Its been a while since I had the last time my hands-on VMware NSX. However, I have continued to follow with enthusiasm the great progress in the further development of NSX-T. My experiences with VMware NSX are focused on the service provider market. As you can imagine, in large scale multi-tenant platforms, VMware NSX-T can solve a lot of problems and extremely speed up the delivery of new services. The VMware NSX-T 3.0 Highlights I want to show in this blog post will further enhance these strengths.
Distributed Intrusion Detection System
The major innovation in the list of my VMware NSX-T 3.0 Highlights is the Distributed IDS / IPS.
The Distributed Intrusion Detection System can solve a lot of problems of traditional Data Center Threat and Vulnerability Detection concepts (this also applies to the previous integration with VMware NSX) and extends the Intrinsic Security paradigm for internal firewalling.
Introducing in NSX Platform the capability of Distributed Intrusion Detection as a part of the platform’s Threat & Vulnerability Detection capabilities. This feature allows you to enable intrusion detection capabilities within the hypervisor to detect vulnerable network traffic. This distributed mechanism can be enabled on a per VM and per vNIC of a VM basis with granular rule inspection. As part of this feature set, the NSX Manager is able to download the latest signature packs from the NSX Signature Service. This keeps the NSX Distributed IDS updated with the latest threat signatures in the environment.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/rn/VMware-NSX-T-Data-Center-30-Release-Notes.html
NSX Federation
The Global Manager enables VMware NSX-T 3.0 for centralized, consistent policy management across multiple on-premises data centers through a single pane of glass. The support for VMC on AWS will be added in the future.
NSX-T 3.0 introduces the ability to federate multiple on-premises data centers through a single pane of glass, called Global Manager (GM). GM provides a graphical user interface and an intent-based REST API endpoint. Through the GM, you can configure consistent security policies across multiple locations and stretched networking objects: Tier0 and Tier1 gateways and segments.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/rn/VMware-NSX-T-Data-Center-30-Release-Notes.html
See also:
– Full explanation of NSX-T Federation (and that rhymes) by vViking
Converged VDS
In combination with vSphere 7.0 the new Converged VDS in NSX-T 3.0 will simplify the NSX deployment and reduce the traffic disruption when deploying.
NSX-T now has the capability to run on the vSphere VDS switch version 7.0. It is recommended that new deployments of NSX and vSphere take advantage of this close integration and start to move toward the use of NSX-T on VDS. The N-VDS NSX-T host switch will be deprecated in a future release. Going forward, the plan is to converge NSX-T and ESXi host switches. The N-VDS remains the switch on the KVM, NSX-T Edge Nodes, native public cloud NSX agents and for bare metal workloads.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/rn/VMware-NSX-T-Data-Center-30-Release-Notes.html
See also:
– NSX-T 3.0 Meets vSphere 7 – VDS 7.0 by Rutger Blom
VRF Light in NSX-T 3.0
The VRF Light support avoids having to deploy a Tier0 per tenant and reduces the number of Edge nodes.
VRF Lite support provides multi-tenant data plane isolation through Virtual Routing Forwarding (VRF) in Tier-0 gateway. VRF has its own isolated routing table, uplinks, NAT and gateway firewall services.
https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/rn/VMware-NSX-T-Data-Center-30-Release-Notes.html
Simplified the User Experience
Graphical Visualization of Network Topology – Provides an interactive network topology diagram of Tier 0 Gateways, Tier 1 Gateways, Segments, and connected workloads (VMs, Containers), with the ability to export to PDF.
Quick Access to Actions and Alarms from Search Results – Enhanced search results page to include quick access to relevant actions and alarms. Added more search criteria across Networking, Security, Inventory, and System objects.
