Over the last 10 years, I’ve gotten quite good at getting comfortable at being uncomfortable. Whether that was jumping out of an aircraft at 15000ft in to -30c air wearing just a mankini or travelling across the Atlantic to deliver a complex design workshop to a multi-billion dollar company. Given the current climate and our profession the chances are over the coming months and years ahead we are all going to have to get comfortable at being uncomfortable. As companies jostle and compete with each other on the other side of COVID-19, those that dare will come out on top. For the employees of these companies pushing your boundaries and yourself will be key, not only to your success but, the success of your company.
My single bit of advice to those who are daunted by this prospect is, it’s all in the preparation. Preparation is key, you don’t just go and throw yourself out of the aircraft without first understanding and learning about all of the risks and mentally preparing yourself for the task ahead. Take time now and learn your subject matter, reach out to colleagues for support and most importantly realise no matter how much you prepare at some point you just have to take that leap of faith and trust that parachute is going to open. It may not always go your way but, by taking that leap of faith, by knowingly making yourself uncomfortable, you will grow and improve even if you make a few mistakes along the way.
VMware just launched NSX-T 3.0 so let me provide you with an overview of some of the most exciting new features.
NSX-T adds new features and capabilities in the areas of intrinsic security, modern application networking and streamlined operations. I’ve picked a few of the more notable ones below.
NSX Distributed IDS is an advanced threat detection engine purpose-built to detect lateral threat movement on east-west traffic. This will be available as an add-on subscription to customers with advanced or enterprise plus licencing.
Federation: Centralized policy configuration and enforcement across multiple locations from a single pane of glass, enabling network-wide consistent policy and operational simplicity. This is by far the most eagerly awaited feature of this release.
I have spoken with several customers over the last 6 months who are awaiting this particular feature as it now means NSX-T surpasses NSX-V in terms of feature parity. VMware will continue to develop this particular feature over the course of this year so be sure to check the release notes carefully as to what is and isn’t currently supported.
NSX-T for vSphere with Kubernetes (Project Pacific): NSX has been designed-in as the default pod networking solution for vSphere with Kubernetes and provides a rich set of networking capabilities including distributed switching and routing, distributed firewalling, load balancing, etc.
VRF Lite: Complete data plane isolation among tenants with a separate routing table, NAT, and Edge firewall support in each VRF on the NSX Tier-0 gateway.
L3 EVPN: Seamlessly connects telco Virtual Network Functions to the overlay network. The NSX Edge implements standards-based BGP control plane to advertise IP Prefixes into the telco core, running MP-BGP sessions with the telco Provider Edge/DC Gateways.
NSX-T Support on VDS 7.0: NSX-T can now leverage the native VDS built into vSphere 7.0. It is recommended that new deployments of NSX-T leverage this and move away from the N-VDS. If you are an existing NSX-T customer and have already deployed and are using the N-VDS then the recommendation is to remain using that for the moment. However, you will in the future need to plan to move away from this, consider the following when planning this.
VDS is configured through vCenter. N-VDS is vCenter independent. With NSX-T support on VDS and the eventual deprecation of N-VDS, NSX-T will be closely tied to vCenter and vCenter will be required to enable NSX.
The N-VDS is able to support ESXi host-specific configurations. The VDS uses cluster-based configuration and does not support ESXi host-specific configuration.
This release does not have full feature parity between N-VDS and VDS.
The backing type for VM and vmKernel interface APIs is different for VDS when compared to N-VDS.
Security and Firewalling: It’s not possible to leverage Federation to have a consistent security policy across multiple sites (note VMC support will come in a future release). NSX-T introduces the concept of a global manager and has the capability to sync security policies across multiple sites providing a single pane of glass view.
Introduction: This post covers two crucial Geneve Tunnel dependencies to be aware of within NSX-T network virtualized environments: Host Transport Node virtualized guest overlay traffic initiates Geneve tunnels.Edge Transport Nodes require active Geneve tunnels to establish BGP peering…Read More
For years, we’ve been touting the value of one of the unique aspects of our VMware SD-WAN™ by VeloCloud® solution: the VMware SD-WAN Gateway. And yet, almost six years after we first launched our VMware SD-WAN Gateway service, I hear from customers and prospects that this term: “Gateway”, is being…Read More
(by Tom Corn, SVP & GM of Security products at VMware) It’s an exciting time for the VMware AppDefense team. We are making tremendous progress in our mission to help secure our customers’ data centers, and today we have great news to share. First, I’m proud to announce that we have released new functionality in The post VMware AppDefense Breaks Down Silos in Latest Release appeared first on VMware vSphere Blog.