By: John Tompkins, Cloud Network Architect, VMware
Prior to the private cloud and infrastructure as a service (IaaS), VMware struggled with managing and deploying large-scale workloads and environments. Separate teams ran their own siloed development testing infrastructures. There were no centralized cloud operations or a central environment for operating VMware products. And new hardware/network deployment times were slow. Combined, these factors were hindering agility and creating IT chaos.
The solution to these challenges came internally in the form of Virtual Cloud Networking (VCN), namely, VMware NSX Data Center®. NSX Data Center is a software-defined networking solution that enables large-scale, self-service IaaS initiatives. Organizations that build a virtual cloud network—a ubiquitous software-based network layer—are literally able to connect everything, no matter how distributed the environment(s). And, thanks to extensive automation, they are able to realize remarkable simplicity through easy-to-understand operations, predictability (consistent results), and flexibility via reusable components.
The benefits of NSX Data Center come in four key areas.
VMware offers a full range of self-service solutions for every tenant
Since there are no changes required on the physical network, users can create the networks they want, when they want them, thanks to extensive integration with VMware cloud management product solutions. In addition, there is no need to interact with the infrastructure operations team, and the typical change approval/scheduling process delays are eliminated entirely. The result is greater control and substantial time savings as the ‘middle man’ is removed from the process. Self-service enables us to run Hands-on Labs (HOLs) at VMworld with more than 100,000 virtual machines (VMs), in addition to year-round deployment of labs for education classes, problem-reproduction environments for Global Support Services, and more.
NSX Data Center is used to implement three multi-tenant security zones—trusted, untrusted, and DMZ—within VMware’s infrastructure design. The NSX distributed firewall (DFW) policy is used to enforce the separation among these three zones. This allows zones to coexist in a VMware vCenter®, and gives Operations visibility that protects against major attacks like WannaCry.
The trusted zone allows internal network access, while the untrusted zone features both DFW and edge policies. The DMZ zone offers similar benefits to the untrusted zone, in addition to protecting the internal network from tenant workloads. NSX Data Center also offers IT teams significant flexibility in enforcing security policies with both distributed and edge-based firewall options. Plus, there are increased visibility and logging capabilities.
Snapshot of VMware’s internal infrastructure (and why scaling is mission-critical)
In any given week, more than one million VMs are created and deleted within the VMware IT infrastructure, in addition to a multitude of other ongoing (and ever-changing) IT functions. NSX Data Center allows teams to scale in ways simply impossible with a physical network alone, and creates a foundation for future growth without hindrance. A physical network is only capable of supporting 4,094 VLANs, whereas now we are running three physical networking environments with more than 10,000 active NSX VXLANs.
NSX Data Center enables all-new levels of speed as new deployments can be built faster, with more consistency and less human error, through automation using an API. Plus, source-control can be employed to perform configuration using a push model instead of the traditional pull model for network configuration backups. This further accelerates the system’s (and IT’s) ability to respond. In fact, by utilizing configuration management tools that integrate with the NSX API, we are able to deploy an NSX logical network topology in less than ten minutes versus one day.
Today, thanks to the NSX Data Center, our enterprise operations are agile, flexible, robust, and highly automated. More importantly, VMware can now instantly (and successfully) adapt to any business/marketplace changes.
VMware on VMware blogs are written by IT subject matter experts sharing stories about IT’s transformation journey using VMware products and services in a global production environment. Visit our portal to learn more.