Loading Wird geladen Cargando 正在加载 Chargement en cours 載入 Carregando 読み込み中 로드 중 Caricamento in corso Загрузка  

Sorry

Your web browser doesn't support some required capabilities.

This interactive demo works best with the latest version of Chrome, Firefox, or Safari.

Sorry

An error occurred. Please reload the page or try a different browser.

Sorry

Sorry

Unable to initialize the simulation player:

Please reload the page or try a different browser.

X

This is an interactive demo

Drive it with your mouse, your finger, or just use the arrow keys.

Use Learn mode to learn the demo. The orange boxes show where to click.

Use Present mode to hide the orange boxes and notes.

Click a Shortcut to jump to a specific part of the demo.

X

NSX Datacenter + NSX Cloud

This demo will examine how NSX Data Center and NSX Cloud provide a consistent networking and security policy across on-prem and public cloud environments.  

NSX Data Center provides security and network capabilities for many different types of workloads customers have in their environments (virtual machines, containers, bare metal servers).  NSX Data Center provides a consistent security policy across all of these different platforms, protected through the NSX Data Center Distributed Firewall interface.  These security policies can all be managed regardless of location and with similar capabilities that typical on-prem workloads are already accustomed to.  

For workloads that exist in native Public Clouds or VMware Cloud partner destinations, NSX Cloud extends native Cloud functionalities to NSX Data Center to provide native cloud workloads these similar security policies.

Let's now see how NSX Data Center and NSX Cloud provide these security and networking policies, and how easy it is to apply and verify that a customer workload is receiving the same security posture consistently, regardless of its location, either on or off premises.

  1. Press any key to begin

Verify Application Topology

  1. Click the Next button to begin the demo

Verify Public Cloud Workload

Cloud Services Manager Configuration

From here we can see that our Cloud Services Manager is connected to our Azure public cloud vNET.  We will verify that the third front end web server is up and running in our Azure vNET.

  1. Click the Clouds button 
  2. Click the Azure cloud button
  3. Click the Instances tab
  4. Press TAB to switch to NSX Manager

Verify Running Configuration

From this interface, all three  of the frontend systems show up in the NSX Data Center inventory and we can see where this inventory information is coming from.

Press any key to type, and press Enter to run CLI commands

Known Virtual Machines

  1. Click the Inventory button 
  2. Click Virtual Machines
  3. Click the search bar
  4. Type and search for "iademrweb"
  5. Click the third virtual machine result : IADEMRWEB-03a
  6. Click on Tags

Verify NSX NSGroups

  1. Click the Inventory button 
  2. Click Groups
  3. Click on EMR web group  : IAD_NSG_EMR_WEB 
  4. Click Membership Criteria
  5. Verify VM name starts with IADEMRWEB
  6. Click Members
  7. Click Member Objects drop-down menu
  8. Click Virtual Machines
  9. Verify the three virtual machines are part of the NSGroup

NSX Security and Distributed Firewall

Let's run some quick tests to show how security has been implemented using the NSX Distributed Firewall.  Here we will examine two different types of segmentation.  Microsegmentation both between application tiers, as well as segmentation between workloads inside of the same grouping object.

NSX Firewall

  1. Click the Security icon
  2. Click the Distributed Firewall
  3. Click the to expand the IAD_EMR_APP_SECTION of the rule table

Test the EMR App

  1. Press TAB to switch to the OpenMRS application
  2. Click Find/Create Patient
  3. Click the patient/name ID search field 
  4. Type and search for "geoff"

NSX Firewall

  1. Press TAB to switch to NSX Manager
  2. Click the Action drop down for rule 1145
  3. Click and select Drop
  4. Click the Publish button

Test the EMR App

  1. Press TAB to switch to the OpenMRS application
  2. Click on the search results ID#123
  3. Wait a few moments to confirm the Web server cannot reach the Database

NSX Firewall

  1. Press TAB to switch to NSX Manager
  2. Click the Action drop down for rule 1145
  3. Click and select Allow
  4. Click the Publish button

Test the EMR App

  1. Press TAB to switch to the OpenMRS application
  2. Press F5 to refresh the browser and reload the request for patient 123 results
  3. Notice how you are now able to access the database

RDP connection to Azure VM

  1. Press TAB to switch to the WEB03a Virtual Machine
  2. Click the Windows Start button
  3. Click on Run
  4. Click on the menu drop-down
  5. Click on the Windows Share \\192.168.1.10\c$
  6. Click OK
  7. Wait a moment and notice that the communcation between web servers is not permitted
  8. Click Cancel

NSX Firewall

  1. Press TAB to switch to NSX Manager
  2. Click the Action drop down for rule 1256
  3. Click and select Allow
  4. Click the Publish button

RDP connection to Azure VM

  1. Press TAB to switch to the WEB03a Virtual Machine
  2. Click on OK to access the Windows File Share 192.168.1.10
  3. Wait a few moments to confirm an authentication request
  4. Click X to close the request
  5. Click the run drop-down menu
  6. Click and select cmd
  7. Click OK to open a command prompt
  8. Type "nsxcli"
  9. Press [ENTER]
  10. Type "get firewall rules"
  11. Press [ENTER]
  12. Verify rule ID 1256 reads "accept"

NSX Firewall

  1. Press TAB to switch to NSX Manager
  2. Click the Action drop down for rule 1256
  3. Click and select Drop
  4. Click the Publish button

RDP connection to Azure VM

  1. Press TAB to switch to the WEB03a Virtual Machine
  2. Press the up arrow to re-run the "get firewall rules" command
  3. Press [ENTER]
  4. Verify rule ID 1256 reads "drop"

NSX Load Balancing

In this setup, we will review the NSX Data Center Load balancer.  We created a virtual ip address to which a client would connect to the frontend of the application and established a server pool.  In this pool we can see that all three of the frontend servers exist.  When we first view the pool member statistics we can see that all three of those systems are being used to gain access to the application.  But what if something were to happen or maintenance was needed on some of these frontend systems?  Let's take a look...

NSX Manager

  1. Press TAB to switch to NSX Manager
  2. Click the Networking button 
  3. Click Load Balancing
  4. Click Virtual Servers
  5. Click Server Pools
  6. Click the IAD_EWR_WEB_POOL pool
  7. Click to scroll down and view the results
  8. Click to scroll back up
  9. Click Virtual Servers
  10. Click Pool Members
  11. Verify the three virtual machines are part of the pool
  12. Click Pool Member Statistics
  13. Click Pool Members
  14. Click the State drop-down for 192.168.1.10
  15. Click Disabled
  16. Click the State drop-down for 192.168.1.11
  17. Click Disabled
  18. Click to scroll to the right
  19. Click the Save button

Generate some EMR App traffic

  1. Press TAB to switch to the OpenMRS application
  2. Click Find/Create Patient
  3. Type "geoff" in the search field
  4. Click on patient 123 results

NSX Manager

  1. Press TAB to switch to NSX Manager
  2. Click the Pool Member Statistics 
  3. Verify the traffic and stats are only incrementing for the remaining web front end virtual machine 

(End of Demo)

How likely is it that you would recommend this demo to a friend or colleague?
Not at all likely Extremely likely
Thanks, we appreciate your feedback!