VSAN, NSX on Cisco Nexus, vSphere Containers, NSX Future & a chat with VMware CEO – Highlights Of My Day 2 at VMworld 2016 US

In this post,  I will aim to highlight the various breakout sessions I’ve attended during the day 2 at VMworld 2016 US, key items / notes / points learnt and few other interesting things I was privy to  during the day that is worth mentioning, along with my thoughts on them…!!

Day 2 – Breakout Session 1 – Understanding the availability features of VSAN

vsan-net-deploy-support

  • Session ID: STO8179R
  • Presenters:
    • GS Khalsa – Sr. Technical Marketing manager – VMware (@gurusimran)
    • Jeff Hunter – Staff Technical Marketing Architect – VMware (@Jhuntervmware)

In all honesty, I wasn’t quite sure why I signed up to this breakout session as I know VSAN fairly well, including its various availability features as I’ve been working with testing & analysing its architecture and performance when VSAN was first launched to then designing and deploying VSAN solutions on behalf of my customers for a while. However, having attended the session it reminded me of a key fact that I normally try to never forget which is “you always learn something new” even when you think you know most of it.

Anyways, about the session itself, it was good and was mainly aimed at the beginners to VSAN but I did manage to learn few new things as well as refresh my memory on few other facts, regarding VSAN architecture. The key new ones I learnt are as follows

  • VSAN component statuses (as shown within vSphere Web Client) and their meanings
    • Absent
      • This means VSAN things the said component will probably return. Examples are,
        • Host rebooted
        • Disk pulled
        • NW partition
        • Rebuild starts after 60 mins
      • When an item is detected / marked as absent, VSNA typically wait for 60 minutes before a rebuild is started in order to allow temporary failure to rectify itself
        • This means for example, pulling disks out of VSAN will NOT trigger an instant rebuild / secondary copy…etc. so it wont be an accurate test of VSAN
    • Degraded
      • This typically means the device / component is unlikely to return. Examples include,
        • A permeant Device Loss (PDL) or a failed disk
      • When a degraded item is noted, a rebuild started immediately
    • Active-Stale
      • This means the device is back online from a failure (i.e. was absent) but the data residing on it are NOT up to date.
  • VSAN drive degradation monitoring is proactively logged in the following log files
    • vmkernel.log indicating LSOM errors
  • Dedupe and Compression during drive failures
    • During a drive failure, de-duplication and compression (al flash only) is automatically disabled – I didn’t know this before

 

Day 2 – Breakout Session 2 – How to deploy VMware NSX with Cisco Nexus / UCS Infrastructure

  • Session ID: NET8364R
  • Presenters:
    • Paul Mancuso – Technical Product Manager (VMware)
    • Ron Fuller – Staff System Engineer (VMware)

This session was about a deployment architecture for NSX which is becoming increasingly popular, which is about how to design & deploy NSX on top of Cisco Nexus switches with ACI as the underlay network and Cisco UCS hardware. Pretty awesome session and a really popular combination too. (FYI – I’ve been touting that both these solutions are better together since about 2 years back and its really good to see both companies recognising this and now working together on providing guidance stuff like these). Outside of this session I also found out that the Nexus 9k switches will soon have the OVS DB support so that they can be used as TOR switches too with NSX (hardware VTEP to bridge VXLANs to VLANs to communication with physical world), much like the Arista switches with NSX – great great news for the customers indeed.

ACI&NSX-2

I’m not going to summarise the content of this session but wold instead like to point people at the following 2 documentation sets from VMware which covers everything that this session was based on, its content and pretty simply, everything you need to know when designing NSX solutions together with Cisco ACI using Nexus 9K switches and Cisco UCS server hardware (blades & rack mounts)

One important thing to keep in mind for all Cisco folks though: Cisco N1K is NOT supported for NSX. All NSX prepped clusters must use vDS. I’m guessing this is very much expected and probably only a commercial decision rather than a technical one.

Personally I am super excited to see VMware ands Cisco are working together again (at least on the outset) when it comes to networking and both companies finally have realised the use cases of ACI and NSX are somewhat complementary to each other (i.e. ACI cannot do most of the clever features NSX is able to deliver in the virtual world, including public clouds and NSX cannot do any of the clever features ACI can offer to a physical fabric). So watch this space for more key joint announcements from both companies…!!

Day 2 – Breakout Session 3 – Containers for the vSphere admin

Capture

  • Session ID: CNA7522
  • Presenters:
    • Ryan Kelly – Staff System Engineer (VMware)

A session about how VMware approaches the massive buzz around containerisation through their own vSphere integrated solution (VIC) as well as a brand new hypervisor system designed from ground up with containerisation in mind (Photon platform). This was more of a refresher session for than anything else and I’m not going to summarise all of it but instead, will point you to the dedicated post I’ve written about VMware’s container approach here.

Day 2 – Breakout Session 4 – The architectural future of Network Virtualisation

the-vision-for-the-future-of-network-virtualization-with-vmware-nsx-27-638

  • Session ID: NET8193R
    Presenters: Bruce Davie – CTO, Networking (VMware)

Probably the most inspiring session of the day 2 as Bruce went through the architectural future of NSX where he described what the NSX team within VMware are focusing on as key improvements & advancements of the NSX platform. The summary of the session is as follows

  • NSX is the bridge from solving today’s requirement to solving tomorrow’s IT requirements
    • Brings remote networking closer easily (i.e. Stretched L2)
    • Programtically (read automatically) provisoned on application demand
    • Security ingrained at a kernel level and every hop outwards from the applications
  • Challenges NSX is trying address (future)
    • Developers – Need to rapidly provision and destroy complex networks as a pre-reqs for applications demanded by developers
    • Micro services – Container networking ands security
    • Containers
    • Unseen future requirements
  • Current NSX Architecture
    • Cloud consumption plane
    • Management plane
    • Control plane
    • Data plane
  • Future Architecture – This is what the NSX team is currently looking at for NSX’s future.
    • Management plane scale out
      • Management plane now needs to be highly available in order to constantly keep taking large number of API calls for action from cloud consumption systems such as OpenStack, vRA..etc – Developer and agile development driven workflows….etc.
      • Using & scaling persistent memory for the NSX management layer is also being considered – This is to keep API requests in persistent memory in a scalable way providing write and read scalability & Durability
      • Being able to take consistent NSX snapshots – Point in time backups
      • Distributed log capability is going to be key in providing this management plane scale out whereby distributed logs that store all the API requests coming from Cloud Consumption Systems will be synchronously stored across multiple nodes providing up to date visibility of the complete state across to all nodes, while also increasing performance due to management node scale out
    • Control plane evolution
      • Heterogeneity
        • Currently vSphere & KVM
        • Hyper-V support coming
        • Control plane will be split in to 2 layers
          • Central control plane
          • Local control plane
            • Data plane (Hyper-V, vSphere, KVM) specific intelligence
    • High performance data plane
      • Use the Intel DPDK – A technology that optimize packet processing in Intel CPU
        • Packet switching using x86 chips will be the main focus going forward and new technologies such as DPDK will only make this better and better
        • DPDK capacities are best placed to optimise iterative processing rather than too many context switching
        • NSX has these optimisation code built in to its components
          • Use DPDK CPUs in the NSX Edge rack ESXi servers is  a potentially good design decision?
  • Possible additional NSX use cases being considered
    • NSX for public clouds
      • NSX OVS and an agent is deployed to in guest – a technical preview of this solution was demoed by Pat Gelsinger during the opening key note on day 1 of VMworld.
    • NSX for containers
      • 2 vSwitches
        • 1 in guest
        • 1 in Hypervisor

 

My thoughts

I like what I heard from the Bruce about the key development focus areas for NSX and looks like all of us, partners & customers of VMware NSX alike, are in for some really cool, business enabling treats from NSX going forward, which kind of reminds me of when vSphere first came out about 20 years ago :-). I am extremely excited about the opportunities NSX present to remove what is often the biggest bottleneck enterprise or corporate IT teams have to overcome to simply get things done quickly and that is the legacy network they have. Networks in most organisations  are still very much managed by an old school minded, networking team that do not necessarily understand the convergence of networking with other silos in the data center such as storage and compute, and most importantly when it comes to convergence with modern day applications. It is a fact that software defined networking will bring the efficiency to the networking the way vSphere brought efficiency to compute (want examples how this SDN efficiency is playing today? Look at AWS and Azure as the 2 biggest use cases) where the ability to spin up infrastructure, along with a “virtual” networking layer significantly increases the convenience for the businesses to consume IT (no waiting around for weeks for your networking team to set up new switches with some new VLANs…etc.) as well as significantly decreasing the go to market time for those businesses when it comes to launching new products / money making opportunities. All in all, NSX will act as a key enabler for any business, regardless of the size to have an agile approach to IT and even embrace cloud platforms.

From my perspective, NSX will provide the same, public cloud inspired advantages to customers own data center and not only that but it will go a step further by effectively converting your WAN to an extended LAN by bridging your LAN with a remote network / data center / Public cloud platform to create something like a LAN/WAN (Read LAN over WAN – Trade mark belongs to me :-))which can automatically get deployed, secured (encryption) while also being very application centric (read “App developers can request networking configuration through an API as a part of the app provisioning stage which can automatically apply all the networking settings including creating various networking segments, routing in between & the firewall requirements…etc. Such networking can be provisioned all the way from a container instance where part of the app is running (i.e. DB server instance as a container service) to a public cloud platform which host the other parts (i.e. Web servers).

I’ve always believed that the NSX solution offering is going to be hugely powerful given its various applications and use cases and natural evolution of the NSX platform through the focus areas like those mentioned above will only make it an absolute must have for all customers, in my humble view.

 

Day 2 – Meeting with Pat Gelsinger and Q&A’s during the exclusive vExpert gathering

vExpert IMG_5750

As interesting as the breakout sessions during the day have been, this was by far the most significant couple of hours for me on the day. As a #vExpert, I was invited to an off site, vExpert only gathering held at Vegas Mob Museum which happened to include VMware CEO, Pat Gelsinger as the guest of honour. Big thanks to the VMware community team lead by Corey Romero (@vCommunityGuy) for organising this event.

This was an intimate gathering for about 80-100 VMware vExperts who were present at VMworld to meet up at an off site venue and discuss things and also to give everyone a chance to meet with VMware CEO and ask him direct questions, which is something you wouldn’t normally get as an ordinary person so it was pretty good. Pat was pretty awesome as he gave a quick speech about the importance of vExpert community to VMware followed up by a Q&A session where we all had a chance to ask him questions on various fronts. I myself started the Q&A session by asking him the obvious question, “What would be the real impact on VMware once the Dell-EMC merger completes” and Pats answer was pretty straight forward. As Michael Dell (who happened to come on stage during the opening day key note speech said it himself), Dell is pretty impressed with the large ecosystem of VMware partners (most of whom are Dell competitors) and will keep that ecosystem intact going forward and Pat echoed the same  message, while also hinting that Dell hardware will play a key role in all VMware product integrations, including using Dell HW by default in most pre-validated and hyper-converged solution offerings going forward, such as using Dell rack mount servers in VCE solutions….etc. (in Pat’s view, Cisco will still play a big role in blade based VCE solution offerings and they are unlikely to walk away from it all just because of Dell integration given the substantial size of revenue that business brings to Cisco).

If I read in between the lines correctly (may be incorrect interpretations from my end here),  he also alluded that the real catch of the EMC acquisition as far as Dell was concerned was VMware. Pat explained that most of the financing charges behind the capital raised by Dell will need to be paid through EMC business’s annual run rate revenue (which by the way is roughly the same as the financing interest) so in a way, Dell received VMware for free and given their large ecosystem of partners all contributing towards VMware’s revenue, it is very likely Dell will continue to let VMware run as an independent entity.

There were other interesting questions from the audience and some of the key points made by Pat in answering those questions were,

  • VMware are fully committed to increasing NSX adoption by customers and sees NSX as a key revenue generator due to what it brings to the table – I agree 100%
  • VMware are working on the ability to provide networking customers through NSX, a capability similar to VMotion for compute as one of their (NSX business units) key goals. Pat mentioned that engineering in fact have this figured out already and testing internally but not quite production ready.
  • In relation to VMware’s Cross Cloud Services as a service offering (announced by Pat during the event opening keynote speech), VMware are also working on offering NSX as a service – Though the detail were not discussed, I’m guessing this would be through the IBM and vCAN partners
  • Hinted that a major announcement on the VMware Photon platform  (One of the VMware vSphere container solutions) will be taking place during VMworld Barcelona – I’ve heard the same from the BU’s engineers too and look forward to Barcelona announcements
  • VMware’s own cloud platform, vCloud air WILL continue to stay focused on targeted use cases while the future scale of VMware’s cloud business will be expected to come from the vCAN partners (hosting providers that use VMware technologies and as a result are part of the VMware vCloud Air Network…i.e IBM)
  • Pat also mentioned about the focus VMware will have on IOT and to this effect, he mentioned about the custom IOT solution VMware have already built or working on (I cannot quite remember which was it) for monitoring health devices through the Android platform – I’m guessing this is through their project ICE and LIOTA (Little IOT Agent) platform which already had similar device monitoring solutions being demoed in the solutions exchange during VMworld 2016. I mentioned about that during my previous post here

It was really good to have had the chance to listen to Pat up close and be able to ask direct questions and get frank answers which was a fine way to end a productive and an education day for me at VMworld 2016 US

Image credit goes to VMware..!!

Cheers

Chan

 

 

VMworld 2016 US – Key Announcements From Day 2

A quick summary of this morning’s key note speech at VMworld 2’016 US and few annoucements.

Opening Keynote Speech

The morning keynote speech was hosted by Sunjay Poonan (@Spoonan), who heads up the EUC BU within VMware. Sunjay’s speech was pretty much in line with the general VMware focus areas, mentioned yesterdays key note by Pat Gelsinger which is a complete solution that enable customers of todays enterprises & corporates the ability to use any device, any app & any cloud platform as they see fit without having to worry about workload mobility, cross platform management and monitoring.

While yesterdays session was more focused on the server side of things, Sunjay’s message today was focused on the End User Computing side of things, predictably to a bigger degree. The initial messaging was around the VMware Workspace One suite.

Workspace One suite with VMware identity manager appears to be focusing more and more on the following 3 key areas which are key to todays enterprise IT.

  • Apps and identity
  • Desktop & Mobile
  • Management & Security

Workspace one integration with mobile devices to push out corporate apps on mobile devices similar to Apple app store like interface was demoed which emphasize the slick capabilities of the solution which really appears to be ready for primetime now. He also demoed the conditional access capabilities wihtin the Horizon Workspace suite that prevents data sharing between managed and unmanaged apps. The conditional access can also be extended out to NSX to utilise micro segmentation hand in hand to provide even tighter security which is quite handy.

Stephanie Buscemi – EVP of Salesforce came on stage to talk about how they use VMware Wotrkspace suite to empower their sales people to work on the go which was pretty cool I thought, though there was a little marketing undertone to the whole pitch.

  • My take: Personally I dont cover EUC offerings that much myself though I have a good awareness of their Digital Workspace strategy and have also had hands on design and experience with the Horizon View from back in the days. However I can see the EUC offering from VMware getting better and better every day over the last 5 odd years and dare I say, right now, its one of the best solutions out there for most customers if not the best, given its feature set and the integration to other VMware and non VMware compoenents in the back end data center and Cloud. If you are looking at any EUC solutions, this should be on top of your list to investigate / evaluate.

Endpoint Security

VMware TrustPoint powered by Tanium was showcased and its integration with AirWatch to provide a mobile device management solution togewther with a comprehensive security solution that can track devices and their activities real time (no database-full of old device activity info) and apply security controls real time too. This looked a very attractive proposition given the security concerns of the todays enterprise and I can see where this would add value, provided that the costs stack up.

Free VMware Fusion and Workstation license annouicement

VMware also annouced today thye availability of VMware Fusion and Workstation free liceses to all VMworld attendees through the VMworld 2016 app (already claimed mine) – pretty cool huh?

Cloud Native Applications

Kit Colbert, Cloud Native CTO at VMware spoke about the challenges of using the containerised apps in the enterprise environments which currently lacks a comprehensive management solution. Having been looking at containerisation myself and its practical use for majority of ordinary customers, I can relate to that too myself, especially when you compare managing applications based on containers like Docker to legacy appications that run on a dedicated OSE (Windows, Linux…etc) which can be managed, tracked and monitored with session & data persistence that is lacking in a container instance to a level withouth 3rd party components.

Today, couple of new additional features have been annouced on VIC as folows (If you are new to VIC, refer to my intro blog post here)

  • New: Container registry
  • New: Container management portal

1

vSphere Integrated Containers beta programme is also now available if you want to have a look at http://learn.vmware.com/vicbeta

 

VMware Integrated OpenStack (VIO)

Also, VIO 3.0 was oifficially annouced today by Kit. I was privy to this information beforehand due to a vExpert only briefing for the same but was not able to disclose anything due to embargo until now.

VIO is a VMware customised distro of OpenStack and the below slide should give you an intro for those of you who aren’t familer with VIO all that well.

VIO1

Running native OpenStack is a bit of a nightmare as it requires lots of skills and resources which restricts its proper production use to large scale organisations with plenty of technical expertise and resources. Based on my experience, lots of customers that I know who’ve initially started out with ambitious (vanila) OpenStack projects have decided to abandon half way through due to complexity…etc. to switch back to vSphere. VIO attempts to solve this somewhat to help customers run OpenStack with a VMware flavour to make things easier for mass customer adoptoin.

The annoucements for VIO was the release of the VIO 3.0 which has the following key features / improvements

  • Mitaka Based
    • VIO 3.0 distribution is now based on the latest OpenStack release (Mitaka)
    • Leverage the latest features and enhancement of the Mitaka Release
      • Improved day-to-day experience for cloud admins and administrators.
      • Simplified configuration for Nova compute service.
      • Streamlined Keystone identity service is now a one-step process for setting up the identity management features of a cloud network.
      • Keystone now supports multi-backend allowing local authentication and AD accounts simultaneously.
      • Heat’s convergence engine optimized to handle larger loads and more complex actions for horizontal scaling for improved performance for stateless mode.
      • Enhanced OpenStack Client provides a consistent set of calls for creating resources no longer requiring the need to learn the intricacies of each service API.
      • Support for software development kits (SDKs) in various languages.
        –New “give me a network,” feature capable of creating a network, attaching a server to it, assigning an IP to that server, and making the network accessible, in a single action
  • Compact VIO control pane
    • VIO management control plane has been optimized and architected to run in a compact architecture   VIO
      • Reduces infrastructure and costs required to run an OpenStack Cloud
      • Ideal for multiple small deployments
      • Attractive in relaxed SLA scenarios
      • Database backed up in real time: No data loss
    • Slimmer HA architecture
      • VIO0
      • educed footprint on management cluster
      • Full HA: No service downtime
      • Database replication: No data loss
      • 6000+ VMs
      • 200+ Hypervisors
  • Import existing vSphere workloads
    • Existing vSphere VMs can be imported and managed via VIO OpenStack APIs
      • Quickly import vSphere VMs into VIO
      • Start managing vSphere VMs through standard OpenStack APIs
    • Quickly start consuming existing VMs through OpenStack

 

Nike CTO who’s a VIo customer came on stage to discuss how Nike deployed a large greenfield OpenStack deployment using VMware Integrated OpenStack (VIO) and an EUC solution at all Nike outlets / shops using Airwatch which was a good testement for customer confidence though it did have a little markletting undertone to it all.

 

NSX

the head of the NSX business unit within VMware highlighted the key advancements NSX have made and the 400% YoY growth of adoption from fee paying customers deploying NSX to benefit from Micro segmentation (through the distributed firewall capability) and automation and orchestration. NSX roadmap extends far beyond what you can imagine as its current usecases and its sufficient to say that NSX will play a being part as an enabler for customers to freely move their workloads from onbe place (i.e. On premise) to a Public cloud (i.e. AWS) through the dynamic extension of L2 adjacency and other LAN services, transforming the WAN in to an extended LAN.

To this effect, VMware also announced the availability of a free NSX Pre-Assessment which is now intended to enable customers to employ the Assess -> Plan -> Enforce -> Monitor approcah to NSX adoption.

 

VSAN

Yanbing Li, whos the VSAN business unit head came on stage and discussed the hugh demand from customers in VSAN which currently stands over 5000 fee paying customers using VSAN in production as the preferred storage for vSphere. The following roadmap items were also mentioned for VSAN

  • VSAN is the default supported storage platform for VIO and Photon.
  • Intelligent performance analytics & policies in VSAN for proactive management
  • Fully integreated software defined encryption for VSAN

There are couple of other new features coming out soon which I am fully aware of but were not annouced during VMworld 2016 US so im guressing they’ll be annouced during the Barcelona event? (I cannot disclose until then of course :-))

All in all, not a large number of new product or feature accouncements on day 2. But the key message is NSX & VSAN are key focius areads (we already knew this) and VIC & VIO will continue to be improved which is good to see.

 

Slide credit goes to VMware

 

Cheers

Chan

 

 

VVDs, Project Ice, vRNI & NSX – Summary Of My Breakout Sessions From Day 1 at VMworld 2016 US –

Capture

Quick post to summerise the sessions I’ve attended on day 1 at @VMworld 2016 and few interesting things I’ve noted. First up are the 3 sessions I had planned to attend + the additional session I managed to walk in to.

Breakout Session 1 – Software Defined Networking in VMware validated Designs

  • Session ID: SDDC7578R
  • Presenter: Mike Brown – SDDC Integration Architect (VMware)

This was a quick look at the VMware Validated Designs (VVD) in general and the NSX design elements within the SDDC stack design in the VVD. If you are new to VVD’s and are typically involved in designing any solutions using the VMware software stack, it is genuinely worth reading up on and should try to replicate the same design principles (within your solution design constraints) where possible. The diea being this will enable customers to deploy robust solutions that have been pre-validated by experts at VMware in order to ensure the ighest level of cross solution integrity for maximum availability and agility required for a private cloud deployment. Based on typical VMware PSO best practices, the design guide (Ref architecture doc) list out each design decision applicable to each of the solution components along with the justification for that decision (through an explanation) as well as the implication of that design decision. An example is given below

NSX VVD

I first found out about the VVDs during last VMworld in 2015 and mentioned in my VMworld 2015 blog post here. At the time, despite the annoucement of availability, not much content were actually avaialble as design documents but its now come a long way. The current set of VVD documents discuss every design, planning, deployment and operational aspect of the following VMware products & versions, integrated as a single solution stack based on VMware PSO best practises. It is based on a multi site (2 sites) production solution that customers can replicate in order to build similar private cloud solutions in their environments. These documentation set fill a great big hole that VMware have had for a long time in that, while their product documentation cover the design and deployment detail for individual products, no such documentaiton were available for when integrating multiple products and with VVD’s, they do now. In a way they are similar to CVD documents (Cisco Validated Designs) that have been in use for the likes of FlexPod for VMware…etc.

VVD Products -1

VVD Products -2

VVD’s generally cover the entire solution in the following 4 stages. Note that not all the content are fully available yet but the key design documents (Ref Architecture docs) are available now to download.

  1. Reference Architecture guide
    1. Architecture Overview
    2. Detailed Design
  2. Planning and preperation guide
  3. Deployment Guide
    1. Deployment guide for region A (primary site) is now available
  4. Operation Guide
    1. Monitoring and alerting guide
    2. backup and restore guide
    3. Operation verification guide

If you want to find out more about VVDs, I’d have a look at the following links. Just keep in mind that the current VVD documents are based on a fairly large, no cost barred type of design and for those of you who are looking at much smaller deployments, you will need to exercise caution and common sense to adopt some of the recommended design decisions to be within the appplicable cost constraints (for example, current NSX design include deploying 2 NSX managers, 1 integrated with the management cluster vCenter and the other with the compute cluster vCenter, meaning you need NSX licenses on the management clutser too. This may be an over kill for most as typically, for most deployments, you’d only deploy a single NSX manager integrated to the compute cluster)

As for the Vmworld session itself, the presenter went over all the NSX related design decisions and explained them which was a bit of a waste of time for me as most people would be able to read the document and understand most of those themselves. As a result I decided the leave the session early, but have downloaded the VVD documents in order to read throughly at leisure. 🙂

Breakout Session 2 – vRA, API, Ci Oh My!

  • Session ID: DEVOP7674
  • Presenters

vRA Jenkins Plugin

As I managd to leave the previous session early, I manage to just walk in to this session which had just started next door and both Kris and Ryan were talking about the DevOps best practises with vRealize Automation and vrealize Code Stream. they were focusing on how developpers who are using agile development that want to invoke infrastructure services can use these products and invoke their capabilities through code, rather than through the GUI. One of the key focus areas was the vRA plugin for Jenkins and if you were a DevOps person of a developper, this session content would be great value. if you can gain access to the slides or the session recordings after VMworld (or planning to attend VMworld 2016 Europe), i’d highly encourage you to watch this session.

Breakout Session 3 – vRealize, Secure and extend your data center to the cloud suing NSX: A perspective for service providers and end users

  • Session ID: HBC7830
  • Presenters
    • Thomas Hobika – Director, America’s Service Provider solutions engineering & Field enablement, vCAN, vCloud Proviuder Software business unit (VMware)
    • John White – Vice president of product strategy (Expedient)

Hosted Firewall Failover

This session was about using NSX and other products (i.e. Zerto) to enable push button Disaster Recovery for VMware solutions presented by Thomas, and John was supposed to talk about their involvement in designing this solution.  I didn’t find this session content that relevent to the listed topic to be honest so left failrly early to go to the blogger desks and write up my earlier blog posts from the day which I thought was of better use of my time. If you would like more information on the content covered within this sesstion, I’d look here.

 

Breakout Session 4 – Practical NSX Distributed Firewall Policy Creation

  • Session ID: SEC7568
  • Presenters
    • Ron Fuller – Staff Systems Engineer (VMware)
    • Joseph Luboimirski – Lead virtualisation administrator (University of Michigan)

Fairly useful session focusing about NSX distributed firewall capability and how to effectively create a zero trust security policy on ditributed firewall using vairous tools. Ron was talking about various different options vailablle including manual modelling based on existing firewall rules and why that could potentially be inefficient and would not allow customers to benefit from the versatality available through the NSX platform. He then mentioned other approaches such as analysing traffic through the use of vRealize Network Insight (Arkin solution) that uses automated collection of IPFIX & NetFlow information from thre virtual Distributed Switches to capture traffic and how that capture data could potentialy be exported out and be manipulated to form the basis for the new firewall rules. He also mentioned the use of vRealize Infrastructure Navigator (vIN) to map out process and port utilisation as well as using the Flow monitor capability to capture exisitng communication channels to design the basis of the distributed firewall. The session also covered how to use vRealize Log Insight to capture syslogs as well.

All in all, a good session that was worth attending and I would keep an eye out, especially if you are using / thinking about using NSx for advanced security (using DFW) in your organisation network. vRealize Network Insight really caught my eye as I think the additional monitoring and analytics available through this platform as well as the graphical visualisation of the network activities appear to be truely remarkeble (explains why VMware integrated this to the Cross Cloud Services SaS platform as per this morning’s announcement) and I cannot wait to get my hands on this tool to get to the nitty gritty’s.

If you are considering large or complex deployment of NSX, I would seriously encourage you to explore the additional features and capabilities that this vRNI solution offers, though it’s important to note that it is licensed separately form NSX at present.

vNI         vNI 02

 

Outside of these breakout sessions I attended and the bloggin time in between, I’ve managed to walk around the VM Village to see whats out there and was really interested in the Internet Of Things area where VMware was showcasing their IOT related solutions currently in R&D. VMware are currently actively developing an heterogeneous IOT platform monitoring soluton (internal code name: project Ice). The current version of the project is about partnering up with relevent IOT device vendors to develop a common monitoring platform to monitor and manage the various IOT devices being manufacured by various vendors in various areas. If you have a customer looking at IOT projects, there are opportunities available now within project Ice to sign up with VMware as a beta tester and co-develop and co-test Ice platform to perform monitoring of these devices.

An example of this is what VMware has been doing with Coca Cola to monitor various IOT sensors deployed in drinks vending machines and a demo was available in the booth for eall to see

IOT - Coke

Below is a screenshot of Project Ice monitoring screen that was monitoring the IOT sensors of this vending machine.   IOT -

The solution relies on an Open-Source, vendor neutral SDK called LIOTA (Little IOT Agent) to develop a vendor neutral agent to monitor each IOT sensor / device and relay the information back to the Ice monitoring platform. I would keep and eye out on this as the use cases of such a solution is endless and can be applied on many fronts (Auto mobiles, ships, trucks, Air planes as well as general consumer devices). One can argue that the IOT sensor vendors themselves should be respornsible for developping these mo nitoring agents and platforms but most of these device vendors do not have the knowledge or the resources to build such intelligent back end platforms which is where VMware can fill that gap through a partship.

If you are in to IOT solutions, this is defo a one to keep your eyes on for further developments & product releases. This solution is not publicly available as of yet though having spoken to the product manager (Avanti Kenjalkar), they are expecting a big annoucement within 2 months time which is totally exciting.

Some additional details can be found in the links below

Cheers

Chan

#vRNI #vIN #VVD # DevOps #Push Button DR # Arkin Project Ice # IOT #LIOTA

VMworld 2016 US – Arrival & Summary From Day 0

Entrance

A very quick post on the my first day at VMWare VMworld 2016 US today and few tips for the attendees of the event.

As per explained my previous post, I’ve arrived at Vegas on Sunday afternoon as had planned after which felt like a looooong flight from London Heathrow, via Chicago to Vegas. I had been up since about 4am Sunday morning to catch the early flight and having not had much sleep on the flight (doesn’t work for me), I managed to get to my hotel by around 2pm. And unfortunately due to sheer number of guests arriving (mostly VMworld guests form what I could see), I then spent the next 2 & 1/2 hours simply queuing at the check-in desk which really didn’t help.

Anyhow, after check-in -> Shower, I decided to have a quick shower and go over to the event venue (its a short cab ride away from my hotel) in order to register and collect my badge before the morning rush on the event’s public opening day on Tuesday which went smoothly as been the case at every other VMworld event I’ve attended.

After the registration, it is typical that you go to collect your official VMworld back pack and having picked up this years, I have  to say I’m not impressed. it looks a little tacky compared to previous years and slightly on the cheaper side when it comes to the build quality etc. So I’m thinking that I’d stick to using the last years bag myself and give the new one away to a colleague / customer who might appreciate it more than I would.

Bag comparison

After collecitng the bag, I ventured out to the Solutipons Exchange. Solutions Exchange is where all the VMware partners (other vendors) have their exhibitoion booths that showcase all of their product and solution offerings that typically go hand in hand with VMware (and competitive offerings in some cases like Nutanix).

In the solutions exchange, I had a brief look around, spoke to few vendors after which I moved on to go find my fellow VMUG members at the VMUG party at house of Blues with a live band to have few drinks and catch up. Well, sure I had some drinks but didn’t really see many that I knew as it turned out most of the attendees were form all the US VMUG’s whom I’d never met 🙂

IMG_5684

After couple of drinks and some food there, I was feeling pretty tired given the extra long day I’d had by then and decided to go back to my hotel for getting this post out and catching up on some sleep. I decided to take the tram from the venue (Mandalay bay hotel) which takes you all the way to Luxor hotel & Casino which was a short walk away from my hotel. As I was walking over one of the flyovers, I did manage to get a nice view of the famous Vegas strip too which looks full of life at night (below) though my priority was just getting back my air conditioned room pronto as I’d had enough of the heat by this time (note to myself: no more walking between hotels)

IMG_5685

 

Cheers

Chan

 

#VMworld 2016 #Day 0

VMworld 2016 US – Key Announcements From Day 1

Pat gelsinger

So the much awaited VMworld 2016 US event kicked off today amongst much fanfare and I was lucky to be one of them there at the event. Given below are the key highlights from the day 1 general session & the key annoucements made by VMware CEO Pat Gelsinger. I’ve highlighted the key items.

Theme of this years VMworld is Be Tomorrow. This is quite fitting as technology today defines the tomorrow for the world and we as the IT community plays a key part in this along with vendors like VMware who defines / invent most of those technologies.

Pat mentioned that for VMware and their future direction, the Cloud is key. Both Public and Private cloud are going to define many IT requirements of tomorrow which I fully agree with and VMware’s aim appears to be to move away from the traditional vSphere based compute virtualisation to become a facilitator of cross cloud workload mobility and management.

He also discussed the status of where the current public and private cloud adoption is at, which is presently heavily biased towards the public cloud rather than private cloud adoption, which inharently is quite difficult to retro fit to a legacy enviornment based on my experience too. Based on VMware research and market analytics, thre current IT platform adoption is split as below

  • Public Cloud = 15%
  • Private Cloud = 12%
  • Traditional IT = 73%

Current Cloud Split

According to Pat it will not be around 2021 that the public Vs private cloud usage adoption achieve similar levels and by 2030, they expect the adoptoin rates to be (approximately) as follows

  • Public Cloud =52%
  • Private Cloud = 29%
  • Traditional IT = 19%

From then, the tone shifted to look at VMware’s role in this evolving market. It is pretty obvioius that VMware as a vendor, been diversifying their product positioning to rely less on the core vSphere stack but to focus more on the Cloud management and other software defined offerings for the last few years. This was made possible through the use of vSphere + NSX + VSAN for the SDDC for those who wanted a traditional IT environment or a private cloud platform with vRealize Suite sat on top to provide a common management and monitoring platform (Cloud Management Portal). These have been quite popular and some key highlights mentioned were,

  • vSphere the market leader in Virtualisation – Software Defined Compute
  • VSAN now has over 5000 fee paying customers & growing – Software Defined Storage
  • NSX has 400% YoY growth in adoption – Software Defined Networking
  • vRealize Suite is the most popular Cloud management portal in the industry

Todays main annoucement brings these solutions together in to VMware Cloud Foundation with Cross Cloud Services support. Cross Cloud Architecture annouced as a technical preview today effectively focuses on centralizing the followings across various deifferent private and public cloud platforms

  • Management,
  • Operations
  • Security
  • Networking (the most important one for me)

This tech preview platform initially will support Publci clouds (Azure, AWS, Google Cloud, vCloud Air) as well as vCloud Air Network Partners and private cloud instances

Chris-Wolf-Day-1-Recap-image

The below graphic annouces the Corss cloud services model and the solution proposition quite well. One of the key interesting part of this annoucement is that throuh the IBM partnership, these cross cloud services will be made available as SaS offering (Software as a Service) which require no local installation or PS heavy deployment of management and monitoring components on premise. It would be interesting to see the details of what this means,  and cannot wait to get my hands on the tools once available to look deeper in to details and what that means for the average customers.

2016-08-29_13-15-50

Based on Pat’s description, Cross Cloud Services solution is designed to facilitate moving of applications between private and various public clouds with minimal disruption / effort for the customers.

They also showed a demo of this being in action which was really really impressive. It is pretty obvious that for true cross cloud connectivity and flexbility when it comes to moving applications..etc, one of the key blockers has been the networking restrictions such as the lack of easily available L2 adjacency….etc. VMware are in a prime position to address this through the SDN platform they have in NSX and the demo showed clearly the NSX integration with AWS that automatically deployed an L2 Edge gateway (software) devices in front of AWS Virtual datacenter to offer L2 connectivity back to customers on premise to extend the LAN capability as a key facilitator to enable being able to move a workload from AWS to On-Premise and back. (Think WAN is transformed in to an extended LAN with NSX). I’ve always seen this coming and also discussed with my customers various other posibilities like this that NSX brings on to the table and its nice to see that these capabilities are now being integrated in to othermanagement and monitoring platforms to proviude a true single pane of glass solution for multi cloud management.

The solution demo also included the Arkin integration of the same platfrom (VMware aquired Arkin recently) and it brings the security monitoring and anlytics capability to the platform which is totally awesome..!! I’ve already seen the extensively capability of visualizing networking flow and security contexts of vRealize Network Insight (rebranded Arkin solution) previously but its really good to see that bieng integrated to this Software as a Sevrice Offering. This solution also include traffic encryption capability, even within a public cloud platform like Amazon that you do not get by default which would go a long way towards deploying workloads siubject to regulatory compliance on public cloud platforms.

These new annoucements form the basis of the VMwares vision of Any device (through the use of Airwatch), Any application (through the use of Workspace one) and any cloud (now available through the Cross Cloud arhitecture) message that enable their customers to simply their modern day IT operations increse agility, efficiency and productivity.

Cross Cloud

Slide credit goes to VMware

You can find more details in the following links

Cheers

Chan

#NSX #vSphere #VSAN #CrossCloudServices #VmwareCloudFoundation

Heading to #VMworld 2016 Vegas

Capture 309728B09D1231310A4501F778AC28B1

I am a regular attendee of the VMware VMworld and have continuously attended each of the last 4 years VMworld events in Europe, as an ordinary attendee like most others, mainly thanks to my employer who understands the importance of such events. This year however, there’s a little change of plans. I’ve been lucky enough to receive a free blogger pass to attend the VMworld 2016 event in the US from VMware. VMworld 2016 US event is being held in Vegas, in the Mandalay Bay hotel and conference center which is pretty awesome…!

I’ve never been to Vegas so little excited to be heading over there but to be really honest, I’m more excited about being able to attend the US version of VMworld. Having done European VMworld event over the last few years, they’ve all been great but the contents & the new product announcements have been by and large the same as in the US version which usually takes place before European event (So most of the news / updates / announcements you here in VMworld Europe are already somewhat public knowledge). However this time around, I will be one of the first to hear about them as they are being announced which is great.

And its the first time I’ve been selected to receive a blogger pass by VMware. Blogger passes are issued to a handful of current VMware vExperts (only 50 issued in total for the US event) so I was very lucky there. Its usually given to active community bloggers who take the time out to evangelise technology and happy to blog about it for the good of the community. I do this anyway whenever I attend VMworld where I summarize each of my day there and mention any exciting topics / updates / vendors I’ve come across or things I’ve learned. So I’d expect to do the same this year too and aiming to get a summary blog post out at the end of each day to cover the news & the activities of the day.

While the blogger pass covered the cost of the event, VMware doesn’t cover the other expenses such as flights and hotels… Thankfully, my employer, Insight has stepped up there which was great.

Given below is a summary of my plan during the event. It would be good to meet my fellow vExperts / customers / techies / community members while I’m there, perhaps over few beers. Please do come say hi if you see me or hit me up on twitter (@s_chan_ek)…etc.

Itineraries

Most people will typically travel either few days earlier or stay behind few days after the event to explore the city..etc but unfortunately due to cricket commitments where I play league cricket on every Saturday, I’m reduced to being there for the exact event duration only. As such, my itineraries are as follows

  • Travelling out: Sunday the 28th of August: Travel from London Heathrow via Chicago to Vegas (United Airlines)
  • Accommodation: I will be staying in the MGM Grand hotel which is a little walk away from the event location (Mandalay Bay Hotel & Conference Center)
  • Travelling back: Friday the 2nd of Sept, from Vegas via Montréal back to London Heathrow (Air Canada)

 

Planned sessions

Anyone travelling to VMworld are advised to use the Schedule Builder beforehand and schedule any breakout sessions you want to attend. I’ve always done this in the past and have tried the same this year. However, despite attempting to book many interesting breakout sessions and workshops on the same day the Schedule builder went live, most of the really good ones were already full. So I’m guessing the demand for the event in the US is far higher than the one in Europe and I’m expecting to see lot more crowd that at the European VMworld.

The sessions I’ve managed to book to attend are as follows. Some of them are new subjects while most others are more of a refresher from previous knowledge for me. Having learnt from the previous VMworlds, I’ve been careful not to book session after session and allow enough time for blogging in between as well as hall crawl and networking with people which, arguably are far more important that attending breakout sessions or workshops which lot of people, especially newbies don’t realise.

  • Monday the 29th of August – I have the following sessions I’ve scheduled so far. Some may change depending on when I managed to get in to some other sessions I’ve had to wait list for.
    • 11am-12pm: Software-Defined Networking in VMware Validated Designs [SDDC7587]
    • 1pm-2pm: Virtualize, Secure, and Extend Your Data Center to the Cloud Using NSX: A Perspective for Service Providers and End Users [HBC7830]
    • 2pm-3pm: Introducing Virtual SAN for VMware Photon: The Best HCI Platform for Containers and Cloud-Native Applications [STO8256]
    • 3pm-4:30pm: VMware NSX Distributed Firewall with Micro-Segmentation Workshop [ELW-1703-USE-2]

 

  • Tuesday the 30th of August
    • 11am-12pm: Understanding the Availability Features of Virtual SAN [STO8179]
    • 12pm-1:30pm: vSphere Integrated Containers Workshop [ELW-1730-USE-1] – Wait Listed
    • 2pm-3pm: How to Deploy VMware NSX with Cisco Infrastructure [NET8364]
    • 4pm-5pm: Containers for the vSphere Admin [CNA7522]
    • 5pm-6pm: The Architectural Future of Network Virtualization [NET8193R]

 

  • Wednesday the 31st of August
    • 9:30am-11am: Realize Automation 7 Basics Workshop [ELW-1721-USE-1] – Wait listed
    • 11am-12pm: How to Use Machine Learning to Increase Application Availability [INF9608-SPO]
    • 1pm-2pm: PowerNSX and PyNSXv: Using PowerShell and Python for Automation and Management of VMware NSX for vSphere [NET7514]
    • 2pm-3pm: Implementing Self-Service Storage Provisioning with vRealize Automation XaaS [SDDC9456-SPO]
    • 3:30pm-4:30pm: Building Cloud Native Architectures [CNA9926]

 

  • Thursday the 1st of September
    • 12pm-1pm: VMware Certificate Management for Mere Mortals [INF8631]
    • 1:30pm-2:30pm: Winter Is Coming. Are You Dev/Ops Ready? Instant Clone Is! [INF8396]

 

Other events

Usually there are many other vendor and vExpert events that also take place, out of hours to discuss products as well as networking with people. There is a list of such activities published here and outside of the normal VMworld welcome reception and the VMworld party, I will probably attend the below (I may have to cancel some last min due to exhaustion & last min change of plans…etc :-))

  • Sunday the 28th of August 7:30-9:30pm: 2016 VMUG member party @ House of Blues – Mandalay Bay, 3950 S Las Vegas Boulevard
  • Monday the 29th of August 9pm-11pm: Trace3 Annual VMWorld After Party @ Daylight Beach Club, Mandalay Bay, 3950 S Las Vegas Blvd, Las Vegas, Nevada, 89119
  • Tuesday the 30th of August 7pm -10pm: vExpert 2016 Las Vegas reception @ The Mob Museum, 300 Stewart Avenue, Las Vegas, NV 89101

 

About VMworld Event

As mentioned earlier, I’ve attended VMworld Europe edition over the last 4 years and it has been such a good event to attend given the amount of knowledge, insides, tips you can gather, seeing the variety of the VMware echo system partners out there and their solutions and most importantly meeting and being able to network with people that you’d otherwise never get the opportunity to (like product managers and engineers). And usually its such a well organised event and having attended other similar events such as NetApp Insight, Cisco Live and HPe TSS & Ambassador events, I can say without a shadow of a doubt that none of them has been as good, well organised, well attended or useful to me as an attendee as VMworld, period….! If you are a VMWare customer or a partner, I’d highly encourage you to attend somehow. (use the link here)