VMware NSX-T 2.4 – ‘A Landmark Release’
Today saw the release of VMware NSX-T 2.4, the latest and greatest, lauded as a ‘landmark release’ for the product.
Since its initial release in February 2017, NSX-T has focused on addressing organisational requirements to support cloud-native applications, bare metal workloads, multi-hypervisor environments, and public clouds. With the release of NSX-T 2.4, we can now add multi-clouds to the list.
NSX-T delivers security to diverse endpoints such as VMs, containers, and bare metal, as well as a range of cloud platforms and cloud native projects including Kubernetes, VMware PKS, Pivotal Application Service (PAS), and Red Hat OpenShift.
With NSX-T 2.4, VMware are able to deliver further advancements in networking, security, automation, and an ‘operational simplicity for everyone’. This includes IT admins, DevOps teams, and developers. As such, NSX-T is an enabler for customers embracing cloud-native application development, expanding use of public cloud, and those who require automation to drive agility.
With the release of NSX-T 2.4 comes the new ‘Converged NSX Manager’ with 3-node clustering support. What does this mean? Essentially, the management and control planes of the past have been converged, resulting in the number of VMs being reduced and a lower management overhead. The converged NSX Manager merges policy, management, and central control services on a cluster of nodes, bringing high availability and a scale-out architecture to the Management Plane.
The latest NSX-T release brings a radically simplified user interface (UI) that requires just the bare minimum user input, offering strong default values with prescriptive guidance for ease of use. This means fewer clicks and page hops are required to complete configuration tasks.
Intelligent Search provides quick and easy access to information, and anticipates user intent through type-ahead auto-completions and suggestions on common search phrases.
NSX-T enables customers to provision new networks and services with a single API call or a few clicks in a new simplified UI, making NSX the industry’s simplest way to manage an application-centric, software-defined network (SDN).
I have blogged and presented on the topic of proactive and modern defence approaches a number of times. Whilst micro-segmentation delivers this, enabling a seamless operation and user experience is another thing. NSX-T continues to bolster the ability to deliver consistent, pervasive connectivity and intrinsic security for applications and data across any environment to drastically shrink the application attack surface and reduce business risk.
NSX-T 2.4 introduces support for advanced security capabilities such as Layer 7 application context-based firewalling, identity-based firewalling, FQDN/URL whitelisting, guest introspection, and E-W service insertion.
FQDN/URL whitelisting applies to E-W traffic in the distributed firewall and enables customers to allow/whitelist specific traffic going from a VM to a specific FQDN or URL. Benefits of this feature include support for communication to a different system/application in a multi-site environment, support for applications that use native cloud services, and support for URL domain on the internet.