Executive Summary
An agency of the U.S. government operating multiple VMware-based data center sites planned to switch from a completely hardware-centric network infrastructure to a more modern software-defined network infrastructure. The customer was investigating the use of VMware NSX, but needed some help understanding how it could assist them with network agility, provide enhanced security, and otherwise solve infrastructure as a service needs. They were aiming to utilize the advanced security features of NSX to implement a zero-trust networking model with micro-segmentation around each of their applications, plus begin to enable the provisioning of network resources on demand. They also had a need to span networks across multiple sites for certain types of workloads, and NSX provided a means to accomplish all of these goals.
Challenges
- The limitations of a hardware-centric network infrastructure was becoming cumbersome and constraining
- An impending hardware refresh created the opportunity to make an impactful business decision with regards to where to take their networking strategy
- Network engineers required the ability to deploy new workloads on demand
- Other components of VMware’s vRealize suite, including vRealize Automation and vRealize Orchestrator, were already being used extensively, requiring compatibility with NSX
Business Impacts
- The customer was able to eliminate manual processes and use automation to provide direct access to networking resources to data center consumers at multiple sites.
- A hardware refresh was made easier by opting for a software-defined solution.
- IT and networking personnel were empowered to use the resources they need on demand.
- NSX delivered the final piece to the customer’s automation and security puzzle.
Solutions
Primary
- VMware NSX for vSphere
Supporting
- vRealize Automation and vRealize Orchestrator
Government Agency Aiming for Total Automation with Software-Defined Networking
An agency of the U.S. government had big plans to completely redesign their network infrastructure for several of their data centers. With a number of VMware-based facilities already in operation, the process of designing a refresh for both hardware and software was looming. The customer took their time, did their due diligence, and developed a comprehensive plan to go forward.
The customer had their sights set on VMware NSX as a natural next step to automation they had already implemented, thanks to components of vRealize Automation and vRealize Orchestrator. “Their goal was to implement NSX because they wanted to take advantage of the advanced security features it has to offer. Micro-segmentation and automation which provides network agility were their primary use cases,” Ron Flax, CTO at August Schell explained.
The customer’s IT operations were focused on providing infrastructure resources to end users on demand, and they needed the right technology to make it happen.
Taking Existing Automation Efforts from Good to Exceptional
Provisioning resources in a snap is significantly more difficult with hardware infrastructure than software, which was the impetus for the customer’s journey down the path of SDN. This particular customer was already a heavy VMware technology user, having made progress with vRealize Automation and the creation and use of hundreds of vRealize Orchestrator workflows.
“They had actually created scripting for most, if not all, of the common tasks they performed when receiving a request for resources,” Flax recalled. “Using NSX was a natural next step for them because it enabled them to use the NSX API to create the networks for the virtual machines they were automatically generating and configuring using automation workflows.”
The customer was particularly interested in taking advantage of the NSX micro-segmentation feature, enabling firewalling for every virtual machine. Micro-segmentation is a proven way to deliver a zero-trust networking model, protecting application workloads between each and every component, which was a must for this agency.
They also wanted to make sure they took full advantage of automation through the use of the VMware APIs to maximize their maturing automation strategy.
“The APIs VMware provides in NSX allow you to create complete network topologies through scripts or code, and that’s something this customer was really going to benefit from given the emphasis they were putting on automation as part of their new infrastructure. With NSX, you can create complete network topologies, including switching and routing tiers, load balancers, firewalls, and all the things that traditionally constitute a ‘real’ network when put together. It’s significantly more efficient, and it would allow their engineers to reallocate efforts toward more impactful agency work,” Flax said.
VMware NSX would give the agency the final puzzle piece for deploying workloads in a concise, repeatable, and automated fashion.
Delivering an NSX Design for Multiple Environments and Accounting for Future Updates
The August Schell VMware engineering team came together to create a formal NSX design encompassing each of the customer’s environments. This design detailed what the customer would need to procure, how it would be installed, and how to configure each component, given their advanced security requirements and the multiple zones they needed to support.
“It was an extremely detailed design and migration plan for getting them from where they were before they implemented this solution to where they would be once they were fully software-defined,” Flax said.
Special attention was paid to understanding the current environment, network, and infrastructure, given that the customer had already begun the process of automating as many IT processes as possible. Uncovering constraints, requirements, and specific customer needs was also key.
“We left no stone unturned in developing a comprehensive plan and design for implementation, plus incorporating updates to vSphere, vRealize and NSX in a VMware validated design,” he concluded.
Superior Design for a Fully Software-Defined Network Accomplished
August Schell completed a customized NSX design for the customer, taking into account their automation progress and goals for the future. Thanks to Ron Flax and ASE’s VMware engineering team, the customer had the fire power to enhance their security posture significantly, while giving valuable time back to their IT and networking staff.