VMware overhauls NSX software to manage, secure larger virtual networks

VMware NSX-T 3.0 includes improved baked-in security and network control functions.

virtual data center servers
Vladimir Timofeev / Getty Images

VMware has pumped out a key version of its core networking software with over 100 new features and added security and application-management support all designed to help customers build and run large scale virtual networks.

These enhancements are part of NSX-T30, the latest version of VMware's flagship networking package that supports everything from private or public cloud-native applications to bare-metal workloads  running on multivendor hypervisors. It also supports network-virtualization stacks in Amazon Web Services, Microsoft Azure Google Cloud, IBM Cloud as well as leading Kubernetes container technologies.

NSX-T is the underpinning for VMware’s software-defined Virtual Cloud Networking architecture that defines how enterprises can build and control network connectivity and security from the data center across the WAN to multi-cloud environments.

Tom Gillis senior vice president and general manager of VMware’s networking and security business said Virtual Cloud Network customers now exceed 15,000, including 89 of the Fortune 100 and eight of the top 10 telcos, and has grown on average 50% each fiscal year since its introduction in May of 2018.

“The driving idea enabled through NSX and the Virtual Cloud Network is to let customers have a public cloud experience and efficiencies, on-premise, removing the inefficient IT ticket requests and long waits for networking and security changes,” Gillis said.  “Our data shows customers can experience as much as a 59% reduction in capital expenditures and 55% reduction in operational expenditures over traditional networking solutions with VCN.”

Analysts said VMware has number of goals with VCN and NSX.

“From a customer perspective, they’re seeing that VMware is evolving and extending its Virtual Cloud Network portfolio in an attempt to the meet the changing needs of the distributed applications and workloads that are increasingly critical to business outcomes and success. The network must be intelligently automated, serve traditional and modern applications, and support a mix of underlying infrastructure (VMs, bare metal, containers)," said Brad Casemore, IDC research vice president, data center networks. 

“VMware’s goal is to make NSX invaluable to the VMware installed base as those customers modernize their on-premises data-center network infrastructure and similarly seek to provide consistent network and security polices for modern applications running in public clouds," Casemore said. "As the data center becomes distributed in a multicloud world, the data-center network must become a multicloud data-center network. On the VeloCloud [VMware’s SD-WAN offering] side, the focus is on modernizing the WAN to accommodate delivery of these applications to the branch.”

One new feature of NSX is the ability to control and synchronize multiple virtual networks as a single entity. Called NSX Federation, the feature lets customers set network configuration, management and policy setting across large environments. 

NSX Federation would let customers generate “fault tolerant zones” where they could contain network problems in a single zone, minimizing problems and preventing them from spreading, VMware stated. 

Another feature has security policies attach to and move with workloads, ensuring that policy compliance is maintained during workload failover or migration between locations, wrote VMware’s Umesh Mahajan, senior vice president of NSX in a blog about the upgrades.

Related to security, the Service-defined Firewall in the NSX platform has been enhanced  as well. “NSX Distributed IDS/IPS is an advanced threat-detection engine purpose-built to detect lateral threat movement on east-west traffic across multi-cloud environments,” Umesh stated. “Unlike traditional architectures that hairpin traffic to discrete appliances, NSX Distributed IDS/IPS distributes the analysis out to every workload and curates the signatures evaluated by each engine based on precise knowledge of running applications.”

The firewall is further enhanced with the implementation of URL Analysis for URL Classification and Reputation. The edge firewall detects access from outside the data center for granular detection and categorization of in-bound and outbound URLs, Umesh stated.

NSX-T 3.0 also lets customers extend networking services by deploying NSX-T directly with the recently released VMware vSphere 7.0. In March, the company rolled out its Tanzu technology across its major software components, including vSphere and Cloud Foundation in a major revamp of its key virtualization families. By embedding Kubernetes into the control plane of vSphere, it will let customers converge container and VM workloads onto a single platform with a single hypervisor, VMware stated. NSX provides the underlying networking support for all of the new software.

“NSX Federation will provide a means of Implementing fault-isolation domains and global policies synchronized across all locations. Other new features in NSX-T 3.0 include the ability to extend L2-7 container networking services to the recently released VMware vSphere with Kubernetes and VMware Cloud Foundation 4 platforms, the VMware Tanzu portfolio, and non-VMware Kubernetes platforms,” Casemore said. “This is all about making NSX useful across a heterogenous, hybrid, multicloud landscape.”

In addition to NSX, VMware also rolled out VMware vRealize Network Insight 5.2, the company’s network visibility and analytics software. The new software features machine learning support for Flow Based Application Discovery will automatically group VMs into applications and tiers for a better understanding of what is occurring on the infrastructure, VMware stated

“vRealize Network Insight 5.2 has new end-to-end visibility of the network path from VM through to VMware Cloud on AWS including the AWS Direct Connect section. For VMware SD-WAN users, there will be additional visibility into SD-WAN application and business policy support,” VMware stated.

Casemore said VMware vRealize Network Insight 5.2, now flow-based application discovery, will help set policy and troubleshoot. “Other vRNI enhancements include AWS Direct Connect support (for hybrid networking), VMware SD-WAN application and business policy statistics (again, useful in a hybrid or multicloud context), enhanced Kubernetes visibility, and support for VMware NSX-T 3.0. The latter, of course, is absolutely essential, especially with NSX-T serving as an overlay that extends across heterogenous application environments and infrastructure,” he said.

In addition to the product announcements, VMware said it was deepening its integration with Microsoft Azure by developing support for Microsoft’s Azure Edge Zones and Azure Private Edge Zones. The Edge Zones deliver Azure services and enable customers to deploy and run virtual network functions including VMware SD-WAN by VeloCloud across Azure regions and on-prem Azure Edge Zones.

VMware said NSX-T 3.0 is available now, and VMware vRealize Network Insight 5.2 is expected to be available in Q1 of VMware’s  FY21, which ends on May 1, 2020.

This story, "VMware overhauls NSX software to manage, secure larger virtual networks" was originally published by Network World.

  
Shop Tech Products at Amazon