VMware NSX

2020: VMware NSX-T 3.0

On April 14, 2020 it became known that the VMware company released big update the platforms for network virtualization of data centers of NSX-T 3.0.

Changes and additions in the updated NSX-T 3.0 mentioned by the developer:

• Improvements of work in a cloud environment:
  • NSX Federation - using the NSX Global Manager component it is possible to manage on a centralized basis the distributed virtual network in several locations, supporting them in a synchronized type in terms of a configuration, security policies and operational management. At migration of workloads between data centers of their policy remain and controlled from a uniform point.

• • Support of AWS GovCloud and Azure Government - this opportunity allows to service clouds based on AWS and VMware for state structures [the [USA] with observance of all necessary regulyatorika.
  • the Improved support of several clients in a cloud at the expense of VRF Lite and Layer 3 BGP EVPN. Means of VRF Lite allow to simplify management of the network circle of each client due to maintenance for it the separate routing table, and Layer 3 EVPN seamlessly connects networks of telecom providers to overlay networks.
  • Dynamic Network Service Chaining - services NSX service insertion support the dynamic service chaining mechanism for traffic of VM, containers and physical servers.

• Security improvements. The Service-defined Firewall mechanism was considerably improved and in the provided version following features are available:
  • NSX Distributed IDS/IPS is an expanded mechanism of detection of invasions for east-west traffic in multicloud environments at the level of 7 model of OSI. This mechanism uses knowledge of the nature of systems and the nature of exchange of traffic between them that allows to create the virtual protected network zones without the need for physical isolation of zones from each other.

• • Improvements of L7 Edge Firewall – the network Layer 7 Edge Firewall screen purchased functions of the analysis of URL within the URL Classification and Reputation mechanism.
  • DFW for Windows 2016 – (DFW) distributed fayervol, in addition to support of Linux, supports also the physical Windows 2016 servers.
  • Rules based on time and a microsegmentation setup wizard - rules of a fayervol can be tied to the time windows determined by the administrator. Also the setup wizard simplifies a microsegmentation configuration based on VLAN networks.

• Network interaction for virtual machines and containerized applications:

• • NSX-T completely supports infrastructure environments of containerized applications vSphere with Kubernetes. In a unified environment of containers and virtual machines routing, network shielding, balancing of loading NAT, IPAM and other network services is supported. Here is how it works in parts:
    • The possibility of isolation of namespaces of vSphere Namespaces - in NSX-T is logic for automatic implementation of logical segments with routing and the network screen and also IPAM services for isolation of namespaces in a cluster of vSphere Supervisor Cluster. All workloads created in namespace automatically inherit security policies of this neymspeys.
    • Integration with Cluster API into VMware Tanzu Kubernetes Grid Service – the solution NSX-T is integrated with these services, allowing developers to unroll clusters of Tanzu Kubernetes Grid. There it is possible to create logical segments, the gateway Tier-1 Gateway, balancers of loading and the other things necessary for these clusters.

• • Support of the modules Terraform Provider and Ansible - expanded workflows of different topology for functions of logical segmentation, the gateway and also network overlay and segments of VLAN are supported.
  • the Simplified integration into the solution vRealize Network Insight 5.2 - it allows to organize end-to-end visibility of network flows and also to carry out more effective trablshuting from a deshbord of vRealize Network Insight. Functions of detection of applications on platforms of VMware are also improved.
  • OpenStack Neutron Improvements - the plug-in Neutron to NSX-T was significantly finished. It led to improvement of the mechanism of management for several NSX-T endpoints. Also the operator can configure additional IPv6 settings (DHCPv6, IPv6 LB and NAT64).^[1]

2017

VMware NSX for vSphere 6.3

On February 2, 2017 the VMware company provided the release of the platform of network virtualization of VMware NSX focused on the various and developing needs of IT and developers. In VMware NSX for vSphere 6.3 support crucial for IT tasks — automation, security and the continuity of operation of applications is improved.

VMware NSX is the most widespread platform of network virtualization in the industry checked in case. With this updating we are still focused on increase in efficiency of support of customers in their work with NSX, at the same time we try to simplify even more current transactions when scaling. We also continue to develop NSX as the platform of network virtualization for heterogeneous environments, allowing our customers to apply new development tools of applications with ease or to use public clouds. Milin Desai, vice president of business division of products, network technologies and security of VMware company

After release of VMware NSX for vSphere 6.3 support of the latest version of vSphere 6.5 is provided. Innovations in a product provide big simplicity of transactions, security and scaling of higher level. At the same time time of updating of the platform to the new version was reduced to 5 times.

• Security: The new tool for management of rules of the Application Rule Manager applications and the Endpoint Monitoring monitor provide unique visibility of activity at the level of OS to network flows that allows to automate updating the politician and governed and also to facilitate use of microsegmentation and to make it more effective.
• Continuity of operation of applications: innovations help customers who scale a SDDC environment on several DPCs and several VMware vCenters, to apply uniform and dynamic security policies.
• Connection of SDDC to branches: Now NSX allows customers to expand uniform virtual network infrastructure on a branch network, providing centralized operation with security.
• Providers of cloud services / implementations of NFV: The improved support of the product VMware vCloud Director provides enhanced capabilities on use of the NSX functions in the self-service mode in multi-user infrastructures of suppliers of cloud services and infrastructure of NFV.

VMware NSX-T 1.1

On February 2, 2017 the VMware company released VMware NSX-T release for support of an applied environment and architecture of applications.

VMware NSX-T 1.1 offers customers the flexible software-defined infrastructure allowing them to create infrastructure for native cloud applicaions. Together with release of VMware NSX-T 1.1 the VMware company provided:

• Support of VMware Photon Platform, the corporate platform for the native cloud infrastructure optimized for work with containers and modern applications which were specially created for start in the multi-user and scalable environments managed by means of API.
• Expanded support of a hypervisor of KVM from Canonical and Red Hat.
• The updated support of OpenStack Newton and Mitaka.
• The beta program for the customers interested in connectivities to network and security for containers and new applications using Container Network Interface (CNI).

2016: VMware NSX as the tool for security a telecom and IT infrastructures

About a half of customers of solutions of VMware of a class software-defined networks (SDN, Software-Defined Networking) and network virtualization (NFV, Network Functions Virtualization) use these products for ensuring protection that does not correspond to their initial purpose. It was shown by statistics of users of the solution NSX — the instrument of network virtualization developed by VMware.

From more than thousands of public clients of NSX worldwide about a half use this product as a basis for creation of an information security system, the chief representative of VMware Russia Alexander Vasilenko claims.

"The product NSX was brought to the market one and a half years ago and was positioned as a tool for virtual networks — he says. — As it appeared, it also began to be used as the tool for creation of security policies. We did not expect that such functionality will be demanded".

The initial essence of approach of NFV/SDN is in as much as possible to simplify management of network functions. Means of network virtualization and implemented over them by SDN allow to abstract from the physical equipment and to present network functions in the form of virtual entities which configuration can be performed in several clicks. As a result time of setup of network is reduced from several days to several minutes.

As it appeared, it is not the only value of NFV and SDN for the client. Virtualization allows to trace traffic not only through physical ports, but also according to the addressing specific applications that increases security. Specialists of Vmwareuvereny, that network virtualization will help to lift protection to the new^[2].

2015: There was a release of VMware NSX of version 6.2

On August 23, 2015 VMware announced release of VMware NSX of version 6.2. In it the full support of VMware vSphere 6.0 and other opportunities is implemented.

Interaction with VMware NSX, 2014

Main changes

• Support of the latests version of virtualization platforms
  • VMware NSX 6.2 supports VMware vSphere 5.5 and vSphere 6.0. Functions regarding network interaction and security between two servers vCenter are supported only for vSphere 6.0.

• Possibilities of Cross vCenter Network Virtualization
  • NSX 6.2 supports an environment where logical switches, the distributed logical routers and the distributed network screens are placed so that their action extends to objects with different vCenter. Officially this opportunity is called Cross-vCenter Network and Security.
  • Now politicians of a fayervol or logical network components can be marked as Universal that means that settings are replicated between the modules NSX Manager and will be saved at migration of vMotion of the virtual machine per other host of ESXi which is under control of other vCenter server.

• Universal logical objects of network
  • Universal Logical Switch (ULS) is a possibility of creation of logical switches which integrate several vCenter servers. It allows to create L2 blast furnaces of network interaction for the application in the virtual machine which can "travel" between the data-centers.
  • Universal Distributed Logical Router (UDLR) is the logical distributed router executing routing between objects of ULS. This router works as well on the basis of geographical placement of VM.
  • Universal IP sets, MAC sets, security groups, by services and service groups - all these objects support the distributed structures from several vCenter.

• Support of VMware vCenter Server 6 with different topology of Platform Services Controller (PSC).
  • If before NSX supported only the built-in services PSC (Platform Services Controller), then the different distributed topology is supported now (we wrote about it here). Now the components vCenter SSO, license service, lookup service, VMware Certificate Authority and other are completely supported.

• Support of L2 Bridging for Distributed Logical Router
  • L2 bridging can take part in the distributed logical routing now. The VXLAN network to which the bridzhing copy is attached is used for the Routing instance and Bridge instance mutually connection.

• The mechanism of detection of the IP addresses for virtual machines
  • Before the IP address of virtual machines were detected on presence in them of VMware Tools and were added manually. Now there are 2 new methods of adding of the addresses: DHCP snooping and ARP snooping (and presence of VMware Tools is optional).

Screenshot of a window of a product, 2015

• Changes in management tools and problem solving
  • Central CLI is the single interface of the command line for the normal and distributed NSX functions.
  • Traceflow troubleshooting tool is the utility which allows to understand, there was a problem in the virtual or physical area network, due to tracking passing of a packet through a virtual and physical network stack.
  • the Flow monitoring and IPFix Functions can be included separately now (it was possible only together earlier and it created a lot of load traffic, especially in big environments).
  • the Report in real time on a status of the managing NSX components: a status of communications between NSX Manager and the agent of the network screen, NSX Manager and the management console, between hosts of ESXi and NSX Controller.

• Correction in LB Health Monitoring.
  • granular condition monitoring which provides information on the occurred failures is available Now, traces information on state change of the NSX components and communications between them. Information on the possible reasons of failures is provided.

• Support of range of ports for LB
  • For applications which need to use the range of ports for LB there is an opportunity to set this range.

• Other changes
  • an Opportunity to save a tag of VLAN at communications of VXLAN.
  • Viewing an active node in HA pair.
  • the maximum number of the virtual IP addresses Is increased.
  • Support of vRealize Orchestrator Plug-in for NSX 1.0.2.
  • Possibility of inclusion/shutdown of uRPF check for the separate interface.
  • Improvements of Load balancer health monitoring.
  • Other improvements (complete list here).

VMware NSX of version 6.2 supports infrastructure of virtual VMware Horizon View PCs of version 6.0.1 and later.

2014

VMware NSX 6.1

On August 25, 2014 VMware announced an exit of upgraded version of VMware NSX 6.1. Among new opportunities there is an expanded microsegmentation of network, the improved connection of hybrid clouds, the mode of routing of ECMP and support of integration with VMware vCloud Automation Center 6.1.

The latest VMware platform for virtualization of networks helps to improve protection level, to achieve dynamism and scalability of software-defined DPCs and a hybrid cloud. By means of VMware NSX users receive economically and operationally a profitable method of microsegmentation of network, changing architecture of security of the DPCs.

VMware NSX has several advantages in comparison with traditional approaches of security, including the automated providing, automatic processes of migration, adding and change of loadings, the distributed application the politician on any virtual interface and also the built-in scalable firewall which is provided on any hypervisor and is supported by the platform.

VMware NSX 6.1 is expected on sale in the third quarter 2014.

Integration of NSX and BIG-IQ

On September 22, 2014 the F5 Networks company and VMware announced mutual integration of platforms of management of BIG-IQ and virtualization of VMware NSX networks for operational management of application services and services of networks 2–7 levels in program-controlled data processing centers.

The compatibility of platforms will allow clients to take all advantage of technology of automation of network services of the VMware NSX platform and technologies of management of delivery services of applications of F5 company.

Using the joint solution customers can use all services BIG-IP directly in NSX Manager within process of deployment of standard virtual machines. It will allow them to reduce deployment time from several days to several minutes.

Using the updated solutions, customers will have an opportunity to automate process of deployment of services on a basis the politician for multilevel applications in program-controlled data processing centers. The new solution can be deployed without violation of work of systems therefore customers will be able to be used functionality of BIG-IP and BIG-IQ in virtual environments of NSX and to continue use of own iApps templates by means of original F5 interfaces.

• Simple management – customers will be able to take all advantage of a broad spectrum of application services of F5 company without the excess complexity connected with difficulties of management. VMware NSX provides advantages of efficiency of work to application services to acceleration, ensuring availability and security. Integration will allow customers to receive more effective control over use of services.

• Scalable services and automation – the Approved consumption pattern and integration based on API will allow customers to set and configure configurations the politician for services of acceleration, protection of availability and virtualization for implementation in data processing centers and cloud environments. The joint solution will give to IT specialists the chance to automate how the systems of VMware and F5 work and react to the changing conditions. At the same time the production infrastructure is not broken and work of business services is not affected.

• Effective implementation of applications – due to consolidation of advantage of approaches of both companies customers will be able to increase as much as possible the speed of network functioning and applications using Software-Defined Application Services. The integrated functionality expands the field of use of the iApps templates of F5 company, helping by optimization of popular applications and additional scenarios of implementation.

2013: VMware NSX exit

On August 27, 2013 VMware announced VMware NSX exit - platforms for the network virtualization which is fully implementing model of the organization of work of networks and security systems without use of specialized expensive network equipment. The platform allows operators of DPCs to reach significant increase in speed and increase in flexibility at cost reduction.

VMware NSX combines the best possibilities of Nicira NVP and VMware vCloud Network and Security in one integrated platform, providing full program model of the organization of work and protection of network (Layer 2 — Layer 7). Besides, virtual networks of VMware NSX support existing applications in an invariable type on any physical network infrastructure.

It is similar to other distributed services of VMware vSphere, VMware NSX is created on the basis of the advanced distributed architecture where network services are integrated into a hypervisor core. It allows network services to make scaling together with a hypervisor for satisfaction of requirements of the application. As VMware NSX provides services from level 2 on level 7 completely using the software, everything that is necessary for clients to increase the infrastructure, it to add several nodes of the server. This architecture allows VMware NSX to process up to 1 TB network traffic per second in a cluster from 32 nodes.

Key part of VMware NSX - logical switches and routers with API RESTful for integration into products of third-party producers with orientation to cloud management, plus the logical firewall, the balancer of loading and VPN. The company notes that the platform is created around the cluster controller managing distribution of functions of a hypervisor in scales of the data-center. VMware NSX provides virtualization of Layer 2 and 3 networks, and with special add-ons virtualization on Layer 4-7, in particular at the level of firewalls, balancers of loading or VPN is provided.

NSX can be integrated with VMware vSphere and vCloud Director and Automation Center, to work with hypervisors and management tools of other producers, in particular with Xen Server, KVM, OpenStack and CloudStack.

In the VMware NSX market appeared by the end of 2013.

Notes