Category Archives: VMware NSX

VMware NSX vs. Cisco ACI: Where Are We Now?

Just over a year and a half ago, GreenPages posted a video  and of Nick Phelps (below) and held a webinar discussing how it’s not VMware NSX vs. Cisco ACI, but the synergistic benefits of running both VMware NSX and Cisco ACI simultaneously which was, at the time, a bit “science-fiction-y.” Fast forward to present day and the tech world has had plenty of time to test how these two products work together. Check out Nick’s update on why using both technologies together can create “a beautiful orchestra of automation!”  

As a vendor agnostic solutions provider, GreenPages is in a perfect position to help you evaluate and deploy the best tech depending on your unique business goals. Please reach out to us or your account manager to get started.

By Jake Cryan, Digital Marketing Specialist

 

VMworld 2017: NSX Cloud, AppDefense + VMware’s New Direction

Enterprise Consultant, Chris Williams recently returned from VMworld 2017 and gives his take on a few of exciting announcements made at the event. AppDefense, VMware’s newest security solution monitors the steady state of servers and stops infiltration at the application layer. It’s a cloud offering rather than an on-premise based solution. VMware also announced NSX Cloud which allows you to employ a security policy once but also deploy it everywhere, providing companies with a common networking and security model across clouds. To learn more about the key news from VMworld and hear from an experienced technologist, check out the video above.

By Jake Cryan, Digital Marketing Specialist

VMware NSX and Cisco ACI: NSX Now Supported on ACI (We Were Right!)

In May of 2015, we did a video around VMware NSX vs. Cisco ACI. As part of that video, we made the prediction that VMware NSX and Cisco ACI would not be an either/or discussion in the future (I also did a webinar on the topic that you can download here). At the time, the common question we were getting from clients was if they should be using NSX or ACI. My opinion was that Cisco ACI quite well complimented the feature sets of VMware NSX and that one could really support the other.

Now let’s fast forward to last month (February 2016) to Cisco Live Berlin where an announcement was made that supported just that idea. In  sessions at the conference, they talked about a number of overlay networks in Cisco ACI and specifically mentioned VMware NSX. So what are these use cases? I’m planning on doing a series of videos to explore the topic further. The next video will discuss heavily utilizing Cisco ACI with an overlay of VMware NSX. After that, we’ll look at the opposite – more heavily leveraging the feature sets of NSX on top of the fabric automation feature sets that exist in ACI.

VMware NSX and Cisco ACI: NSX Now Supported on ACI

Watch on GreenPages’ YouTube channel

 

Download Nick’s on-demand webinar, VMware NSX vs. Cisco ACI: When to Use Each, When to Use Both

 

By Nick Phelps, Moonrock Consulting, a GreenPages Alliance Partner

VMware NSX vs. Cisco ACI: Which SDN solution is right for me?

I posted this video a while back on VMware NSX vs. Cisco ACI and it’s proven to be a pretty popular topic. I will be holding a webinar on 10/6 to talk about this topic in more detail so I figured I would repost the video for people to view again. If you enjoy this video, I would highly recommend registering for the webinar. I’ll be able to go in more detail and answer any questions throughout the presentation.

If you missed Nick’s webinar, you can download it here!

By Nick Phelps, Principal Architect

VMware NSX vs. Cisco ACI: Which SDN solution is right for me?

I posted this video a while back on VMware NSX vs. Cisco ACI and it’s proven to be a pretty popular topic. I will be holding a webinar on 10/6 to talk about this topic in more detail so I figured I would repost the video for people to view again. If you enjoy this video, I would highly recommend registering for the webinar. I’ll be able to go in more detail and answer any questions throughout the presentation.

 

Register for Nick’s Webinar, “VMware NSX vs. Cisco ACI: When to Use Each, When to Use Both.” In the webinar, Nick will cover:

  • The current state of the SDN market
  • VMware NSX & Cisco ACI overview
  • When it makes sense to use each, or event both
  • Next steps to get your environment prepared for SDN initiatives

 

 

By Nick Phelps, Principal Architect

Real World Example: Deploying VMware NSX in the Financial Sector

I recently finished up a project implementing VMware’s NSX and wanted to take a minute to recap my experience. The client I worked with provides call center services in the financial sector. They have to be able to securely access systems that have the ability to see credit card information along with other personal, sensitive information.

VMware NSXThe customer is building out new facilities to host their primary, PCI-related, applications.  In this environment, they have to be able to provide the highest levels of security, while providing high performing networking services. To achieve the necessary requirements, they have had to purchase new infrastructure: blade center systems, networking infrastructure (Nexus 5672s, Nexus 6000s, Nexus 7710s, Juniper SRXs, F5 load balancers, etc.), Software licensing, among other things.

They came across the need to purchase additional pairs of F5 load balancers but were up against their budget. When this happened, the Director / VP in charge of the project evaluated VMware’s NSX technology. After some initial discussions, he realized that NSX could not only provide the type of security the environment needed to drive higher efficiencies but could also provide some of the general networking services he was looking for.

Previous network designs included the need for complete isolation of some workloads and, to achieve this, the design called for trusted traffic to traverse a separate pair of distribution/access layer switches to reach external networks. This design also made it necessary to acquire separate F5 load balancers, as specific traffic was not allowed to comingle on the same physical infrastructure due to the way the security team wanted to steer trusted and untrusted traffic. This meant that the team was required to purchase twice the hardware; separate Nexus 6000s and separate F5 load balancers.

Because of the NSX Distributed Firewall capabilities, security teams have the ability to place required rules and policies closer to applications than has previously been achievable. Because of this, networking designs changed, and allowed for infrastructure requirements previously deemed necessary to be alleviated. The ability to stop untrusted traffic before it ever reaches a logical or physical wire gave the team the opportunity to converge more of their networking equipment; eliminating the need to utilize separate Nexus 6000s. In addition, with the NSX Edge Services Gateway having the ability to provide network load-balancing, they were no longer required to purchase additional physical equipment to provide this service. With the budget they put towards NSX licensing, they were able to get the all the security and load balancing services they were looking for and also put money back into their budget.

The Engagement:

Over the span of approximately one month, the security team, networking team, server / virtualization team, and an auditing team worked together in designing what the NSX solution needed to achieve and how it would be implemented. I believe this to be an important aspect of NSX projects because of the misconception that the server / virtualization teams are trying to take over everything. Without each team, this project would have been a disaster.

As requirements were put forth, we built out NSX in building blocks. First, we identified that we would utilize VXLAN as a means to achieve desired efficiencies: eliminating VLAN sprawl, segregating trusted traffic in the logical, software layer, and allowing Disaster Recovery designs to become easier when using the same IP address space. Once networks and routing were implemented, we were able to test connectivity from various sites, while achieving all requirements by the security team. The next item was implementing NSX security. This item required new ways of thinking for most teams. With VMware NSX, customers have the ability to manage security based on vCenter objects, which provides more flexibility. We had to walk through what the contents of each application were, what types of communications were necessary, what types of policies were required, and, in identifying these items, we were able to build dynamic and static Security Groups. We then built Security Policies (some basic that could apply to a majority of similar applications, some application specific) and were able to re-use these policies against various Security Groups, speeding the deployment of application security. We applied weights to these policies to ensure application specific policies took precedence over the generic. In addition to Netflow, we applied “Flow Monitoring” as a means for the networking and security teams to monitor traffic patterns within the NSX environment.

All in all, this was a very successful project. Our client can now better secure their internal applications as well as better secure sensitive customer data.

Remember, NSX can be mislabeled as a server team product, however, the network team and security team need to know how it works and need to be able to implement it.

Are you interested in learning more about how GreenPages can help with similar projects? Email us at socialmedia@greenpages.com

 

By Drew Kimmelman, Consultant

VMware NSX vs. Cisco ACI: Which SDN solution is right for me?

In a video I did recently, I discussed steps organizations need to take to prepare their environments to be able to adopt software defined technologies when the time comes. In this video, I talk about VMware NSX and Cisco ACI.

VMware NSX and Cisco ACI are both really hot technologies that are generating a lot of conversation. Both are API driven SDN solutions. NSX and ACI are really good in their unique areas and each come at it from a unique perspective. While they are both very different solutions, they do have overlapping functionality.

//www.youtube.com/watch?v=xtdfHGnCovA

 

Are you interested in talking with Nick about VMware NSX or Cisco ACI? Let’s set up some time!

 

By Nick Phelps, Principal Architect