Principal Engineer Ravi Soundararajan explains the concepts behind the Enhanced LACP support in vSphere Distributed Switch 5.5.
vSphere network I/O control version 3, available in vSphere 6.0, offers granular network resource reservation and allocation across the entire switch.
This security demo showcases what can be accomplished with NSX.
This security demo showcases what can be accomplished with NSX in regards to compliance use case.
This video provides an overview of vSphere Network I/O Control. Network I/O Control allows you to manage traffic on your distributed switch by dividing it into predefined or user defined network groups. You can tailor traffic bandwidth to the specific needs of your network.
In this video you will learn about component of VMware NSX.
These releases continue to accelerate digital transformation for organizations through the most critical IT use cases – Security, Automation, and Application Continuity – while expanding support for new application frameworks and architectures.
As more and more customers adopt NSX for vSphere, we continue to add features to make it easier for you to deploy, operate and scale-out your environment. NSX empowers customers on their cloud journey. It is driving value inside the data center today and expanding across datacenters and to the cloud via our Cloud Air Network partnerships, and soon to VMware Cloud on AWS and native public cloud workloads via VMware Cross-Cloud Services.
Let’s take a look at some of the new features in NSX for vSphere 6.3:
Some of the new capabilities delivered in NSX for vSphere 6.3 are the Application Rule Manager (available in NSX Advanced and Enterprise editions) and Endpoint Monitoring (available in NSX Enterprise Edition).
Application Rule Manager simplifies the way you create security groups and firewall rules for applications based on their real-time network traffic flows. Endpoint Monitoring enables you to profile applications inside the guest including visibility into specific application processes and their associated network connections. Used together, you have end-to-end visibility of your applications and simplified firewall rule creation to help operationalize micro-segmentation even faster and more effectively than ever before.
Keep an eye out on the Security section of the NSX blog over the next few weeks for technical deep-dives into exactly how these Application Rule Manager and Endpoint Monitoring features work.
Our product certifications team was busy in 2016 and intends to deliver additional certifications throughout 2017. They have been working hard on guiding our development efforts and ensuring a number of key security and compliance enhancements made their way into the NSX for vSphere 6.3 release. In 2016, Coalfire, an independent cyber risk management advisor and assessor, certified that VMware NSX for vSphere meets regulatory compliance requirements such as PCI DSS. NSX was also the first software-defined networking solution to have the Defense Information Systems Agency (DISA) Risk Management Executive publish a Security Technical Implementation Guide (STIG), signifying that the solution meets the security hardening guidance required for installment on Department of Defense (DoD) networks. Watch the blog Security section in the coming months for updates on certifications related to ICSA Labs, FIPS 140-2 and Common Criteria EAL-2 certification.
When I meet with customers, they continue to tell me that NSX has the most transformative impact on their organizations, once they begin automating their manual networking and security processes. It’s not easy and requires organizational, people, and processes changes. But the value NSX brings to the organization is huge. To help support this, we continue to make enhancements to the automation capabilities in NSX for vSphere 6.3. We have enhanced the integration of NSX Load Balancers within vRealize Automation and added support for third-party IP Address Management (IPAM) systems for on-demand routed networks. We have also enhanced the integration with NSX for vSphere and vCloud Director, enabling new multi-tenant capabilities for our vCloud Air Network partners, and adding support for emerging NFV use case.
Figure. Screenshot of Load Balancing integration into vRealize Automation blueprints.
Multi-tenancy is often thought about as something only service providers care about, but we’re seeing increased demand from non-service providers looking to operate in more of a service provider model in the way they deliver services to their organization. The University of New Mexico is a great example of this, where they are collapsing their disaggregated IT from dozens of departments back to a centralized IT model, reducing provisioning time for new workloads and services from 3 weeks down to 20 minutes!
As NSX continues to mature and adoption becomes mainstream, we are seeing customers deploy NSX for a range of different use cases. AeroData Inc., for example, is leveraging the network overlay capabilities in NSX to create a highly-available, Active-Active data center architecture. In NSX for vSphere 6.3, we have further enhanced the security tagging capabilities in multi-vCenter deployments, simplifying security policy management at scale across multiple data centers. (Read more about multi-site with cross-vCenter NSX.)
Emerging use-cases: Containers and Remote Office Branch Office (ROBO)
With NSX for vSphere 6.3, we are helping to further improve the developer experience with containers via integration with the recently announced vSphere Integrated Container (VIC). As VIC is built on vSphere 6.5, you can leverage NSX for vSphere 6.3 to connect and secure VIC infrastructure, enabling you to deliver a secure container environment on demand for developers.
Another addition as part of NSX for vSphere 6.3 release is a new NSX for ROBO edition SKU. Using this capability, NSX provides a comprehensive solution to network and security policy for environments across remote and branch offices, which reduces the operational costs of branch connectivity and maintenance. In upcoming blog postings, we will share more details about the NSX for ROBO features, use case, and customer success stories as we have been seeing keen interest from our customers in this space.
Expanded support for new platforms with NSX-T: KVM, OpenStack
Let’s now look at VMware’s other NSX platform – NSX-T 1.1 – and some of the new capabilities being delivered in this latest release.
VMware NSX-T is focused on emerging application frameworks and architectures that have heterogeneous endpoints and technology stacks. In addition to vSphere hypervisors, these environments may also include other hypervisors, containers, bare metal, and public clouds. NSX-T allows IT and development teams to choose the technologies best suited for their particular applications. NSX-T is also designed for management, operations, and consumption by development organizations – in addition to IT.
NSX-T 1.1 offers expanded support for multiple KVM distributions, including Canonical Ubuntu and Red Hat Enterprise Linux. NSX-T starts at the source of the application, within the hypervisor kernel, delivering optimal security granularity and line-rate performance. NSX-T delivers distributed firewalling, logical switching, and distributed routing.
NSX-T 1.1 also delivers support for private IaaS clouds based on OpenStack. With this release, NSX-T supports the latest versions of OpenStack, i.e., Newton and Mitaka. In addition to using the OpenStack APIs, development teams can also use Puppet, Chef, and Terraform to describe and automate the networking and security for their application workloads within an OpenStack environment.
Support for new app frameworks: Photon and Container Networking Interface (CNI)
NSX-T is integrated with the VMware Photon Platform. This capability allows IT to offer virtual networking and security as services to developers building and running containerized, cloud-native applications. NSX will auto-create and scale networks and routers when a new namespace/project/organization is created, and define and enforce micro-segmentation security policies for containers and pods. (Read more about Photon Platform and NSX-T.)
Currently in beta, the NSX-T Container Networking Interface (CNI) plugin will allow developers to configure network connectivity for their application containers helping deliver developer ready infrastructure.
Pricing and Packaging
Though not a new NSX feature, we are also excited to announce changes to our VMware NSX pricing and packaging.
Starting today, customers who purchase VMware NSX have the option of downloading and installing either platform and can switch between the two if needed without having to re-purchase NSX. And should your needs change, you can switch between the two.
As mentioned earlier, with NSX for vSphere 6.3, we have introduced a new NSX for ROBO (Remote Office Branch Office) packaging option. For those of you familiar with the vSphere for ROBO and vSAN for ROBO offerings, NSX for ROBO is packaged in the same way.
In last week’s Q4 VMware earnings call, Pat Gelsinger mentioned that NSX is an essential element to VMware Cloud Foundation, Cross-Cloud Services and VMware Cloud on AWS. With both NSX for vSphere and NSX-T, NSX intends to be everywhere in the containerized, multi-cloud future. NSX becomes the bridge that enables customers to unify networking and security across their private and public clouds.
What You Can Do Now
- Get started with a Beginner or Advance NSX Hands-On-Lab (HOL)
- VMware product page, customer stories, and technical resources
- VMware NSX YouTube Channel, including 40+ Light Board videos!
- Contact your VMware sales representative for an overview and demonstration of NSX for vSphere or NSX-T
Matt De Vincentis
This video demonstrates the benefits of the VMware NSX + SRM Disaster Recovery solution. A step-by-step walkthrough with demo is provided highlighting the powerful capabilities of the solution.
Until now, there have really only been two enforcement points for security controls at our disposal: in the OS, and the Network. Each has their strengths and weaknesses. VMware NSX changes our options by opening up a new frontier for security, and the unique capabilities only a virtualized environment can offer.
In this video we explore how VMware NSX provides load balancing services with the Edge Services Gateway, how the ESG can be leveraged to provide services on demand, and allow you to pursue the DevOPs model with NSX. Additionally, we will take a look at a Tech Preview feature of NSX, the Distributed Load Balancer, why it matters, and what it means for you.