文档详细内容(约81页)
How Network virtualization is Changing Everything Network virtualization is rewriting the rules for the way ser- vices are delivered. It decouples networking and security services from underlying network hardware by creating logical virtual networks. Organizations are taking a full-stack layer 2 to layer 7 approach with network virtualization, delivering services like virtual switching and routing, firewalling, and load balancing that re built into the infrastructure. Armed with this ability to define and consume the network in software, organizations can centrally provision the network on-demand while simplifying configura tion and improving scale and resource efficiency. This approach transforms the networks from static, inflexible and inefficient to dynamic, agile, and optimized. In this new world, infrastructure intelligence moves from hard- ware to software Data center infrastructure elements-including compute, networking, and storage -are virtualized and grouped into pools of resources that can then be automatically deployed with little or no human involvement. Everything is flexible and automated through software. The virtual cloud network extends these concepts beyond the data center, to wherever applications and data reside With network virtualization enabling the software-defined data center(SDDC), you can forget about spending days or weeks pro- visioning the infrastructure to support a new application. You can now deploy or update apps in minutes, for rapid time to value This book has a particular focus on how network virtualization enables the SDDC, while also touching on how it lays the founda tion for the virtual cloud network a network model that extends network virtualization across clouds, apps, and endpoints According to the Flexera 2020 State of the Cloud Report, enterprises continue to scale their multi-cloud strategies, with 87 percent of organizations having a hybrid cloud strategy. Similarly, according to the annual CNCF Survey 2019, the use of containers for user-facing applications increased significantly, with 84 percent of respon dents using containers in production, up more than 15 percent from 2018. Network virtualization is playing a central role in simplifying connectivity and security in these heterogenous environments, enabling organizations to build and deploy these applications faster 4 Network Virtualization For Dummies, VMware 3rd Special Edition C2021 John Wley Sons Inc Any di
4 Network Virtualization For Dummies, VMware 3rd Special Edition These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. How Network Virtualization Is Changing Everything Network virtualization is rewriting the rules for the way services are delivered. It decouples networking and security services from underlying network hardware by creating logical virtual networks. Organizations are taking a full-stack layer 2 to layer 7 approach with network virtualization, delivering services like virtual switching and routing, firewalling, and load balancing that are built into the infrastructure. Armed with this ability to define and consume the network in software, organizations can centrally provision the network on-demand while simplifying configuration and improving scale and resource efficiency. This approach transforms the networks from static, inflexible, and inefficient to dynamic, agile, and optimized. In this new world, infrastructure intelligence moves from hardware to software. Data center infrastructure elements — including compute, networking, and storage — are virtualized and grouped into pools of resources that can then be automatically deployed with little or no human involvement. Everything is flexible and automated through software. The virtual cloud network extends these concepts beyond the data center, to wherever applications and data reside. With network virtualization enabling the software-defined data center (SDDC), you can forget about spending days or weeks provisioning the infrastructure to support a new application. You can now deploy or update apps in minutes, for rapid time to value. This book has a particular focus on how network virtualization enables the SDDC, while also touching on how it lays the foundation for the virtual cloud network — a network model that extends network virtualization across clouds, apps, and endpoints. According to the Flexera 2020 State of the Cloud Report, enterprises continue to scale their multi-cloud strategies, with 87 percent of organizations having a hybrid cloud strategy. Similarly, according to the annual CNCF Survey 2019, the use of containers for user-facing applications increased significantly, with 84 percent of respondents using containers in production, up more than 15 percent from 2018. Network virtualization is playing a central role in simplifying connectivity and security in these heterogenous environments, enabling organizations to build and deploy these applications faster
Today's Networking and Security Challenges That all sounds pretty good, doesn't it? But there are quite a few technical details to work out between here and there we ll kick things off by looking at some of the networking and it challenges companies face today. Upcoming chapters explain how network virtualization can help solve many of them Businesses need speed Organizations of all sizes are experiencing a rapid increase in the pace of change Everything needed to be done yesterday new innovations and feature delivery, competitive responses, and projects critical to the organization. This new reality has big implications for the network. When a business wants to wow its customers with a new app, roll out a promotion, or take a new route to market, it needs the sup- porting IT services right away not in weeks or even days. In days world, you either go for it or miss out. We're in the era of the incredible shrinking window of opportunity. When the business turns to the It organization for essential ser- vices, it wants to hear, " We'll get it done. We'll have it up and running right away. And increasingly, the business wants to not Security requirements are rising Everyone knows we need to do more to avoid costly breaches that put sensitive information into the hands of cybercriminals. No company is immune to the threat. Just consider some of the headline-grabbing security breaches of the past few years breaches that have brought corporate giants to their knees. Major brands, from healthcare and investment banking to retail and entertainment, have been tarnished after letting down their cus tomers. All companies are now caught up in the same costly battle to defend critical data It's like one big war game. A company fortifies its data center with a tough new firewall, and the cybercriminals slip in through a previously unknown back door -like a simple vulnerability in CHAPTER 1 Evolving to a Modern Network 5
CHAPTER 1 Evolving to a Modern Network 5 These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Today’s Networking and Security Challenges That all sounds pretty good, doesn’t it? But there are quite a few technical details to work out between here and there. We’ll kick things off by looking at some of the networking and IT challenges companies face today. Upcoming chapters explain how network virtualization can help solve many of them. Businesses need speed Organizations of all sizes are experiencing a rapid increase in the pace of change. Everything needed to be done yesterday — new innovations and feature delivery, competitive responses, and projects critical to the organization. This new reality has big implications for the network. When a business wants to wow its customers with a new app, roll out a promotion, or take a new route to market, it needs the supporting IT services right away — not in weeks or even days. In today’s world, you either go for it or miss out. We’re in the era of the incredible shrinking window of opportunity. When the business turns to the IT organization for essential services, it wants to hear, “We’ll get it done. We’ll have it up and running right away.” And increasingly, the business wants to not even have to ask IT. Security requirements are rising Everyone knows we need to do more to avoid costly breaches that put sensitive information into the hands of cybercriminals. No company is immune to the threat. Just consider some of the headline-grabbing security breaches of the past few years — breaches that have brought corporate giants to their knees. Major brands, from healthcare and investment banking to retail and entertainment, have been tarnished after letting down their customers. All companies are now caught up in the same costly battle to defend critical data. It’s like one big war game. A company fortifies its data center with a tough new firewall, and the cybercriminals slip in through a previously unknown back door — like a simple vulnerability in
a client system and run wild in the data center. The traditional strategy of defending the perimeter needs to be updated to include much more protection inside the data center. Vulnerabilities in applications are the primary targets of attackers ranging from cybercriminals to nation-state actors. Traditional firewalls alone are inadequate to protect against attacks that come in through valid channels, such as legitimately open ports. Examples of this type of attack include SQL injections and wormable ransomware leveraging exploits such as EternalBlue to laterally spread across vulnerable Server Message Block(SMB)servers within the data Organizations are building security into the software develop ment life cycle, but that has by no means eliminated unsecure code and vulnerable software. Fixing vulnerabilities after appli cations have been deployed is costly and leads to downtime. So, network security should be applied as close to the application as possible and the life cycle of a security policy should be directly tied to the life cycle of the application Apps and data are in multiple clouds There is no longer a simple answer for where apps are running and where the data resides. Some apps start in the cloud where some developers begin to code and test. Many companies find that certain apps are best run in the private data center, both for cost efficiencies and private control. Many other organizations have pps away from their original deployment location from the private data center to the public cloud to delegate management,or from the public cloud to the private data center to rein in public-cloud costs or to take advantage of new private cloud consumption models. Todays organizations realize that they need to rely on multiple environments The rise of server virtualization has made a lot of great possible around application mobility, but there has been a the network It's like a hitch in your giddyup, to borrow some words from the cowboys of old. The network configuration is tied to hardware, so even if apps can move with relative ease, the hardwired networking connections hold them back. Networking services also tend to be very different from one data enter or cloud to another. That means you need a lot of cus tomization to make your apps work in different network envi ronments. That's a major barrier to app mobility - and another argument for using virtualization to transform the network. 6 Network Virtualization For Dummies, VMware 3rd Special Edition C2021 John Wley Sons Inc Any di
6 Network Virtualization For Dummies, VMware 3rd Special Edition These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. a client system — and run wild in the data center. The traditional strategy of defending the perimeter needs to be updated to include much more protection inside the data center. Vulnerabilities in applications are the primary targets of attackers ranging from cybercriminals to nation-state actors. Traditional firewalls alone are inadequate to protect against attacks that come in through valid channels, such as legitimately open ports. Examples of this type of attack include SQL injections and wormable ransomware leveraging exploits such as EternalBlue to laterally spread across vulnerable Server Message Block (SMB) servers within the data center. Organizations are building security into the software development life cycle, but that has by no means eliminated unsecure code and vulnerable software. Fixing vulnerabilities after applications have been deployed is costly and leads to downtime. So, network security should be applied as close to the application as possible and the life cycle of a security policy should be directly tied to the life cycle of the application. Apps and data are in multiple clouds There is no longer a simple answer for where apps are running and where the data resides. Some apps start in the cloud where some developers begin to code and test. Many companies find that certain apps are best run in the private data center, both for cost efficiencies and private control. Many other organizations have moved apps away from their original deployment location — from the private data center to the public cloud to delegate management, or from the public cloud to the private data center to rein in public-cloud costs or to take advantage of new privatecloud consumption models. Today’s organizations realize that they need to rely on multiple environments. The rise of server virtualization has made a lot of great things possible around application mobility, but there has been a catch: the network. It’s like a hitch in your giddyup, to borrow some words from the cowboys of old. The network configuration is tied to hardware, so even if apps can move with relative ease, the hardwired networking connections hold them back. Networking services also tend to be very different from one data center or cloud to another. That means you need a lot of customization to make your apps work in different network environments. That’s a major barrier to app mobility — and another argument for using virtualization to transform the network
Why Hardware-Based Networks Cant Keep Up The SDDC is the most agile and responsive architecture for the modern data center. It's achieved by moving intelligence into software for all infrastructure elements. Here 's a summary of where things are today >>Most data centers now leverage server virtualization for the best compute efficiency. Check! >Many data centers now optimize their storage environments through virtualization Check! >)Organizations have virtualized their network environments ithin the data center and across clouds. A lot of progress has been made! But the potential to do more remains enormous Although many businesses are capitalizing on server and stor age virtualization, theyre still challenged by legacy network infrastructure that revolves around hardware-centric. manu ally provisioned approaches that have been around since the first generation of data centers In the following sections, we walk through some of the specific hallenges of legacy architectures Physical network provisioning is slow Some network provisioning processes can be scripted and cer tain software-defined networking(SDN) models promise to make this a reality. However, with hardware-based systems, there is no automatic linkage to compute or storage virtualization. As a result, there is no way to automatically provision networking when the associated compute and storage is created, moved, snapshotted deleted, or cloned. Therefore, network provisioning remains slow, despite the use of automated tools All the while, the thing that matters the most to the business getting new apps ready for action -is subject to frequent delay caused by the slow, error-prone, manual processes used to prov sion network services CHAPTER 1 Evolving to a Modern Network 7 C2021 John Wley Sons Inc Any di
CHAPTER 1 Evolving to a Modern Network 7 These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Why Hardware-Based Networks Can’t Keep Up The SDDC is the most agile and responsive architecture for the modern data center. It’s achieved by moving intelligence into software for all infrastructure elements. Here’s a summary of where things are today: » Most data centers now leverage server virtualization for the best compute efficiency. Check! » Many data centers now optimize their storage environments through virtualization. Check! » Organizations have virtualized their network environments within the data center and across clouds. A lot of progress has been made! But the potential to do more remains enormous. Although many businesses are capitalizing on server and storage virtualization, they’re still challenged by legacy network infrastructure that revolves around hardware-centric, manually provisioned approaches that have been around since the first generation of data centers. In the following sections, we walk through some of the specific challenges of legacy architectures. Physical network provisioning is slow Some network provisioning processes can be scripted — and certain software-defined networking (SDN) models promise to make this a reality. However, with hardware-based systems, there is no automatic linkage to compute or storage virtualization. As a result, there is no way to automatically provision networking when the associated compute and storage is created, moved, snapshotted, deleted, or cloned. Therefore, network provisioning remains slow, despite the use of automated tools. All the while, the thing that matters the most to the business — getting new apps ready for action — is subject to frequent delays caused by the slow, error-prone, manual processes used to provision network services
This is all rather ironic when you take a step back and consider the bigger picture. The limitations of legacy networks tie today's dynamic virtual world back to inflexible, dedicated hardware. Server and storage infrastructure that should be rapidly repur posed must wait for the network to catch up. Provisioning then becomes one big hurry-up-and-wait game Workload placement and mobility are imited In today's fast-moving business environments, apps need to have legs. They need to move freely from one place to another. This may mean replication to an off-site backup-and-recovery data center, movement from one part of the corporate data center to anothe or migration into and out of a cloud environment. Server and storage virtualization makes this kind of mobility possible, but network hardware can interfere with that. When it comes to app mobility, today 's hardwired network silos rob apps of their running shoes. Workloads, even those in virtual machines, are tethered to physical network hardware and topolo gies. To complicate matters, different data centers have different approaches to networking services, so it can take a lot of heavy lifting to configure an app running in data center A for optimal performance in data center B All of this limits workload placement and app mobility and makes change not just difficult but risky. It's always easiest - and safest- to simply leave things just the way they are The current hardware-centric approach to networking restricts workload mobility to individual physical subnets and availability zones. To reach available compute resources in the data center, STUICAL your network operators may be forced to perform box-by-box configuration of switching, routing, firewall rules, load-balancing services, and so on. Not only is this process slow and complex, but it will eventually reach scalability limits. Hardware imitations and lock-ins breed complexity and rigidi The current closed black-box approach to networking with custom operating systems, application-specific integrated cir- cuits(ASICs), command-line interfaces (CLIs), and dedicated 8 Network Virtualization For Dummies, VMware 3rd Special Edition C2021 John Wley Sons Inc Any di
8 Network Virtualization For Dummies, VMware 3rd Special Edition These materials are © 2021 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. This is all rather ironic when you take a step back and consider the bigger picture. The limitations of legacy networks tie today’s dynamic virtual world back to inflexible, dedicated hardware. Server and storage infrastructure that should be rapidly repurposed must wait for the network to catch up. Provisioning then becomes one big hurry-up-and-wait game. Workload placement and mobility are limited In today’s fast-moving business environments, apps need to have legs. They need to move freely from one place to another. This may mean replication to an off-site backup-and-recovery data center, movement from one part of the corporate data center to another, or migration into and out of a cloud environment. Server and storage virtualization makes this kind of mobility possible, but network hardware can interfere with that. When it comes to app mobility, today’s hardwired network silos rob apps of their running shoes. Workloads, even those in virtual machines, are tethered to physical network hardware and topologies. To complicate matters, different data centers have different approaches to networking services, so it can take a lot of heavy lifting to configure an app running in data center A for optimal performance in data center B. All of this limits workload placement and app mobility and makes change not just difficult but risky. It’s always easiest — and safest — to simply leave things just the way they are. The current hardware-centric approach to networking restricts workload mobility to individual physical subnets and availability zones. To reach available compute resources in the data center, your network operators may be forced to perform box-by-box configuration of switching, routing, firewall rules, load-balancing services, and so on. Not only is this process slow and complex, but it will eventually reach scalability limits. Hardware limitations and lock-ins breed complexity and rigidity The current closed black-box approach to networking — with custom operating systems, application-specific integrated circuits (ASICs), command-line interfaces (CLIs), and dedicated
