NSX-T 2.5 has recently been announced during VMworld US and this looks to have some really cool features. So what’s new? Quite a lot as it happens as the list shows below. I’m just going to call out the 3 things that excite me most for this release.
I’ve been using NSX-V in one way or another since 2015 and it’s the product that I cut my teeth on learning about VMware’s SDN vision. In 2.4 we finally saw the release of the V-T migration wizard to help us with the transition to the T flavour of the product. In this release there are some improvements to the UI and it’s also great to see VMware add in a vSAN health check prior to migration to join the dots. We should also reduced East/West downtime and support for LACP.
NSX-T 2.5 now supports Layer 7 Application rules to the Edge firewall. This has previously been L4 only wth L7 functionality provided only by the DFW. A few gotchas to be aware of, this requires the Medium or Large Edge node and it’s not supported on the T0 gateway.
It’s also important to mention that 2.5 is now FIPS 140-2 compliant and you can generate compliance reports to meet regulatory requirements.
Hands up who’s broken a firewall in their time by enabling or disabling a rule! OK so in this release you can enable both automatic and draft functionality within the DFW allowing an easy rollback of a previous config if you screw something up. This is aimed to ease the day 2 operations
This is a big one. According to VMware this is a “distributed analytics engine” and aimed at delivering a more granular and dynamic approach to security operations. When I first heard the name I started to think about Skynet and the Terminator films but fortunately this has been developed by VMware rather than Cyberdine Systems so I don’t believe the machines will rise up just yet.
So what does it really do? All analytical data and telemetry around data packets are distributed within the hypervisor which then sends the metadata back to appliances to visulise and report on. There is also an element of machines learning involved. t’s important to remember that this is the first release of the product so I’m sure there will be much more to read about soon.
As always I’d encourage you to have a look at the link below for further information.