Category Archives for "VMware Network Virtualization Blog"

NSX Workshop: Secure App Infrastructure and Multi-Site Cloud Networking

NSX Workshops

[Summer 2018] Free NSX Training Workshop near you!

Secure Application Infrastructure and Multi-Site Cloud Networking


What: Attend a half-day lecture and lab designed to get you started with Micro-segmentation and Multi-Site Cloud Networking (Disaster Recovery).

Why: Not only will you get a business and technical overview of NSX Data Center, you’ll also receive hands-on experience with the products. We’ll make sure you leave knowing how NSX can help secure and extend your network across multiple sites, and into the cloud.


Sneak peek (full agenda in registration links):

  • Security: Understand your network traffic flows and intelligently create security groups and policies, leveraging vRNI, Service Composer, and Application Rule Manager to secure your network.
  • Disaster Recovery: Deep dive into multi-site NSX Data Center topologies, learn how to architect your network overlays, and gain visibility across your virtual and physical networks – all so you can build a resilient and flexible network.

RSVP your spot today (click below):

GET IN THERE! Sign up for VMware’s Hands-On Labs and Enter to Win a Paid Trip to VMworld 2018


VMworld is almost upon us! As the world’s premier digital infrastructure event, VMworld attracts the most talented professionals around the world who care deeply about virtualization and cloud computing.

If you’re new to VMware products and want to get a deep dive, take any of our newly released Hands-on Labs (including the extremely popular “NSX -Getting Started”) to get one-on-one guidance from VMware experts that you can bring back to your organization to hit the ground running. Hands-on Labs (HOL) are the fastest, easiest way to test-drive the full technical capabilities of VMware products for free and without needing to install anything.


Sign up for a Qualifying Hands-on Lab and Enter to Win a Free Trip to VMworld

As an added bonus, if you sign up for a qualifying Hands-on Lab, you’ll be entered to win an all-expenses-paid trip to VMworld US or Europe (up to $5,000 USD). The winner will not only rub elbows with the team that delivers HOL, they’ll also get VIP access to the “behind the scenes” command centers.

As a VMworld attendee and Hands-on Labs student, you’ll gain special access to the latest VMware technologies without being required to purchase equipment, Continue reading

End-to-End Segmentation with NSX SD-WAN and NSX Data Center

As you may have read earlier this month, NSX Data Center and NSX SD-WAN by VeloCloud are part of the expanded VMware NSX portfolio to enable virtual cloud networking.  A Virtual Cloud Network provides end-to-end connectivity for applications and data, whether they reside in the data center, cloud or at the edge. I wanted to follow up, and walk through an example using NSX Data Center and NSX SD-WAN of how one could build an end to end segmentation model from the data center to the branch.

NSX SD-WAN Segmentation

Beyond lowering cost and increasing agility and simplicity of branch connectivity, one of the key values provided by NSX SD-WAN by VeloCloud is enterprise segmentation, which provides isolated network segments across the entire enterprise, enabling data isolation or separation by user or line of business, support for overlapping IP addresses between VLANs and support for multiple tenants. NSX SD-WAN provides this segmentation using a VRF-like concept with simplified, per-segment topology insertion. This is accomplished by inserting a “Segment ID” into the SD-WAN Overlay header as traffic is carried from one NSX SD-WAN Edge device to another Edge. Networks on the LAN-side of an NSX SD-WAN Edge with different Continue reading

Zero Trust. Maximize Network Virtualization and Micro-segmentation


It’s official: when it comes to security threats, the question IT teams should be asking is not if but when. VMware recently commissioned Forrester Consulting to evaluate how organizations are improving the security of their infrastructure through network virtualization and micro-segmentation. Analysis found that 92% of respondents reported having faced minor security incidents in the last 12 months alone, while 65% of respondents endured a major incident in the same time span. These figures seal the deal; the naïve days of preparing for potential issues are long gone. Cyber threats are real, imminent, and happen often.



Companies today attribute more of their security issues to improper network segmentation than to the volume of threats overall. In response, leaders across industries are turning to network virtualization – specifically the Zero Trust security model – as a key strategy in combating threats. This strategy posits that whether a network is labeled secure or insecure, both should be treated as equally vulnerable. Further, the Zero Trust model supports the argument that ”traditional, perimeter-based security configurations are no longer a sufficient measure for protecting the network, and highlights steps companies can take to better secure their network, starting with network virtualization Continue reading

Family Matters: Introducing the VMware NSX Portfolio

The new VMware NSX portfolio enables organizations to connect, secure and operate an edge-to-edge architecture and delivers networking and security services to applications and data wherever they reside.

This week at Dell Technologies World, Pat Gelsinger, VMware CEO, announced the new VMware NSX portfolio as part of the Virtual Cloud Network unveiling. The NSX networking and security portfolio provides consistent connectivity, integrated security, and the inherent automation to operate an end-to-end architecture that delivers applications and services everywhere. This innovative approach changes the way customers design and deliver services across their enterprises, and the NSX portfolio is the foundation upon which to build the Virtual Cloud Network. Leveraging the benefits of the cloud for the enterprise network is a fundamental shift from the past, where networking and security has relied on hardware-based appliances and features with limited automation abilities.

To support virtual cloud networking, organizations require a robust portfolio. Supporting our customers’ needs around any infrastructure, any cloud, any transport, any application, any platform, any device, we have been thinking about how we architect network elements that sit on top of those foundations. NSX has become a family brand to do just that from data center to cloud to branch Continue reading

VMware Welcomes Tom Gillis as SVP & General Manager, Networking and Security Business Unit

Back at Interop Las Vegas in 2013, less than one year after VMware acquired Nicira, then VMware’s chief architect of networking Martin Casado stated what was probably the understatement of the decade: “it’s a very exciting time to be in networking.”

With the birth of software-defined networking, pioneered by folks like Casado, the industry entered into a transformation unlike anything we’ve seen since the invention of Ethernet. The entire industry — from fascinating start-ups to the big players — rushed to challenge networking’s historical operational model, leveraging the power of software to help move networking into the future. Customers have embraced this model, where they can not only provision networking components in minutes without the need to modify the application, but they can also deliver micro-segmentation and granular security to each individual workload. It’s become a huge part of the success story for our customers, our partners and VMware ourselves.

Since then, we have continued to build out the portfolio with Software-Defined WAN, multi-cloud networking, hybrid cloud connectivity and network operations management and visibility solutions. And this week at Dell Technologies World, our CEO Pat Gelsinger laid out the Virtual Cloud Network, our vision for a software-defined network architecture Continue reading

Boston Medical Center Secures Electronic Patient Records with VMware NSX


Boston City Hospital and Boston University Medical Center Hospital merged in 1996 to form Boston Medical Center (BMC).  This 497-bed teaching hospital in the South End of Boston provides primary and critical care to a diverse population and houses the largest Level 1 trauma center in New England.


As a 24-hour hub for surgeries and life-sustaining medical care, BMC relies heavily on technology to support all operations, from appointment scheduling to vital health monitoring and imaging systems. Boston Medical Center has standardized on vSphere as a virtualization platform for its data centers.  With their server infrastructure almost 90% virtualized, BMC uses VMware vCloud Suite, Site Recovery Manager, vRealize Operations Manager, and has recently added NSX to better secure its Epic Electronic Medical Records platform.


In 2015, BMC implemented the Dell DRIVE system, including VMware, to consolidate and digitize medical records storage and delivery on Epic. While the Epic records must be constantly accessible to health care providers, who require immediate access to essential patient information throughout the hospital system, those same records must also be protected from intrusion or misuse. According to David Bass, SDDC Engineer at Boston Medical Center, “The type of data that Continue reading

Micro-segmentation Starter Kit

Traditional security solutions are designed to protect the perimeter.  As applications and data are becoming increasingly distributed, they are often spanning not only multiple sites, but also multiple clouds.  This is making it harder to identify where the perimeter actually is in order to secure it.  But even if the perimeter can be reliably identified, securing it alone is not enough. The east-west traffic inside of the environment must be secured as well. VMware NSX makes security an intrinsic part of the infrastructure that applications and data live on, rather than a bolted-on afterthought; security is built in Day 0.

VMware created a Micro-segmentation Starter Kit to help you get started with securing your network from Planning to Enforcement to Troubleshooting.  Each kit includes 6 CPUs of both NSX ADV and vRealize Network Insight ADV at 25% off the global list price.

  • Plan: Take the manual and subjective process out of determining what security policies to put in place and where. vRealize Network Insight provides a comprehensive net flow assessment and analysis to model and recommend security groups and firewall rules across your physical, virtual, and cloud environments.
  • Enforce: Micro-segmentation, the implementation of security policy Continue reading

Two-Factor Authentication with VMware NSX-T

In a previous post, I covered how to integrate NSX-T with VMware Identity Manager (vIDM) to achieve remote user authentication and role-based access control (RBAC) for users registered with a corporate Active Directory (AD)…-rbac-with-nsx-t.html/


On this post, I’m showing how add two-factor authentication (2FA) for NSX-T administrators/operators on top of that existing integration. Two-factor authentication is a mechanism that checks username and password as usual, but adds an additional security control before users are authenticated. It is a particular deployment of a more generic approach known as Multi-Factor Authentication (MFA).

Throughout this post, I’m providing step-by-step guidance on how to use VMware Verify as that second authentication. I will also highlight what would be different if using third party mechanisms. At the end of the post, you will find a demo showing how to do the configuration and how users authenticate once 2FA is enabled.


What is VMware Verify? Let me quote what my colleague Vikas Jain wrote on this post: “VMware Verify uses modern mobile push tokens, where users get a push notification on their mobile device that they can simply accept or deny. When the user’s device does not have cellular reception, Continue reading

VMware AppDefense Introduces Least Privilege Security for Containerized Applications

Summary: VMware AppDefense continues to advance with new capabilities, new partnerships, international expansion, and increasing customer adoption


As worldwide spending on IT security continues to climb, the odds of falling victim to a data breach have risen to 1 in 4. Despite a multitude of security products on the market and large budgets to purchase them, businesses are not significantly safer. The commoditization of cyber crime has made it possible for virtually anyone with a computer to launch a sophisticated attack against a company and new attacks are being developed every day. This means the continued focus on chasing threats remains relatively ineffective to stamping out the broader challenges facing IT security.

This is a scary prospect for CISOs who are faced with securing the applications and data living in increasingly dynamic, distributed IT environments. And as more businesses embrace modern, agile application development processes, the problem of implementing security at the speed of the business is exacerbated – security is often seen as an obstacle to progress.

We created VMware AppDefense to address these very issues, with a unique approach that leverages the virtualization layer to protect applications by “ensuring good” rather than “chasing bad”. AppDefense leverages VMware’s Continue reading

Join NSX at RSA, Dell Technologies World, and Interop Conferences


Conference season is upon us, and the NSX team will be out in full effect. Join us at any of the following events to get a demo, ask us questions, and hear us wax poetic about all things security and network virtualization!

RSA Conference

April 16–20, 2018
Moscone Center
San Francisco, CA
Booth #4101, North Hall

NSX is delighted to attend everyone’s favorite security conference, RSA. This year’s theme is “Now Matters,” aptly named in time with the astounding number of threats to cybersecurity and data breaches we’ve collectively seen in the news this year. That said, don’t miss a great talk on how app architecture “now matters” when it comes to transforming security by Tomrn, Senior Vice President and General Manager, Security Products, VMware. His session will be on April 17 from 1:00pm–1:45pm. The team will also be doing demos at the VMware booth (#4101 in the North Hall) – so be sure to swing by and chat with us about our offerings. 


VMware Speaking Sessions at RSA Conference:

NSX Mindset Reception:

Join us for a NSX Mindset reception with VMware Continue reading

NSX-T Automation with Terraform

Do you want to maintain your network and security infrastructure as a code? Do you want to automate NSX-T? One more option has been just added for you!

Following my previous post about NSX-T: OpenAPI and SDKs you might have figured out how easy it is to generate different language bindings for NSX-T. Thankfully to this, we have generated Go Lang NSX-T SDK that we use as a foundation of the new NSX-T Terraform provider.

Terraform is an open-source infrastructure as a code software by HashiCorp. It allows creation, modification, and deletion of an infrastructure using a high-level configuration files that can be shared between team members, treated as a code, edited, reviewed, and versioned. These configuration files are written in HCL(HashiCorp Configuration Language) which is actually JSON with some fine-tuning. Plain JSON can be also used.

There are several important components in Terraform:

1. Providers are responsible for managing the lifecycle of the resources: create, read, update, delete. The Providers usually require some sort of configuration to provide authentication, endpoint URLs, etc. By default, resources are matched with the provider with the start of the name. For example, a resource nsxt_logical_switch is associated with provider called nsxt.

Example of Continue reading

VMware Cloud on AWS with Direct Connect: NSX Networking and vMotion to the Cloud with Demo

Check out my prior below blogs here on VMware Network Virtualization blog on how NSX is leveraged in VMware Cloud on AWS to provide all the networking and security features. These prior blogs provide a foundation that this blog post builds on. In this blog post I discuss how AWS Direct Connect can be leveraged with VMware Cloud on AWS to provide high bandwidth, low latency connectivity to a SDDC deployed in VMware Cloud on AWS. This is one of my favorite features as it provides high bandwidth, low latency connectivity from on-prem directly into the customer’s VMware Cloud on AWS VPC enabling better and consistent connectivity/performance while also enabling live migration/vMotion from on-prem to cloud! I want to to thank my colleague, Venky Deshpande, who helped with some of the details in this post. Continue reading

How NSX Is Tapping into the Human Element Behind Network Virtualization


Virtualization can be a tricky concept for some people to wrap their heads around. Trying to explain the functionalities and benefits of technology like VMware NSX can quickly devolve into techno-babble. With that said, we’re trying to take another approach—a more human approach. Below are three customer stories that emphasize a human-interest element behind network virtualization and showcase the power of technologies like NSX to better human lives.


NSX Powers a ‘Classroom in the Cloud’ for Illinois Students

 When the technology leaders of Bloomington’s public schools started looking for a way to make advanced, enterprise-level computing and Internet services affordable to students, they went the co-op route and turned to IlliniCloud. IlliniCloud has proven to be a game-changer for a public education system in crisis. The co-op is transforming the technology infrastructures of not just Bloomington’s public school district, but every school district in Illinois with an affordable and efficient model that results in major cost savings for schools, along with upgrades in technology and aging infrastructures.


VMware is the backbone of IlliniCloud and a natural fit, according to Jason Radford, CTO of IlliniCloud: “VMware believed in the IlliniCloud. They gave us the tools that were Continue reading

Security for Public Clouds (AWS) with vRealize Network Insight

Enterprise IT needs visibility into the network and security status of their workloads, whether hosted on premises, or within AWS. While many AWS workloads are sandboxes for application development teams (DevOps), it is important to analyze these workloads. Increasingly, public cloud workloads are also fulfilling mission-critical production needs for many organizations. Enterprise IT must be ready to determine the best location, security posture, and bandwidth allocation when deploying workloads. Having traffic pattern details as well as security analysis and recommendations readily available, helps organizations make the ideal hosting decisions to meet their business needs.

vRealize Network Insight (vRNI) Supports Amazon Web Services (AWS) Public Cloud. The vRNI traffic monitoring features provide visibility into native AWS constructs such as Virtual Private Clouds, VMs, Security Groups, firewall rules, and tags. vRNI also analyzes AWS traffic flows to provide security and micro-segmentation views of cloud workloads. This means you’ll be able to plan micro-segmentation and understand traffic patterns using data collected from your AWS instances.


Let’s review a simple Amazon Web Services (AWS) VPC setup to articulate the value vRealize Network Insight can offer from a Day 1 Day 2 perspective.

  1. We have an on-premise instance of vRealize Network Insight managing AWS.
  2. Continue reading

Want to Learn More About SD-WAN? Register for Our SD-WAN 101 Webinar Series

SD-WAN Webinar

No other technology in recent history has experienced the growth rate that SD-WAN currently possesses. The buzz is high, the benefits are numerous, and its strategic position in digital transformation is critical. Enterprises are changing their legacy networks and dramatically improving the way they do business, offering next-generation technology today because of SD-WAN.

You May Be Wondering:

  • What makes SD-WAN different than a WAN?
  • Why is it so important to the network fabric of today’s businesses?
  • Why is it so transformative?
  • How can it help me and my business?

If you’ve asked these questions and want to understand SD-WAN better and determine if it’s a good fit for your business, sign up for our VeloCloud SD-WAN 101 webinar. Choose the date that works best for you!

This webinar will provide you with the essential information you’ll need to understand SD-WAN. You’ll learn how to leverage SD-WAN to improve and optimize your existing network to meet your business needs. And, you’ll gain a clear understanding of next steps in determining your path forward with SD-WAN.

Register today:

The post Want to Learn More About SD-WAN? Register for Our SD-WAN 101 Webinar Series appeared first on Network Virtualization.

NSX Layer 2 VPN: Deploying for datacentre migrations

In my previous post, NSX Layer 2 VPN: Migrating workloads between Datacentres, I described the process and theory behind using an NSX Layer 2 VPN (L2VPN) to migrate workloads from a soon-to-be-retired VLAN backed datacentre, to an NSX Managed logical switch backed datacentre. In this post I will take you through the deployment of the L2VPN in my lab environment, following these high-level steps:

  • Prepare the NSX Managed Site
  • Deploy the Layer 2 VPN Server
  • Prepare the Standalone Site
  • Deploy the Layer 2 VPN Client
  • Validate the Layer 2 VPN connectivity

Current lab environment

The Lab environment I am using currently reflects the diagram below, with two VMs deployed onto VLAN 20 within my “remote” site (my remote site is actually just a separate cluster from my “NSX Managed Site”, which is my workload cluster). In my NSX Managed site I have a Provider Logical Router (PLR) and Distributed Logical Router (DLR) configured.

Current lab layout

Current lab layout

Configure the NSX Managed Site

To prepare the NSX Managed Site the L2VPN-Server needs to be connected to a “trunk” interface, which allows multiple VLAN or Logical Switches to be configured as sub-interfaces, rather than having an interface in each VLAN/Logical Switch.

The Continue reading

NSX Layer 2 VPN: Migrating workloads between Datacentres

Selecting a migration strategy

As a consultant within the NSX PSO practice, one of the conversations that comes up with customers often is how NSX enables migration from a legacy datacentre to an NSX managed datacentre. This was the case with a customer recently who were looking to move out of a datacentre that was scheduled to be decommissioned. The problem was that the customer workloads needed to be migrated to a Logical Switch within the new datacentre without changing IP addressing, and with minimal downtime.

There are four approaches available to us with NSX for vSphere that might help solve this problem:

  • Universal Logical Switching – we could deploy NSX to the remote site and extend L2 networks using Cross-vCenter NSX and Universal Logical Switches, then migrate the workload
  • Native L2 Bridging – within the same datacentre we could use the NSX Distributed Logical Router native functionality to create a Layer 2 Bridge between a VLAN and a Logical Switch
  • Hardware VTEP – using a compatible hardware device from a VMware Partner that acts as a VXLAN Tunnel Endpoint and can bridge between a VLAN and a Logical Switch
  • Layer 2 VPN – using an NSX managed Edge, or Continue reading

What’s Your #TechConfession?



Think back to the first moment you fell in love with technology. Was it love at first deployment? What about developing code to trick your school’s bell system into letting your class out early? If you love all things technology, or you’re a technologist, then you should definitely put #TechConfessions, the podcast and YouTube playlist, on your radar.

#TechConfessions is a weekly podcast and web series that uncovers the deep, dark tech secrets of some of high tech’s finest minds. The series looks to expose the inner thoughts and forgotten stories of tech professionals. Hear from top tech pros as they divulge the early beginnings of their tech careers and proclaim their favorite software-defined moments. Get insights into what makes these tech leaders tick, and discover their long-burning passion for all things tech.

Director of Influence Marketing at VMware, Amy Lewis, one of the hosts of #TechConfessions, gives a voice to the professionals witnessing industry changes. Going from a hardware to a software state of mind happens differently for everyone. As the host of #TechConfessions, Amy digs deep to get the real backstory behind each individual’s transition into the world of software.


So far, season one Continue reading

1 2 3 12