vSAN Stretched Cluster Using an NSX-T Backed L3 Network
VMware vSAN and NSX-T Compatibility
There are lot of discussions that talk about VMware NSX and VMware vSAN, most of them around compatibility.
vSAN and NSX are compatible with each other, however, vSAN traffic is not supported on NSX overlay network. But, the way VDS Portgroups can be used to configure vSAN vmkernel adapters, NSX-T VLAN backed logical switches can also be used to configure vSAN vmkernel adapters. Apart from this, NSX-T logical routers can be used as gateways to route the vSAN traffic, of course the backing for such configuration must be with NSX-T VLAN logical switches.
In this blog post I cover how NSX-T can be used to setup configuration for vSAN stretched cluster.
Deep Dive of vSAN Stretched Cluster Using an NSX-T Backed L3 Network
One of the configurations for vSAN stretched cluster can be achieved with L3 networking between Data Nodes and the Witness Host. In such deployment, the Data Nodes and Witness Host may reside in different networks. Hence, the vSAN vmkernel adapters need to point to their gateways to talk to each other. Following is the high-level network view of such topology for vSAN stretched cluster where hosts use VDS Portgroups to configure the Continue reading
Overcoming the Barriers to Micro-segmentation
It should come as no surprise how much emphasis organizations place on security today. Threats are becoming more and more sophisticated and the number of threats grow to uncontrollable rates every day.
One of the biggest downsides is that the rising cost of data breaches in 2019 alone, a global average of $3.92 million as reported by the Ponemon Institute and IBM Security July 2019 report, is enough to cause organizations to rethink or increase emphasis on their security strategies and how they can help secure their most important assets by improving the cyber hygiene in their organizations.
What is Cyber Hygiene?
Cyber hygiene refers to what an organization can do to improve their security postures around physical hardware, software, and applications. If you’ve seen Pat Gelsinger’s keynote from 2017, he goes into the 5 pillars of good cyber hygiene and what organizations can do to improve basic and fundamental security for their business.
Over the last several years, VMware has been focusing on helping organizations move to Software-Defined Data Centers (SDDC) to improve their agility and meet the speed of business. As more organizations adopted the SDDC model, VMware found itself in a unique position Continue reading
Visit the VMware NSX Team at SpringOne Platform 2019
Come see VMware and the NSX team at SpringOne Platform in Austin, TX from October 7-11 in booth T1!
Why Attend SpringOne Platform?
SpringOne Platform is Pivotal’s annual conference for developers, IT operators and leaders, platform managers, and anyone else that wants to be part of one of the most vibrant software development communities in the world. Developers use Spring to build and run millions of mission-critical applications that organizations rely on every day. It enables developers to build software quickly, securely, and globally with modern distributed platform technologies like Kubernetes and Pivotal Application Service (PAS).
Realize the Value of DevOps with NSX and Pivotal
But this is a blog about networking, right? So why are we so excited to talk about SpringOne Platform, and why are we asking you to come have a chat with us? The answer gets at the heart of how VMware and Pivotal are enabling customers to realize the value of cloud-native apps and DevOps practices.
VMware’s NSX family of products gives developers and operators a continuous cloud networking fabric, built in software, that not only exists in the data center but also extends to public clouds and to the edge. Using a software-defined Continue reading
Top Reasons to Attend VMworld Europe 2019
In the digital age, everyone is responsible for the organization’s overall security. DevSecOps brings together the disciplines of DevOps, Cloud and now Security toward a common goal of distributing security decisions with agility and scale. At VMworld Europe, you will network, learn and practice the industry’s latest technology with industry insiders, experts and your fellow co-workers and peers.
We’ve put together a list of VMware’s networking and security business unit’s top sessions, hands-on-labs and keynote sessions that you can’t miss!
Networking and Security Showcase Keynotes at VMworld Europe
Showcase Keynote: Networking and Security for the Cloud Era
- Tuesday, 5 November, 13:00 – 14:00 (CET/GMT+2)
- Speaker: Tom Gillis (@_TomGillis), SVP and GM, Networking and Security,
Showcase Keynote: Intrinsic Security – How Your VMware Infrastructure Can Turn the Tide in Cybersecurity [SEC3412KE]
- Wednesday, 6 November, 15:30- 16:30
- Speakers: Tom Corn, SVP Security Products, VMware, Shawn Bass, VP & CTO EUC, VMware
Cloud Networking Sessions at VMworld Europe
Tuesday, 5 November, 2019
Edge to Hybrid Cloud, the Network Matters [CNET3628BES]
- Tuesday, 5 November, 11:00 – 12:00
- Speakers: Amit Pandey, VP, Head of NSX Service, VMware and Bob Ghaffari, General Manager, Intel
NSX-T 2.5 What is new for Kubernetes
NSX-T 2.5 was released last week and now we also have the new NSX Container Plugin 2.5 on the market…. VMworld US 2019 is also over with announcements of huge innovations like NSX Intelligence, enhanced security, and improved operability and observability. You can find more information here! I would like to take this opportunity to specifically highlight the new containers capabilities we had been working on for this release.
What is new in NSX Container plugin (NCP)
Simplified UI (Policy API) support
With the introduction of the new intent-based Policy API and corresponding Simplified UI, administrators have seen that objects created by NCP for Kubernetes are not visible in the new UI. Instead they had to go to the Advanced Networking & Security tab that corresponds to the old imperative APIs. Furthermore, all related objects like T0, IP Block, IP Pool had to be created using the Advanced Networking & Security tab. I am happy to announce that from NCP 2.5+ we have a parameter in the NCP configmap (ncp.ini) policy_nsxapi that can be set to True. In that case, NCP will start calling the new intent-based API and all objects will be visible in the simplified UI. Continue reading
NSX-T Data Center and EUC Design Guide Release
When it comes to VMware NSX, support for VMware Horizon deployments have been a staple ask every release. NSX compliments Horizon deployments tremendously by:
- Helping to provide the networking for the Horizon components
- Identity and firewalling security for VDI and RDSH desktops
- Endpoint protection
- Load balancing
Earlier this year, NSX-T Data Center 2.4 was released which brought identity firewalling, endpoint protection, and other necessary features for customers to consume equivalent to NSX Data Center for vSphere. The release of NSX-T Data Center 2.5 takes those features and provides even further scale enhancements to support small, medium, and the largest Horizon deployments.
NSX-T Data Center and EUC Design Guide
The NSX-T and EUC Design Guide takes information provided in the VMware Horizon Reference Architecture and the VMware NSX-T Reference Design Guide, and brings the two platforms together into a single solution.
Use Cases and What’s Covered
Let’s take a look at what all is covered and the use cases that NSX-T Data Center has for Horizon deployments:
Horizon Pod Alignment
NSX-T Data Center 2.5 supports massive scale that can cover an entire Horizon Pod scale, and more in some cases. This design guide Continue reading
Next-Generation Reference Design Guide for NSX-T
The NSX-T 2.5 release marks a cornerstone in NSX-T as announced at VMworld 2019 by SVP Umesh Mahajan. 2019 has been a year of phenomenal growth for VMware’s NSX-T with its wide adoption by enterprises across several verticals. In 2019, we introduced two ground-breaking releases NSX-T 2.4 and NSX-T 2.5. With these two releases, we are fully embarking on enterprise ready system becoming the de-facto enterprise software-defined networking (SDN) platform of choice.
To support our customers in their network and security virtualization journey, we introduced the NSX-T design guide on the NSX-T 2.0 release and provided design guidance on how customers should design their data centers with NSX-T.
Today, we are excited to announce the next version of the NSX-T design guide based on generally available NSX-T release 2.5. It is the foundation overhaul to design guidance and leading best practices. There have been numerous L2-L7 features additions and platform enhancements since NSX-T release 2.0. This design guide covers functional aspects of these enhancements and provides design guidance for them.
What readers can expect in the new NSX-T Design Guide:
- Packet walks
- Detailed explanation of Continue reading
VMware NSX Achieves FIPS 140-2 Validation
Co-authored with Rajiv Prithvi, Product Manager Networking and Security Business Unit at VMware
During VMworld US 2019, we announced several new transformative capabilities in VMware NSX-T 2.5 release which is now shipping! The release strengthens the NSX platform’s intrinsic security, multi-cloud, container, and operational capabilities.
We also announced the successful FIPS 140-2 validation of NSX-T 2.5. FIPS compliance is mandatory for US federal agencies and has also been widely adopted in non-governmental sectors (e.g. financial services, utilities, healthcare). FIPS-140-2 establishes the integrity of cryptographic modules in use through validation testing done by NIST and CSE. With this validation, we further deliver on our confidentiality, integrity and availability objectives and provide our customers with a robust networking and security virtualization platform.
Compliance-Based Configuration with NSX-T 2.5
NSX-T 2.5 is configured to operate in FIPS mode by default. Any exceptions or deviations from established compliance norms are identified in a compliance report which can be used to review and configure your NSX-T Data Center environment to meet your IT policies and industry standards. Any exceptions to FIPS compliance including configuration errors can be retrieved from the compliance report using NSX Manager UI or APIs.
A sample FIPS Continue reading
VMworld US 2019: Networking and Security Recap
VMworld US 2019 has come to a close. If you didn’t attend, don’t worry as we still have VMworld Europe right around the corner. Join us November 4-7, 2019 to hear experts discuss cloud, networking and security, digital workspace, digital trends and more! Register for VMworld Europe now.
Below is a quick recap and resources to check out from VMworld US 2019.
Stats from VMworld US 2019
- For networking and security we delivered 91 Breakout Sessions + 2 Showcase Keynotes
- VMware NSX-T – Getting Started was the second most played video post-VMworld!
- VMware NSX was the #1 attended Hands-On-Lab (HOL), and there was a total of 1,922 labs taken on NSX
- 17,277 NSX networks were created at HOL
- VMware NSX Intelligence won TechTarget’s Best of Show award – Judge’s Choice for Disruptive Technology
Congratulations to our NSX Intelligence team: Anirban Sengupta, Umesh Mahajan, Farzad Ghannadian, Kausum Kumar, Catherine Fan and Ray Budavari.
Surprise guest Michael Dell stopped by the Solutions Exchange to check out demos of what’s new from the networking and security business unit demoed by Chris McCain.
Technical Networking and Security Sessions from VMworld US 2019
Below is a list of sessions that jump into the NSX Continue reading
Avi Networks — Same Team, Same Mission, New Home
Avi Networks is now part of VMware and our product is now called VMware NSX Advanced Load Balancer. You can read about it here in our press release from VMworld.
But our story is far from over.
The acquisition marked VMware’s official entry into the ADC (Application Delivery Controller) space. The Avi team, which remains intact, is at the helm of delivering the world’s leading software-defined load balancing solution for VMware — both as a standalone platform for on-prem and multi-cloud environments and as an integrated VMware NSX solution.
We originally founded Avi Networks because we believed that the traditional ADC industry had failed its customers. Hardware and virtual appliances are rigid, cumbersome, and offer little automation or application insight. As enterprises re-architect applications as microservices, re-define the data center through software, and re-build infrastructure as hybrid and multi-cloud environments, ADC appliances work against the goals of modernizing enterprises.
This belief is shared by hundreds of the world’s largest companies that have decided to replace load balancing appliances with the Avi solution. VMware also believed this, which is why we are a part of the company today.
Avi re-imagined the ADC as a distributed Continue reading
NSX-T 2.5 – A New Marker on the Innovation Timeline
NSX-T has seen great success in the market for multi-platform network and security use-cases, including automation, multi-cloud adoption, and containers as customers move through the digital transformation initiative. NSX-T is the industry’s only network and security platform delivering a wide range of L2-L7 services, built from the ground up for workloads running on all types of infrastructure – virtual machines, containers, physical servers and both private and public clouds.
This year, we are hyper-focused on innovation, and in bringing transformative capabilities to market through NSX-T, which is the foundation for both our VMware NSX Data Center and NSX Cloud offerings. This release of NSX-T further strengthens our intrinsic security capabilities architected directly into networks and public and private cloud workloads that applications and data live on, reducing the attack surface. This version also keeps up the accelerated pace of innovation we are delivering on for scalability, cloud-native support, and operational simplicity which can accelerate customers’ adoption of a Virtual Cloud Network architecture.
Key Focus Areas in NSX-T 2.5
Launching NSX Intelligence – A Native, Distributed Analytics Engine
Analytics-based policy recommendation and compliance, streamlined security operations
NSX Intelligence is a distributed analytics engine that provides continuous data-center wide visibility Continue reading
Announcing a New Open Source Service Mesh Interoperation Collaboration
Service mesh is fast becoming such a vital part of the infrastructure underlying microservices and traditional applications alike that every industry player must have an offering in the space. Because a variety of differentiated service meshes and service mesh services are emerging, it has become clear that interoperability between them will be critical for customers seeking to interconnect a wide variety of workloads.
With that in mind, we are excited to share that VMware has partnered with Google Cloud, HashiCorp, and Pivotal on an open source project for service mesh interoperability. This initiative will facilitate federation of service discovery between different service meshes of potentially different vendors. Through an API, service meshes can be interconnected to deliver the associated benefits of observability, control, and security across different organizational unit boundaries, and potentially across different products and vendors. The project will soon be opened to the community, and anyone interested in contributing to this effort can do so on GitHub.
Partnering With Industry Leaders on Service Mesh Interoperation
Enterprises increasingly rely on APIs to coordinate business functions that span departmental, organization or vendor boundaries. This implies reliability, operability, security and access constraints on these API calls to ensure business Continue reading
VMware Cloud on AWS: NSX and Avi Networks Load Balancing and Security
Authors and Contributors
I want to thank both Bhushan Pai, and Matt Karnowski, who joined VMware from the Avi Networks acquisition, for helping with the Avi Networks setup in my VMware Cloud on AWS lab and helping with some of the details in this blog.
Humair Ahmed, Sr. Technical Product Manager, VMware NSBU
Bhushan Pai, Sr. Technical Product Manager, VMware NSBU
Matt Karnowski , Product Line Manager, VMware NSBU
With the recent acquisition of Avi Networks, a complete VMware solution leveraging advanced load balancing and Application Delivery Controller (ADC) capabilities can be leveraged. In addition to load balancing, these capabilities include global server load balancing, web application firewall (WAF) and advanced analytics and monitoring.
In this blog, we walk through an example of how the Avi Networks load balancer can be leveraged within a VMware Cloud on AWS software-defined data center (SDDC).
VMworld 2019: Sneak Peak at Our Keynote Sessions. Plus a Chance to Win!
Networking & Security Keynotes at VMworld 2019
About a month ago, we published a VMworld security guide with shortlisted 100 to 300 level sessions that best illustrate real-world application of our products. This time, we’ll be focusing on two networking and security keynotes. The first keynote will highlight how VMware’s single-stack, complete networking and security platform can achieve a consistent operational network fabric for hybrid cloud environments, and the second keynote will focus on how users can leverage existing VMware infrastructure to implement a more effective, intrinsic security.
In addition, you will have a shot at winning Bose headphones simply by attending each event. Although chances are slim (1250 times harder to win both as opposed to just one), duplicate winners will be acknowledged so if you are looking for a present for yourself and a significant other, make sure to register and save on your yearly bonus! Winners will be announced at the end of each keynote, so make sure to stay until the end!
Showcase Keynote: Networking and Security for the Cloud Era [NETS3413KU]
There has never been a more exciting and challenging time in the networking space. As the cloud, application developers, IoT, Continue reading
Attend Future:NET 2019 – a Premier Networking Event
What is Future:NET?
Is it a thinktank? A forum? An incubator?
4 years ago VMware launched Future:NET with a simple idea of bringing together some of the brightest minds in networking together for an open and honest conversation about the future direction of networking.
While other networking conferences have been reduced to vendor showcases, Future:NET has banned product pitches in exchange for open debates that foster intellectual conversation among professionals across the industry.
Why Attend Future:NET 2019?
Come join us at Future:NET 2019, a premier networking technology event, where we are bringing together everyone from enterprises, startups, and academics to debate and challenge the status quo. Wizards may predict the future, but you should plan to come and play a key role with interactive sessions and network with your peers.
This year we are continuing the tradition of open conversation on technology shifts, the organizational challenges they bring and asking the question “are we really making things simple?”. Topics range from the emergence of XaaS, integrated operation models (SOCs vs NOCs), and the effect of 5G, LISP, and v6 on networking. Join experts from Microsoft, AWS, Stanford, and more as they drive deep technical discussions on the future of the Continue reading
VMware Cloud on AWS: NSX Networking and Security eBook
Check out my latest book co-authored with my colleagues Gilles Chekroun (@twgilles) and Nico Vibert (@nic972) on VMware NSX networking and security in VMware Cloud on AWS. Thank you Tom Gillis (@_tomgillis), Senior Vice President/General Manager, Networking and Security Business Unit for writing the foreword and providing some great insight.
Download the eBook for Free
I’ve been very fortunate to have the opportunity to publish my second VMware Press book. My first book was VMware NSX Multi-site Solutions and Cross-vCenter NSX Design: Day 1 Guide. This book was focused very much on NSX on prem and across multiple sites. In my latest book with Gilles and Nico, the focus was on NSX networking and security in the cloud and cloud/hybrid cloud solutions.
You can download the free ebook here:
In this book you’ll learn how VMware Cloud on AWS with NSX networking and security provides a robust cloud/hybrid cloud solution. With VMware Cloud on AWS extending or moving to the cloud is no longer a daunting task. In this book, we discuss use cases and solutions while also providing a detailed walkthrough of Continue reading
Service Mesh: The Next Step in Networking for Modern Applications
By Bruce Davie, CTO, Asia Pacific & Japan
What’s New in the World of Networking
As I’m currently preparing my breakout session for VMworld 2019, I’ve been spending plenty of time looking into what’s new in the world of networking. A lot of what’s currently happening in networking is driven by the requirements of modern applications, and in that context it’s hard to miss the rise of service mesh. I see service mesh as a novel approach to meeting the networking needs of applications, although there is rather more to it than just networking.
There are about a dozen talks at VMworld this year that either focus on service mesh or at least touch on it – including mine – so I thought it would be timely to comment on why I think this technology has appeared and what it means for networking.
To be clear, there are a lot of different ways to implement a service mesh today, of which Istio – an open-source project started at Google – is probably the most well-known. Indeed some people use Istio as a synonym for service mesh, but the broader use of the term rather than a particular implementation is my Continue reading
The Field Guide to the Cloud Networking Sessions at VMworld 2019
Meet the expanded VMware NSX Product Family
Last year, we expanded the VMware NSX family of products to include NSX Data Center, NSX Cloud, AppDefense, VMware SD-WAN by Velocloud, NSX Hybrid Connect and NSX Service Mesh. This year, AVI Networks has joined our family.
With the combined portfolio, we’re delivering on the Virtual Cloud Network vision of connecting, automating and protecting applications and data, regardless of where they are— from the data center, to the cloud and the edge. NSX delivers the full L2-7 services, enabling the public cloud experience for on-premises environments.
Join us at VMworld US 2019
We will have an exciting line-up for VMworld US 2019. Our engineers, technologists and customers will be speaking on 80+ topics throughout the conference spanning beginner to advanced levels throughout the conference. Some session topics include:
- Multi-cloud Networking
- Container Networking
- Multi-site Networking
- Network Automation
- Service Mesh
Cloud Networking Sessions at VMworld
In this post, we will focus on our cloud networking sessions and showcase keynotes. Use this handy guide to begin planning your exciting week and bookmark the sessions you want to attend.
If you’re interested in security focused sessions, read the blog Continue reading
Service-defined Firewall Benchmark and Solution Architecture
Today we are happy to introduce the Service-defined Firewall Validation Benchmark report and Solution Architecture document. Firewalls and firewalling technology have come a very long way in thirty years. To understand how VMware is addressing the demands of modern application frameworks, while addressing top concerns for present day CISO’s, let’s take a brief look at the history of this technology.
A Brief Firewall History
Over time, the network firewall has grown up, from initially being very basic to more advanced with the inclusion of additional features and functionality. The network firewall incrementally incorporated increasingly complex functionality to address many threats in the modern security landscape.
While the network firewall initially progressed rapidly to keep pace with the development of network technology and rapid evolution of network threat vectors, over the past decade there has been very little in terms of innovation in this space. The requirements of next-generation (NGFW) haven’t changed tremendously since its late 2000’s introduction to the market, and with the uptick in adoption of modern micro-services based architectures into the modern enterprise, applications are becoming more and more distributed in nature, with growing scale and security concerns around the ephemeral nature of the infrastructure.
Micro-services, which Continue reading
Avi Networks Now Part of VMware
By Tom Gillis, SVP/GM of Networking and Security BU
When we first announced our intent to acquire Avi Networks, the excitement within our customer base, with industry watchers and within our own business was overwhelming. IDC analysts wrote, “In announcing its intent to acquire software ADC vendor Avi Networks, VMware both enters the ADC market and transforms its NSX datacenter and multicloud network-virtualization overlay (NVO) into a Layer 2-7 full-stack SDN fabric (1).”
Avi possesses exceptional alignment with VMware’s view of where the network is going, and how data centers must evolve to operate like public clouds to help organizations reach their full digital potential. It’s for these reasons that I am happy to announce VMware has closed the acquisition of Avi Networks and they are now officially part of the VMware family going forward.
I’ve heard Pat Gelsinger say many times that VMware wants to aggressively “automate everything.” With Avi, we’re one step closer to meeting this objective. The VMware and Avi Networks teams will work together to advance our Virtual Cloud Network vision, build out our full stack L2-7 services, and deliver the public cloud experience for on-prem environments. We will introduce the Avi platform Continue reading