Disaster Recovery with VMware NSX-V and Zerto

Note, this is a reposting of the blog that I initially postedhere onhumairahmed.com. In a prior blog, VMware NSX and SRM: Disaster Recovery Overview and Demo, I described and demoed how VMware NSX and SRM with vSphere Replication combined provide for an enhanced disaster recovery (DR) solution. SRM also provides additional integration with NSX when Storage Policy Protection Groups (SPPGs) are used by providing the ability to automate network mappings. One of the great things about the NSX-V platform, is it can be used with any DRorchestration tool that supports the VMware vSphere ESXi hypervisor. Some of the tools customers are using with NSX include VMware SRM, Dell EMC RP4VM, Zerto, and Veeam. As SRM was discussed and demonstrated in a prior blog, Zerto and NSX together is explained in more detail below.

For more details on Disaster Recovery with NSX, make sure to check-out theDisaster Recovery Solutions with NSX [NET1188BU]session at upcoming VMworld 2017 on August 28th. I will discuss DR with NSX and DR Orchestration tools (SRM, RP4VM, and Zerto) in more detail. Justin Giardin from iland will discuss how they use NSX and Zerto to provide DRaaS solutions. Additionally,Ian Allie from Dell EMC Enterprise Hybrid Cloud (EHC) will discuss how they use NSX and RP4VM to provide DR services for their customers.

Similar to vSphere Replication, Zerto provides the ability to replicate workloads at the VM-level. Zerto Virtual Manager (ZVM) is a standalone manager installed on a Windows workstation. The diagram below shows how ZVM is deployed within the management vCenter domain in a multisite Cross-VC NSX environment.

Figure 1: Example NSX + Zerto DR Deployment

Once ZVM is linked to the respective vCenter, a user can log-on ZVM using vSphere credentials. From the ZVM a Zerto Virtual Replication Appliance (VRA) can be installed on the desired hosts that have VMs that need to be protected.

Figure 2: Deploying Zerto VRAs

In Figure 3, it can be seen that there are four VMs in the Zerto Virtual Protection Group (VPG) being replicated/protected.

Figure 3: Four VMs in Zerto Virtual Protection Group

Similar to what was shown prior with SRM, Zerto can also ensure when a application or site failure eventoccurs the application(s) are recovered on the same network thanks to NSX logical networks spanning both sites and vCenter domains. In addition to the consistent networking across sites/vCenters, consistent security also exists. Thus, the end result is better recovery time objective (RTO) for applications as the IP address for the application does not need to change and security policies do not have to be manually replicated.

Figure 4 below shows how the default network mapping is configured within ZVM. By default, all workloads will failover to the respective default Failover Network upon actual failover and respective Failover Test Network when testing the Zerto DRplan.

Figure 4: Configuring Default Network Mappings in Zerto

As Figure 5 shows, differentFailover Networks andFailover Test Networks can also be configured for each specific VM.

Figure 5: Configuring Network Mappings for Specific VMs in Zerto

An extremely valuable capability of leveraging NSX with DR Orchestration tools like SRM, RP4VM, and Zerto is the capability to test the DR plan without any disruption to the production network. NSX enables this by allowing for isolated test logical networks to be created easily with the same IP addressing scheme. The DR orchestration tools can then be configured to use the isolated test networks for realistic DR Plan testing. This is represented in the below diagram using Zerto.

Figure 6: Simplified DR Testing Using Test NSX Logical Networks

As mentioned prior, for more details on Disaster Recovery with NSX and DR orchestration tools like SRM, RP4VM, and Zerto, make sure to check-out theDisaster Recovery Solutions with NSX [NET1188BU]session at upcoming VMworld 2017 on August 28th.

The post Disaster Recovery with VMware NSX-V and Zerto appeared first on Network Virtualization.

Read more..

NSX Sessions for the Geeks at VMworld 2017

This year at VMworld 2017 we have a great agenda full of highly technical sessions around NSX. Over the past few years NSX has expanded to meet a variety of use cases as our Content Catalog clearly shows. Based on the project your working on today, check out our recommendations for the best technical sessions for these specific NSX use cases:

  1. General overview sessions
  2. Security
  3. NSX & Cloud Native Apps
  4. Application Continuity
  5. Automation
  6. Design & Architecture

General NSX Sessions:

TS7003KU: Transforming Networking and Security for the Digital Era

Speakers: Milin Desai, Tom Corn and 3 customers

At a time when changes to technology are coming at us at a fast pace, how do customers meet and exceed business expectations? This session will focus on how customers are on their SDDC journey in context of network and security. Through the lens of the customer we will share what drives adoption, technology updates, team dynamics and becoming part of the overall business success.

NET3282BU: The NSX Practical Path

Speakers: Nikhil Kelshikar, Ron Fuller

We will share how customers have found value with NSX by getting started with one of the use cases around Security, Automation or App continuity. We will show demos of how one can create a security perimeter in a few simple steps, leveraging APIs and tools to drive automation and extending your network for DR.

NET3283BU: NSX Features Deep Dive

Speakers: Catherine Fan, Nicholas Furman

NSX is feature packed but you don&#rsquo;t need to use everything to realize your use case. We will show you (demos) how NSX features map to use cases. If you are a NSX user, you will learn what more could you be doing with NSX ..


NSX security focused sessions:

NET1932BU: Distributed Networking and Security Services; Deep Dive

Speakers: Jayant Jain, Anirban Sengupta

Hear from the engineers who are developing the product about how distributed services work in NSX. They will talk about why distributed services matter and how we deliver a full stateful services for security and networking.

SAI2803BU: Road to Micro-segmentation with NSX

Speakers: Stijn Vanveerdeeghem, Geoff Wilmington

Stijn and Geoff will walk you through the thought process which goes into create a micro-segmented security policy. We will show you some tools which can drastically reduce the time it takes to get there and makes micro-segmentation easy to implement. You will learn techniques on how NSX can give you full visibility to what is actually happening inside your data center.


NSX & Cloud Native Apps

NET1522BU: Kubernetes Networking with NSX-T Deep Dive

Speakers: Yves Fauser, Yasen Simenov

This session will cover the new and upcoming NSX-T and container networking integration with K8&#rsquo;s. The speakers (Yves and Yasen) will show you how this integration will work and the benefits of the NSX-T for next-gen apps.

NET1523BU: Integrating NSX and Cloud Foundry

Speakers: Sai Chaitanya, Usha Ramachandran (Pivotal)

This session jointly presented by VMware and Pivotal will show how NSX can simplify networking and security deployments for PaaS like Pivotal cloud foundry. We will share some PaaS fundamentals and demo how the integration looks like. You will not want to miss this session.

NSX – Application Continuity Sessions

NET1190BU, NET1191BU – Multi-site Networking with NSX (Part1, Part2)

Speakers: Humair Ahmed, Kent Munson (F5)

We had so much information we had to break this up into two parts to share best practices around multi-site networking and the cross vCenter features. We will be joined by F5 in session part 2 to share how global site load balancing can be used in conjunction with this great NSX functionality

NET1188BU: Disaster Recovery Solutions with NSX

Speakers: Justin Guirdina(CTO, iLand), Humair Ahmed, Ian Allie (Dell EMC)

Hear from Justin on how iLand implemented DR with NSX. Ian will walk through how we worked to create a DR solution with Recover point and there will be lots of demos!


NSX – Automation Focus

NET2119BU: Bringing the power of PowerCLI to NSX for vSphere

Speakers: Dale Coghlan, Nicholas Bradford

This was one of the highest rated sessions at VMworld last year and you will want to attend to find out why. The session is one big demo with a lot of entertainment and learnings. PowerNSX can show you a whole new dimension of how you can manage and operate your NSX environment and doing tasks in seconds!

NET1853BU: Infrastructure-as-a-Service and Day 2 Automation of NSX for vSphere using vRealize Orchestrator and vRealize Automation

Speakers: Hiral Doshi, Aditya Gokhale

Hiral and Aditya will share what&#rsquo;s new with NSX and VRA Integration. We will introduce the NSX VRO plugins as well for day 2 workflows for automation

NET1338BU: VMware Integrated OpenStack and NSX Integration Deep Dive

Speakers Russ Starr Jr. (Cerner), Marcos Hernandez

Learn how Cerner leverages VIO and NSX for their OpenStack cloud. Marcos, who has helped many customers with this journey will share best practices.


NSX – Design and Architecture

NET1535BU, NET1536BU: Reference Design for SDDC with NSX and vSphere (Part1, Part2)

Speaker: Nimish Desai

This will be another double header session where Nimish will walk us through the NSX reference design. The audience will learn about the design decision points for NSX and the best practices we have learned based on the thousands of NSX deployments.

NET1836BU: NSX-T Advanced Architecture Concepts

Speaker: Francois Tallet

So you know about NSX for vSphere and are wondering what NSX-T platform is like, well you can come hear Francois walk us through the architecture and components of NSX-T.

These are just a handful of the catalog of NSX sessions at VMworld. You can search the session catalog here for more and pick your session of interest.

And wait we have a limited number of swag bags this year which will be given away in every session for attendees by the speakers.

We look forward to meeting you at VMworld!

The post NSX Sessions for the Geeks at VMworld 2017 appeared first on Network Virtualization.

Read more..

Top 10 Networking and Security Sessions

At VMworld 2016, we showed network virtualization has gone mainstream and that NSX is the sure-fire way for you to bring your data center into the future with unparalleled security, speed, and agility.

A year on, NSX is taking its show on the road, and its destination is… everywhere. Not satisfied to help you master only the data center, NSX is setting out to help you conquer the cloud, remote and branch offices (ROBO), and even containers. To help you get there, VMworld 2017 has 70+ networking and security sessions and 60+ NSX customers to show you the way forward firsthand. And as an added bonus, VMware will be launching an exciting new security product, to help ensure your applications stay secure!

So take a look at the list of the top, can&#rsquo;t-miss networking and security sessions below. You should also check out theschedule builderon VMworld.com to reserve your spot in the top networking and security sessions as well as to discover the whole range of introductory and deep dive NSX sessions covering the entire use case spectrum.

See you at VMworld US 2017!


Date Time Session ID Session Title
Mon August 28 11:00 AM – 12:00 PM SAI3237SU Use Virtualization to Secure Application Infrastructure
Mon August 28 1:00 PM – 2:00 PM NET3235SU Why Networking is at the Heart of Digital Transformation
Mon August 28 1:00 PM – 2:00 PM NET1521GU Container Networking with NSX-T Overview
Mon August 28 2:30 PM – 3:30 PM NET3282BU The NSX Practical Path
Mon August 28 4:00 PM – 5:00 PM NET3236SU NSX Everywhere: The Network Bridge for On-Premises, Private, and Native Public Clouds
Mon August 28 4:00 PM – 5:00 PM NET1152BU Introduction to VMware NSX
Tues August 29 11:30 AM – 12:30 PM NET1821BU The Future of Networking and Security with NSX-T
Tues August 29 12:30 PM – 1:30 PM TS7003KU Transforming Networking and Security for the Digital Era
Tues August 29 4:00 PM – 5:00 PM SAI2895BU Application Security Reviews Made Easy with VMware&#rsquo;s Latest Security Solution
Wed August 30 1:00 PM – 2:00 PM NET1089BU When Clouds Collide, Lightning Strikes





The post Top 10 Networking and Security Sessions appeared first on Network Virtualization.

Read more..

NSX-Powered Credit Union Shifts Focus to Speed and Innovation

Personal banking sure isn&#rsquo;t what it used to be. Thankfully.

When is the last time you went to a bank? My trips are so infrequent that I actually enjoy the experience as a change of pace. That&#rsquo;s because normally, I get to transfer money or deposit a check not only online, but from my phone. And things in the banking sector aren&#rsquo;t slowing down, they&#rsquo;re speeding up, as new digital upstarts create competition and a pressure to innovate and make customers&#rsquo; lives easier.

Still, not too long ago, the banking industry was still feeling the shockwaves of the financial crisis. Investments across the industry were tight, meaning more had to be done with less – a story many of us who have had roles in IT can relate to. So when Amy Hysell took on the role of CIO at the Arizona Federal Credit Union (AZFCU), she decided to take a fresh approach. To compete in this fast-moving industry, she stepped back and took a look at on how to enable speed and innovation, while keeping security as the top priority, and also without sacrificing cost efficiency.

Fast forward to today, and a peek atsome of AZFCU&#rsquo;s servicesquickly demonstrates a forward-thinking customer-first credit union. Using their own apps on mobile and even wearable platforms, the credit union offers innovative services like CardPower to manage credit card security, Popmoney to easily send money via text, or Eyeprint ID for additional security.

Using VMware NSX and the Software-Defined Data Center (SDDC) model, AZFCU was able to modernize their data center and drastically reduce the time spent fighting fires and keeping the lights on, allowing them to shift to a renewed focus on their customers. Let&#rsquo;s look at what that really meant.

Application Continuity

Many IT organizations classify applications in tiers by how critical they are, giving critical applications better attention and higher availability. This is logical, but can also conflict with user expectations in a world where everything is expected to work all the time. Why should one have to choose which application will get high availability?

Using NSX, AZFCU was able to extend their networking and security services across multiple locations, resulting in a streamlined operation running over multiple active-active sites. When a set of resources fails, the application can be instantly recovered in an entirely different location, and with the same networking and security policies ready to go.

What did this mean for the business? Instead of only the privileged few applications being recovered during an outage, any application can be instantly recovered. Instead of a complete recovery taking hours, it takes minutes, or is actually instant. Leveraging resources across locations, new applications could be spun up in minutes or hours, not days or weeks.

“Security Comes First”

If a hacker considers a retail breach of credit card information a jackpot, then getting into a bank must be heaven. This means the increased number of breaches create immense pressure on banks, as their customers trust them to keep their money and data secure.

&#rsquo;It&#rsquo;s fine to be able to identify a data breach, but by then it&#rsquo;s too late,&#rdquo; says Hysell. &#rsquo;With VMware NSX, we can contain a breach and minimize the impact rather than letting it go and doing forensics later to determine what happened. And from a data governance perspective, we have much more visibility, so it&#rsquo;s much easier to conduct risk assessments.&#rdquo;

In addition to becoming more secure, Hysell found the teams able to move faster now that there was a common way to segment new applications appropriately based on some simple questions like whether user sensitive data is involved or not.

Agile Banking

With a new operational model of how applications are deployed, secured, and recovered, AZFCU&#rsquo;s business has seen a dramatically improved SLA for new services. They&#rsquo;ve moved from a reactive model, to a proactive model, allowing them to focus on differentiating innovation, like new ways to make mobile banking easier and more secure.

&#rsquo;With our new data center powered by VMware, we can say &#lsquo;yes&#rsquo; a lot more often,&#rdquo; says Hysell. &#rsquo;Our internal customers are very happy.&#rdquo;

They also get top talent into the business.

&#rsquo;We&#rsquo;re able to attract and retain top IT talent because we&#rsquo;re giving them modern tools to do their jobs better,&#rdquo; says Hysell. &#rsquo;We can understand the health of our network from a single pane of glass. I get a report every day, so I worry a lot less.&#rdquo;

Learn More

Going toVMworld?Amy Hysell will joinmein the breakout sessionIntro to NSX for Application Continuity(session ID NET1300BU). It will be held on Tuesday, August 29that 4:00 PM. Come see us!

More resourceson the topic of Application Continuity with NSX:

  • NSX Multi-site Options and Cross-VC NSX Design Guide
  • VMware NSX and SRM: Disaster Recovery Overview and Demo
  • 3 Ways Organizations Use NSX for Application Continuity

The post NSX-Powered Credit Union Shifts Focus to Speed and Innovation appeared first on Network Virtualization.

Read more..

Calling all networking leaders – future:net 2017 is coming

&#rsquo;I thought future:net was the smartest of the networking conferences I’ve attended this year. The speakers were excellent — especially the customer and end-user stories, which provided valuable insight…it reminded me a lot of the first years of the Open Network Summit — the brain trust of the industry would attend, and that made it a must-attend show.
Craig Matsumoto, Managing Editor, SDX Central
&#rsquo;A note to say what a privilege it was to participate in the future:net event. Seriously, absolutely top notch event that was free of the embuggerances that make large conferences such hard work. Congratulations on pulling it together and we hope for another invitation when it comes around again.&#rdquo;
Greg Ferro and Ethan Banks, Co-founders of Packet Pushers

We live in a hyper connected world – everything of value, from the apps, to the cloud, to the devices, to the users, is all closely tethered to one another. The network has become the critical platform that connects everything reliably and securely. IT must also evolve to support this new ecosystem of engagement. Ultimately, a lot has to happen for the network to deliver what customers need: a seamless and secure experience.

That&#rsquo;s why we&#rsquo;re looking forward to future:net 2017 – taking place in just a few weeks! Technical leaders across different industries will highlight their digital journeys and current state of their networking solutions, while networking leaders at the cutting-edge of new technologies will showcase what&#rsquo;s in store for the future.

This year, notable speakers such as Peter DeSantis, Vice President of Infrastructure Leadership at Amazon, will share about the necessary and crucial evolution of networking (for 2016 session topics, see recordings).

Let&#rsquo;s get ready for the digital era together. Join us this year on August 30th - 31st at the Four Seasons Hotel in Las Vegas. future:net is a complimentary, invite-only event and space is limited. Request an invitetoday and to learn more, please visit the future:net website.

Questions? Contact us at



The post Calling all networking leaders - future:net 2017 is coming appeared first on Network Virtualization.

Read more..

Transforming IT Security in Three Key Steps

Several years ago, the CEO of a Fortune 100 company remarked: &#rsquo;If you went to bed last night as an industrial company, you&#rsquo;re going to wake up this morning as a software and analytics company.&#rdquo;

Today, these words are more true than ever—but so is the reality that the digital transformation in business has also given rise to significant changes across the IT landscape and, in turn, significant new challenges for IT security.

As people, devices, and objects become more connected, protecting all these connections and environments has become a top priority for many IT organizations. At the same time, it&#rsquo;s also become one of their biggest challenges. Securing each and every interaction between users, applications, and data is no easy feat—especially when you consider that securing these interactions needs to be done across environments that are constantly changing and increasingly dynamic.

So how do you mitigate risk in a world where IT complexity and &#rsquo;anytime, anywhere&#rdquo; digital interactions are growing exponentially? For organizations that are embracing cloud and virtualized environments, three common-sense steps—enabled by a ubiquitous software layer across the application infrastructure and endpoints that exists independently of the underlying physical infrastructure—are proving to be key for providing the visibility and control needed to maximize security across modern IT environments.

  • Secure the application infrastructure

While traditional data center security can provide adequate protection at the perimeter, it is not designed to provide sufficient visibility and control inside the data center. Virtualizing the application infrastructure, and compartmentalizing applications via network micro-segmentation, can help provide the protection needed against today&#rsquo;s increasingly sophisticated attacks.

  • Secure identity and endpoints

As mobility, BYOD, and IoT initiatives proliferate, so too does the complexity of managing an ever-widening variety of devices. Virtualization can help verify user identity and device posture, providing true visibility and control that extend into the data center or cloud, where the application infrastructure resides.

  • Streamline compliance

Managing risk and maintaining compliance are major challenges, made even more difficult as organizations make the transition from on-premises data centers to cloud. Virtualization helps enable a more holistic approach to meeting compliance demands by providing an ideal location to implement controls and gain visibility.

Of course, this is just a brief overview of how a purposeful software layer that spans from infrastructure to endpoint can help transform IT security for today&#rsquo;s organizations. For a more detailed discussion, please read the VMware solution overview entitled, &#rsquo;Three Key Steps to Transforming IT Security.&#rdquo;

Learn more about Transform Security here.

Join Us Online

  • Twitter: com/vmware
  • Facebook: www.facebook.com/vmware


The post Transforming IT Security in Three Key Steps appeared first on Network Virtualization.

Read more..

Networking Challenges in OpenStack Clouds

Did you decided that is time to implement OpenStack to build your Cloud? Have you tested in the lab? Evaluated many distributions available and hired specialized OpenStack resources? However, when the environment goes into production, Neutron is not integrating with the physical network?

If the above story closely resembles what you have faced, this post will unconceal the many challenges of Networking with any OpenStack distribution and how VMware NSX is the missing piece for your Cloud.

Networking and Security Challenges with OpenStack

Since its creation, the biggest challenges of OpenStack Clouds implementations are automation, integration and orchestration of the required networking and security components at the physical infrastructure layer. The main difficulty is that these environments are extremely heterogeneous and most of the devices do not have an open and programmable interface for configuration and, thus, the initial way of running OpenStack was to pre-provisioning the network manually and only use basics functionalities when implementing security services.

With the rise of Network Virtualization solutions and evolution of Open vSwitch, some of these challenges were solved, making it possible to create an abstraction layer from the physical elements of infrastructure and automate the virtual network thr