VMware announces NSX-T 2.5 during VMworld 2019 US. It is another big release for VMware with this popular product which becomes more and more mainstream.
The shift from NSX-V to NSX-T has started with the 2.4 release (our detailed post about 2.4 release is here) and the introduction of a new set of wizards allowing you to transition from NSX-V -o NSX-T and do in-place migrations.
If you're new to NSX and want to learn more, we have a VMware NSX – Top 9 Free Books To Read article which lists some good free books.
There are so many enhancements to VMware NSX-T 2.5 and also many new features in this new version that it's almost impossible to list them all. We'll try to talk about some, but there might be more updates to this post or separated post about NSX-T 2.5 in the future. Stay tuned.
This post will be scheduled to go live after the official VMware NDA.
Here is an overview screenshot which details all the new features and enhancements.
After that, we'll try to talk about some of them as we assisted to a VMware briefing before the official announce.
NSX-2 2.5 What's New?
Agent-less micro-segmentation (they called native cloud enforcement mode). It's designed for AWS and Azure.
Define security policies in NSX based on VM attributes, tags and NSX groups.
Translates NSX policies to Native Cloud Security Policies.
It basically offers the choice to clients who do not want to install NSX tools on their VMs in public cloud environments.
No need to install agents any longer.
It's called Native Cloud Enforced mode.
Native Cloud enforced mode provides:
- Common policy framework by translating NSX policies to native cloud-specific security policies.
- No NSX tools or agents are required.
- Limited by cloud provider policies.
Service Discovery And Control
It allows automatically discover and secure cloud-native service endpoints (S3, ELB, RDS) globally and within VPCs/VNETs.
NSX Container Updates
There is a plugin for Kubernetes where you're able to instead of creating dedicated tenant router per K8 namespace (this was in 2.4 release) you create only 1 Tier1 router for the whole cluster.
In the 2.5 release, there is a new model, where the Tier1 router is shared for the whole cluster, for all Namespaces in a cluster.
This was to prevent the limitation of the Tier1 router and having too many Tier1 routers.
Expanding Native NSX-T Security
NSX-T 2.5 supports Layer-7 APP-ID on Gateway firewall – Previously it supported only L3-L4 GW Fw. With NSX-T 2.5, the app-ID policies are supported on T1 GW Firewall.
- Added FQDN whitelisting support for KVM
- Added FQDN blacklisting support for ESXi
This allows you to allow or deny access to specific domains or URLs.
You could put a couple of domains into a group, and then simply say that you want (or don't) to allow traffic.
When working on a distributed firewall with multi-admins, it's useful to be able to come back to a specific point-in-time, when you need to.
NSX-T supports saving and viewing drafts and supports also auto drafts. Auto-Draft can be enabled or disabled.
Each point (dot) on the timeline is an auto draft. You can revert back your changes. (like VM snapshots).
You can easily generate reports from the UI or via API. Reports which can also be FIPS 140-2 compliant.
By default, those reports are in FIPS non-compliance mode but can be enabled via API.
It shows the view of the overall compliance with your company's security policy.
NSX-T capacity monitoring
You can monitor the capacity of your NSX-T environment. You can see how many logical switches are used and issues warnings when you reach a limit on logical switches.
As you receive those alerts you have the possibility to plan ahead on some system extension or so.
Expanded OS support
- Windows 7
- Windows 8/8.1
- Windows 10
- Windows Server 2008 R2
- Windows Server 2012 R2
- Windows Server 2016
Linux (4.6 kernel)
- CentOS 7.4
- RHEL 7.4
- Ubuntu 16.04
- SLES 12
Bitdefender (certified) and Trend Micro (certification pending) as for the AV security.
Expanded IPv6 functionality
NSX-T is gaining momentum and the VMware keeps pushing into the right direction.
There has been over 200+ deployments and 14 pilots, and the NSX-T 2.5 is already the 6th release of NSX.
As being said at the beginning of the post, the NSX-T is taking over NSX-V where the v2T migration utility is provided since the NSX-T 2.4 release.
More from ESX Virtualization
- Nakivo Backup and Replication 9 Released
- Better Windows Shell and Terminal Emulator – Cmder
- What is VMware Platform Service Controller (PSC)?
- What is vCenter Embedded Linked Mode in vSphere 6.7?
- VMware vExpert 2019 – This is vExpert x11
- Chocolatey is a cool package manager for Windows