Dynamic resource sharing in a hybrid IT environment: NSX-based SDN in a multinational food company Kenwa Chin Executive Architect, CCDP GTS, ITS Delivery, Integrated Communications Services © 2015 IBM Corporation ICP03135-USEN-00

Vision: Sharing resources around regional data centers (DCs) and cloud Our client A multinational food manufacturer is aiming to share resources among on-premises and cloud environments to respond to business requirements dynamically. It believes a software defined environment (SDE) can fulfill its needs and a software defined network (SDN) is the first step in its roadmap. Vision: Sharing resources around regional data centers (DCs) and cloud Regional DC Japan DC External cloud services WW common WW common Network DR Server Storage Geo-specific Japan local Resource pool Resource pool Firewall Local Software defined environment Internet

Virtual logical data center Centralized management Complicated zoning and an inflexible network scheme prevent consolidation of servers and centralized management A flat network architecture with simple, standardized configurations can support agility and flexibility of business with security concerns removed by multilayered measurements. IT requirement 1: User can access from anywhere safely IT requirement 2: Dynamically respond to business and IT Users Access from anywhere Office Home Travel Flat Virtual logical data center Simple/standardized High-availability, high-speed network Flexibility/agility Centralized management Security 　Japan Data center Data center

The network architecture Composed of three major components with different business goals: the underlay network for agility, the overlay network for simplicity and the existing network for cutting cost. SDE Existing server Virtual server Virtual server SDN FW LB L3 L2 Rapid and dynamic network Overlay ESXi server ESXi server PHY GW PHY server FW LB Physical (fabric) network Underlay (fabric) Centralized configuration, less change Physical (existing) network Reduction of equipment Intranet Internet B-to-B Internet B-to-C

Enterprise private address space The ultimate goal To extend networks among private and public data centers as a single domain. IBM has created solutions with SDN vendors such as VMware to resolve major constraints such as IP address, routing and availability. GLOBAL Virtual Ethernet overlay Virtual Ethernet overlay Enterprise private address space SDN Virtual Ethernet overlay Virtual Ethernet overlay NFVs: Virtual router and FW NFVs: Virtual router and FW Global network Bare-metal servers Bare-metal servers IBM can help enterprise clients strategically connect global data entries together as a single private domain over IBM’s cloud network infrastructure. Enterprise data center

Architectural decision #1: Select an SDN technology VMware NSX matched the client’s requirement with overlay technology and better compatibility with its current infrastructure. Other key criteria: Overlay network can be centrally managed, but underlay network has to be managed separately Centralized firewall management over SDN High compatibility with existing servers Proven expertise

Architectural decision #2: How to manage the network The ultimate goal is to manage the entire network under a single scheme, but as some applications have to go across physical and logical environments, a hybrid scheme is accepted to start with clear business goals. Network monitoring of new network ←Server staff Network staff→ Utilization management event monitoring ESXi NSX NSX Manager Value to application and business vDS NSX event monitoring OS NSX L2 NSX RT NSX LB NSX FW App vCenter server Overlay Vision Live and dead events Problem determination Existing network, underlay network L3 R LB Stability and cost reduction Network monitoring server Command/GUI-based management Remote access Server staff Network staff Console server

(controller/edge nodes) New VM server (compute nodes) Other key architectural decisions Boundary of SDN, connectivity of logical networks and deployment of SDN network nodes. Connectivity of logical network vSwitch is deployed over new VM servers. NSX Controller, L2/L3, firewall, load-balancing and VTEP will reside on vSwitch. Intranet Internet Boundary of SDN Physical server will use the Leaf switch VTEP (VXLAN Tunnel Endpoint) function to connect to the overlay virtual network. Core switch (L3SW) Deployment of SDN nodes Manager/controller, edge service gateway, logical router will be deployed at dedicated PoD service gateway, which will have L3 functions and provide firewall and load-balancing functions. Spine switch (L2SW) Leaf switch Leaf switch (L2SW) (L2SW) Leaf switch (L2SW/VTEP) NSX vSwitch Manager Access switch (L2SW) Existing switches DMZ Back office Controller VM VM Service Sunset Confidential gateway Sunset Colocation Back office DMZ Confidential VM VM Logical router Physical server Physical server Physical server Physical server Physical server Back office Colocation VM VM New VM server (controller/edge nodes) New VM server (compute nodes)

SDN is a new technology with new schemes There are difficulties highlighted among the joint team, and some are still under negotiation for the best solutions. Difficulties (issues) Resolution Network infrastructure Traffic control among physical and logical networks. Simplification of zone to reduce work for managing routing and ACL. Maintenance of SDN software 1. Performance 2. Lifecycle management of software 3. Scope of management 1. Proof of concept 2. Joint engineering team among VMware, IBM and clients (ongoing) 3. Redefine management scope of server team and network team (ongoing) Migration How to migrate without any impact to current business. The new network will be built separately with clear migration slots for application servers whose IP addresses won’t be changed. Deliver quality assurance of servers How to ensure the process is durable and accurate. Establish business process with certain level of human review and approval. SDN is a new technology with new schemes

IBM’s Value Proposition IBM conducted a feasibility study, a joint effort including security and network subject-matter experts. We helped the client clearly identify issues, develop network strategy and establish a transition roadmap. IBM conducted a conceptual design in which IBM network consultants assessed a vendor’s SDN solutions neutrally and compared pros and cons based on an understanding of client requirements and constrains. IBM has a strong global relationship with the VMware team, which helped to optimize architect, design and function validation work.

Our carrier and enterprise Network Innovation Centers They support proofs of concept (PoCs), validate technologies and demonstrate use cases at the business solution level. Test - Deploy - Operate Enabling business transformation Self-service catalog and orchestration workflows Pre-provisioning Provisioning Service orchestration Post-provisioning Composable and integrated application development platform Pattern management Workload orchestration Software defined, enterprise-class, optimized Infrastructure management Infrastructure orchestration Compute Storage Networking Windows Hyper-V PowerVC Citrix Private clouds Cloud network technologies Public clouds z/VM KVM Amazon Web Services Microsoft AZURE

Network virtualization: Use case scenarios—VMware Secure hybrid cloud Optimize and facilitate VMware NSX adoption Scenario: Integrate VMware NSX in hybrid cloud environment (private/on- premises and private/IBM SoftLayer®) Value: Deliver granular security-rich islands per application or projects Components: VMware NSX, SoftLayer (bare-metal servers) Scenario: Integrate VMware NSX with existing infrastructure, supporting multi- vendor Virtual Extensible Local Area Network (VXLAN) Gateway Value: Help optimize required investment and facilitate VMware NSX integration by supporting multi-vendor VXLAN Gateway Components: VMware NSX, Juniper MX, vMX, Cisco ASR1K, CSR1Kv Build, deploy and orchestrate cloud network services—on-/off-premises Scenario: Deploy VMware-related network services from IBM cloud management platform (on-/off-premises) Value: Provide cloud and data center optimization solutions through advanced automation and orchestration capabilities Components: IBM Cloud Orchestrator, IBM Cloud Manager with OpenStack, IBM Cloud OpenStack Services SDN VE

© Copyright IBM Corporation 2015 Global Technology Services Route 100 Somers, NY 10589 Produced in the United States of America August 2015 IBM, the IBM logo, ibm.com, and PowerVC are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at "Copyright and trademark information" at: ibm.com/legal/copytrade.shtml SoftLayer is a trademark or registered trademark of SoftLayer, Inc., an IBM Company. VMware, VMware ESXi, VMware NSX, VMware Integrated OpenStack, and the respective logos are trademarks of VMware, Inc. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates It is the user’s responsibility to evaluate and verify the operation of any other products or programs with IBM products and programs. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided.