Wanted to attend the session on Availability and Throughput but it was full (couldn't get there earlier due to 1-1 meeting on SRM and FT)
- vShield Edge protects the perimeter of the virtual data centre
- vShield App and Zones can create virtual secure zones around groups of VMs
- vShield Endpoint offloads guest security activities such as anti virus
Replace physical network zones with vShield?
Claiming vShield can be more secure than physical protection.
Can set physical machine default gateway to be the vShield Appliance
Standard 5 tuple policy approach
Has NAT and IPSEC VPN capabilities
Currently separating VMs means traffic going across external VLANs to external firewalls
vShield App provides firewalls at vNIC level
Robust ability to monitor traffic flowing between VMs as it all goes through the vShield appliance
Multiple trust zones within vSphere clusters
Cheaper than physical firewalls
Now going through use cases, but describing them isn't going to work well here without the diagrams.
Basically demonstrating how existing physical constructs can be migrated to vShield approach
VMWORLD SITE
VMWORLD SITE
Showing posts with label vShield. Show all posts
Showing posts with label vShield. Show all posts
Thursday, 14 October 2010
Wednesday, 13 October 2010
vCloud Design Patterns Weds 10:30
- Packed session - mostly architects in the audience.
- vCloud Director is several integrated products aimed at bridging private and public clouds - you may need further 3rd party tools until VMware plug any gaps.
- Virtualization of the infrastructure continues to be the basis - vCloud is an additional layer - aim is for consumer not to know what's going on "under the hood"
- vCloud Director includes the vCloud API
- vCenter Chargeback and vShield Edge (virtual appliance) and Manager (one per vCenter) are critical components to bring protection and billing
- vRequest Manager brings the workflow piece
- One vCloud Director database supports multiple vCloud Director instances
- vCloud Director needs Oracle which, due to licencing, may exclude the use of a VM for vCloud Director!
- Best practice is to separate the management of clusters of resources from vCloud reource management
- Create your VM clusters based on service qualities. Create VDCs around consumer organisations. So a VDC may use resources from across the VM clusters
- The VM clusters have networks to external resources, organisations have networks and vApps have networks between them
- No longer need to create resource pools in the VM clusters - vCloud director becomes the manager of resources
(Comment - there are 3 presenters and they are clearly feeling their way through this stuff as they "clarify" each others' presentation. Lots of use of the term "we're trying to" which doesn't come across as completely confident)
- Organisations are the security boundaries
- An Organization vDC maps 1:1 for a provider vDC service offering - So Org A Gold, Org A Silver, Org B Gold, Org B Silver etc.
- vApps allow templates of VMs - e.g. 3 tier apps as one package - installed, configured and then booted in the correct order.
- vShield can apply at vApp network to Organisation network and/or from Organisation network to External network
- Some use cases being demonstrated
- Cloud resource group restrictions - no FT, no SRM - need to discuss back up solutions with storage suppliers if they are using vStorage API. A bit fuzzy on who needs to recover from back ups - looks like its not the consumer
- Organisation vDCs can use a number of different resource allocations and aligned chargeback models, including metered pay as you go
Looks like it would be good to try this for dev and test environments where we can tie down SLA and resource allocations to dev groups and charge appropriately - they can then deploy and destroy vApp stacks as they wish within the organisation.
- vCloud Director is several integrated products aimed at bridging private and public clouds - you may need further 3rd party tools until VMware plug any gaps.
- Virtualization of the infrastructure continues to be the basis - vCloud is an additional layer - aim is for consumer not to know what's going on "under the hood"
- vCloud Director includes the vCloud API
- vCenter Chargeback and vShield Edge (virtual appliance) and Manager (one per vCenter) are critical components to bring protection and billing
- vRequest Manager brings the workflow piece
- One vCloud Director database supports multiple vCloud Director instances
- vCloud Director needs Oracle which, due to licencing, may exclude the use of a VM for vCloud Director!
- Best practice is to separate the management of clusters of resources from vCloud reource management
- Create your VM clusters based on service qualities. Create VDCs around consumer organisations. So a VDC may use resources from across the VM clusters
- The VM clusters have networks to external resources, organisations have networks and vApps have networks between them
- No longer need to create resource pools in the VM clusters - vCloud director becomes the manager of resources
(Comment - there are 3 presenters and they are clearly feeling their way through this stuff as they "clarify" each others' presentation. Lots of use of the term "we're trying to" which doesn't come across as completely confident)
- Organisations are the security boundaries
- An Organization vDC maps 1:1 for a provider vDC service offering - So Org A Gold, Org A Silver, Org B Gold, Org B Silver etc.
- vApps allow templates of VMs - e.g. 3 tier apps as one package - installed, configured and then booted in the correct order.
- vShield can apply at vApp network to Organisation network and/or from Organisation network to External network
- Some use cases being demonstrated
- Cloud resource group restrictions - no FT, no SRM - need to discuss back up solutions with storage suppliers if they are using vStorage API. A bit fuzzy on who needs to recover from back ups - looks like its not the consumer
- Organisation vDCs can use a number of different resource allocations and aligned chargeback models, including metered pay as you go
Looks like it would be good to try this for dev and test environments where we can tie down SLA and resource allocations to dev groups and charge appropriately - they can then deploy and destroy vApp stacks as they wish within the organisation.
Tuesday, 12 October 2010
Building Private Clouds - Actual Experiences Tuesday 14:00
Panel:
Greg Bybee VMware
Alan Russell Experian
Clint Greenwood General Electric
Glenn Harper Sabre Holdings
James Jones LabCorp
Jordan Janeczko Seimens IT Solutions and Services
- The key message about vCloud Director are being replayed - virtual data centres across shared hardware - clear logical boundaries
GE Project Rainmaker
Platform as a service and hybrid cloud is strategy, working on the internal cloud first
Internal cloud - 2011 Q2 delivery
CISCO UCS with vCloud on top
Gone for full VMware suite - chargeback, vShield etc
Using VDCs to deliver differential services to different businesses
Siemens IT Services
Delivering internal services
Delivering cloud services to customers
Focus on helping customers integrate their existing services with cloud and address security etc.
Most customers have hybrid cloud approach
Much adoption of VMware, Spring Source, Zimbra when providing services to customers
Offer secure virtual test cloud (vTC) for customers to run their own test services - the customer uses vCloud Director to help themselves with appropriate billing
HP Blades
Sabre Holdings
Airlines, hospitality, Last Minute, Travelocity etc
Follow the sun development environment
Suffering from VM sprawl
Using vCloud Director to allow devs to self service within the limits of resource that they have allocated in their virtual data centre
Building library of vApps in a catalogue - great for sales and training teams
Took 3 days to set up vCD, most of which was learning the terminology
Packaged a 3 tier app which can then be built and destroyed in multiple environments
EXPERIAN
Follow the sun development
Need to have multiple versions of applications due to local regulatory variations
Want to drive consistency into the organisation
Engage your customers - in this case as the developers what they want
Quick to deploy with very little cost - build the service using VMs on existing VMware clusters
LabCorp
Medical testing
IBM rack servers, EMC storage
vCloud has driven process standardization
30 days to provide physical, 7 days to provide virtual - most of this is through change control across all the infrastructure components
With vCloud a VM can be provisioned in 5 minutes due to pooling of server, network and storage resources - the existing teams provide the pools then the virtual data centre team manages within those pools
Leasing allowed significant resource reclaiming
Licencing can be an issue - are you big enough to have an all you eat contract?
Greg Bybee VMware
Alan Russell Experian
Clint Greenwood General Electric
Glenn Harper Sabre Holdings
James Jones LabCorp
Jordan Janeczko Seimens IT Solutions and Services
- The key message about vCloud Director are being replayed - virtual data centres across shared hardware - clear logical boundaries
GE Project Rainmaker
Platform as a service and hybrid cloud is strategy, working on the internal cloud first
Internal cloud - 2011 Q2 delivery
CISCO UCS with vCloud on top
Gone for full VMware suite - chargeback, vShield etc
Using VDCs to deliver differential services to different businesses
Siemens IT Services
Delivering internal services
Delivering cloud services to customers
Focus on helping customers integrate their existing services with cloud and address security etc.
Most customers have hybrid cloud approach
Much adoption of VMware, Spring Source, Zimbra when providing services to customers
Offer secure virtual test cloud (vTC) for customers to run their own test services - the customer uses vCloud Director to help themselves with appropriate billing
HP Blades
Sabre Holdings
Airlines, hospitality, Last Minute, Travelocity etc
Follow the sun development environment
Suffering from VM sprawl
Using vCloud Director to allow devs to self service within the limits of resource that they have allocated in their virtual data centre
Building library of vApps in a catalogue - great for sales and training teams
Took 3 days to set up vCD, most of which was learning the terminology
Packaged a 3 tier app which can then be built and destroyed in multiple environments
EXPERIAN
Follow the sun development
Need to have multiple versions of applications due to local regulatory variations
Want to drive consistency into the organisation
Engage your customers - in this case as the developers what they want
Quick to deploy with very little cost - build the service using VMs on existing VMware clusters
LabCorp
Medical testing
IBM rack servers, EMC storage
vCloud has driven process standardization
30 days to provide physical, 7 days to provide virtual - most of this is through change control across all the infrastructure components
With vCloud a VM can be provisioned in 5 minutes due to pooling of server, network and storage resources - the existing teams provide the pools then the virtual data centre team manages within those pools
Leasing allowed significant resource reclaiming
Licencing can be an issue - are you big enough to have an all you eat contract?
Bella Hall A Tuesday 09:50 Steve Herrod - Tech Innovation & Demos
- vSphere will aggregate across all the infrastructure - internal and external services
- Automate through policy
- Drive to be open and interoperable (comment - but is this really open or is it a vision of VMware being omni-present?)
- Talking about the new features in vSphere 4.1
- Pushing vMotion improvements and I/O QoS
- Pushing vSphere Essentials for small companies
- Announcing vCenter client to the iPad and available in the iTunes store later in October
- Have purchased Integrien for collating events and systems performance
- Making comparisons between ease of use of apps and services at home and the rigidity and lack of agility at work
- Strap line is IT as a Service - Optimizing IT Production for Business Consumption
- App store is equivalent to a service catalogue - use directory services to define who can have access to what apps
- Matching service offerings to business requirements should be visible to the consumers along with pay per use pricing - where the app runs should not be visible to the consumer
- vShield re-launched in support of the virtual data centres - partnering with McAfee and others
- vShield Endpoint protects each VM from the hypervisor
- vShield App is a logical firewall
- vShield edge - boundary protection
- Using vShield internally and in your cloud provider enables secure hybrid cloud
- more than 2,000 ISPs are now offering VMware vCloud services and many of them are adding vCloud Director and vShield - eg Colt, Verizon, Terremark
Eddie Durnell on stage - going to demo vCloud
- service catalogue
- hooks up VMs into a service with a simple diagram
- consumers see a virtual datacenter of services available to them, but they have no idea of where those services are being provided
- aggregates vCenters and datastores internally and ISP provider data centres - same look and feel
VMware vFabric
- New "open" apps fabrics - framework for developer, common platform services - includes vmforce and Google App Engine - will allow apps to move across clouds. Spring now but will add Ruby on Rails, PHP etc.
- Making open, but propose more value if run on VMware products
End User Computing
- Optimizing Windows via View 4.5- offline support (and sync back), Mac OS, Win 7, vShield Endpoint compatible
- Claiming sub $500 virtual desktop costs
- Promoting a move from device-centric to user-centric (comment - still, no suprise here)
Noah joings the stage to demo project Horizon (!)
- allows matching of SaaS apps to users and which devices they can use for each app - permits single sign ons via integration with AD (so federated security then)
- VMware View Client is coming for the iPad
- Horizon is re-formatting the app to suit the device, including screen size and integrated sign on
Audience applause is loudest so far - they must be impressed
- Automate through policy
- Drive to be open and interoperable (comment - but is this really open or is it a vision of VMware being omni-present?)
- Talking about the new features in vSphere 4.1
- Pushing vMotion improvements and I/O QoS
- Pushing vSphere Essentials for small companies
- Announcing vCenter client to the iPad and available in the iTunes store later in October
- Have purchased Integrien for collating events and systems performance
- Making comparisons between ease of use of apps and services at home and the rigidity and lack of agility at work
- Strap line is IT as a Service - Optimizing IT Production for Business Consumption
- App store is equivalent to a service catalogue - use directory services to define who can have access to what apps
- Matching service offerings to business requirements should be visible to the consumers along with pay per use pricing - where the app runs should not be visible to the consumer
- vShield re-launched in support of the virtual data centres - partnering with McAfee and others
- vShield Endpoint protects each VM from the hypervisor
- vShield App is a logical firewall
- vShield edge - boundary protection
- Using vShield internally and in your cloud provider enables secure hybrid cloud
- more than 2,000 ISPs are now offering VMware vCloud services and many of them are adding vCloud Director and vShield - eg Colt, Verizon, Terremark
Eddie Durnell on stage - going to demo vCloud
- service catalogue
- hooks up VMs into a service with a simple diagram
- consumers see a virtual datacenter of services available to them, but they have no idea of where those services are being provided
- aggregates vCenters and datastores internally and ISP provider data centres - same look and feel
VMware vFabric
- New "open" apps fabrics - framework for developer, common platform services - includes vmforce and Google App Engine - will allow apps to move across clouds. Spring now but will add Ruby on Rails, PHP etc.
- Making open, but propose more value if run on VMware products
End User Computing
- Optimizing Windows via View 4.5- offline support (and sync back), Mac OS, Win 7, vShield Endpoint compatible
- Claiming sub $500 virtual desktop costs
- Promoting a move from device-centric to user-centric (comment - still, no suprise here)
Noah joings the stage to demo project Horizon (!)
- allows matching of SaaS apps to users and which devices they can use for each app - permits single sign ons via integration with AD (so federated security then)
- VMware View Client is coming for the iPad
- Horizon is re-formatting the app to suit the device, including screen size and integrated sign on
Audience applause is loudest so far - they must be impressed
Bella Hall A Tuesday 09:25 Paul Maritz
Paul Maritz, CEO
- talking about history of VMware
- "wave 3" is IT as a Service
- in 2009 virtual servers exceeded physical deployments
- 2010 10million VMs will be deployed at a growth rate of 28%
- VMware has 190,000 customers
- thanks to the audience for delivering the virtualization explosion
- talking about virtualization across all data centre resources, not just servers
- £1 spent on hardware leads to £5-10 per annum on management so OpEx is the target
- Automate were possible, manage better where automation is not possible
- VMware releases will focus on automation and management across the whole infrastructure resources for foreseeable future
- Need to move security from physical boundaries to logical boundaries
- Security can be improved as it moves with the apps / data
- vCloud Director enables virtual data centres - associate a policy with applications to enable management of their characteristics - where they run, resource conflict mangement etc. Drives choice of how we pay for resource - internal vs external cloud and appropriate pricing that the business can understand.
- ISPs being encouraged to work with VMware to drive "standards" (are they standards or VMware proprietary interfaces?) across the industry
- Should allow movement across and between clouds to avoid the clouds becoming sticky
- Note PM is talking about building cloud foundations - so we're not there yet (no suprise there then)
- This is about old apps on new infrastructure - what about new apps? Batch based older apps are not going to respond to upcoming consumer expectations for on demand data and services
- Most new apps are being written in Spring, Ruby on Rails type frameworks so VMware supporting this by developing management and common services around these framworks, sitting on top of a virtualized infrastructure
- These apps frameworks abstract developers from the OS- perhaps the apps frameworks will soon contain just enough OS to operate on the infrastructure cloud?
- Admitting that there will be non-VMware enabled clouds - suggesting that the apps frameworks need to interface to multiple cloud models
- VMware working with Google and Salesforce.com to ensure that the Spring framework can operate on those clouds so apps on Spring will work on multiple infrastructures
- VMware using Software as a Service apps that weren't approved by IT - no integration of security - IT needs to get control (drawing parallels with PCs fiding their way into enterprises in the 1980s)
- Now addressing flood of new devices
- IT should focus on delivering the apps to the users and remove the need to worry about devices - access management will be key
- Automation and management of devices, apps frameworks and infrastructure in horizontal layers will be the key challenges
- talking about history of VMware
- "wave 3" is IT as a Service
- in 2009 virtual servers exceeded physical deployments
- 2010 10million VMs will be deployed at a growth rate of 28%
- VMware has 190,000 customers
- thanks to the audience for delivering the virtualization explosion
- talking about virtualization across all data centre resources, not just servers
- £1 spent on hardware leads to £5-10 per annum on management so OpEx is the target
- Automate were possible, manage better where automation is not possible
- VMware releases will focus on automation and management across the whole infrastructure resources for foreseeable future
- Need to move security from physical boundaries to logical boundaries
- Security can be improved as it moves with the apps / data
- vCloud Director enables virtual data centres - associate a policy with applications to enable management of their characteristics - where they run, resource conflict mangement etc. Drives choice of how we pay for resource - internal vs external cloud and appropriate pricing that the business can understand.
- ISPs being encouraged to work with VMware to drive "standards" (are they standards or VMware proprietary interfaces?) across the industry
- Should allow movement across and between clouds to avoid the clouds becoming sticky
- Note PM is talking about building cloud foundations - so we're not there yet (no suprise there then)
- This is about old apps on new infrastructure - what about new apps? Batch based older apps are not going to respond to upcoming consumer expectations for on demand data and services
- Most new apps are being written in Spring, Ruby on Rails type frameworks so VMware supporting this by developing management and common services around these framworks, sitting on top of a virtualized infrastructure
- These apps frameworks abstract developers from the OS- perhaps the apps frameworks will soon contain just enough OS to operate on the infrastructure cloud?
- Admitting that there will be non-VMware enabled clouds - suggesting that the apps frameworks need to interface to multiple cloud models
- VMware working with Google and Salesforce.com to ensure that the Spring framework can operate on those clouds so apps on Spring will work on multiple infrastructures
- VMware using Software as a Service apps that weren't approved by IT - no integration of security - IT needs to get control (drawing parallels with PCs fiding their way into enterprises in the 1980s)
- Now addressing flood of new devices
- IT should focus on delivering the apps to the users and remove the need to worry about devices - access management will be key
- Automation and management of devices, apps frameworks and infrastructure in horizontal layers will be the key challenges
Subscribe to:
Posts (Atom)