NSX and vRealize Network Insight

NSX Virtualized Your Network VM APP vRealize Network Insight provides converged operations plane between virtual and physical network Virtual networks “Network platform” Network and security services now in the hypervisor Virtualization layer Network, storage, compute

vRealize Network Insight Transformative Operations for NSX based Software-Defined Data Center Across Your Virtual, Physical, and Cloud Plan Micro-segmentation deployment and ensure compliance Comprehensive net flow assessment and analysis to model security groups and firewall rules Recommendations to Make micro-segmentation easier to deploy Continuously monitor and audit compliance postures over time Optimize Network Performance with 360 visibility & analytics Virtual and physical network topology mapping Performance Optimization across Overlay and Underlay Log Analytics Ensure Best Practices, Health and Availability of NSX deployments Intuitive UI, Natural language search to quickly pinpoint issues Log Analytics for troubleshooting Best practice compliance checking Plan Micro-segmentation Deployment and Ensure Compliance Optimize Network Performance with 3600 Visibility & Analytics Ensure Best Practices, Health and Availability of NSX Deployment Across Virtual, Physical and Cloud

Customer Journey with NSX & vRealized Network Insight Pre/Sell Day 1 Day 2 Assess Deploy Operate East–West Data Center Traffic Profile Micro-Segmentation Recommendations NSX ROI Map Application Connectivity Model Security Groups and DFW Rules Best Practices VXLAN / Virtual Networks Overlay-Underlay, V-to-P Visibility Operationalize NSX, Leverage Existing Skill Set (Simple Google-like Search) Rapid Trouble Shooting Audit & Compliance Analyze: Data Center Flow Analysis & Risk Assessment Understand Data Center Traffic Profile (East-West, North-South, V-to-V, V-to-P) Identify Security Gaps & Network Optimization Opportunities Quantify Benefits of NSX Deploy: Micro-Segmentation Modeling & Best Practices NSX Deployment Avoid Trial & Error and Ensure Best Practices Deployment for VXLANs, Distributed Firewalls and NSX Model Application Behavior, Security Groups and Firewall Rules for Micro- Segmentation Accelerate Time to Value for NSX (and NetX Partner) Firewalls and VXLANs Operate: Visibility, Monitoring, Troubleshooting & Compliance Deep Visibility & Rapid Problem Resolution across Overlay-Underlay Change Management, Audit & Compliance for Virtual FWs Simplified Operations for NSX and Entire SDDC. Ensure Smooth NSX Transition to Operations Team Arkin Confidential

Leverage Your Existing Investments Customer Benefits Fast Time to Value Increase speed and accuracy of micro-segmentation deployment Rapidly operationalize NSX environments with out of the box best practice Ease of Use Modern, simple, Google-like search Easy access to NSX activities and security events Leverage Your Existing Investments Integrates with all major 3rd party network vendors with out of the box discovery of virtual & physical topology Quickly onboard existing teams to operate NSX easily

Customer Momentum Customers Span F500/G2000 Retail Pharma Airline Winner Best of VMworld Finalist Award (Networking and Virtualization) September 2015 Customers Span F500/G2000 Retail Pharma Airline Security State/Local Financial Healthcare Education PANW Ignite Conference 2016 Panel Session: CA-DWR, USAA & Columbia Sports Case Study - NSX, PANW & vRealize Network Insight Cyber Defense Magazine – Most Innovative Enterprise Security Solution February 2016 Gartner Cool Vendor for Enterprise Networking April 2016 Case Study: CA Dept. of Water Rolls Out Secure Cloud Using vRealize Network Insight 6

TargetTech: Data center operations score new glasses with VMware buy “Visibility is the key… visibility across technology domains and across virtual and physical networks” John Spiegel, Global IT Communications Manager TargetTech: Data center operations score new glasses with VMware buy

East-West Traffic Analysis East-West Traffic Flow Analysis Breakdown of Data Center Traffic by East- West, VM-to-VM, VM-to-Physical, Switched, Routed, etc. Get Detailed Flow stats behind each number Problem Statement: Over 80% East-West Largely Unprotected (Not Traversing Physical Firewalls) Not Optimized for Networking (Multi Hops Through Physical Networks) Now let us look at how vRealize Network Insight with network virtualization and Micro-Segmentation software like NSX or palo alto firewalls can help to help secure your software defined data center. But before we do that let us briefly consider Why technologies such as network virtualization and Micro-Segmentation based security have become so important 80% of traffic remains within the DC East west flow (hard to send through physical firewalls – routing/hairpinning issues, capacity and bandwidth issues) To secure them using phy infra is not easy. Once perimeter is breached, lateral movement of the attack becomes very easy without Micro-Segmentation

Security Policy Automation – Micro-Segmentation Discover vCenter and NSX constructs (folders, clusters, vlans, security tags) Automated Security Groupings Based on vCenter and NSX Constructs, Workload Characteristics, Ports, Common Services Recommended Security Policies / Firewall Rules (Zero-Trust Model) See Network Traffic Per Host, Per VM Export as CSV DWR: Use of Flow visibility. Transition from one set to another set Now let us look at how Micro-Segmentation can be achieved using vRealize Network Insight Explain all the elemetns (don’t bring out preNSX tool and report). Combine the elements of compute is configured and network is behaving to provide a comprehensive analysis. Call out the bullets (1 and 3 especially). Implication  Lets say you have a complex env with 1000 to 2000 machines. We understand the communication patterns between them, model it out, help plan the security groups and make distributed firewall rules recommendations.

Data Paths Across Overlay And Underlay Connectivity Graphs VM to VM, VM to Physical, VM to Internet Hop-by-Hop Path across Overlay (LDRs, Edge Gateways) and Underlay (Physical VDCs & VRFs). See V-To-P Boundary Correlated Problems And Performance Metrics Across Virtual and Physical See Effective Firewall Rules and Security Policies across NSX and PANW in Service- Chained Environment NSX Firewall PANW Virtual FW VXLAN Converged Infrastructure (Ex: UCS) VLAN Physical Network Switch, Router PANW Physical Firewall

Simple & Contextual Search Hi Shiv, what do you need help with today? Single pane of glass between virtual & physical Google-like search for ease of use Time aware search (go back in time) Fewer clicks to find and identify issues Simplified interface, reduce learning curve across admin teams

NSX Infrastructure Monitoring and Best Practices Checks Configuration, Health and Consistency Validation VTEP Level Misconfigurations VTEPS – Underlay Mapping Checks Netcpa Health Hosts Version Validation LDR and Edge Config Issues Routing Misconfigurations/ Issues between LDR, Edge and Physical Routers We converge visibility across management, control and data plane and highlight any inconsistencies and issues across them.

Thank You