VMware’s recent NSX-T 3.0 release is packed full of features. It offers improvements in cloud-scale networking, intrinsic security, modern applications, and simplified operations. Today we’re exploring its highlights and how they impact users.
The 3.0 release heralds the NSX Federation feature, which has been highly anticipated since NSX-T was released to replace NSX-V. Federation allows up to three on-prem data centers to be managed through a single pane of glass within the appropriately named Global Manager (GM). Going forward from this release, customers can deploy virtual networking (gateways and overlay segments) as well as security policies all from the GM and synchronize to one or many local sites. The security group policy even supports dynamic group membership, which was missing from NSX-V Multi-Site.
Note that Federation is ready for greenfield-only deployments only, and the max number of hosts currently supported across all sites is 96.
Federation also provides a simplified disaster recovery automation workflow, allowing failover via a “single-click” through the GM’s GUI or an API call.
Integrated Role Based Authentication
As of the 3.0 release, NSX-T no longer requires VMware Identity Manager integration to leverage the 11 built-in roles. This allows users to natively integrate their active directory users and groups by configuring the LDAP server directly from the NSX-T UI.
Converged NSX on VDS 7.0
NSX is now integrated within VDS 7.0, meaning you no longer need additional NICs to deploy NSX-T in a greenfield environment. This should make deploying and maintaining NSX-T much simpler for customers moving forward. However, it doesn’t mean the N-VDS is going away yet. The converged VDS is only a feature for net-new vSphere 7.0 releases for now. Expect to continue to use the N-VDS for anything other than greenfield deployments in the near future.
Enterprises with large multi-tenancy environments will be excited to hear that VRF Lite has been introduced. This means you will no longer have to deploy a tier-0 per tenant, reducing the number of edge nodes required. 3.0 supports up to 100 VRFs per edge node.
Distributed Intrusion Detection System
Microsegmentation customers can now have enhanced threat protection integrated directly into the hypervisor. This new architecture allows for near line-rate inspection of signatures. Note that this feature and service will require an additional license.
Container Networking Enhancements
NSX-3.0 adds some significant Kubernetes enhancements including increasing scale out to 50k pods, a distributed load balancer for pod-to-pod communication within the namespace, and the ability to add visualization of K8s inventory within the NSX-T UI.
The 3.0 release provides a lot of promise to simplify the NSX-T experience for enterprises by introducing features to streamline operations and provide a better-integrated experience with both on-prem and cloud networks. However, remember that this is a new feature train. It’s always recommended to test in the lab prior to pushing new code out to production site