CloudControl is the platform of choice for NSX customers and providers of all sizes.
CloudControl integrates numerous disparate tools and processes into a single, unified platform. Our team has extensive experience designing, implementing and supporting VMware's NSX platform. During our journey, we have discovered not only gaps in the toolsets but often capabilities that don't exist without custom scripting or programming of standalone tools.
Organizations typically don't have or desire to have these capabilities in-house. Technology is a great disruptor for introducing innovation but it often requires organizations to redefine their processes and tools around that given technology. ReSTNSX's CloudControl platform allows organizations to adopt technology easier and faster by focusing on the human and automation elements.
CloudControl was built from the beginning with enterprise and provider features. From granular auditing of actions to a lifecycle approach to managing your Software Defined Data Center (SDDC), CloudControl is unique in the industry by offering integrated capabilities that often require countless 3rd parties or complex and expensive in-house scripting to achieve.
Customers who adopt CloudControl often see an immediate 3x-5x return on their IT Staff's productivity by reducing the management touch points of any NSX solution. It is very common for productivity gains to be had on day 1 of operation but over time - and scale of the NSX deployment - the gains are impressive. From on-premise to VMware clouds, CloudControl centralizes and simplifies NSX deployment, management and troubleshooting.
One Console: Many Clouds
ReSTNSX’s CloudControl is a software as a product offering for NSX multi-cloud management. It allows customers, partners and providers to easily deploy, manage and consume NSX services across on-premise and VMware based clouds. Since CloudControl is self-hosted, organizations have the flexibility to deploy the solution on-premise or within a SDDC.
The CloudControl software was developed by former VMware NSX specialists and highly experienced software developers with a focus on the user experience. From automated tasks for easily deploying NSX configurations to integrated troubleshooting tools, CloudControl delivers on what consumers of NSX demand. With CloudControl, organizations can:
Realize a true multi-cloud management platform for managing on-premise NSX-v, on-premise NSX-T, NSX running in VMware clouds such as VMware Cloud on AWS (VMCoAWS), Google (GCVE), Azure, Oracle and IBM. With a centralized architecture, CloudControl provides organizations visibility and management of all their clouds in single console and alleviating the need to log into separate cloud consoles.
Enforce multi-cloud security policies from one location. CloudControls’ Policy Engine is a flexible framework where organizations are able to define a customized synchronization policy for keeping all their NSX policies across clouds synchronized. From on-premise to cloud; intra-cloud between SDDCs or inter-cloud between cloud providers, CloudControl is a single point of control and enforcement.
Adopt VMware clouds faster with best in class features. Ingest and convert legacy NSX-v; NSX-T and third party firewall configurations to a VMware cloud by point and click. CloudControl is the only solution that simplifies and accelerates VMware cloud adoption.
Customer Use Case #1: Firewall Conversion & Intra-Cloud Synchronization
A foreign government agency customer was working with a well known VMware partner on a services engagement to get their on-premise, non-NSX protected workloads into the cloud. Due to regulations and end-of-support software milestones, the customer had to move fast.
This customer had a number of legacy 3rd party firewalls needing conversion to NSX in an AWS VMware cloud. The partner scoped out the services and estimated hundreds of ours to convert the rules while adding months to the migration schedule.
The partner contacted RESTNSX and after a brief demo and proof-of-concept, the rules and objects were converted over to NSX policies and objects in a matter of hours using CloudControl. The customer and partner could not focus on workload migrations and not building custom scripts. With the help of CloudControl, the conversion (including validation and testing) was cut to two weeks instead of months.
Once the customer was running production workloads in the cloud, their internal risk analysis team determined that the agency required further resiliency than a single SDDC in the cloud. As a result, the customer built another SDDC in their AWS VMware cloud and soon realized that even though it was the same cloud provider, each SDDC has its own management domain. This posed problems as the customer operations team was a small group with many responsibilities and for every NSX change it would require them to login to two consoles. This process takes time but also introduces human error.
During the firewall conversion task the customer was exposed to the multitude of features contained within the CloudControl platform - including Policy Engine. Under the same console for managing NSX is the capability to build your own custom NSX "federation" design by point and click.
Within minutes the customer established a policy to synchronize roughly 2,000 firewall rules and objects from their primary SDDC to a secondary SDDC. The customer's policy is to have CloudControl synchronize every two hours.
As illustrated below, as the number of SDDCs or private clouds grow, so do the management points. ReSTNSX's CloudControl eliminates "console sprawl" with its innovative and flexible architecture.
Customer Use Case #2: Compliance
One customer in EMEA required extensive logging, reporting and enforcement of duties of the system on a per-user basis. While NSX provides simple logging of activities, it does not allow an organization to restrict permissions down to an object or policy level with an easy way to determine the actions he or she has taken.
Roles Based Access Control
NSX roles are based upon expertise domains - ex: Security, Virtualization, Networking with no way to restrict which items user A has access to vs user B. The roles are not flexible and leave a gaping security hole as these individuals have direct access to the management for all of the SDDC.
CloudControl allows administrators to allow read, edit, write and copy permissions on a per-user basis. For example, within the Security domain, Administrators can permit a user to only edit a certain type of object with no visibility to anything else on the system. These can be local groups or Active Directory defined.
Each object managed by NSX via CloudControl can have strict controls wrapped around them. For example, some objects users should have the ability to freely update as their permissions dictate. In other situations, a 3 stage approval process can be implemented that forces certain users to request object creation/modifications. This process enforces existing approval chains before any change is done to the environment. None of this possible with NSX itself and prior to CloudControl, this customer was out of compliance.
For each user, thorough reports of their activity is stored on-box and sent off-box. These reports show every command a user issues.
In additional to strict controls, CloudControl provides on-demand or daily reports with a snapshot view of the environment - including delta changes since the last report. These reports provide a historical snapshot of the configuration of the environment that will alert configuration variances with built-in color coding to highlight items that have changed from the prior day.
All this data is stored on-box and can be accessed in real-time. This particular customer wanted to compare their current NSX deployment to another data center. With CloudControl, that is a simple task of selecting the source NSX date/time and the destination (to be compared against) NSX date/time. There is no other method to achieve this comparison without manual review or extensive scripting.
CloudControl has dozens of unique use cases that deliver unprecedented value to organizations of all sizes. Contact us to explore the possibilities...
Customer Use Case #3: Time Savings
A U.S. Federal customer deployed NSX using custom scripting as their implementation was of grand scale. This customer had to create thousands of objects and security policies. As a result, this customer had to develop a custom script as NSX has no native ability to perform bulk object creation. During this journey, the script was developed and deployed against the production environment over the next 3 months. Soon after they discovered a flaw in their naming conventions and needed to undo the implementation.
They were stuck and determined it was easier to re-install NSX from scratch and begin over again. This time, they used CloudControl...
Faster and Easier Deployments
With CloudControl, a deployment can leverage a template-based approach that is easily repeatable and much less error prone. No scripting expertise or knowledge needed. With simple edits in a spreadsheet, this customer defined policies and deployed thousands of objects within minutes - not months. Below is an illustration showing that as a NSX deployment scales, so do the management points. CloudControl abstracts the complexity and scale with a unified front-end and processing engine to perform tasks such as synchronizing environments. Without CloudControl, an Administrator must manually log into each node and create / update an object.
In this customer use case, they had firewall policies that needed to be applied to dev, test and production. CloudControl allowed them to create the rule once and distribute it to multiple locations.