New Innvoations on NSX 3.2 release in terms of Multi-Cloud Security, Networking & Operations
Hello
Everyone,
We are
excited with the announcement of general availability of VMware NSX-T 3.2
release. NSX-T
3.2 includes key
innovations across multi-cloud security, scale-out
networking for containers, VMs, and physical workloads. It also
delivers simplified operations that help enterprises
achieve a one-click, public cloud experience
wherever their workloads are deployed.
Strong Multi-Cloud Security
NSX-T 3.2 provides strong, multi-cloud, easy-to-operationalize network defenses that secure application traffic within and across clouds. NSX-T 3.2 goes a step further in making it easy to enable Zero Trust application access across multi-cloud environments — enabling customers to secure traffic across applications and individual workloads with security controls that are consistent, automated, attached to the workload, and elastic in scale.
Tapless Network Traffic Analysis (NTA)
Network traffic analysis (NTA) and sandboxing solutions are integrated directly into the NSX Distributed Firewall (DFW). NSX eliminates traffic hairpins by distributing NTA as a service within the hypervisor. Combined with distributed IDS/IPS capabilities, security teams can now virtualize the entire security stack and eliminate blind spots while allowing security policies and controls to follow workflows throughout their lifecycle, regardless of the underlying infrastructure.
Gateway Firewall
The enhanced gateway firewall serves as a software-based gateway with L2-L7 controls — including URL filtering and advanced threat prevention with malware analysis and sandboxing. This extends centralized security controls to physical workloads, the data center perimeter, and the public cloud edge — ensuring consistent security controls across both east-west and north-south application traffic that are all managed centrally from NSX Intelligence.
Integrated NDR with NSX Intelligence
Integrating the NSX Network Detection and Response (NDR) solution into our centralized management platform, NSX Intelligence, allows the NDR solution to correlate signals from IDS/IPS, NTA, and the sandbox to identify true intrusions. NSX Intelligence now offers scale-out performance, as well as improvements to firewall rule recommendations, to further simplify and automate the task of network segmentation across application traffic.
Switch-agnostic distributed security
The NSX Distributed Firewall now supports workloads deployed on Distributed Port Groups on VDS switches. This allows customers to deploy the NSX firewall without changes to the vSphere Distributed Switch. Customers can leverage Distributed Firewall capabilities for VDS-based VLAN networks without having to convert the switchport to N-VDS or deploy network overlays, thereby further simplifying the security architecture.
Networking and Policy Enhancements
Scaling up and managing a cloud environment — whether public or private — requires simplified network configuration and management, visibility and control, and the ability to rapidly add new capabilities into an existing environment.
Container Networking and Security with NSX-T and Antrea
With NSX-T 3.2, network administrators can now define Antrea networking and security policies for containers from the NSX-T Manager user interface. Policies are applied on K8s clusters running Antrea 1.3.1-1.2.2 using the interworking controller. Kubernetes objects such as pods, namespaces, and services are collected in NSX-T inventory and tagged so that they can be selected in Distributed Firewall policies. Additionally, the NSX-T user interface can manage Antrea Traceflow and also collect log bundles from Kubernetes clusters using Antrea.
Enhanced Migration Coordinator
The NSX Migration Coordinator has been enhanced to support customer defined NSX topologies, larger scale, and several other features and environments not previously supported, including VMware Integrated OpenStack (VIO), fixed topologies with OSPF, guest introspection for partners that support Migration Coordinator, and identity-based firewall (IDFW/RDSH) configurations.
NSX Federation
NSX Federation, first introduced in NSX-T 3.0, helps deliver a public cloud-like operating model, enabling an operator to manage a multi-site network as a single entity while keeping configuration and operational state synchronized across multiple locations. NSX Federation is enhanced in NSX-T 3.2 to support VM tag replication between local managers so that VMs replicated and restarted during a Disaster Recovery (DR) event retain the necessary security policies. NSX-T 3.2 also implements enhanced health monitoring for communication channels between global and local managers.
treamlined Network Provisioning and Operations
Simplified NSX deployment with use case-driven prescriptive provisioning
With NSX-T 3.2, admins can now deploy NSX-T manager and networking and security use cases directly from vSphere clients — greatly simplifying NSX-T deployment in vSphere environments. Guided workflows simplify the deployment of NSX Manager as well as networking and security policies.
Simplified provisioning for NSX Advanced Load Balancer
Installing and configuring the NSX Advanced Load Balancer (ALB) is further simplified through tighter integration with NSX Manager. You can use the NSX Manager UI to install and configure NSX Advanced Load Balancer controllers and cross-launch the VMware NSX ALB UI for advanced features. Furthermore, NSX customers interested in Advanced Load Balancer features can migrate their load balancing solution from NSX for vSphere to the VMware NSX Advanced Load Balancer using the Migration Coordinator. See the Advanced Load Balancer migration page for more details.
vRealize Network Insight Support for NSX-T Federation and Firewall
Tight integration between vRealize Network Insight 6.4 and NSX-T Federation delivers comprehensive network visibility across multiple NSX-T data centers at the global, regional, and local site level. New capabilities to optimize application performance and traffic flows are available with simplified views into inter-site VM-to-VM paths and intra-site VM-to-VM paths in a Federation topology. vRealize Network Insight 6.4 now supports NSX-T Distributed Firewall (DFW) on Distributed Port Groups (DVPG), which gives security admins enhanced visibility into unprotected traffic flows, security features such as Name Space (NS) groups, and distributed firewall rules on existing vSphere VLAN DVPGs in a topology. New 1-year and 3-year vRealize Network Insight term licenses are now available with NSX-T Advanced Threat Prevention.
Network monitoring and troubleshooting enhancements
Newly introduced Edge and L3 time-series monitoring implements a time-series view of Edge and L3 metrics such as CPU, memory, disk usage, packets per second, bytes per second, packet drop rate, and more in NSX Manager. This will make it easier for network operators to monitor key performance indicators, perform before and after analysis, and access historical context that is helpful in troubleshooting. Furthermore, Live Traffic Analysis in NSX Manager provides unified troubleshooting and diagnosis across data centers by combining Traceflow and packet captures. NSX-T 3.2 also implements several new events and alarms for enhanced troubleshooting across cluster health, management plane, Federation, health of the transport node, distributed firewall, Edge, VPN, NAT, Load Balancing, and the NSX Application Platform.
This NSX-T 3.2 release expands the breadth and depth of NSX-T use cases across multi-cloud security, scale-out networking for containers, VMs, bare metal workloads, and simplified operations. The release is generally available along with detailed Release Notes covering all the features and capabilities delivered.
Cheers !!
Comments
Post a Comment