Expert Reference Series of White Papers. vcloud Director 5.1 Networking Concepts
|
|
- Cecil Craig
- 8 years ago
- Views:
Transcription
1 Expert Reference Series of White Papers vcloud Director 5.1 Networking Concepts COURSES
2 vcloud Director 5.1 Networking Concepts Rebecca Fitzhugh, VMware Certified Instructor and Consultant Introduction A VMware vcloud is made up of one or more vcloud Director servers that are integrated with underlying vsphere components. The vcloud is a new abstraction layer above vcenter Server consuming the resources that vcenter manages; this allows a user to self-provision virtual environments utilizing memory, compute, storage, and networking resources. Cloud computing has become a vague, arbitrary phrase, but there are six characteristics that define exactly what a cloud should consist of self-service elasticity pay as you go multi-tenancy resource pooling ubiquitous access A private cloud is an infrastructure whose resources are only used internally. A public cloud is an infrastructure made available to external customers for a price. A hybrid cloud combines two or more clouds with some kind of standardized technology, like VMware vcloud Connector, while each cloud maintains its own unique identity. The foundation of the vcloud centers on the networking configuration. Networking occurs over three different layers: external, organization, and vapp; it is imperative to properly configure and manage these networks so that the vcloud can be consumed. Think of vcloud networking as an onion that will be peeled back to reveal each layer, starting with the organization s networks that are created by an administrator with the system administrator role in vcloud Director. A system administrator is the highest role within the vcloud. This white paper covers the different networking layers present in a vcloud environment as well as some other considerations in the configuration process with the assumption that the reader has some technical experience with vcloud Director. What is an Organization? An organization provides four core resources (compute, memory, storage, and networking) to a particular set of policies dictating how those resources can be consumed. In a private cloud, a business may have different cloud organizations indicative of their business structure: perhaps a Human Resources organization, Finance organiza- Copyright 2013 Global Knowledge Training LLC. All rights reserved. 2
3 tion, etc. A public cloud may specify different organizations for each of their external customers. Organizations receive their compute, memory, and storage resources from an object called a virtual datacenter. A system administrator can create multiple provider virtual datacenters to meet Service Level Agreement (SLA) requirements with each different provider specifying a different level of guaranteed service. Note that the networking resources don t come from virtual datacenters but from network pools. External Networks The first object that is created within vcloud Director is the External Network. An External Network provides the connection from the cloud to the outside world, allowing inter-cloud connections and is port group based. Even though this connection is called the external connection, an Internet connection is not actually required; this can be set up to provide a connection to several different internal entities, like ESXi hosts, without an actual route to the Internet. Since this connection is port group-based, then the port group needs to exist prior to attempting to establish the connection. The port group can be defined on a standard vswitch, a distributed vswitch, or on a Nexus 1000V. Organization virtual datacenters can use the external networks to provide Internet connectivity to the organizations and the virtual machines that reside within a vapp, given that the vapp network is configured for that. By creating an external network, vcloud Director is effectively configured to send all external traffic using the port group(s) selected. Should there be multiple external networks created then be sure to separate them by using VLANs. Only someone with the system administrator role within the vcloud can create and manage external networks. Figure 1. Selection of existing port group when creating external network. Copyright 2013 Global Knowledge Training LLC. All rights reserved. 3
4 Organization Network An organization network provides network services to one particular organization, whereas an external network is created at the provider level and supplies connectivity to multiple organizations. There are three options when creating organization networks: internal, NAT-connected, and direct-connected. An organization administrator cannot create an organization network due to the configuration of external IPs; only a system administrator can configure this. Internal An organization can be set up so that it does not have a connection to the Internet or a connection to any other external network, just an internal connection. An internal-only network could be set up for groups of test virtual machines; a virtual machine can be configured with multiple network interfaces so that it has a connection to the internal network as well as one of the other two types. With an internal organization network, vapps can connect, but there is no traffic outside the organization. Network Address Translation (NAT)-Connected Network Address Translation (NAT)-connected, sometimes called a routed network, can be connected to the external network through a vshield Edge device. The vshield Edge device provides port-forwarding services, NAT, DNS forwarding, and DHCP services to the network; the vshield Edge device gets provisioned automatically by vcloud Director as needed. A NAT connection allows for virtual machines to communicate with each other while only having one IP seen from the Internet. Another use of NAT is to fence, which includes two sets of IP addresses: external and internal. Fencing allows for several vapps to utilize the same internal IP addresses and extremely useful for test environments. Direct Communication The last option for an organization network is a direct connection. The organization would use an external network to connect to external systems, including the Internet. Using this method, a user can connect directly to a virtual machine using remote desktop or even SSH. If a vapp configured for a direct connection then the vapp s IP addresses must be statically assigned or a DHCP server must be connected to the external providing the vapp with those IP addresses. Copyright 2013 Global Knowledge Training LLC. All rights reserved. 4
5 Figure 2. Selection of network access type for organization network. Network Pools All cloud entities consume resources that are pooled; there is no exception for network resources. A portion of a network pool is used whenever an organization network or a vapp network is created and connected to the network layer above. Any time an organization network is created that is either NAT-connected or internal, a network pool is used. Also, all vapp networks use network pools. There are four types of network pools that can be created: VLANbacked port group-backed vcloud Network Isolation backed (VCNI) VXLAN Each pool can be used interchangeably, and each has its own set of requirements. The vswitch, Distributed vswitch, or the Nexus 1000V producing the service needs to have physical uplinks to enable communication beyond the host on which a given virtual machine resides. Copyright 2013 Global Knowledge Training LLC. All rights reserved. 5
6 Whenever an organization virtual datacenter is created, it is associated directly with a network pool. Each organization must have at least one organization network that is built off of network pools. The organization virtual datacenter can utilize multiple network pools, and one organization can be associated with more than one organization virtual datacenter. Multiple organization datacenters can utilize the same network pool. A maximum of 1,016 port groups can be created per vcenter, and VMware s best practice is to make the port groups have a maximum of 4096 ports instead of the default 128. For the port binding option, it is recommended that ephemeral, or no binding, is chosen for all preconfigured port groups. Ephemeral port binding is done automatically by vcloud Director for auto-provisioned port groups. Also to limit network names to 33 characters or shorter because vcloud Director adds a unique identifier, as long as 47 characters, to the end of the network name when a vshield Edge device is provisioned. VLAN-Backed Network Pools The VLAN-backed model is flexible, can be routed, and does not require any special MTU setting. This option requires a distributed vswitch and a set of unused VLANs. For this option, one or more VLAN IDs need to be specified, making sure not to overlap any existing VLANs. Also, for all VLANs specified in the pool, the physical environment needs to be trunked accordingly. Port groups are dynamically created by vcenter as the VLANs are used. Nexus 1000V and Standard vswitches are not currently supported in 5.1. Port Group-Backed Network Pools The port group network pool requires pre-created port groups within the vsphere environment and is, therefore, the least flexible of the different options. Since the port groups have to be pre-created, the VLANs have to be manually configured, and there is no automatic network deployment, so it can be difficult to manage. This option can utilize Standard vswitches, Distributed vswitches, and the Nexus 1000V so it is the only network pool option for those without Enterprise Plus licensing. There is a one-to-one ratio between the manually created port groups and the networks in the pool. vcloud Network Isolation (VCD-NI)-Backed Network Pools A vcloud Network Isolation-backed pool is driven by the VSLAD (vcloud Director) agent that runs on the ESXi hypervisor. A VCD-NI network isolates network traffic at layer 2. This method uses MAC-in-MAC encapsulation to tunnel traffic between ESXi hosts through the VMkernel module, attaching a packet header before the traffic hits the physical layer. Nothing changes on the vsphere layer when first configuring for this method as a network pool; no vshield device is deployed, and no new port groups appear until a vapp that is connected to this network is powered on. After creating a Distributed vswitch, a transport VLAN needs to be designated for carrying the encapsulated traffic. vcloud Director will create an overlay network for the specified VLAN for each isolated network, at which time it will be assigned a Network ID number. The network overlay encapsulates the data and ensures that it is isolated. The encapsulation contains information regarding the source and destination MAC addresses of the Copyright 2013 Global Knowledge Training LLC. All rights reserved. 6
7 ESXi host(s) where the endpoint is located as well as the Network ID. When the ESXi host receives the packet, the VCD-NI header is stripped off to expose the MAC address information so it can be delivered to the destination virtual machine. Because of this header, the packet is 1524 bytes instead of the normal 1500 bytes so the Maximum Transfer Unit (MTU) will need to be adjusted on the physical layer. Also, since an ESXi host is the only thing able to decode the packet header, this traffic is non-routable. All switches, Distributed vswitches and physical switches, need to have the MTU settings adjusted accordingly if planning to use this network pool type. Keep in mind that when using jumbo frames, the frame size would need to be reduced by 24 bytes to accommodate the encapsulation. Therefore, if jumbo frames is normally set to 9000 then the virtual machines guest operating system would need to be set to -24, with the MTU defined as 8,976 bytes. VXLAN In vsphere 5.1 and vcloud Director 5.1, VXLAN (virtual extensible LAN) support is introduced, providing the multi-tenant broadcast domains across datacenters enabling a logical network to span physical network boundaries. VXLAN allows compute resources to be pooled across non-contiguous clusters or pods and then segment this pool into logical networks attached to applications. This technology uses MAC-in-UDP encapsulation, adding a 24-bit identifier, providing a layer 2 abstraction to virtual machines regardless of physical location. The ESXi hosts have to be prepared through the vshield Manager (vcloud Networking and Security appliance) that requires a Segment ID Pool and a Multicast address assignment. Once the ESXi hosts are prepared, a VXLAN pool is automatically created. vapp Networks There are three types of network connections for a vapp Network: isolated, bridged, and NAT routed. Isolated networks are totally separate, no connection to another network. These are great for back-end communication such as communication between a database and a web server. So a second interface could be added to the web server and the database so that the traffic between the two servers is isolated and then a second interface could be added for a connection to the Organization network. A bridged network simply means that the vapp is directly connected to the Organization network. This method is commonly used for vapp that need to be accessed from anywhere within the Organization. In the vcloud Director User Interface, this connection is called a direct connection. Creating a vapp network that has a NAT connection to the Organization network results in the creation of a vshield Edge appliance that connects the two different networks. The vshield Edge appliance has two interfaces, internal and external, where the external is the Organization network and the internal is the vapp network. vshield Edge provides services like NAT, DHCP, Firewall and static routing to a vapp network. The term fenced refers to the fact that the vapp is somewhat isolated from the rest of the network. The isolation includes the MAC address of the virtual machines within the vapp, no virtual machine outside the vapp Copyright 2013 Global Knowledge Training LLC. All rights reserved. 7
8 will have visibility of the IP addresses and MAC addresses. In vcloud Director, this means that both the vapp network and the Organization network are on the same subnet. This idea doesn t seem special; however, the difference is that, with a fenced network, there is a vshield Edge device in between the networks. Connectivity There are many layers and types of cloud inter-connectivity and intra-connectivity networking that an administrator must be able to deploy and manage for the VMware vcloud environment. This can include Virtual Private Network (VPN) tunnels and static routes, as well as the use of VMware vcloud Connector (vcc). Multiple external networks can exist on the same physical LAN as long as they are separated by VLANs. An external network can be dedicated to a sole organization or shared across multiple organizations. A virtual machine within a vapp can be multi-homed; however, each virtual machine s vnic can only connect to one network. Virtual machines can be connected to both vapp networks and organization networks. Multiple vapp network and multiple organization network connections are possible for a virtual machine s vnic, and more than one virtual machine vnics can be connected to the same network. Two vapp networks cannot be connected directly to each other; both vapp networks should both be connected to an organization network for connectivity between them. A vapp network cannot be connected to multiple organization networks. Multiple vapps cannot connect to a single vapp network, but multiple vapps can be connected to each other through an organization network. An organization network cannot be directly connected to another organization. A network cannot be deleted from a vapp, whether the network is a vapp or organization, unless there are no virtual machines connected to it. VPNs A Virtual Private Network (VPN) tunnel is an encapsulated or encrypted network path through a hostile network space. A VPN is anchored on both ends by either a VPN device or a firewall; in the case of vcloud Director the VPNs are anchored by vshield Edge appliances. After a VPN tunnel connects the two systems, communication occurs as if the two devices were on the same network except that any system outside the tunnel cannot intercept the traffic. In vcloud Director, there are three types of VPN tunnels that can be created: VPN between two different organization networks within the same organization, VPN between two organization networks in two different organizations, or a VPN between an organization network and a remote external network. An organization administrator and a system administrator can create VPN tunnels. To create a VPN between two different organization networks within the same organization, both networks must be external; a NAT connection cannot be established to an internal organization network. Both networks must be NAT-connected to the same external network with non-overlapping IP subnets and site-to-site VPN enabled. Copyright 2013 Global Knowledge Training LLC. All rights reserved. 8
9 For a VPN tunnel between two different organizations, the different organizations can be within the same vcloud or part of different vclouds. Both organizations need to have at least a single organization network that is NAT-connected with an external connection. The organization networks cannot have overlapping IP subnets and must have site-to-site VPN enabled. When creating a VPN tunnel to a remote network, the external remote network can an IPSec-enabled system, a firewall, or a router. Also, the external organization must be NAT-connected. No matter what type of VPN connection is being created, vshield Manager 5.0 (vcloud Networking and Security appliance) or newer must be used, since that is when VPN support was established. Also, vshield Manager (vcloud Networking and Security appliance) requires a special license for this support. If a firewall is present between the two endpoints of the tunnel, then the firewall must be configured to pass IP Protocol ID 50 (ESP) and IP Protocol ID 51 (AH), and needs to have the proper UDP ports open (500 and 4500). Static Routes Most routing is done dynamically where the router automatically chooses the best path between two network endpoints; however, a static route can be created. A static route is a permanent path between two networks used when routers are not configured to create dynamic routes, typically because of security reasons. There are two types of static routes that can be defined within vcloud Director: a route from one vapp network to another vapp network within the same organization or a route from one vapp network to another vapp network in a different organization. Either of these options will enable communications between the two vapps, but this is not a VPN; therefore, the communication between the vapps is not encrypted. Static routing services have to be enabled at the organization level before a static route can be created that allows traffic between vapps that are located in different organizations and routing over the organization networks. Only a system administrator can enable static routing for an organization level, but both a system administrator and an organization administrator can create a static route at a vapp level. If a firewall is located between the source and the destination vapp network, the firewall must be configured to pass the traffic, so firewall rules will need to be configured accordingly. Also, many operating systems have firewalls and may be configured to block incoming traffic so this operating system firewall may need to be disabled, or a rule be created to allow traffic from another network. Conclusion VMware vcloud Director contrives the provisioning of the software-defined datacenter layer to allow for a complete virtual datacenter delivery within a short period of time. This software-defined datacenter level provides the vcloud external connection while the organization and vapp networks are created within that vapp. Understanding how to create the different network layers and what is involved with the creation of network pools is integral to the success of a vcloud environment. Copyright 2013 Global Knowledge Training LLC. All rights reserved. 9
10 References For more information on vcloud Director and the features mentioned in this paper, see the following documents on VMware s website: VMware vcloud: Architecting a vcloud Technical White Paper vcloud Director Administrator s Guide [v5.1] Learn More VMware vcloud Director: Install, Configure, Manage [V5.1] VMware vcloud: Deploy and Manage the VMware Cloud [v1.5] VMware vcloud: Design Best Practices [v1.5] Visit or call COURSES ( ) to speak with a Global Knowledge training advisor. About the Author Rebecca Fitzhugh is a VMware Certified Instructor and Consultant whose primary focus is on VMware virtual infrastructure products and vcloud Director. Prior to becoming an instructor and consultant, Rebecca served five years in the United States Marine Corps where she assisted in the build-out and administrator of multiple enterprise networks residing on virtual infrastructure. Copyright 2013 Global Knowledge Training LLC. All rights reserved. 10
VMware vcloud Networking and Security Overview
VMware vcloud Networking and Security Overview Networks and Security for Virtualized Compute Environments WHITE PAPER Overview Organizations worldwide have gained significant efficiency and flexibility
More informationExpert Reference Series of White Papers. VMware vsphere Distributed Switches
Expert Reference Series of White Papers VMware vsphere Distributed Switches info@globalknowledge.net www.globalknowledge.net VMware vsphere Distributed Switches Rebecca Fitzhugh, VCAP-DCA, VCAP-DCD, VCAP-CIA,
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationAnalysis of Network Segmentation Techniques in Cloud Data Centers
64 Int'l Conf. Grid & Cloud Computing and Applications GCA'15 Analysis of Network Segmentation Techniques in Cloud Data Centers Ramaswamy Chandramouli Computer Security Division, Information Technology
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationVMware Network Virtualization Design Guide. January 2013
ware Network Virtualization Technical WHITE PAPER January 2013 ware Network Virtualization Table of Contents Intended Audience.... 3 Overview.... 3 Components of the ware Network Virtualization Solution....
More informationvcloud Air - Virtual Private Cloud OnDemand Networking Guide
vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationVMware NSX @SoftLayer!!
A VMware@SoftLayer CookBook v1.1 April 30, 2014 VMware NSX @SoftLayer Author(s) & Contributor(s) (IBM) Shane B. Mcelligott Dani Roisman (VMware) Merlin Glynn, mglynn@vmware.com Chris Wall Geoff Wing Marcos
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationvsphere Networking ESXi 5.0 vcenter Server 5.0 EN-000599-01
ESXi 5.0 vcenter Server 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationVMware NSX Network Virtualization Design Guide. Deploying VMware NSX with Cisco UCS and Nexus 7000
VMware NSX Network Virtualization Design Guide Deploying VMware NSX with Cisco UCS and Nexus 7000 Table of Contents Intended Audience... 3 Executive Summary... 3 Why deploy VMware NSX on Cisco UCS and
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationVirtual Data Centre. User Guide
Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10
More informationVMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION
TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................
More informationVMware vcloud Networking and Security
VMware vcloud Networking and Security Efficient, Agile and Extensible Software-Defined Networks and Security BROCHURE Overview Organizations worldwide have gained significant efficiency and flexibility
More informationExtending Networking to Fit the Cloud
VXLAN Extending Networking to Fit the Cloud Kamau WangŨ H Ũ Kamau Wangũhgũ is a Consulting Architect at VMware and a member of the Global Technical Service, Center of Excellence group. Kamau s focus at
More informationvshield Quick Start Guide
vshield Manager 5.0 vshield App 5.0 vshield Edge 5.0 vshield Endpoint 5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationCisco Dynamic Workload Scaling Solution
Cisco Dynamic Workload Scaling Solution What You Will Learn Cisco Application Control Engine (ACE), along with Cisco Nexus 7000 Series Switches and VMware vcenter, provides a complete solution for dynamic
More informationvshield Quick Start Guide
vshield Manager 5.0.1 vshield App 5.0.1 vshield Edge 5.0.1 vshield Endpoint 5.0.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationCross-vCenter NSX Installation Guide
NSX 6.2 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationImplementing and Troubleshooting the Cisco Cloud Infrastructure **Part of CCNP Cloud Certification Track**
Course: Duration: Price: $ 4,295.00 Learning Credits: 43 Certification: Implementing and Troubleshooting the Cisco Cloud Infrastructure Implementing and Troubleshooting the Cisco Cloud Infrastructure**Part
More informationvsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN-001074-02
vsphere 5.5 ESXi 5.5 vcenter Server 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more
More informationTechnical Note. vsphere Deployment Worksheet on page 2. Express Configuration on page 3. Single VLAN Configuration on page 5
Technical Note The vfabric Data Director worksheets contained in this technical note are intended to help you plan your Data Director deployment. The worksheets include the following: vsphere Deployment
More informationvsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN-001391-01
vsphere 6.0 ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more
More informationMultitenancy Options in Brocade VCS Fabrics
WHITE PAPER DATA CENTER Multitenancy Options in Brocade VCS Fabrics As cloud environments reach mainstream adoption, achieving scalable network segmentation takes on new urgency to support multitenancy.
More informationHow to Configure an Initial Installation of the VMware ESXi Hypervisor
How to Configure an Initial Installation of the VMware ESXi Hypervisor I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide
More informationNSX Installation and Upgrade Guide
NSX 6.0 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationEnhancing Cisco Networks with Gigamon // White Paper
Across the globe, many companies choose a Cisco switching architecture to service their physical and virtual networks for enterprise and data center operations. When implementing a large-scale Cisco network,
More informationInstalling Intercloud Fabric Firewall
This chapter contains the following sections: Information About the Intercloud Fabric Firewall, page 1 Prerequisites, page 1 Guidelines and Limitations, page 2 Basic Topology, page 2 Intercloud Fabric
More informationVMware. NSX Network Virtualization Design Guide
VMware NSX Network Virtualization Design Guide Table of Contents Intended Audience... 3 Overview... 3 Components of the VMware Network Virtualization Solution... 4 Data Plane... 4 Control Plane... 5 Management
More informationOn-Demand Infrastructure with Secure Networks REFERENCE ARCHITECTURE
REFERENCE ARCHITECTURE Table of Contents Executive Summary.... 3 Audience.... 3 Overview.... 3 What Is an On-Demand Infrastructure?.... 4 Architecture Overview.... 5 Cluster Overview.... 8 Management Cluster...
More informationInstallation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure
Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure August 2015 Table of Contents 1 Introduction... 3 Purpose... 3 Products... 3
More informationVLANs. Application Note
VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static
More informationA Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM
Presenter: Vinit Jain, STSM, System Networking Development, IBM System & Technology Group A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio
More informationVMware Software Defined Network. Dejan Grubić VMware Systems Engineer for Adriatic
VMware Software Defined Network Dejan Grubić VMware Systems Engineer for Adriatic The Transformation of Infrastructure Infrastructure Servers Clouds Be more responsive to business, change economics of
More informationVM-Series Firewall Deployment Tech Note PAN-OS 5.0
VM-Series Firewall Deployment Tech Note PAN-OS 5.0 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Supported Topologies... 3 Prerequisites... 4 Licensing... 5
More informationDMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
More informationAerohive Networks Inc. Free Bonjour Gateway FAQ
Aerohive Networks Inc. Free Bonjour Gateway FAQ 1. About the Product... 1 2. Installation... 2 3. Management... 3 4. Troubleshooting... 4 1. About the Product What is the Aerohive s Free Bonjour Gateway?
More informationSoftware Defined Network (SDN)
Georg Ochs, Smart Cloud Orchestrator (gochs@de.ibm.com) Software Defined Network (SDN) University of Stuttgart Cloud Course Fall 2013 Agenda Introduction SDN Components Openstack and SDN Example Scenario
More informationVMUG - vcloud Air Deep Dive. 2014 VMware Inc. All rights reserved.
VMUG - vcloud Air Deep Dive 2014 VMware Inc. All rights reserved. Agenda 1 Overview of vcloud Air 2 Advanced Networking Capabilities 3 Use Cases 4 Overview of Disaster Recovery Service 5 Questions 2 VMware
More informationNetwork Virtualization Solutions
Network Virtualization Solutions An Analysis of Solutions, Use Cases and Vendor and Product Profiles October 2013 The Independent Community and #1 Resource for SDN and NFV Tables of Contents Introduction
More informationArchitecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud
Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud Rob Randell, CISSP Principal Systems Engineer Security Specialist Agenda What is the Cloud? Virtualization Basics
More informationReference Design: Deploying NSX for vsphere with Cisco UCS and Nexus 9000 Switch Infrastructure TECHNICAL WHITE PAPER
Reference Design: Deploying NSX for vsphere with Cisco UCS and Nexus 9000 Switch Infrastructure TECHNICAL WHITE PAPER Table of Contents 1 Executive Summary....3 2 Scope and Design Goals....3 2.1 NSX VMkernel
More informationPotecting your business assets in The Cloud, with. Secure Multitency Environment from CloudHPT.
Potecting your business assets in The Cloud, with Secure Multitency Environment from CloudHPT. Whitepaper 1 Introduction Goal of This Document To provide a guide to the security features of CloudHPT. CloudHPT
More informationData Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair
Data Center Network Virtualisation Standards Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair May 2013 AGENDA 1. Why standardise? 2. Problem Statement and Architecture
More informationOpen Source Networking for Cloud Data Centers
Open Source Networking for Cloud Data Centers Gaetano Borgione Distinguished Engineer @ PLUMgrid April 2015 1 Agenda Open Source Clouds with OpenStack Building Blocks of Cloud Networking Tenant Networks
More informationSecurely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.
Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects
More informationNSX Administration Guide
NSX 6.0 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationVMware vcloud Director for Service Providers
Architecture Overview TECHNICAL WHITE PAPER Table of Contents Scope of Document....3 About VMware vcloud Director....3 Platform for Infrastructure Cloud...3 Architecture Overview....3 Constructs of vcloud
More informationvshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0
vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationVisibility into the Cloud and Virtualized Data Center // White Paper
Executive Summary IT organizations today face unprecedented challenges. Internal business customers continue to demand rapid delivery of innovative services to respond to outside threats and opportunities.
More informationESXi Configuration Guide
ESXi 4.1 vcenter Server 4.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationHardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security
Hardening and Hacking vsphere and Private Cloud Everything you need to know about vsphere Security Course Length: 5 days Course Delivery: Traditional Classroom Online Live Course Overview We are well aware
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured VNS3 security and connectivity solutions protect cloud-based applications from exploitation by hackers, criminal gangs, and foreign
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationAppendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003
http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationNSX Installation Guide
NSX 6.2 for vsphere This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationMicrosegmentation Using NSX Distributed Firewall: Getting Started
Microsegmentation Using NSX Distributed Firewall: VMware NSX for vsphere, release 6.0x REFERENCE PAPER Table of Contents Microsegmentation using NSX Distributed Firewall:...1 Introduction... 3 Use Case
More informationNSX TM for vsphere with Arista CloudVision
ARISTA DESIGN GUIDE NSX TM for vsphere with Arista CloudVision Version 1.0 August 2015 ARISTA DESIGN GUIDE NSX FOR VSPHERE WITH ARISTA CLOUDVISION Table of Contents 1 Executive Summary... 4 2 Extending
More informationVXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure
W h i t e p a p e r VXLAN Overlay Networks: Enabling Network Scalability for a Cloud Infrastructure Table of Contents Executive Summary.... 3 Cloud Computing Growth.... 3 Cloud Computing Infrastructure
More informationInstalling and Configuring vcloud Connector
Installing and Configuring vcloud Connector vcloud Connector 2.7.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationNetwork Virtualization Network Admission Control Deployment Guide
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
More informationvshield Installation and Upgrade Guide
vshield Manager 5.5 vshield Edge 5.5 vshield Endpoint 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationCreating a VMware Software-Defined Data Center REFERENCE ARCHITECTURE VERSION 1.5
Software-Defined Data Center REFERENCE ARCHITECTURE VERSION 1.5 Table of Contents Executive Summary....4 Audience....4 Overview....4 VMware Software Components....6 Architectural Overview... 7 Cluster...
More informationWhite Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.
White Paper Juniper Networks Solutions for VMware NSX Enabling Businesses to Deploy Virtualized Data Center Environments Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3
More informationSecurity in the Software Defined Data Center
Security in the Software Defined Data Center Francesco Vigo Senior Systems Engineer, VMware fvigo@vmware.com Ugo Piazzalunga Technical Manager, SafeNet ugo.piazzalunga@safenet-inc.com Agenda Software Defined
More informationExpert Reference Series of White Papers. Five Reasons VMware vsphere 6.0 is a Game Changer. 0118 912 3456 www.globalknowledge.co.
Expert Reference Series of White Papers Five Reasons VMware vsphere 6.0 is a Game Changer 0118 912 3456 www.globalknowledge.co.uk Five Reasons VMware vsphere 6.0 is a Game Changer Bill Ferguson, MCT Alumni,
More informationSDN v praxi overlay sítí pro OpenStack. 5.10.2015 Daniel Prchal daniel.prchal@hpe.com
SDN v praxi overlay sítí pro OpenStack 5.10.2015 Daniel Prchal daniel.prchal@hpe.com Agenda OpenStack OpenStack Architecture SDN Software Defined Networking OpenStack Networking HP Helion OpenStack HP
More informationPalo Alto Networks. Security Models in the Software Defined Data Center
Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling
More informationHow to Create VLANs Within a Virtual Switch in VMware ESXi
How to Create VLANs Within a Virtual Switch in VMware ESXi I am not responsible for your actions or their outcomes, in any way, while reading and/or implementing this tutorial. I will not provide support
More informationVMware NSX for vsphere (NSX-V) Network Virtualization Design Guide
VMware NSX for vsphere (NSX-V) Network Virtualization Design Guide DESIGN GUIDE / 1 Intended Audience... 4 Overview... 4 Introduction to Network Virtualization... 5 Overview of NSX-v Network Virtualization
More informationSecure Cloud Computing with a Virtualized Network Infrastructure
Secure Cloud Computing with a Virtualized Network Infrastructure Fang Hao, T.V. Lakshman, Sarit Mukherjee, Haoyu Song Bell Labs Cloud Security: All or Nothing? Amazon EC2 Government Cloud Shared computing,
More informationVMware Virtual SAN 6.2 Network Design Guide
VMware Virtual SAN 6.2 Network Design Guide TECHNICAL WHITE PAPER APRIL 2016 Contents Intended Audience... 2 Overview... 2 Virtual SAN Network... 2 Physical network infrastructure... 3 Data center network...
More informationWhat is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates
What is SDN? And Why Should I Care? Jim Metzler Vice President Ashton Metzler & Associates 1 Goals of the Presentation 1. Define/describe SDN 2. Identify the drivers and inhibitors of SDN 3. Identify what
More informationSTORMY WEATHER SECURING CLOUD COMPUTING. Russell Skingsley Director of Advanced Technology Data Centre and Cloud, APAC Juniper Networks
STORMY WEATHER SECURING CLOUD COMPUTING Russell Skingsley Director of Advanced Technology Data Centre and Cloud, APAC Juniper Networks DISCLAIMER These are not necessarily the views of Juniper Networks
More informationCloud Networking Disruption with Software Defined Network Virtualization. Ali Khayam
Cloud Networking Disruption with Software Defined Network Virtualization Ali Khayam In the next one hour Let s discuss two disruptive new paradigms in the world of networking: Network Virtualization Software
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationFireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway
Fireware How To VPN How do I set up a manual branch office VPN tunnel? Introduction You use Branch Office VPN (BOVPN) with manual IPSec to make encrypted tunnels between a Firebox and a second IPSec-compliant
More informationDigi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering
Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming
More informationConfiguring Network Address Translation (NAT)
8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and
More informations@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]
s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149
More informationCCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
More informationCisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture
Reference Architecture Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture 2015 Cisco and/or its affiliates. All rights reserved.
More informationHyper-V Network Virtualization Gateways - Fundamental Building Blocks of the Private Cloud
Hyper-V Network Virtualization Gateways - nappliance White Paper July 2012 Introduction There are a number of challenges that enterprise customers are facing nowadays as they move more of their resources
More information5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network
5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:
More informationWAN Failover Scenarios Using Digi Wireless WAN Routers
WAN Failover Scenarios Using Digi Wireless WAN Routers This document discusses several methods for using a Digi wireless WAN gateway to provide WAN failover for IP connections in conjunction with another
More informationWhat s New in VMware vcloud Director 1.5
vcloud Director 1.5 Technical WHITE PAPER Table of Contents Introduction.... 3 Improving Agility in the Cloud.... 4 Fast Provisioning Using Linked Clones... 4 Behind the Scenes.... 5 Cross Datastore Linked
More informationVMware vshield App Design Guide TECHNICAL WHITE PAPER
ware vshield App Design Guide TECHNICAL WHITE PAPER ware vshield App Design Guide Overview ware vshield App is one of the security products in the ware vshield family that provides protection to applications
More informationWhite Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments
White Paper SSL vs. IPSec Streamlining Site-to-Site VPN Deployments May 2011 SiteDirect Access. Security. Delivery. Introduction Traditionally, corporate users rely on IPSec for site-to-site access. However,
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationHow To Extend Security Policies To Public Clouds
What You Will Learn Public sector organizations without the budget to build a private cloud can consider public cloud services. The drawback until now has been tenants limited ability to implement their
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationWHITE PAPER. Network Virtualization: A Data Plane Perspective
WHITE PAPER Network Virtualization: A Data Plane Perspective David Melman Uri Safrai Switching Architecture Marvell May 2015 Abstract Virtualization is the leading technology to provide agile and scalable
More informationVMware and Brocade Network Virtualization Reference Whitepaper
VMware and Brocade Network Virtualization Reference Whitepaper Table of Contents EXECUTIVE SUMMARY VMWARE NSX WITH BROCADE VCS: SEAMLESS TRANSITION TO SDDC VMWARE'S NSX NETWORK VIRTUALIZATION PLATFORM
More informationRemote PC Guide Series - Volume 1
Introduction and Planning for Remote PC Implementation with NETLAB+ Document Version: 2016-02-01 What is a remote PC and how does it work with NETLAB+? This educational guide will introduce the concepts
More information