In the recent two months, VMware had released a few updates around its network and security products for NSX-T, NSX-Intelligence, HCX, and VRNI. This blog will list the important notes from each product
- Switch agnostic distributed security: Ability to extend micro-segmentation to workloads deployed on vSphere networks.
- Gateway Security: Enhanced L7 App IDs, Malware Detection and Sandboxing, URL filtering, User-ID firewall, TLS inspection (Tech Preview) and Intrusion Detection and Prevention Service (IDS/IPS).
- Enhanced Distributed Security: Malware detection and Prevention, Behavioral IDS/IPS, enhanced application identities for L7 firewall.
- Improved integration with NSX Advanced Load Balancer (formerly Avi): Install and configure NSX ALB (Avi) from NSX-T UI; Migrate NSX for vSphere LB to NSX ALB (Avi).
- NSX for vSphere to NSX-T Migration: Major enhancements to the Migration Coordinator to extend coverage of supported NSX for vSphere topologies and provide flexibility on the target NSX-T topologies.
- Improved protection against Log4j vulnerability: Updated Apache Log4j to version 2.16 to resolve CVE-2021-44228 and CVE-2021-45046.
and more, reference: NSX-T Data Center 3.2 Release Notes
NSX Intelligence 3.2
NSX Intelligence Platform and Form Factor Changes
- New Scale-out Architecture – To achieve higher scale and additional functionality, NSX Intelligence now runs on the NSX Application Platform. Starting with the 3.2 release, NSX Intelligence is no longer offered as an independent appliance (OVA) installation. Please note that since the NSX Application Platform runs on Kubernetes, a Kubernetes cluster must be already deployed and available prior to the installation of the NSX Application Platform and NSX Intelligence. See the following documentation for more information.
- NSX Intelligence integration with vSphere Lifecycle Manager – You can now run NSX Intelligence with ESX clusters that are vSphere Lifecycle Manager enabled.
- NSX Intelligence Data Collection Settings – Provides the ability for you to selectively enable NSX Intelligence to collect data on a subset of ESXi hosts or clusters of hosts, which aids in scale management and license compliance. See Configure NSX Intelligence Settings for details.
NSX Intelligence Visualizations
- Workload View Enhancements:
- Details about User Logout Time and VM Tools Version are added.
- Shows the latest group information for a unique flow.
- Shows aggregated flow attributes (Source and Destination IP addresses, Users, Process, FQDN, and more details) about a flow when you select Flow Details from a node’s contextual menu.
- Canvas View Enhancements: Enhances the Public IPs Group to specify an exact list of public IP addresses that are communicating to NSX objects in your NSX-T Data Center.
- Performance: Improved performance when loading the landing page views for the compute and group views.
and more, reference: VMware NSX Intelligence 3.2 Release Notes
Network Extension High Availability (EA)
The Network Extension service is enhanced to protect extended networks from disruptions in the network infrastructure, appliance failure, or service maintenance events.
System Database Conversion
- Transition to PostgresSQL
To support future development and enhance security, the HCX system database has transitioned to PostgreSQL. For existing customers, the content of the database will be converted during the upgrade to HCX 4.3.0.
OS Assisted Migration Enhancements for Guest OS Support
OSAM now supports migration of the following Operating Systems:
- RHEL/CentOS 8.x (64-bit) on KVM
- RHEL/CentOS 8.x(BIOS/GEN-1 & UEFI/GEN-2) on Hyper-V
- Windows Server 2019 Guest OS on KVM and Hyper-V hypervisors.
OSAM Interoperability with VMware vSphere 7.0 Update 3
- With this release, HCX OS Assisted Migration is available in vSphere environments running VMware vSphere 7.0 Update 3.
and more, reference: VMware HCX 4.3.0 Release Notes
VMware NSX-T Monitoring and Troubleshooting
- Supports VMware NSX Advanced Load Balancer for VMs in the vRealize Network Insight on-premises and VMware Cloud deployments.
- Introduces built-in and enforced protection mechanism to disable NetFlow collection on Distributed Virtual Port groups where VMware NSX-T edges are connected.
Network Assurance and Verification
- Introduces streaming mechanism to receive problem events, application changes, metrics, and flow records.
- vRealize Network Insight displays newly raised alerts as real-time toast message notifications.
- Fixed the following recently reported Log4j vulnerabilities:
Solutions Architect – Cloud & Infrastructure