Virtual Brigade http://virtualbrigade.com Virtualization, Cloud, Open Source and Networking Stuff Sat, 30 Jan 2021 22:14:45 +0000 en-US hourly 1 https://wordpress.org/?v=5.7.11 https://i2.wp.com/virtualbrigade.com/wp-content/uploads/2018/07/Logo-A.png?fit=32%2C27 Virtual Brigade http://virtualbrigade.com 32 32 117180945 What’s New in NSX-T 3.1.1 http://virtualbrigade.com/whats-new-in-nsx-t-3-1-1/ http://virtualbrigade.com/whats-new-in-nsx-t-3-1-1/#respond Sat, 30 Jan 2021 22:14:45 +0000 http://virtualbrigade.com/?p=2625 What’s New in NSX-T 3.1.1 NSX-T Data Center 3.1.1 provides a variety of new features to offer new functionalities for virtualized networking and security for private, public, and multi-clouds. Highlights include new features and enhancements in the following focus areas. What’s New in NSX-T 3.1.1: L3 Networking OSPFv2 Support on Tier-0 Gateways NSX-T Data Center […]

The post What’s New in NSX-T 3.1.1 appeared first on Virtual Brigade.

]]>
What’s New in NSX-T 3.1.1
  • NSX-T Data Center 3.1.1 provides a variety of new features to offer new functionalities for virtualized networking and security for private, public, and multi-clouds.
  • Highlights include new features and enhancements in the following focus areas.

What’s New in NSX-T 3.1.1: L3 Networking

  • OSPFv2 Support on Tier-0 Gateways
    • NSX-T Data Center now supports OSPF version 2 as a dynamic routing protocol between Tier-0 gateways and physical routers.
      • OSPF can be enabled only on external interfaces and can all be in the same OSPF area (standard area or NSSA), even across multiple Edge Nodes.
      • This simplifies migration from the existing NSX for vSphere deployment already using OSPF to NSX-T Data Center.

NSX Data Center for vSphere to NSX-T Data Center Migration

  • Support of Universal Objects Migration for a Single Site
    • You can migrate your NSX Data Center for vSphere environment deployed with a single NSX Manager in Primary mode (not secondary). As this is a single NSX deployment, the objects (local and universal) are migrated to local objects on a local NSX-T.  This feature does not support cross-vCenter environments with Primary and Secondary NSX Managers.
  • Migration of NSX-V Environment with vRealize Automation – Phase 2
    • The Migration Coordinator interacts with vRealize Automation (vRA) to migrate environments where vRealize Automation provides automation capabilities. This release adds additional topologies and use cases to those already supported in NSX-T 3.1.0.
  • Modular Migration for Hosts and Distributed Firewall
    • The NSX-T Migration Coordinator adds a new mode to migrate only the distributed firewall configuration and the hosts, leaving the logical topology(L3 topology, services) for you to complete.
      • You can benefit from the in-place migration offered by the Migration Coordinator (hosts moved from NSX-V to NSX-T while going through maintenance mode, firewall states and memberships maintained, layer 2 extended between NSX for vSphere and NSX-T during migration) that lets you (or a third party automation) deploy the Tier-0/Tier-1 gateways and relative services, hence giving greater flexibility in terms of topologies. This feature is available from UI and API.
  • Modular Migration for Distributed Firewall available from UI
    •  The NSX-T user interface now exposes the Modular Migration of firewall rules.
    • This feature was introduced in 3.1.0 (API only) and allows the migration of firewall configurations, memberships and state from an NSX Data Center for vSphere environment to an NSX-T Data Center environment.
      • This feature simplifies lift-and-shift migration where you vMotion VMs between an environment with hosts with NSX for vSphere and another environment with hosts with NSX-T by migrating firewall rules and keeping states and memberships (hence maintaining security between VMs in the old environment and the new one).
  • Fully Validated Scenario for Lift and Shift Leveraging vMotion, Distributed Firewall Migration and L2 Extension with Bridging
    • This feature supports the complete scenario for migration between two parallel environments (lift and shift) leveraging NSX-T bridge to extend L2 between NSX for vSphere and NSX-T, the Modular Distributed Firewall.

Identity Firewall in NSX-T 3.1.1

  • NSX Policy API support for Identity Firewall configuration – Setup of Active Directory, for use in Identity Firewall rules, can now be configured through NSX Policy API (https://<nsx-mgr>/policy/api/v1/infra/firewall-identity-stores), equivalent to existing NSX Manager API (https://<nsx-mgr>/api/v1/directory/domains).

Advanced Load Balancer Integration

  •  Support Policy API for Avi Configuration
    • The NSX Policy API can be used to manage the NSX Advanced Load Balancer configurations of virtual services and their dependent objects.
      • The unique object types are exposed via the https://<nsx-mgr>/policy/api/v1/infra/alb-<objecttype> endpoints.
  • Service Insertion Phase 2
    • This feature supports the Transparent LB in NSX-T advanced load balancer (Avi).
      • Avi sends the load balanced traffic to the servers with the client’s IP as the source IP.
      • This feature leverages service insertion to redirect the return traffic back to the service engine to provide transparent load balancing without requiring any server side modification.

Edge Platform and Services

  • DHCPv4 Relay on Service Interface
    • Tier-0 and Tier-1 Gateways support DHCPv4 Relay on Service Interfaces, enabling a 3rd party DHCP server to be located on a physical network

AAA and Platform Security

  • Guest Users – Local User accounts: NSX customers integrate their existing corporate identity store to onboard users for normal operations of NSX-T. However, there is an essential need for a limited set of local users — to aid identity and access management in many scenarios. Scenarios such as (1) the ability to bootstrap and operate NSX during early stages of deployment before identity sources are configured in non-administrative mode or (2) when there is failure of communication/access to corporate identity repository. In such cases, local users are effective in bringing NSX-T to normal operational status. Additionally, in certain scenarios such as (3) being able to manage NSX in a specific compliant-state catering to industry or federal regulations, use of local guest users are beneficial. To enable these use-cases and ease-of-operations, two guest local-users have been introduced in 3.1.1, in addition to existing admin and audit local users. With this feature, the NSX admin has extended privileges to manage the lifecycle of the users (e.g., Password rotation, etc.) including the ability to customize and assign appropriate RBAC permissions. Please note that the local user capability is available on both NSX-T Local Managers (LM) and Global Managers (GM) but is unavailable on edge nodes in 3.1.1 via API and UI. The guest users are disabled by default and have to be explicitly activated for consumption and can be disabled at any time.
  • FIPS Compliant Bouncy Castle Upgrade: NSX-T 3.1.1 contains an updated version of FIPS compliant Bouncy Castle (v1.0.2.1). Bouncy Castle module is a collection of Java based cryptographic libraries, functions, and APIs. Bouncy Castle module is used extensively on NSX-T Manager. The upgraded version resolves critical security bugs and facilitates compliant and secure operations of NSX-T.

NSX Cloud

  • NSX Marketplace Appliance in Azure: Starting with NSX-T 3.1.1, you have the option to deploy the NSX management plane and control plane fully in Public Cloud (Azure only, for NSX-T 3.1.1. AWS will be supported in a future release). The NSX management/control plane components and NSX Cloud Public Cloud Gateway (PCG) are packaged as VHDs and made available in the Azure Marketplace. For a greenfield deployment in the public cloud, you also have the option to use a ‘one-click’ terraform script to perform the complete installation of NSX in Azure.
  • NSX Cloud Service Manager HA: In the event that you deploy NSX management/control plane in the public cloud, NSX Cloud Service Manager (CSM) also has HA. PCG is already deployed in Active-Standby mode thereby enabling HA.
  • NSX-Cloud for Horizon Cloud VDI enhancements: Starting with NSX-T 3.1.1, when using NSX Cloud to protect Horizon VDIs in Azure, you can install the NSX agent as part of the Horizon Agent installation in the VDIs. This feature also addresses one of the challenges with having multiple components ( VDIs, PCG, etc.) and their respective OS versions. Any version of the PCG can work with any version of the agent on the VM. In the event that there is an incompatibility, the incompatibility is displayed in the NSX Cloud Service Manager (CSM), leveraging the existing framework.

Operations

  • UI-based Upgrade Readiness Tool for migration from NVDS to VDS with NSX-T Data Center
    • To migrate Transport Nodes from NVDS to VDS with NSX-T, you can use the Upgrade Readiness Tool present in the Getting Started wizard in the NSX Manager user interface. Use the tool to get recommended VDS with NSX configurations, create or edit the recommended VDS with NSX, and then automatically migrate the switch from NVDS to VDS with NSX while upgrading the ESX hosts to vSphere Hypervisor (ESXi) 7.0 U2.

Licensing

  • Enable VDS in all vSphere Editions for NSX-T Data Center Users: Starting with NSX-T 3.1.1, you can utilize VDS in all versions of vSphere. You are entitled to use an equivalent number of CPU licenses to use VDS. This feature ensures that you can instantiate VDS.

Container Networking and Security

  • This release supports a maximum scale of 50 Clusters (ESXi clusters) per vCenter enabled with vLCM, on clusters enabled for vSphere with Tanzu as documented at configmax.vmware.com

Compatibility and System Requirements

For compatibility and system requirements information, see the NSX-T Data Center Installation Guide.

API Deprecations and Behavior Changes

Retention Period of Unassigned Tags: In NSX-T 3.0.x, NSX Tags with 0 Virtual Machines assigned are automatically deleted by the system after five days. In NSX-T 3.1.0, the system task has been modified to run on a daily basis, cleaning up unassigned tags that are older than one day. There is no manual way to force delete unassigned tags.

Duplicate certificate extensions not allowed: Starting with NSX-T 3.1.1, NSX-T will reject x509 certificates with duplicate extensions (or fields) following RFC guidelines and industry best practices for secure certificate management. Please note this will not impact certificates that are already in use prior to upgrading to 3.1.1. Otherwise, checks will be enforced when NSX administrators attempt to replace existing certificates or install new certificates after NSX-T 3.1.1 has been deployed.

API and CLI Resources

See code.vmware.com to use the NSX-T Data Center APIs or CLIs for automation.

Available Languages

NSX-T Data Center has been localized into multiple languages: English, German, French, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish. Because NSX-T Data Center localization utilizes the browser language settings, ensure that your settings match the desired language.

Related Posts:

VMware NSX-T Data Center Documentation:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html

Additional Resources:

The post What’s New in NSX-T 3.1.1 appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/whats-new-in-nsx-t-3-1-1/feed/ 0 2625
NSX-T Data Center 3.1 Release Notes http://virtualbrigade.com/nsx-t-data-center-3-1-release-notes/ http://virtualbrigade.com/nsx-t-data-center-3-1-release-notes/#respond Mon, 02 Nov 2020 15:25:26 +0000 http://virtualbrigade.com/?p=2617 NSX-T Data Center 3.1 provides a variety of new features to offer new functionalities for virtualized networking and security for private, public, and multi-clouds. Highlights include new features and enhancements in the following focus areas: Cloud-scale Networking: Federation enhancements, Enhanced Multicast capabilities. Move to Next Gen SDN: Simplified migration from NSX-V to NSX-T, Intrinsic Security: Distributed IPS, FQDN-based […]

The post NSX-T Data Center 3.1 Release Notes appeared first on Virtual Brigade.

]]>
NSX-T Data Center 3.1 provides a variety of new features to offer new functionalities for virtualized networking and security for private, public, and multi-clouds. Highlights include new features and enhancements in the following focus areas:

  • Cloud-scale Networking: Federation enhancements, Enhanced Multicast capabilities.
  • Move to Next Gen SDN: Simplified migration from NSX-V to NSX-T,
  • Intrinsic Security: Distributed IPS, FQDN-based Enhancements
  • Lifecycle and monitoring: NSX-T support with vSphere Lifecycle Manager (vLCM), simplified installation, enhanced monitoring, search and filtering.
  • Inclusive terminology: In NSX-T 3.1, as part of a company-wide effort to remove instances of non-inclusive language in our products, the NSX team has made changes to some of the terms used in the product UI and documentation. APIs, CLIs, and logs still use legacy terms.

In addition to these enhancements, many other capabilities are added in every part of the product. More details on NSX-T 3.1 new features and enhancements are available in the NSX-T Data Center 3.1.0 release.

Federation

  • Support for standby Global Manager Cluster
    • Global Manager can now have an active cluster and a standby cluster in another location. Latency between active and standby cluster must be a maximum of 150ms round-trip time.
  • With the support of Federation upgrade and Standby GM, Federation is now considered production ready.

​L2 Networking

Change the display name for TCP/IP stack: The netstack keys remain “vxlan” and “hyperbus” but the display name in the UI is now “nsx-overlay” and “nsx-hyperbus”.

  • The display name will change in both the list of Netstacks and list of VMKNICs
  • This change will be visible with vCenter 6.7

Improvements in L2 Bridge Monitoring and Troubleshooting

  • Consistent terminology across documentation, UI and CLI
  • Addition of new CLI commands to get summary and detailed information on L2 Bridge profiles and stats
  • Log messages to identify the bridge profile, the reason for the state change, as well as the logical switch(es) impacted

Support TEPs in different subnets to fully leverage different physical uplinks

A Transport Node can have multiple host switches attaching to several Overlay Transport Zones. However, the TEPs for all those host switches need to have an IP address in the same subnet. This restriction has been lifted to allow you to pin different host switches to different physical uplinks that belong to different L2 domains.

Improvements in IP Discovery and NS Groups: IP Discovery profiles can now be applied to NS Groups simplifying usage for Firewall Admins.

L3 Networking

Policy API enhancements

  • Ability to configure BFD peers on gateways and forwarding up timer per VRF through policy API.
  • Ability to retrieve the proxy ARP entries of gateway through policy API.

Multicast

NSX-T 3.1 is a major release for Multicast, which extends its feature set and confirms its status as enterprise ready for deployment.

  • Support for Multicast Replication on Tier-1 gateway. Allows to turn on multicast for a Tier-1 with Tier-1 Service Router (mandatory requirement) and have Multicast receivers and sources attached to it.
  • Support for IGMPv2 on all downlinks and uplinks from Tier-1
  • Support for PIM-SM on all uplinks (config max supported) between each Tier-0 and all TORs  (protection against TOR failure)
  • Ability to run Multicast in A/S and Unicast ECMP in A/A from Tier-1 → Tier-0 → TOR 
    • Please note that Unicast ECMP will not be supported from ESXi host → T1 when it is attached to a T1 which also has Multicast enabled.
  • Support for static RP programming and learning through BS & Support for Multiple Static RPs
  • Distributed Firewall support for Multicast Traffic
  • Improved Troubleshooting: This adds the ability to configure IGMP Local Groups on the uplinks so that the Edge can act as a receiver. This will greatly help in triaging multicast issues by being able to attract multicast traffic of a particular group to Edge.

Edge Platform and Services

  • Inter TEP communication within the same host: Edge TEP IP can be on the same subnet as the local hypervisor TEP.
  • Support for redeployment of Edge node: A defunct Edge node, VM or physical server, can be replaced with a new one without requiring it to be deleted.
  • NAT connection limit per Gateway: The maximum NAT sessions can be configured per Gateway.

Firewall

  • Improvements in FQDN-based Firewall: You can define FQDNs that can be applied to a Distributed Firewall. You can either add individual FQDNs or import a set of FQDNs from CSV files.

Firewall Usability Features

  • Firewall Export & Import: NSX now provides the option for you to export and import firewall rules and policies as CSVs.
  • Enhanced Search and Filtering: Improved search indexing and filtering options for firewall rules based on IP ranges.

Distributed Intrusion Detection/Prevention System (D-IDPS)

Distributed IPS

  • NSX-T will have a Distributed Intrusion Prevention System. You can block threats based on signatures configured for inspection.
  • Enhanced dashboard to provide details on threats detected and blocked.
  • IDS/IPS profile creation is enhanced with Attack Types, Attack Targets, and CVSS scores to create more targeted detection.

Load Balancing

  • HTTP server-side Keep-alive: An option to keep one-to-one mapping between the client side connection and the server side connection; the backend connection is kept until the frontend connection is closed.
  • HTTP cookie security compliance: Support for “httponly” and “secure” options for HTTP cookie.
  • A new diagnostic CLI command: The single command captures various troubleshooting outputs relevant to Load Balancer.

VPN

  • TCP MSS Clamping for L2 VPN: The TCP MSS Clamping feature allows L2 VPN session to pass traffic when there is MTU mismatch.

Automation, OpenStack and API

  • NSX-T Terraform Provider support for Federation: The NSX-T Terraform Provider extends its support to NSX-T Federation. This allows you to create complex logical configurations with networking, security (segment, gateways, firewall etc.) and services in an infra-as-code model. For more details, see the NSX-T Terraform Provider release notes.
  • Conversion to NSX-T Policy Neutron Plugin for OpenStack environment consuming Management API: Allows you to move an OpenStack with NSX-T environment from the Management API to the Policy API. This gives you the ability to move an environment deployed before NSX-T 2.5 to the latest NSX-T Neutron Plugin and take advantage of the latest platform features.
  •  Ability to change the order of NAT and FWLL on OpenStack Neutron Router: This gives you the choice in your deployment for the order of operation between NAT and FWLL. At the OpenStack Neutron Router level (mapped to a Tier-1 in NSX-T), the order of operation can be defined to be either NAT then firewall or firewall then NAT. This is a global setting for a given OpenStack Platform.
  • NSX Policy API Enhancements: Ability to filter and retrieve all objects within a subtree of the NSX Policy API hierarchy. In previous version filtering was done from the root of the tree policy/api/v1/infra?filter=Type-, this will allow you to retrieve all objects from sub-trees instead. For example, this allows a network admin to look at all Tier-0 configurations by simply /policy/api/v1/infra/tier-0s?filter=Type-  instead of specifying from the root all the Tier-0 related objects.

Operations

  • NSX-T support with vSphere Lifecycle Manager (vLCM): Starting with vSphere 7.0 Update 1, VMware NSX-T Data Center can be supported on a cluster that is managed with a single vSphere Lifecycle Manager (vLCM) image. As a result, NSX Manager can be used to install, upgrade, or remove NSX components on the ESXi hosts in a cluster that is managed with a single image.
    • Hosts can be added and removed from a cluster that is managed with a single vSphere Lifecycle Manager and enabled with VMware NSX-T Data Center.
    • Both VMware NSX-T Data Center and ESXi can be upgraded in a single vSphere Lifecycle Manager remediation task. The workflow is supported only if you upgrade from VMware NSX-T Data Center version 3.1.
    • Compliance can be checked, a remediation pre-check report can be generated, and a cluster can be remediated with a single vSphere Lifecycle Manager image and that is enabled with VMware NSX-T Data Center.
  • Simplification of host/cluster installation with NSX-T: Through the “Getting Started” button in the VMware NSX-T Data Center user interface, simply select the cluster of hosts that needs to be installed with NSX, and the UI will automatically prompt you with a network configuration that is recommended by NSX based on your underlying host configuration. This can be installed on the cluster of hosts thereby completing the entire installation in a single click after selecting the clusters. The recommended host network configuration will be shown in the wizard with a rich UI, and any changes to the desired network configuration before NSX installation will be dynamically updated so users can refer to it as needed.
  • Enhancements to in-place upgrades: Several enhancements have been made to the VMware NSX-T Data Center in-place host upgrade process, like increasing the max limit of virtual NICs supported per host, removing previous limitations, and reducing the downtime in data path during in-place upgrades. Refer to the VMware NSX-T Data Center Upgrade Guide for more details.
  • Reduction of VIB size in NSX-T: VMware NSX-T Data Center 3.1.0 has a smaller VIB footprint in all NSX host installations so that you are able to install ESX and other 3rd party VIBs along with NSX on their hypervisors.
  • Enhancements to Physical Server installation of NSX-T: To simplify the workflow of installing VMware NSX-T Data Center on Physical Servers, the entire end-to-end physical server installation process is now through the NSX Manager. The need for running Ansible scripts for configuring host network connectivity is no longer a requirement.
  • ERSPAN support on a dedicated network stack with ENS: ERSPAN can now be configured on a dedicated network stack i.e., vmk stack and supported with the enhanced NSX network switch i.e., ENS, thereby resulting in higher performance and throughput for ERSPAN Port Mirroring.
  • Singleton Manager with vSphere HA: NSX now supports the deployment of a single NSX Manager in production deployments. This can be used in conjunction with vSphere HA to recover a failed NSX Manager. Please note that the recovery time for a single NSX Manager using backup/restore or vSphere HA may be much longer than the availability provided by a cluster of NSX Managers.
  • Log consistency across NSX components: Consistent logging format and documentation across different components of NSX so that logs can be easily parsed for automation and you can efficiently consume the logs for monitoring and troubleshooting.
  • Support for Rich Common Filters: This is to support rich common filters for operations features like packet capture, port mirroring, IPFIX, and latency measurements for increasing the efficiency of customers while using these features. Currently, these features have either very simple filters which are not always helpful, or no filters leading to inconvenience.
  • CLI Enhancements: Several CLI related enhancements have been made in this release:
    • CLI “get” commands will be accompanied with timestamps now to help with debugging
    • GET / SET / RESET the Virtual IP (VIP) of the NSX Management cluster through CLI
    • While debugging through the central CLI, run ping commands directly on the local machines eliminating extra steps needed to log in to the machine and do the same
    • View the list of core on any NSX component through CLI
    • Use the “*” operator now in CLI
    • Commands for debugging L2Bridge through CLI have also been introduced in this release
  • Distributed Load Balancer Traceflow: Traceflow now supports Distributed Load Balancer for troubleshooting communication failures from endpoints deployed in vSphere with Tanzu to a service endpoint via the Distributed Load Balancer.

Monitoring

  • Events and Alarms
    • Capacity Dashboard: Maximum Capacity, Maximum Capacity Threshold, Minimum Capacity Threshold
    • Edge Health: Standby move to different edge node, Datapath thread deadlocked, NSXT Edge core file has been generated, Logical Router failover event, Edge process failed, Storage Latency High, Storage Error
    • ISD/IPS: NSX-IDPS Engine Up/Down, NSX-IDPS Engine CPU Usage exceeded 75%, NSX-IDPS Engine CPU Usage exceeded 85%, NSX-IDPS Engine CPU Usage exceeded 95%, Max events reached, NSX-IDPS Engine Memory Usage exceeded 75%,
      NSX-IDPS Engine MemoryUsage exceeded 85%, NSX-IDPS Engine MemoryUsage exceeded 95%
    • IDFW: Connectivity to AD server, Errors during Delta Sync
    • Federation: GM to GM Split Brain
    • Communication: Control Channel to Transport Node Down, Control Channel to Transport Node Down for too Long, Control Channel to Manager Node Down, Control Channel to Manager Node Down for too Long, Management Channel to Transport Node Down, Management Channel to Transport Node Down for too Long, Manager FQDN Lookup Failure, Manager FQDN Reverse Lookup Failure
  • ERSPAN for ENS fast path: Support port mirroring for ENS fast path.
  • System Health Plugin Enhancements: System Health plugin enhancements and status monitoring of processes running on different nodes to ensure that system is running properly by on-time detection of errors.
  • Live Traffic Analysis & Tracing: A live traffic analysis tool to support bi-directional traceflow between on-prem and VMC data centers.
  • Latency Statistics and Measurement for UA Nodes: Latency measurements between NSX Manager nodes per NSX Manager cluster and between NSX Manager clusters across different sites.
  • Performance Characterization for Network Monitoring using Service Insertion: To provide performance metrics for network monitoring using Service Insertion.

Usability and User Interface

  • Graphical Visualization of VPN: The Network Topology map now visualizes the VPN tunnels and sessions that are configured. This aids you to quickly visualize and troubleshoot VPN configuration and settings.
  • Dark Mode: NSX UI now supports dark mode. You can toggle between light and dark mode.
  • Firewall Export & Import: NSX now provides the option for you to export and import firewall rules and policies as CSVs.
  • Enhanced Search and Filtering: Improved the search indexing and filtering options for firewall rules based on IP ranges.
  • Reducing Number of Clicks: With this UI enhancement, NSX-T now offers a convenient and easy way to edit Network objects.

Licensing

  • Multiple license keys: NSX now has the ability to accept multiple license keys of same edition and metric. This functionality allows you to maintain all your license keys without having to combine your license keys.
  • License Enforcement: NSX-T now ensures that users are license-compliant by restricting access to features based on license edition. New users will be able to access only those features that are available in the edition that they have purchased. Existing users who have used features that are not in their license edition will be restricted to only viewing the objects; create and edit will be disallowed.
  • New VMware NSX Data Center Licenses: Adds support for new VMware NSX Firewall and NSX Firewall with Advanced Threat Prevention license introduced in October 2020, and continues to support NSX Data Center licenses (Standard, Professional, Advanced, Enterprise Plus, Remote Office Branch Office) introduced in June 2018, and previous VMware NSX for vSphere license keys. See VMware knowledge base article 52462 for more information about NSX licenses.

AAA and Platform Security

  • Security Enhancements for Use of Certificates And Key Store Management: With this architectural enhancement, NSX-T offers a convenient and secure way to store and manage a multitude of certificates that are essential for platform operations and be in compliance with industry and government guidelines. This enhancement also simplifies API use to install and manage certificates.
  • Alerts for Audit Log Failures: Audit logs play a critical role in managing cybersecurity risks within an organization and are often the basis of forensic analysis, security analysis and criminal prosecution, in addition to aiding with diagnosis of system performance issues. Complying with NIST-800-53 and industry-benchmark compliance directives, NSX offers alert notification via alarms in the event of failure to generate or process audit data.
  • Custom Role Based Access Control: Users desire the ability to configure roles and permissions that are customized to their specific operating environment. The custom RBAC feature allows granular feature-based privilege customization capabilities enabling NSX customers the flexibility to enforce authorization based on least privilege principles. This will benefit users in fulfilling specific operational requirements or meeting compliance guidelines. Please note in NSX-T 3.1, only policy based features are available for role customization.
  • FIPS – Interoperability with vSphere 7.x: Cryptographic modules in use with NSX-T are FIPS 140-2 validated since NSX-T 2.5. This change extends formal certification to incorporate module upgrades and interoperability with vSphere 7.0.

NSX Data Center for vSphere to NSX-T Data Center Migration

  • Migration of NSX for vSphere Environment with vRealize Automation: The Migration Coordinator now interacts with vRealize Automation (vRA) in order to migrate environments where vRealize Automation provides automation capabilities. This will offer a first set of topologies which can be migrated in an environment with vRealize Automation and NSX-T Data Center. Note: This will require support on vRealize Automation.
  • Modular Distributed Firewall Config Migration: The Migration Coordinator is now able to migrate firewall configurations and state from a NSX Data Center for vSphere environment to NSX-T Data Center environment. This functionality allows a customer to do migrate virtual machines (using vMotion) from one environment to the other and keep their firewall rules and state.
  • Migration of Multiple VTEP: The NSX Migration Coordinator now has the ability to migrate environments deployed with multiple VTEPs.
  • Increase Scale in Migration Coordinator to 256 Hosts: The Migration Coordinator can now migrate up to 256 hypervisor hosts from NSX Data Center for vSphere to NSX-T Data Center.
  • Migration Coordinator coverage of Service Insertion and Guest Introspection: The Migration Coordinator can migrate environments with Service Insertion and Guest Introspection. This will allow partners to offer a solution for migration integrated with complete migrator workflow.

Compatibility and System Requirements

For compatibility and system requirements information, see the NSX-T Data Center Installation Guide.

API Deprecations and Behavior Changes

Retention Period of Unassigned Tags: In NSX-T 3.0.x, NSX Tags with 0 Virtual Machines assigned are automatically deleted by the system after five days. In NSX-T 3.1.0, the system task has been modified to run on a daily basis, cleaning up unassigned tags that are older than one day. There is no manual way to force delete unassigned tags.

API and CLI Resources

See code.vmware.com to use the NSX-T Data Center APIs or CLIs for automation.

The API documentation is available from the API Reference tab. The CLI documentation is available from the Documentation tab.

Available Languages

NSX-T Data Center has been localized into multiple languages: English, German, French, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish. Because NSX-T Data Center localization utilizes the browser language settings, ensure that your settings match the desired language.

  • VMware NSX-T Data Center Release notes:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/rn/VMware-NSX-T-Data-Center-31-Release-Notes.html

  • VMware NSX-T Data Center Installation Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/installation/GUID-3E0C4CEC-D593-4395-84C4-150CD6285963.html

  • VMware NSX-T Data Center Administration Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-FBFD577B-745C-4658-B713-A3016D18CB9A.html

  • NSX-T Posts on this blog:

http://virtualbrigade.com/category/nsx-t/

The post NSX-T Data Center 3.1 Release Notes appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/nsx-t-data-center-3-1-release-notes/feed/ 0 2617
VMware NSX-T Data Center 3.0 ICM Course http://virtualbrigade.com/vmware-nsx-t-data-center-3-0-icm-course/ http://virtualbrigade.com/vmware-nsx-t-data-center-3-0-icm-course/#respond Tue, 07 Jul 2020 15:18:12 +0000 http://virtualbrigade.com/?p=2611 This five-day, fast-paced course provides comprehensive training on how to install, configure, and manage a VMwareNSX-T™ Data Center environment. This course covers key NSX-T Data Center features and functionality offered in the NSX-T Data Center 3.0 release, including the overall infrastructure, logical switching, logical routing, networking and security services, micro-segmentation and firewalls, and more. Access […]

The post VMware NSX-T Data Center 3.0 ICM Course appeared first on Virtual Brigade.

]]>

This five-day, fast-paced course provides comprehensive training on how to install, configure, and manage a VMwareNSX-T™ Data Center environment. This course covers key NSX-T Data Center features and functionality offered in the NSX-T Data Center 3.0 release, including the overall infrastructure, logical switching, logical routing, networking and security services, micro-segmentation and firewalls, and more. Access to a software-defined data center environment is provided through hands-on labs to reinforce the skills and concepts presented in the course.

Learning Objectives

By the end of the course, you should be able to meet the following objectives:

  • Describe VMware Virtual Cloud Network and the NSX-T Data Center architecture
  • Describe the NSX-T Data Center components and main functions
  • Explain the NSX-T Data Center key features and benefits
  • Deploy and configure NSX-T Data Center infrastructure
  • Configure layer 2 logical switching and bridging
  • Explain the tiered routing architecture and configure gateways
  • Configure advanced services such as VPN and load balancing
  • Describe the NSX-T Data Center security model with micro-segmentation
  • Configure Distributed Firewall and Gateway Firewall to protect east-west and north-south traffic
  • Explain advanced security enforcement with URL analysis, partner service insertion
  • Integrate VMware Identity ManagerTM with NSX-T Data Center and configure role-based access control
  • Describe NSX-T Data Center Federation use-cases and architecture for switching, routing, and security.

VMware NSX-T Data Center 3.0 ICM Course Registration:

https://mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=one&id_subject=92720

VMware NSX-T Data Center 3.0 ICM Course – On Demand Registraiton

https://mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=one&id_subject=93974

  • VMware NSX-T Data Center Release notes:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/rn/VMware-NSX-T-Data-Center-30-Release-Notes.html

  • VMware NSX-T Data Center Installation Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-3E0C4CEC-D593-4395-84C4-150CD6285963.html

  • VMware NSX-T Data Center Administration Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-FBFD577B-745C-4658-B713-A3016D18CB9A.html

  • NSX-T Data Center Upgrade Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/upgrade/GUID-E04242D7-EF09-4601-8906-3FA77FBB06BD.html

  • NSX-T Posts on this blog:

http://virtualbrigade.com/category/nsx-t/

The post VMware NSX-T Data Center 3.0 ICM Course appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/vmware-nsx-t-data-center-3-0-icm-course/feed/ 0 2611
NSX-T Data Center 3.0 Release Announcement http://virtualbrigade.com/nsx-t-data-center-3-0-release-announcement/ http://virtualbrigade.com/nsx-t-data-center-3-0-release-announcement/#respond Thu, 09 Apr 2020 14:54:46 +0000 http://virtualbrigade.com/?p=2605 NSX-T Data Center 3.0 includes a variety of new features to provide new functionality for virtualized networking and security for private, public, and multi-clouds. NSX-T Data Center 3.0 new features: NSX Federation Distributed IDS, Micro-Segmentation for Windows Physical Servers, Time-based Firewall Rules, NSX-T for vSphere with Kubernetes, container networking and security enhancements L3 EVPN for […]

The post NSX-T Data Center 3.0 Release Announcement appeared first on Virtual Brigade.

]]>
NSX-T Data Center 3.0 includes a variety of new features to provide new functionality for virtualized networking and security for private, public, and multi-clouds.

NSX-T Data Center 3.0 new features:

  • NSX Federation
  • Distributed IDS,
  • Micro-Segmentation for Windows
  • Physical Servers,
  • Time-based Firewall Rules,
  • NSX-T for vSphere with Kubernetes,
  • container networking and security enhancements
  • L3 EVPN for VM mobility,
  • NAT64,
  • IPv6 support for containers,
  • E-W service chaining for NFV workloads

NSX-T Data Center 3.0 Enhancements and features:

  • NSX-T support on VDS 7.0

    • NSX-T now has the capability to run on the vSphere VDS switch version 7.0. It is recommended that new deployments of NSX and vSphere take advantage of this close integration and start to move toward the use of NSX-T on VDS. The N-VDS NSX-T host switch will be deprecated in a future release. Going forward, the plan is to converge NSX-T and ESXi host switches. The N-VDS remains the switch on the KVM, NSX-T Edge Nodes, native public cloud NSX agents and for bare metal workloads.
  • RHEL support:

    • We add RHEL 7.6 and RHEL 7.7 to the list of supported operating systems for NSX. This applies to KVM and Bare Metal workloads.
  • Edge Bridge:

    • Segments that have been configured for Guest VLAN tagging can now be extended to VLAN through an edge bridge.
  • MAC Limit per VNI:

    •  The default value of default MAC limit per Logical switch is 2,048 in ESXi dataplane. NSX now provides the ability to change the MAC limit per logical switch from the default value to match customer requirements.
  • Support for Windows 2016 Bare Metal Server
  • Federation

    • NSX-T 3.0 introduces the ability to federate multiple on-premises data centers through a single pane of glass, called Global Manager (GM). GM provides a graphical user interface and an intent-based REST API endpoint. Through the GM, you can configure consistent security policies across multiple locations and stretched networking objects: Tier0 and Tier1 gateways and segments.

  • Edge Platform

    • New Edge VM XLarge form factor provides more scale for advanced services and better throughput.
  • L3 Networking

    • Change of Tier0 Gateway HA mode through UI/API offers the option to change Tier-0 gateway High Availability mode from Active/Active to Active/Standby and vice versa through UI and API.

    • VRF Lite support provides multi-tenant data plane isolation through Virtual Routing Forwarding (VRF) in Tier-0 gateway. VRF has its own isolated routing table, uplinks, NAT and gateway firewall services.
    • L3 EVPN support provides a northbound connectivity option to advertise all VRFs on a Tier-0 gateway through MP-BGP EVPN AFI (Route Type 5) to a Provider Edge and maintain the isolation on the dataplane with VXLAN encapsulation by using one VNI per VRF.
    • Rate-limit support on Tier-1 gateways provides the ability to rate-limit all the traffic going egress and ingress of the Tier1 gateway uplink.
    • Metadata Proxy support in policy and UI enhances the intent-based API and policy UI to configure Metadata Proxy.
    • DHCP server policy and UI enhances the intent-based API and policy UI to configure a DHCP server locally to a segment.
    • Policy API for L3 enhances the intent-based API and policy UI to retrieve runtime information on the gateways.
  • NAT64 offers a transition mechanism from IPv4 to IPv6. It provides stateful Network Address Translation from IPv6 to IPv4 following standard RFC 6146.

 

  • VMware NSX-T Data Center 3.0 Download:

https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=NSX-T-300&productId=982&rPId=56487

  • VMware NSX-T Data Center Release notes:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/rn/VMware-NSX-T-Data-Center-30-Release-Notes.html

  • VMware NSX-T Data Center Installation Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/installation/GUID-3E0C4CEC-D593-4395-84C4-150CD6285963.html

  • VMware NSX-T Data Center Administration Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-FBFD577B-745C-4658-B713-A3016D18CB9A.html

  • NSX-T Data Center Upgrade Guide:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/upgrade/GUID-E04242D7-EF09-4601-8906-3FA77FBB06BD.html

  • NSX-T Posts on this blog:

http://virtualbrigade.com/category/nsx-t/

The post NSX-T Data Center 3.0 Release Announcement appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/nsx-t-data-center-3-0-release-announcement/feed/ 0 2605
NSX-T agents on Transport Node http://virtualbrigade.com/nsx-t-agents-on-transport-node/ http://virtualbrigade.com/nsx-t-agents-on-transport-node/#respond Tue, 13 Aug 2019 21:24:03 +0000 http://virtualbrigade.com/?p=2578 One of the frequently asked questions in an NSX-T class is that what is the functionality of the NSX-T agents on Transport nodes. When the hypervisor hosts are configured as Transport Nodes, the following list of NSX-T agents are installed on Hypervisor hosts and NSX Edge nodes. Each NSX-T agent performs a specific functionality on […]

The post NSX-T agents on Transport Node appeared first on Virtual Brigade.

]]>
One of the frequently asked questions in an NSX-T class is that what is the functionality of the NSX-T agents on Transport nodes. When the hypervisor hosts are configured as Transport Nodes, the following list of NSX-T agents are installed on Hypervisor hosts and NSX Edge nodes. Each NSX-T agent performs a specific functionality on Hypervisor hosts and NSX Edges. The following table lists those NSX-T Agents and the role of each agent on the Transport Nodes. You will find these services/Agents in the /etc/init.d/ the directory in the root privileged mode.

NSX-T Agents:

Name ESXi, KVM and NSX Edge Role of the Agents
nsx-mpa ALL Management Plane Agent (MPA) is a Rabbit MQ broker, communicates with the NSX Manager
nsx-netcpa ALL The Local Control Plane agent, and is the only agent talking with Central Control Plane (CCP)
nsx-nestdb ALL The local database used for persisting NSX data on Transport Nodes.
nsx-nsxa ALL nsxa performs the host switch related operations on ESXi, KVM and NSX Edge Nodes.
nsx-sfhc ALL Works as an installation agent for NSX deployment with communication to MP.
nsx-da ALL Inventory discovery agent.
nsx-lldp ALL LLDP agent for configuring and extracting LLDP related data.
nsx-support_bundle_client ALL Support bundle collector on transport nodes
nsx-platform-client ALL Central CLI agent.
nsx-hyperbus HV Container agent, which provides a channel between host and container VM.

I hope this is informative for you and thank you for reading.

Related Posts:

VMware NSX-T Data Center Documentation:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html

Additional Resources:

The post NSX-T agents on Transport Node appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/nsx-t-agents-on-transport-node/feed/ 0 2578
DHCP Server Configuration in NSX-T 2.4 http://virtualbrigade.com/dhcp-server-configuration-in-nsx-t-2-4/ http://virtualbrigade.com/dhcp-server-configuration-in-nsx-t-2-4/#respond Mon, 17 Jun 2019 11:11:24 +0000 http://virtualbrigade.com/?p=2562 DHCP Server (Dynamic Host Configuration Protocol Server) allows clients to automatically obtain network configuration, such as IP address, subnet mask, default gateway, and DNS configuration, from a DHCP server. You can create DHCP servers to handle DHCP requests. Create a DHCP Server Navigate to Networking > IP Address Management > DHCP Click Add Select DHCP […]

The post DHCP Server Configuration in NSX-T 2.4 appeared first on Virtual Brigade.

]]>
DHCP Server (Dynamic Host Configuration Protocol Server) allows clients to automatically obtain network configuration, such as IP address, subnet mask, default gateway, and DNS configuration, from a DHCP server. You can create DHCP servers to handle DHCP requests.

Create a DHCP Server

  1. Navigate to Networking > IP Address Management > DHCP
  2. Click Add
  3. Select DHCP Server as the Server Type
  4. Enter a Server Name
  5. Enter a Server IP Address in CIDR format
    1. This step will create a logical switch and connect the DHCP server to it.
    2. This interface will appear on the Tier1 LR as a connected interface, so make sure you choose a non-overlapping subnet for the Tier1 gateway you want to assign the DHCP server to. I use a /30 for this purpose.
    3. The subnet range used here does NOT get advertised to the connected Tier-0 gateway, but DOES appear in the Tier-1 Gateways forwarding table
  6. Select an edge cluster to run the DHCP server on
  7. Click Save

Assign DHCP Server to Tier-1/Tier-0 Gateway

  1. Navigate to Networking > Tier-1/Tier-0 Gateways
  2. Edit an existing Tier-1/Tier-0 Gateway
  3. Select the No IP Allocation hyperlink next to IP Address Management
  4. Select DHCP Local Server from the Type dropdown list
  5. Use the DHCP Server dropdown to select the appropriate DHCP Server
  6. Click Save
  7. Click Save

Configure DHCP Address Allocation on a segment

  1. Navigate to Networking > Segments
  2. Add/Edit a Segment
  3. Ensure that the Segment is associated with a Tier0/Tier-1 gateway
  4. Select Set Subnets if no subnet allocation exist on the subnet
  5. Select the numbered hyperlink under the Subnets if there are existing Subnets configured on the Segment
  6. Add/Edit Subnet
  7. Enter the appropriate DHCP Ranges and click Add
  8. Click Apply
  9. Click Save

 

Related Posts:

VMware NSX-T Data Center Documentation:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html

Additional Resources:

The post DHCP Server Configuration in NSX-T 2.4 appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/dhcp-server-configuration-in-nsx-t-2-4/feed/ 0 2562
“VMware Identity Manager” is not accessible. http://virtualbrigade.com/vmware-identity-manager-is-not-accessible/ http://virtualbrigade.com/vmware-identity-manager-is-not-accessible/#comments Wed, 27 Mar 2019 00:28:11 +0000 http://virtualbrigade.com/?p=2522 The “VMware Identity Manager” is not accessible.” error is shown on the screen when an administrator tries to login to the NSX Manager 2.4 UI. The actual issue is that the NSX Manager was Integrated with the VMware Identity Manager and was currently disabled on the NSX Manager node. The NSX Manager UI shows the […]

The post “VMware Identity Manager” is not accessible. appeared first on Virtual Brigade.

]]>
The “VMware Identity Manager” is not accessible.” error is shown on the screen when an administrator tries to login to the NSX Manager 2.4 UI. The actual issue is that the NSX Manager was Integrated with the VMware Identity Manager and was currently disabled on the NSX Manager node. The NSX Manager UI shows the following error message when tried to login to NSX Manager UI.

What is VMware Identity Manager?

NSX-T integrates with VMware Identity Manager (vIDM) to get the following benefits related to user authentication:

  • Support for extensive AAA Systems, including
    • AD-based LDAP, OpenLDAP
    • RADIUS
    • SmartCards / Common Access Cards
    • RSA Secure ID
  • Enterprise Single Sign-On
    • Common authentication platform across multiple VMware solutions
    • Seamless single sign-on experience

 Error:

“VMware Identity Manager” is not accessible. Only “Node-Local User” accounts can log in”

VIDM is not accessible

VIDM is not accessible

How to fix the “VMware Identity Manager” is not accessible. error?

  • Log in to the NSX Manager CLI with admin credentials and run the following command
nsx-manager-01> clear auth-policy vidm enabled
  •  Use the following URL to login to the NSX Manager with the local User Credentials: (Add ?local=true at the end of NSX Manager login URL)

Example: https://<NSX-MANAGER-FQDN>/login.jsp?local=true

VIDM Integration Status:

To check the VIDM Integration status:

  • From the NSX Manager UI, Click System > Users > Click Configuration tab

As you can see from the following screenshot, the VMware Identitiy Manager Integration is Disabled.

VIDM Status Disabled on NSX Manager

VIDM Status Disabled on NSX Manager

Steps to configure VIDM with NSX-T:

https://blogs.vmware.com/networkvirtualization/2017/11/remote-user-authentication-and-rbac-with-nsx-t.html/

Related Posts:

The post “VMware Identity Manager” is not accessible. appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/vmware-identity-manager-is-not-accessible/feed/ 1 2522
VMware NSX-T Versions and Documentation http://virtualbrigade.com/vmware-nsx-t-versions-and-documentation/ http://virtualbrigade.com/vmware-nsx-t-versions-and-documentation/#respond Thu, 21 Mar 2019 21:45:31 +0000 http://virtualbrigade.com/?p=2464 NSX-T Data Center is focused on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks. NSX-T Data Center supports cloud-native applications, bare metal workloads, multi-hypervisor environments, public clouds, and multiple clouds. NSX-T Data Center is designed for management, operations, and consumption by development […]

The post VMware NSX-T Versions and Documentation appeared first on Virtual Brigade.

]]>
VMware NSX-T Data Center

VMware NSX-T Data Center

NSX-T Data Center is focused on providing networking, security, automation, and operational simplicity for emerging application frameworks and architectures that have heterogeneous endpoint environments and technology stacks. NSX-T Data Center supports cloud-native applications, bare metal workloads, multi-hypervisor environments, public clouds, and multiple clouds.

NSX-T Data Center is designed for management, operations, and consumption by development organizations. NSX-T Data Center allows IT and development teams to select the technologies best suited for their applications.

VMware NSX-T is now known as NSX-T Data Center.

VMware NSX-T Data Center Versions:

NSX-T Versions Release Date Build Version
VMware NSX-T Data Center 2.4 28-Feb-19 12456646
VMware NSX-T Data Center 2.3 18-Sep-18 10085361
VMware NSX-T 2.2 5-Jun-18 8680772
VMware NSX-T 2.1.0.1 8-Feb-18 7725122
VMware NSX-T 2.1 21-Dec-17 7395507
VMware NSX-T 2.0 7-Sep-17 6522025
VMware NSX-T 1.1 2-Feb-17 4789008

VMware NSX-T Release Notes:

NSX-T Versions Release Notes
VMware NSX-T Data Center 2.4 https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4.0/rn/VMware-NSX-T-Data-Center-240-Release-Notes.html
VMware NSX-T Data Center 2.3 https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.3/rn/VMware-NSX-T-Data-Center-23-Release-Notes.html
VMware NSX-T 2.2 https://docs.vmware.com/en/VMware-NSX-T/2.2/rn/VMware-NSX-T-22-Release-Notes.html
VMware NSX-T 2.1.0.1 https://docs.vmware.com/en/VMware-NSX-T/2.1/rn/VMware-NSX-T-21-Release-Notes.html
VMware NSX-T 2.1 https://docs.vmware.com/en/VMware-NSX-T/2.1/rn/VMware-NSX-T-21-Release-Notes.html
VMware NSX-T 2.0 https://docs.vmware.com/en/VMware-NSX-T/2.0/rn/VMware-NSX-T-20-Release-Notes.html
VMware NSX-T 1.1 https://docs.vmware.com/en/VMware-NSX-T/1.1/rn/nsxt-11-release-notes.html

VMware NSX-T Download Links:

NSX-T Versions Download
VMware NSX-T Data Center 2.4 https://my.vmware.com/web/vmware/details?downloadGroup=NSX-T-240&productId=673&rPId=30713
VMware NSX-T Data Center 2.3 https://my.vmware.com/web/vmware/details?productId=673&rPId=30713&downloadGroup=NSX-T-230
VMware NSX-T 2.2 https://my.vmware.com/web/vmware/details?productId=673&rPId=30713&downloadGroup=NSX-T-220
VMware NSX-T 2.1.0.1 https://my.vmware.com/web/vmware/details?productId=673&rPId=30713&downloadGroup=NSX-T-210
VMware NSX-T 2.1 https://my.vmware.com/web/vmware/details?productId=673&rPId=30713&downloadGroup=NSX-T-210
VMware NSX-T 2.0 https://my.vmware.com/web/vmware/details?productId=673&rPId=30713&downloadGroup=NSX-T-200
VMware NSX-T 1.1 Not available as of 12th March 2019

VMware NSX-T Data Center Documentation:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/index.html

Additional Resources:

Related Posts:

The post VMware NSX-T Versions and Documentation appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/vmware-nsx-t-versions-and-documentation/feed/ 0 2464
Upgrade Coordinator in NSX-T http://virtualbrigade.com/upgrade-coordinator-in-nsx-t/ http://virtualbrigade.com/upgrade-coordinator-in-nsx-t/#respond Thu, 21 Mar 2019 21:25:41 +0000 http://virtualbrigade.com/?p=2475 Upgrade Coordinator in NSX-T Upgrade Coordinator is a service that runs on the NSX Manager node, which facilitates the upgrade of the NSX-T infrastructure. Upgrade Coordinator first introduced in NSX-T 1.1 and was later added to support NSX for vSphere upgrades in NSXv 6.4. The Upgrade coordinator is a self-contained Web application that orchestrates the […]

The post Upgrade Coordinator in NSX-T appeared first on Virtual Brigade.

]]>
Upgrade Coordinator in NSX-T

Upgrade Coordinator is a service that runs on the NSX Manager node, which facilitates the upgrade of the NSX-T infrastructure. Upgrade Coordinator first introduced in NSX-T 1.1 and was later added to support NSX for vSphere upgrades in NSXv 6.4. The Upgrade coordinator is a self-contained Web application that orchestrates the upgrade process of hosts, NSX Edge cluster, NSX Controller cluster, and Management plane.

Upgrade Coordinator Benefits:

  • Facilitates the upgrade of the NSX-T infrastructure
  • Provides the ability to plan and execute the hosts upgrade, you can select number of hosts in a vSphere cluster if vCenter is added as a Compute Manager
  • It works with DRS to migrate the VMs and put the ESXi hosts into maintenance mode
  • Helps you to minimize the downtime in upgrading the NSX-T environment
  • The upgrade coordinator guides you through the proper upgrade sequence.
  • You can track the upgrade process in real time and if required you can pause and resume the upgrade process from the user interface.
  • Automatically roll back the Controller and Management clusters if the upgrade is failed.

NSX-T Upgrade Checklist:

  1. Review the release notes before the upgrade.
  2. Evaluate the operational impact of the upgrade.
  3. Verify that all the NSX-T Components are in healthy state (Manager, Controller, ESXi/KVM Transport Nodes and NSX Edge Nodes).
  4. Download the latest NSX-T upgrade bundle.
  5. Upload upgrade bundle to NSX Manager.
  6. Configure the upgrade-coordinator service.
  7. Upgrade ESXi/KVM hosts.
  8. Upgrade NSX Edge clusters.
  9. Upgrade NSX Controller cluster.
  10. Upgrade Management cluster.
  11. Perform post-upgrade tasks.
  12. Troubleshoot upgrade errors.

Reference: https://docs.vmware.com/en/VMware-NSX-T/2.2/nsxt_22_upgrade.pdf

Related Posts:

The post Upgrade Coordinator in NSX-T appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/upgrade-coordinator-in-nsx-t/feed/ 0 2475
NSX Container Plugin (NCP) 2.4.0 http://virtualbrigade.com/nsx-container-plugin-ncp-2-4-0/ http://virtualbrigade.com/nsx-container-plugin-ncp-2-4-0/#respond Sun, 10 Mar 2019 20:36:13 +0000 http://virtualbrigade.com/?p=2452 NSX Container Plugin (NCP) provides integration between NSX-T Data Center and container orchestrators such as Kubernetes, as well as integration between NSX-T Data Center and container-based PaaS (platform as a service) products such as OpenShift and Pivotal Cloud Foundry. The main component of NCP runs in a container and communicates with NSX Manager and with […]

The post NSX Container Plugin (NCP) 2.4.0 appeared first on Virtual Brigade.

]]>
Image result for VMware nsx-tNSX Container Plugin (NCP) provides integration between NSX-T Data Center and container orchestrators such as Kubernetes, as well as integration between NSX-T Data Center and container-based PaaS (platform as a service) products such as OpenShift and Pivotal Cloud Foundry.

The main component of NCP runs in a container and communicates with NSX Manager and with the Kubernetes control plane. NCP monitors changes to containers and other resources and manages networking resources such as logical ports, switches, routers, and security groups for the containers by calling the NSX API.

The NSX CNI plug-in runs on each Kubernetes node. It monitors container life cycle events, connects a container interface to the guest vSwitch, and programs the guest vSwitch to tag and forward container traffic between the container interfaces and the VNIC.

NSX Container Plugin (NCP) functionalities:

  • Automatically creates an NSX-T logical topology for a Kubernetes cluster, and creates a separate logical network for each Kubernetes namespace.

  • Connects Kubernetes pods to the logical network, and allocates IP and MAC addresses.

  • Supports network address translation (NAT) and allocates a separate SNAT IP for each Kubernetes namespace.

What’s New in NSX Container Plugin (NCP) 2.4?

  • NCP Deployment support for Kubernetes.
  • NCP HA for Kubernetes
  • Error handling mechanism for NCP (Expose NSX backend failure to PaaS cluster)
  • Support loadBalancerIP for service type LB
  • Ability to specify ClientIP session affinity per LB type service
  • NCP will exit if if fails to connect to PCF or Kubernetes server
  • Make the foundation name optional for PAS
  • Package ovs rpm for RHEL7.6
  • SSL passthrough for OpenShift route
  • Named port support for Kubernetes svc and ingress
  • 6 container host for Openshift
  • CentOS 7.6 container host for Kubernetes
  • RHEL 7.6 Tranport Node for BMC

NSX Container Plug-in (NCP) 2.4 Release Notes:

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/rn/NSX-Container-Plugin-Release-Notes.html

NSX Container Plug-in for Kubernetes and Cloud Foundry – Installation and Administration Guide

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/com.vmware.nsxt.ncp_kubernetes.doc/GUID-FB641321-319D-41DC-9D16-37D6BA0BC0DE.html

NSX Container Plug-in for OpenShift – Installation and Administration Guide

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/com.vmware.nsxt.ncp_openshift.doc/GUID-1D75FE92-051C-4E30-8903-AF832E854AA7.html

NSX-T Documentation Links:

https://virtualbrigade.com/nsx-t-documentation/

The post NSX Container Plugin (NCP) 2.4.0 appeared first on Virtual Brigade.

]]>
http://virtualbrigade.com/nsx-container-plugin-ncp-2-4-0/feed/ 0 2452