This post is also available in: Italian

Reading Time: 3 minutes

In the new vCloud suite 5.1 there are several improvements and new features in the networking and secuirity part.

For vSphere 5.1 are mainly in the distribuited virtual switch (VDS) part with several news:

  • Network Health Check support: helps detect misconfigurations across physical and virtual switches.
  • Configuration Backup Restore: allows vSphere admins to store the VDS configuration as well as recover the network from the old configurations.
  • Rollback and recovery: addresses the challenges that customer faced when management network failure caused the Hosts to disconnect from the vCenter Server.
  • Port Mirroring enhancements: new troubleshooting capabilities are introduced by supporting RSPAN and ERSPAN.
  • Netdump: provides the ESXi hosts without disk (stateless or with Autodeploy) the ability to core dump over network.
  • Improved Scaling numbers.
  • Other enhancements focused on simplifying the operation of the VDS.

But in the vCloud Director 5.1 the number of enhancements and new functions is quite high and relevant and the concept of Software Defined Networking (SDN) is widely applied. The components are:

  • VXLAN: is the foundation for creating elastic portable virtual datacenters. VXLAN technology allows compute resources to be pooled across non-contiguous clusters or pods and then segment this pool into logical networks attached to applications.
    VXLAN works by creating Layer 2 logical networks that are encapsulated in standard Layer 3 IP packets. A “Segment ID” in every frame differentiates the VXLAN logical networks from each other without any need for VLAN tags. This allows very large numbers of isolated Layer 2 VXLAN networks to co-exist on a common Layer 3 infrastructure.
    For more information see the posts of Scott Lowe and Duncan Epping.
  • App: is used to isolate and protect workloads based on trust levels, so that customers can protect critical applications in the virtual datacenter.
  • Data Security: adds to App functionality and provides Sensitive Data Discovery across virtualized resources, enabling IT organizations to quickly assess the state of compliance with regulations from across the world.
  • Edge: delivers an operationally efficient, simple and cost-effective security services gateway to secure the perimeter of virtual datacenters and provide integrated services such as load balancing, VPN, NAT etc.
  • vShield Manager: integrates with vCenter and vCloud Director for seamless management of all virtual datacenter resources.
  • vCloud Network Automation Framework: enables partners to add both hardware and software network and security services.

Of course VXLAN and new vShield suite features are quite interesting, but I want to discuss the “Extensible Platform” aspect. There are four points of possible integration for services:

  • Inside a virtual machine
  • Network access edge for a virtual machine
  • Network edge of a virtual datacenter
  • Management plane
Application programming interface shifting to Netsec API:
  • Load Balancing, IPS, WAN Optimization are some 3rd Party services solutions developing on the Netsec API
  • 3rd party vendors using the VMSafe API are transitioning over to the NetSec API
  • This kind of integration will be similar to the one provided already by Microsoft System Center 2012, but actually limited (for the networking part) only to load balancers.
Endpoint, such as antivirus scanning, is still part of the vSphere platform. This is because it uses the endpoint security API and not the NetSec API.