Skip to main content

What’s New in VMware NSX Data Center for vSphere 6.4.2

With this latest release, VMware NSX Data  vCenter for vSphere 6.4.2 continues to improve overall efficiency of the network, enhance security with Context-Aware Micro-Segmentation, and deliver operational enhancements to the NSX platform. Here are just a few highlights of what’s new.

Multicast Routing Support
With VMware NSX Data Center for vSphere 6.4.2, NSX Logical Routers now have the capability of routing IPv4 multicast traffic.

The location of the Virtual Machine multicast receivers (identified by their hypervisor, Logical Switch and Virtual NIC) is discovered thanks to IGMP snooping within the NSX domain. The Edge Service Gateway (ESG) runs PIM sparse mode with physical routers and coordinates with the Distributed Logical Router (DLR) in order to provide both ways multicast connectivity from Virtual Machines to the outside world.

For added multicast replication performance in the VXLAN Overlay, NSX leverages Layer 2 multicast in an underlying physical infrastructure running IGMP snooping. 
Context-Aware Micro-Segmentation
New Layer 7 Application Context
VMware has been taking security to the next level with Context-Aware Micro-Segmentation, better securing application using the full context of the application. This latest release includes the following new Layer 7 Application Context:

EPIC – Epic EMR is an electronic medical records application that provides patient care and healthcare information.

MSSQL – Microsoft SQL Server is a relational database.

BLAST – A remote access protocol that compresses, encrypts, and encodes computing experiences at a data center and transmits it across any standard IP network for VMware Horizon desktops.

Security – Usability Enhancements


Firewall Rule Hit Count
Looking for a way to monitor rule usage and easily identify unused rules for clean-up? NSX 6.4.2 has enhanced the firewall rule table to display total rule hits, as well as information on when the rule was first hit, and when the rule was most recently hit.

Firewall Section Locking

With NSX 6.4.2, firewall rule sections can be locked while making modifications, to prevent multiple users from simultaneously making changes to the same sections. You can easily see who has locked the section, at what time, and any comments relevant to why they have locked the section.

NSX Application Rule Manager – Scale Improvements
NSX Application Rule Manager takes the allowed flows observed in the network and pushes policies directly into the distributed firewall within a few clicks. In NSX 6.4.2, we have improved scale and visibility to 100 vNICs per session, further simplifying the process of creating security groups and whitelisting firewall rules for existing applications.

Operational Enhancements

Some additional enhancements include:
  • Authentication & Authorization: Introduces 2 new roles (Network Engineer and Security Engineer). Adds ability to enable/disable basic authentication.
  • NSX Scale Dashboard: Provides visibility into 25 new metrics. Adds ability to edit usage warning thresholds and filter for objects exceeding limits.
  • NSX Controller Cluster Settings: Specify common settings (DNS, NTP, Syslog) to apply to NSX Controller Cluster.


Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Console Mouse Not Working in Windows 2012 VMs

I recently ran into some problems while deploying a Windows Server 2012 R2 VM in my vSphere 6.5 U2 lab. I’ve come to expect that the console mouse response is going to be terrible until VMware Tools is installed, but for some odd reason I had no mouse control whatsoever. Thinking it may be a quirk of the Web Console, I tried both the Remote Console and the HTML5 client to no avail. The VM appeared to be healthy and would register keyboard input, but the motion of the mouse cursor was erratic or the cursor would not move at all. Thinking that I just needed to battle on and get Tools installed, I attempted to use the keyboard for this purpose – what a chore. You think it would have been easy, but the installer kept losing focus and falling behind other open windows. Many of the windows keyboard shortcuts I’d normally use were not functioning because they register on my laptop – not in the console. I couldn’t RDP to the VM either because the NIC needed to be configured with a vali...
Post a Comment
Read more

VxRail 4.0 – Scale Out

The above is the physical diagram of VxRail Cluster (3 nodes). In this post I will show how to add one VxRail Appliance into this VxRail Cluster (From 3 nodes to 4 nodes). NOTE: The model of each VxRail Appliance is E460. Before the node expansion, you need to verify each Appliance is running in health in dashboard of VxRail Manager. The above is the final physical diagram of VxRail Cluster after scale out. Now we start the node expansion. You have just mounted a new VxRail Appliance (E460) and cabled it up to the top of each rack switch. When you power it on you can see a notification appear in the top left corner of VxRail dashboard. Click “ Add Node “. When you initially configured your VxRail Appliance, you specified an IP pool for ESXi, vMotion and vSAN. You can see that there available IP addresses in these pools, so the only additional action is to set an ESXi password. Click the scroll bar, then click the “ ESXi Password “. Enter the  ESXi  and ...
1 comment
Read more

vCenter Server Options on VxRail Appliance

In this post we will discuss the pros and cons of vCenter Server deployment on VxRail. During VxRail initialization we can choose two options for vCenter Server deployment, both options are “Deploy new vCenter Server Appliance (VCSA)” and “Join existing vCenter Server”. We should know its limitation before we choose the each option. You can find the details as below. If we choose the bundle vCenter Server deployment The vCenter Service Server Appliance (VCSA), vCenter Server Platform Services Controller (PSC) and vRealize Log Insight VM are already pre-loaded on each VxRail node. When VxRail initialization it can deploy these VMs automatically based on our business requirement. Pros The vCenter Server (VCSA) deployment is done automatically. When installing software package upgrade for the VxRail Manager, both VCSA and PSC includes the processing of package upgrade. VMware Log Insight is deployed automatically The vCenter license is bundled on VxRail Appliance. C...
1 comment
Read more