Has been a long time since my previous post, but I decided to pick up blogging again! And no better topic to start with then NSX-T 3.0 General Availability!
About a week ago, I was asked as a vExpert NSX if I wanted to participate in a Exclusive Blogger Early Access Program Session about Networking and of course I couldn’t refuse this unique change to pick up blogging again.
In this article I’d like to highlight which I think are the most important new features on the this new major release of NSX-T: VMware’s Single Heterogeneous SDN (Software Defined Networking) Platform. NSX-T provides full stack networking and security virtualization.
NSX-T 3.0 definitely qualifies as a major release, just check out the shear amount of the new features provided by this release:
VMware tells us they think NSX-T is now even beyond feature parity when compared to NSX-V. So if you where not yet considering (migrating to) NSX-T into your enterprise environment, you should definitely look at it for the NSX-T 3.0 release.
NSX Multi-Site / Federation
A feature we are waiting for a long time is the ability to centrally manage multiple NSX-T instances running on different sites. With NSX-T 3.0 we are now able to implement a manager of managers (global manager).
This will give us the capability to consistently manage networking and security across different sites and even allows for disaster recovery scenarios. Additionaly we can now use groups which are based on tag on any dynamic information!!!
L3 Multicast routing
A major network functionality still missing from the NSX-T product, was the ability to do L3 multicast routing. NSX-T 3.0 now introduces this capability and will be able to propagate multicast joins throughout the distributed as well to pass the information to the attached physical networking via the T0-router.
In NSX-T 3.0, VMware introduces a distributed Intrusion Detection and Prevention System which has major advantages to traditional centralized IDS/IPS systems such as:
- Distributed & Built-In Analysis
As other NSX features such as DFW, scales linearly with the workloads and has no blind-spots.
- Curated Signature Distribution
Which leads to fewer false positivies and lower computational overhead on the host-level, because it only applies significant policies to vNic’s. So i.e. only webserver policies apply to vNic’s for Webserver machines.
- Context-based Thread Detection
Which allows for better alert prioritization, because of the additional information which is available in which the threat did occur.
- Policy & State Mobility
Simplifies operations and eliminates stale / redundant policies. So also this policy moves with the VM when vMotioning across your environment.
IDS/IPS functionality is deployed during host preparation for NSX-T 3.0, so it is very easy to deploy.
No more traffic hair-pinning traffic over firewalls with IDS/IPS or seperate IDS/IPS-appliances, but IDS/IPS integrated into your virtualized network. And what about all the additional context information from your virtual environment which you can now use to interpret alerts. Can’t wait to start testing this great new feature!
vSphere 7 on Kubernetes support
As you probably are aware VMware introduced vSphere 7 on Kubernetes (Project Pacific) recently. NSX-T 3.0 will support this new offering and provide networking and security in this environment. Will do a seperate blog article on this feature later on.
vSphere 7 Converged VDS
With the recent General Availability of vSphere 7 and the latest VDS (Virtual Distributed Switch) 7.0, which comes with the latest release. NSX-T 3.0 now supports running NSX-T 3.0 straight on this new VDS version and use existing dvPortGroups for NSX-T switching.
What is even better is that when deploying NSX on VDS 7.0 no VM traffic distruption will occur!
This feature is for greenfield customers only. Customers who upgraded to vSphere 7 from a older versions, can continue to use the N-VDS which got installed & configured with the deployment of previous NSX-T versions.
For more information on this big release please refer to following links.
I think with all the operational improvements and all the exciting new features, NSX-T 3.0 will be a game changer!
Can’t wait to get my hands dirty with this solutions and provide you deeper information on the new features in future blog articles and talk about other features we did not even touch upon in this article.