Micro–segmentation is a critical component of Zero Trust. But, historically, micro-segmentation has been fraught with operational challenges and limited by platform capabilities. Not anymore. VMware NSX enables a new framework and firewall policy model that allows applications to define access down to the workload level. NSX does this by understanding application topologies and applying appropriate policy per workload. Creating zones in the data center where you can separate traffic by The…Read More
Compliance is more than a necessary evil. Sure, it’s complex, expensive, and largely driven by manual processes, but it’s also a business enabler. Without the ability to prove compliance, you wouldn’t be able to sell your products in certain markets or industries. But meeting compliance requirements can’t be cost-prohibitive: if the barriers are too high, it may not make business sense The post Meet compliance requirements cost-efficiently by implementing East-West security at scale appeared…Read More
Just as the workplace has shifted from office buildings to wherever the worker is, healthcare has shifted from hospitals to wherever the patients and caregivers are. This “new normal” is causing IT headaches across all industries. While healthcare has its own IT challenges, it shares these challenges with many verticals. Some of these obstacles include: The post Solving the Challenges of Care at the Edge appeared first on VeloCloud by VMware.
When VMware Inc. announced its Project Monterey strategy to redefine the data center last week, executives effused about the potential of the distributed processing model to redefine cybersecurity. Using a combination of software-defined networks and microprocessor-equipped network interface […]
VMworld 2020 was amazing, for the first time worldwide and online. There were several announcements for Service Providers, but today I want to focus on VMware Cloud Director 10.2 VMware Cloud Director 10.2 brings new improvements regarding Networking, Storage, enhanced support for modern […]
Join VMware executives, customers and industry thought leaders for an online event discussing the need for a modern network. They will showcase VMware’s Virtual Cloud Network, and highlight networking solutions that deliver agility, transparency and simplicity.
We are incredibly excited to announce the availability of vRealize Network Insight 6.0, as of today. The announcement blog has a high-level overview of the new capabilities, and we’ll take you on a deep dive into the technical features in this post. Buckle up; it’s going to be a wild ride. Because we’ve got so The post Now Available: vRealize Network Insight 6.0! appeared first on VMware Cloud Management.
Over the last 10 years, I’ve gotten quite good at getting comfortable at being uncomfortable. Whether that was jumping out of an aircraft at 15000ft in to -30c air wearing just a mankini or travelling across the Atlantic to deliver a complex design workshop to a multi-billion dollar company. Given the current climate and our profession the chances are over the coming months and years ahead we are all going to have to get comfortable at being uncomfortable. As companies jostle and compete with each other on the other side of COVID-19, those that dare will come out on top. For the employees of these companies pushing your boundaries and yourself will be key, not only to your success but, the success of your company.
My single bit of advice to those who are daunted by this prospect is, it’s all in the preparation. Preparation is key, you don’t just go and throw yourself out of the aircraft without first understanding and learning about all of the risks and mentally preparing yourself for the task ahead. Take time now and learn your subject matter, reach out to colleagues for support and most importantly realise no matter how much you prepare at some point you just have to take that leap of faith and trust that parachute is going to open. It may not always go your way but, by taking that leap of faith, by knowingly making yourself uncomfortable, you will grow and improve even if you make a few mistakes along the way.
VMware just launched NSX-T 3.0 so let me provide you with an overview of some of the most exciting new features.
NSX-T adds new features and capabilities in the areas of intrinsic security, modern application networking and streamlined operations. I’ve picked a few of the more notable ones below.
NSX Distributed IDS is an advanced threat detection engine purpose-built to detect lateral threat movement on east-west traffic. This will be available as an add-on subscription to customers with advanced or enterprise plus licencing.
Federation: Centralized policy configuration and enforcement across multiple locations from a single pane of glass, enabling network-wide consistent policy and operational simplicity. This is by far the most eagerly awaited feature of this release.
I have spoken with several customers over the last 6 months who are awaiting this particular feature as it now means NSX-T surpasses NSX-V in terms of feature parity. VMware will continue to develop this particular feature over the course of this year so be sure to check the release notes carefully as to what is and isn’t currently supported.
NSX-T for vSphere with Kubernetes (Project Pacific): NSX has been designed-in as the default pod networking solution for vSphere with Kubernetes and provides a rich set of networking capabilities including distributed switching and routing, distributed firewalling, load balancing, etc.
VRF Lite: Complete data plane isolation among tenants with a separate routing table, NAT, and Edge firewall support in each VRF on the NSX Tier-0 gateway.
L3 EVPN: Seamlessly connects telco Virtual Network Functions to the overlay network. The NSX Edge implements standards-based BGP control plane to advertise IP Prefixes into the telco core, running MP-BGP sessions with the telco Provider Edge/DC Gateways.
NSX-T Support on VDS 7.0: NSX-T can now leverage the native VDS built into vSphere 7.0. It is recommended that new deployments of NSX-T leverage this and move away from the N-VDS. If you are an existing NSX-T customer and have already deployed and are using the N-VDS then the recommendation is to remain using that for the moment. However, you will in the future need to plan to move away from this, consider the following when planning this.
VDS is configured through vCenter. N-VDS is vCenter independent. With NSX-T support on VDS and the eventual deprecation of N-VDS, NSX-T will be closely tied to vCenter and vCenter will be required to enable NSX.
The N-VDS is able to support ESXi host-specific configurations. The VDS uses cluster-based configuration and does not support ESXi host-specific configuration.
This release does not have full feature parity between N-VDS and VDS.
The backing type for VM and vmKernel interface APIs is different for VDS when compared to N-VDS.
Security and Firewalling: It’s not possible to leverage Federation to have a consistent security policy across multiple sites (note VMC support will come in a future release). NSX-T introduces the concept of a global manager and has the capability to sync security policies across multiple sites providing a single pane of glass view.