocket costs. Accordingto a research report published in May 2015 titled “2015 Costof Data Breach Study: Global Analysis,” by the respectedPonemon Institute, the average total cost of a data breach hit 3.79 million in 2014, and the average cost paid for each singlelost or stolen record containing sensitive and confidentialinformation rose 6 percent to 154.Clearly, something has to give. Enterprises need a better archi tecture to defend against the trolls under the digital bridge.And this need for a better architecture is a strong argumentfor transforming the network through virtualization.Apps Need to Move AroundThe rise of server virtualization has made a lot of great thingspossible. In a big step forward, applications are no longer tiedto a single physical server in a single location. You can nowreplicate apps to a remote data center for disaster recovery,move them from one corporate data center to another, orslide them into a hybrid cloud environment.But there’s a catch: the network. It’s like a hitch in your giddy‐up, to borrow some words from the cowboys of old. Thenetwork configuration is tied to hardware, so even if apps canmove with relative ease, the hardwired networking connec tions hold them back.Networking services tend to be very different from one datacenter to another, and from an in‐house data center to acloud. That means you need a lot of customization to makeyour apps work in different network environments. That’s amajor barrier to app mobility — and another argument forusing virtualization to transform the network.These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 1: The Next Evolution of Networking7Network Architectures Rootedin Hardware Can’t Keep Upwith the SDDCThe SDDC is the most agile and responsive architecture forthe modern data center, achieved by moving intelligence intosoftware for all infrastructure elements. So, let’s take stock ofwhere things are today: Most data centers now leverage server virtualization forthe best compute efficiency. Check! Many data centers now optimize their storage environ ments through virtualization. Check! Few data centers have virtualized their network environ ments. No check.Though businesses are capitalizing on server and storagevirtualization, they’re challenged by legacy network infra structure that revolves around hardware‐centric, manuallyprovisioned approaches that have been around since the firstgeneration of data centers.In the next several sections, I walk you through some of thespecific challenges of legacy architectures.Network provisioning is slowAlthough some network provisioning processes can bescripted — and software‐defined networking promises tomake this a reality — with hardware‐based systems, there isno automatic linkage to compute or storage virtualization. Asa result, there is no way to automatically provision network ing when the associated compute and storage is created,moved, snapshotted, deleted, or cloned. So, network provi sioning remains slow, despite the use of automated tools.All the while, the thing that matters the most to the business —getting new apps ready for action — is subject to frequentdelays caused by the slow, error‐prone, manual processesused to provision network services.These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
8Network Virtualization For Dummies, VMware Special Edition This is all rather ironic when you take a step back and con sider the bigger picture: The limitations of legacy networkstie today’s dynamic virtual world back to inflexible, dedicatedhardware. Server and storage infrastructure that should berapidly repurposed must wait for the network to catch up.Provisioning then becomes one big hurry‐up‐and‐wait game.Workload placement and mobilityare limitedIn today’s fast‐moving business environments, apps need tohave legs. They need to move freely from one place to another.This might mean replication to an offsite backup‐and‐ recoverydata center, movement from one part of the corporate datacenter to another, or migration into and out of a cloudenvironment.Server and storage virtualization makes this kind of mobilitypossible. But you have to be aware of another problem: thenetwork. When it comes to app mobility, today’s hardwirednetwork silos rob apps of their running shoes. Workloads,even those in virtual machines, are tethered to physical net work hardware and topologies. To complicate matters, dif ferent data centers have different approaches to networkingservices, so it can take a lot of heavy lifting to configure anapp running in data center A for optimal performance in datacenter B.All of this limits workload placement and app mobility andmakes change not just difficult but risky. It’s always easiest —and safest — to simply leave things just the way they are.The current hardware‐centric approach to networking restrictsworkload mobility to individual physical subnets and availabil ity zones. To reach available compute resources in the datacenter, your network operators may be forced to perform box‐by‐box configuration of switching, routing, firewall rules, andso on. This process is not only slow and complex but also onethat will eventually hit a wall — including the technical limita tion of 4,096 total VLANs in a single LAN.These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 1: The Next Evolution of Networking9Hardware limitations and lock‐insbreed complexity and rigidityThe current closed black‐box approach to networking — withcustom operating systems, ASICs, CLIs, and management —complicates operations and limits agility. This old approachlocks you into not only your current hardware but also all thecomplexities of your current network architecture, limitingyour IT team’s ability to adapt and innovate — which in turnputs the same limits on the business itself because the busi ness can move no faster than IT.One study, “Network Agility Research 2014,” by DynamicMarkets, found that 90 percent of companies are disadvan taged by the complexities of their networks — impactingwhen, where, and what applications and services can bedeployed. Here are some rather telling findings from thesame study: IT makes, on average, ten changes to the corporate net work in a 12‐month period that require a maintenancewindow. The average wait for maintenance windows is27 days each. Businesses spend a total of 270 days a year — or 9.6months — waiting for IT to deliver a new or improvedservice. Larger enterprises require significantly more of thesechanges and wait even longer for maintenance windows.Configuration processes aremanual, slow, and error proneOn a day‐to‐day basis, physical networks force your networkteam to perform a lot of repetitive, manual tasks. If a line ofbusiness or a department requests a new application or ser vice, you need to create VLANs, map VLANs across switchesand uplinks, create port groups, update service profiles, andon and on. On top of this, this configuration work is oftendone via clunky CLIs.These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
10Network Virtualization For Dummies, VMware Special Edition The rise of software‐defined networking (SDN) — which Iexplain in Chapter 2 — is meant to help here by allowing pro grammatically controlled hardware, but this still leaves youwith a lot of heavy lifting. For instance, you still need to buildmultiple identical networks to support your development,test, and production teams, and you still lack the ability todeploy your (hardware‐based) network in lock step with yourvirtualized compute and storage.And then there’s the other issue: All this manual configurationwork is error prone. In fact, manual errors are the main causeof outages. Studies consistently find that the largest percent age of network incidents — in the realm of 32 percent to33.3 percent — is due to human‐caused configuration errors.(The 33.3 percent estimate is from the Dimension Data report“2015 Network Barometer Report,” and the 32 percent esti mate is from the Ponemon Institute report “2013 Cost of DataCenter Outages.”)OpEx and CapEx are too highThe limitations of legacy network architectures are driving updata center costs — in terms of both operational expenditures(OpEx) and capital expenditures (CapEx).OpExThe heavy use of manual processes drives up the cost of net work operations. Just consider all the labor‐intensive manualtasks required to configure, provision, and manage a physicalnetwork. Now multiply the effort of these tasks across all theenvironments you need to support: development, testing, stag ing, and production; differing departmental networks; differingapplication environments; primary and recovery sites; and soon. Tasks that may be completed in minutes with automatedprocesses — or even instantaneously with automatic deploymentof networks — take hours, days, or weeks in a manual world.And then there are the hidden costs that come with manu ally introduced configuration errors. One mistake can causea critical connectivity issue or outage that impacts business.The financial effect of an unplanned data center outage canbe huge. The average reported incident length in the study“Network Agility Research 2014” by Dynamic Markets was86 minutes at a cost of 7,900 per minute. The average costper incident was 690,200.These materials are 2016 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.
Chapter 1: The Next Evolution of Networking11CapExOn the capital side, legacy network architectures require yourorganization to invest in stand-alone solutions for many of thenetworking and security functions that are fundamental todata center operations. These include routing, firewalling, andload balancing. Providing these functions everywhere theyare needed comes with hefty price tags.There is also the issue of the need to overprovision hardwareto be sure you can meet peak demands, plus the need todeploy active‐passive configurations. In effect, you need tobuy twice the hardware for availability purposes.And then there is the cost of forklift upgrades. To take advan tage of the latest innovations in networking technology,network operators often have to rip and replace legacy gea
4 Network irtualiation or Dummies, Mware Special Edition These materials are 2016 ohn Wiley Sons, Inc Any dissemination, distribution, or unauthoried use is strictly prohibited In this
