VMworld NSX Announcements

It’s that time of the year again, it is time for VMworld!
And it’s going to be something special again this year, especially for everything Network Virtualization related. Everyone did their best to not spill the beans on all new nifty features that will be announced during this VMworld.
 

What will be announced at VMworld 2017

Some of the NSX related announcements that will be made are:

  • NSX-T 2.0
  • VMware Cloud Services Secure Networking
  • VMware Cloud on AWS
  • VMware AppDefense (previously known as Project Goldilocks)
  • vRealize Network Insight 3.5
  •  

    What’s new with NSX-T 2.0

    In case you missed the initial announcement of NSX-T you can read it here or register for session NET1510BU.

    Some of the new features of NSX-T 2.0 are:

  • Multi Domain Networking
  • Automation with OpenStack
  • CNI Integtration for Kubernetes
  • Improvements of On-Prem deployments
  • Support for Multi Off Site Clouds
  •  

    VMworld NSX-T
     

    VMware Cloud on AWS

    VMware Cloud on AWS is a VMware Service which is joint engineerd and a one stop shop for Customers.

    VCAWS
     

    This Service includes the following:

  • VMware SDDC running on AWS bare metal
  • Sold, operated and supported by VMware
  • Support for containers and VMs
  • On-Demand capacity & flexible consumption
  • Full operational consistency with On-Prem SDDC
  • Seamless workload portability
  •  

    NSX Vision

    The image below gives you an glimps into what the Network Security Business Unit (NSBU) has in store for NSX.
     

    NSX Vision
     

    AppDefense

    AppDefense will be one of the biggest announcements on the first day of VMworld. So what is AppDefense you ask? Well in short, AppDefense provides an intent-based security capability that is able to detect and block potential malicious actions and applications. The AppDefense system understands and learns what is a known good process and is also able to determine when the runtime behavior of an application deviates from its intended state. In other words, AppDefense was the missing link to provide Enterprise Security.

    Some of the features of AppDefense are:

  • Application Control
    • Comprehensive view/grouping of VMs in the datacenter
  • Runtime Anomaly Detection and Response
    • Monitor the real time state of the OS and user Applications
    • Alert and control process, network, and kernel events
  • Process Analysis
    • Built-in Process analysis engine gives overall process maliciousness as well as specific traits that are potentially suspicious
  • Orchestrate Remediation
    • Our infrastructure reach provides a more effective way to orchestrate remediation during a security incident
  • AppDefense will be (initially) deployed as SaaS service, this could be quite benefitial due to the amount of information gathered by other customers. A Proxy will be deployed on-premises to gather the information.
     

    What’s next?

    Like I desribed in an earlier blog post on the ITQ website, my main focus this year will be VMware Cloud on AWS and NSX. So please keep and eye on this site and get all the latest information on these topics.

    Read More

    Limit the number of VTEPs for NSX

    Everyone who has deployed NSX for vSphere must have configured the VXLAN Transport Parameters.

    VTEPs
     

    Nothing really fancy about this and pretty straight forward. But, what if you want to limit the number of VTEPs for NSX due to a specific requirement of the deployment? The number of VTEPs is not editable in the UI as described in the NSX documentation:

    The number of VTEPs is not editable in the UI. The VTEP number is set to match the number of dvUplinks on the vSphere Distributed Switch being prepared.

    So when you configure the VXLAN Transport Parameters for a host that is connected to a vSphere Distributed Switch (vDS) with 6 dvUplinks it will automatically create 6 VMkernel interfaces.

    VTEP-6

    But but… (due to questionable requirements) we need it only with 2 VMkernel interfaces on a vDS with 6 dvUplinks, how can we solve this? Well fire up your PowerNSX.
     

    Limit the number of VTEPs for NSX with PowerNSX

    Not familiar with PowerNSX? Well you should be, PowerNSX is a PowerShell module that contains PowerShell functions that can call the VMware NSX for vSphere API. It will make you life so much more easier and is almost indispensable when consistency and speed is key. Here you can find how to install PowerNSX and here you can find how to use PowerNSX.

    Please alter the script below to match your environment.

    After the script has run successfully, the result will be only 2 VMkernel interfaces instead of the “default” 6 VMkernel interfaces:

    VTEP-2

    Don’t forget to configure the uplink assignment on the VTEP portgroup afterwards and set the uplinks to “Active” where the VTEP VLANs are configured on and the rest to “Unused”.

    VTEP-Assignment

    Thanks to Alexander Ries for helping with the script.

    Read More