As you may be aware, I tend to steer myself towards the networking side of technology primarily. That is something I generally understand and I enjoy. No surprises there. That is why I was very pleased when I saw VMWare come out with their NSX product. This product was released to make the datacenter more customizable, secure, and manageable. This post will outline some of the ways the VMWare NSX datacenter is changing the way the datacenter is looked at, primarily from a networking standpoint. It will build on my other post about VMWare NSX located here: VMWare NSX: A New Method of Datacenter Networking
Think about the datacenters you’ve worked in in the past or even the one you work with now. A lot of the time there is a standard setup with servers (physical or virtual) in the datacenter connected to top of rack switches. So much of the time, they are treated like a basic connected devices, which is fine, as that works for a lot of setups. Within virtualized environments, the network would feed either a basic access link to a physical host or a trunk link to virtual hosts and then the servers would reside on whichever vlan they needed to be on. That traffic would then work its way through the network like any other traffic. This would include running through any connected switches, routers, or firewalls in the path. In that case, a topology could really be seen like this:
The network is the network, and the datacenter is the datacenter. Vlans and subnets are handled on the network side of things. A server is put on the network on a specific vlan, given an IP, and goes from there. You may use firewalls or access control lists to control access to certain hosts and or vlans, but again that is all on the network side of things.
But what if there was another way…
VMWare NSX – Software Defined Datacenter
Earlier this year, I was lucky enough to be part of Network Field Day 15 (NFD15). We had the chance to sit down with some of the great minds at VMWare behind their new NSX product. I got to thinking about scenarios in my professional career where their technology would come in handy. Not to jump ahead though, I want to focus on what a VMWare NSX datacenter really is, in terms of networking. I quickly realized at NFD15 that there were multiple different ways I could be thinking around networking in the datacenter. Instead of sharing vlans across an entire enterprise environment, I could keep the datacenter active with its own topology in a sense and connect it via a L3 routed link. Maybe a collapsed core, some top of rack switches, and a firewall or two where needed. This would segment my network between users and the datacenter. That’s another common, popular way to do things. I just described a good bit of networking equipment though. That brings additional levels of management and definitely budget along with it. THAT is where the VMWare NSX datacenter comes in. What if I could turn my datacenter environment into its own network topology and connect it to the enterprise via a routed link, but do so with my existing datacenter hardware and no additional networking equipment? That was part of the goal of VMWare NSX. Remember my example topology above? With VMWare NSX, it begins to look a bit like this:
Suddenly vlans, routing, and per-node firewalling have become possible. Logically, the datacenter has become a new topology that my virtual servers reside in. For more details about how this works, give this video a quick watch. It explains how this new logical network works and connects to the rest of the enterprise network:
Now I don’t need to rely on upstream access control lists or firewalls to protect an individual server in the datacenter, such as a PCI device. This brings a new term, microsegmentation, into play. Basically this means we are now breaking an already segmented datacenter into even smaller logical divisions for the sake of security. I have another post that covers that portion of things as well: VMWare NSX Distributed Firewall.
With technologies in the past focusing so much on virtualizing the datacenter in terms of servers, it is great to see this on the networking side of things. The end goal of a lot of people I believe is to work to do more with the hardware and other infrastructure they already have in place. Where we used to add more hardware to our networks to accomplish segmentation tasks, VMWare NSX is a viable option to accomplish this logically.
For more information regarding VMWare NSX, visit their official product page located HERE.
Disclaimer: Gestalt IT, organizers of Network Field Day was responsible for my travel expenses to attend Network Field Day. I do not receive any cash compensation as a delegate from either Gestalt It or any of the mentioned vendors. All opinions are my own.