There is a saying that “The early bird catches the worm!” but I say “but it’s the 2nd mouse that gets the cheese!” In short apologies for the lateness of this post 🙂
This year was my first year as a VMware vExpert and through that program VMware kindly offered me a “blogger pass” to attend VMworld Barcelona.
Having a great interest in software defined networking in general and VMware NSX in particular I was keen to focus on what VMware are doing in this space along with their general Software-Defined Data Center (SDDC) strategy and offerings. So I have picked a couple of topics that were of particular interest to me.
VMware Cloud Foundation:
We are all familiar with vendors like VCE (now Dell EMC Converged Platforms) who create Vblocks, which are fully qualified Converged Infrastructures, where all components of the system, compute, storage, networking and virtualisation are vigorously tested and version controlled to ensure optimal compatibility and performance. Well VMware have created the VMware Cloud Foundation (VCF) which does the same thing for the whole SDDC whether deploying on a private, public or hybrid cloud.
VCF combines VMware vSphere (Compute), vSAN (Storage) and NSX (Networking and Security) into a tightly integrated stack with automation, upgrades and life cycle management via SDDC Manager.
The benefits and value of adopting a VCF solution include:
- Accelerated time to market resulting from the reduced design, testing and implementation times.
- Reduced maintenance and Opex from features like one click automated upgrades.
- Repeatable solution for multi-site deployments.
- Validated integration with public cloud providers, allowing mobility of workloads between private and public clouds.
You can either buy a fully pre-built SDDC with all the cloud foundation software pre-loaded, currently available on the Dell EMC VxRack platform or you can build your own as long as long as you adhere to the VMware Cloud Foundation compatibility guide. I’m sure you’ll all be glad to hear that Cisco UCS C240 is on there.
Just like a Vblock has it’s Release Certification Matrix (RCM) a VCF SDDC has its VCF matrix which details the hardware and software combinations that have been validated for that particular version. Valid upgrade paths to later versions are also detailed in the release notes of the particular VCF Version.
vRealize Network Insight:
One of the largest customer concerns when looking to migrate from a traditional “black list” network to a software defined “white list” model, is will my application still work in the new environment?
In the traditional black list model all communication is allowed by default unless specifically blocked by a firewall or access control list, whereas in a software defined “white list” model all traffic is denied by default unless specifically permitted. This means that all flows for all applications need to be known and understood, and those flows allowed in the new software defined environment.
There are of course lots of methods and discovery tools out there that assist with application discovery and dependency mapping, but they all differ greatly in usefulness, functionality and cost.
While at VMworld I have been looking into, and having a play with vRealize Network Insight (vRNI) which was a result of the Arkin acquisition June 2016.
Not part of the vRealize suite but rather an add-on service to VMware NSX and licenced according to the number of NSX CPU licences.
vRNI provides both a day 0 assessment in order to do a “underlay readiness and health check to be confident the underlay network is healthy, happy and NSX ready. vRNI can then be used to analyse and report on all the traffic within the network, automatically group workloads into security groups and then create the required NSX distributed firewall rules required between those security groups.
The security advantages of a zero trust/least privilege network are well understood and only allowing the flows you need on a network is certainly the way forward. I am in the process writing a full blog review of vRNI and as such will not elaborate further on it in this post.
It was also great to see VMware recognising and putting on an event for Cisco CCIEs. In a world of ever growing automation and GUI’s it is a common topic on whether you still need to understand all this “networking stuff” that goes on, often “under the covers” in many cases. As someone who has been involved in many software defined / overlay networking issues my answer to that, is absolutely! Having a good strong foundation of network knowledge and troubleshooting skills will only help you when designing and troubleshooting a network of any description.
While there were several great sessions and receptions, I guess the highlight of my VMworld was that a small group of “NSX VIPs” were given the opportunity of an open forum round table with VMware CEO Pat Gelsinger, where we could just ask any questions we liked. I was very impressed with Pats technical knowledge regarding many of the products in the VMware portfolio particularly NSX.
One of the topics of discussion was the evolution of NSX-T, (VMware’s NSX offering for multi-cloud, multi-hypervisor, and container environments) and it’s eventual replacement of NSX-V (The VMware only product)
While this transition will certainly be over some time, the majority of R&D and new features will be targeted at NSX-T.
All in all a great experience at VMworld Europe 2017!