Resilient application architectures have evolved quite significantly over the years.  It is increasingly more common for Enterprises to deploy multiple data centers to support flexible workload placement and redundancy to achieve application and network high availability.

Here, we discuss key reasons to deploy multiple data centers and how NSX Federation and the recently introduced traceflow support simplify associated infrastructure strategy and implementation.

Workload Placement and Mobility

Applications and the associated infrastructure (compute, storage, networking, and security) are deployed in multiple locations to support workload mobility between these locations for use cases such as Data Center migration and Disaster Recovery testing.

    Figure: Multi-Cloud Mobility

Data Center Expansion

In this scenario, IT runs out of capacity at a location (rack, building, site) and wants additional capacity at a different location for hosting new applications. Capacity can be of different types such as compute (servers), and/or storage, and/or network (bandwidth).

    Figure: Multi-Cloud Growth

Disaster Avoidance / Disaster Recovery

This is a scenario where you lose one of your locations completely (rack, building, site) and you need to maintain the availability of your application services (compute, storage, network and security).

    Figure: Multi-Location DR

Simplifying Deployment and Operations with NSX Federation

NSX Federation addresses all these scenarios in a simple manner without placing any additional requirements on the physical fabric or vCenter.

Put simply, NSX Federation provides centralized management for the entire network.  The NSX Global Manager (GM) centralizes policy management for security and networking services for all locations and pushes it down to NSX Local Managers (LMs) at the respective sites for enforcement.

    Figure: NSX Federation solution prior to failure

Disaster Recovery (DR) between locations is simplified with stretched networking and security, allowing compute resources to be recovered at the DR location using solutions like VMware SRM. Policies for networking and security services are pushed in a consistent manner to all locations.

    Figure: NSX Federation solution after failure

Traceflow and NSX Federation

Day 2 network operations, however, include considerations that go far beyond centralized management and simplified disaster recovery.  With the NSX-T 3.2.1 release, NSX-T Federation now supports Traceflow, a tool that greatly simplifies operations.

Traceflow graphically displays the network and security path of a packet as it travels from one virtual machine to another.  With the enhancements in NSX-T 3.2.1, the virtual machines can be in different locations!

With Traceflow, the operator selects workloads (VMs) in any of the Federated locations and the type of traffic to inject, such as HTTPS or DNS.  NSX Manager then presents the logical network diagram graphically across those workloads.

NSX Manager also injects the selected traffic, which then traverses through the different network steps (Segments / Tier-1 / RTEP cross-location / etc.) as well as security steps (DFW / GW Firewall / etc.). Each step is reported back to NSX Manager and displayed on the Observation page along with any traffic that is dropped along the way because of network connectivity issues or security rules.

NSX-T Resources

To learn more about VMware NSX-T 3.2.1, check out these resources: