This week I was reminded of that great Wayne Gretzky quote,
“I skate to where the puck is going to be, not where it has been”.
How is that relative to the Software Defined Data Center (SDDC)? Well, because things are moving so fast! That virtualization infrastructure you have today (thank you for my paycheck!) is introducing new challenges in IT and Security management. What was once a few servers, some network and storage and a firewall is growing into hundreds, if not thousands of VM’s, hybrid clouds, tiered storage and stretched networks. There are new tools to learn and new innovative capabilities to leverage.
But it’s getting very complex!
Yes. It is. Every new technology seems complex at first. Every new technology brings benefits and challenges. (Remember the pre-PC era? I do!) But, here’s the good, no, AWESOME part, it’s becoming increasingly easier to automate, validate and assess. However, if you are still managing and securing this new infrastructure using your old methods, you may find yourself skating to where the puck was and not where it’s going.
When architects think about putting big data and Apache Hadoop on virtualized commodity servers they usually see virtualization as a performance deterrent. Virtualization software is just that—software. Additional software layers are overhead and they must make it run slower.
In a recent performance study by VMware, they demonstrated that performance between bare-metal deployments and virtualized deployments can even exceed bare-metal performance in certain cases when using multiple virtual machines allowing for parallelism.
In this post I am going to describe how VTEPs learn about the virtual machines connected to the logical Layer 2 networks. The learning process is quite similar to a transparent bridge function. As transparent bridges learn based on the packets received on the bridge ports, the VTEP also learn based on the inner and outer header of the packets received.
Let’s take an example to illustrate the VTEP learning process.
Here in Technical Marketing at VMware, we are fortunate to be able to regularly speak to members of the virtualization community at various events. One of those events is the newly formed VTUG. VTUG is short for Virtualization Technology Users Group. Run by Chris Harney, this organization has been putting on hugely successful virtualization focused user groups for years.
I mentioned last month that I would be presenting at the Italian VMUG event in Milan. Well, the VMUG guys recorded the session, so if you are interesting in seeing me talking about some of the cool storage projects we are working on internally here at VMware (such as Virtual SAN, Virtual Volumes & Virtual Flash), you can watch the video here:
The first few minutes are a little noisy, but that gets sorted out after a while. The one thing that is missing from the video is the disclaimer slide which I showed off at the beginning of the presentation. Its the usual stuff, in so far as we make no guarantee around the delivery of these projects. Hope you find it interesting, and much kudos to the folks at VMUG Italia for making this possible.
Get notification of these blogs postings and more VMware Storage information by following me on Twitter: @VMwareStorage
I am happy to announce the availability of the VMware vCloud Networking and Security – DMZ Design and Deployment Guide. This paper highlights how securing a virtual DMZ environment using vCloud Networking and Security can be a strategic enabler to your organization as it helps you to reduce your capital expenditure and increase agility, while building a cloud ready, secure and scalable environment for business applications. The paper also highlights the different design approaches to securing business critical applications and enables you to make the choice that is most suited to your organization in the cloud journey. Further, it gives prescriptive configuration guidance to help you get started with the deployment of your preferred approach.
Get notification of these blogs and more vCloud Networking and Security information by following me on Twitter @vCloudNetSec.
In this post I am going to address a common question about the security and performance impact when multiple logical Layer 2 networks are mapped to one multicast group address.
As mentioned in earlier post here, vCloud Networking and Security (vCNS) Manager is responsible for mapping the logical Layer 2 networks to multicast group addresses. If you provide less number of multicast group addresses than the logical layer 2 networks, vCNS manager will assign the logical layer 2 networks to multicast addresses in a round robin fashion. For example, if there are 4 logical L2 networks (A1,A2,A3,A4) and 2 multicast group addresses (M1, M2), Logical networks A1 and A3 will be mapped to multicast group address M1 while A2 and A4 are mapped to M2.
EMC World kicked off today in Las Vegas, and much of this week’s buzz is focused squarely on big data. Specifically, VMware’s CEO Pat Gelsinger is hot on how to build big data solutions into the enterprise as a service. During his keynote, Gelsinger and VMware data architect Michael West showed attendees how smart organizations will be deploying and managing Hadoop clusters in the future that will dramatically improve time-to-insight and productivity.
I covered some basics on Multicast in the last blog entry here. Let’s now take a look how multicast is utilized in VXLAN deployments. During the configuration of VXLAN, it is required to allocate a multicast address range and also define the number of logical Layer 2 networks that will be created. For more details on the configuration steps please refer to the VXLAN Deployment Guide.
Ideally, one logical Layer 2 network is associated with one multicast group address. Sixteen million logical Layer 2 networks can be identified in VXLAN, using 24 bit field in the encapsulation header, but the multicast group addresses are limited (188.8.131.52 to 184.108.40.206). In some scenarios it might not be possible to have one to one mapping of a logical Layer 2 network to multicast group address. In such scenarios the vCloud Networking and Security Manager maps multiple logical networks to a multicast group address. After the discussion on the association of multicast group to logical network, let’s take a look at some details on the logical network properties.
VMware vCloud Networking and Security App Firewall is a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. In this blog, let’s look at how to micro-segment a VXLAN network to deploy a 3-tier application using vCloud Networking and Security 5.1 App Firewall.
Each application is deployed using a separate VXLAN network as shown below. To keep the diagram simple, only one application is shown below. The application has three tiers – web, app and db.