Skip to main content

What’s New in VMware NSX Data Center for vSphere 6.4.2

With this latest release, VMware NSX Data  vCenter for vSphere 6.4.2 continues to improve overall efficiency of the network, enhance security with Context-Aware Micro-Segmentation, and deliver operational enhancements to the NSX platform. Here are just a few highlights of what’s new.

Multicast Routing Support
With VMware NSX Data Center for vSphere 6.4.2, NSX Logical Routers now have the capability of routing IPv4 multicast traffic.

The location of the Virtual Machine multicast receivers (identified by their hypervisor, Logical Switch and Virtual NIC) is discovered thanks to IGMP snooping within the NSX domain. The Edge Service Gateway (ESG) runs PIM sparse mode with physical routers and coordinates with the Distributed Logical Router (DLR) in order to provide both ways multicast connectivity from Virtual Machines to the outside world.

For added multicast replication performance in the VXLAN Overlay, NSX leverages Layer 2 multicast in an underlying physical infrastructure running IGMP snooping. 
Context-Aware Micro-Segmentation
New Layer 7 Application Context
VMware has been taking security to the next level with Context-Aware Micro-Segmentation, better securing application using the full context of the application. This latest release includes the following new Layer 7 Application Context:

EPIC – Epic EMR is an electronic medical records application that provides patient care and healthcare information.

MSSQL – Microsoft SQL Server is a relational database.

BLAST – A remote access protocol that compresses, encrypts, and encodes computing experiences at a data center and transmits it across any standard IP network for VMware Horizon desktops.

Security – Usability Enhancements


Firewall Rule Hit Count
Looking for a way to monitor rule usage and easily identify unused rules for clean-up? NSX 6.4.2 has enhanced the firewall rule table to display total rule hits, as well as information on when the rule was first hit, and when the rule was most recently hit.

Firewall Section Locking

With NSX 6.4.2, firewall rule sections can be locked while making modifications, to prevent multiple users from simultaneously making changes to the same sections. You can easily see who has locked the section, at what time, and any comments relevant to why they have locked the section.

NSX Application Rule Manager – Scale Improvements
NSX Application Rule Manager takes the allowed flows observed in the network and pushes policies directly into the distributed firewall within a few clicks. In NSX 6.4.2, we have improved scale and visibility to 100 vNICs per session, further simplifying the process of creating security groups and whitelisting firewall rules for existing applications.

Operational Enhancements

Some additional enhancements include:
  • Authentication & Authorization: Introduces 2 new roles (Network Engineer and Security Engineer). Adds ability to enable/disable basic authentication.
  • NSX Scale Dashboard: Provides visibility into 25 new metrics. Adds ability to edit usage warning thresholds and filter for objects exceeding limits.
  • NSX Controller Cluster Settings: Specify common settings (DNS, NTP, Syslog) to apply to NSX Controller Cluster.


Labels:

Comments

Post a Comment

Popular posts from this blog

Dell EMC VxRail – VMware Virtual SAN Stretched Cluster

Logical Diagram of VMware vSAN Stretched Cluster Physical Diagram of VMware vSAN Stretched Cluster Last week I deployed a test environment of VMware vSAN Stretched Cluster which is running on Dell EMC VxRail Appliance. In this post we will describe how to setup VMware vSAN Stretched Cluster on Dell EMC VxRail Appliance. Above figure is the high level of physical system diagram. In site A/B there are six VxRail Appliances and two 10GB Network Switch which are interconnected by two 10GB links, and each VxRail Appliance has one 10GB uplink connects to each Network Switch. In site C, there are one vSAN Witness host and one 10GB Network Switch. For the details of configuration of each hardware equipment in this environment, you can reference the followings. Site A (Preferred Site) 3 x VxRail E460 Appliance Each node includes 1 x SSD and 3 x SAS HDD, 2 x 10GB SFP+ ports 1 x 10GB Network switch Site B (Secondary Site) 3 x VxRail E460 Appliance Each node includes 1 x SSD and...
1 comment
Read more

VxRail 4.0 – Scale Out

The above is the physical diagram of VxRail Cluster (3 nodes). In this post I will show how to add one VxRail Appliance into this VxRail Cluster (From 3 nodes to 4 nodes). NOTE: The model of each VxRail Appliance is E460. Before the node expansion, you need to verify each Appliance is running in health in dashboard of VxRail Manager. The above is the final physical diagram of VxRail Cluster after scale out. Now we start the node expansion. You have just mounted a new VxRail Appliance (E460) and cabled it up to the top of each rack switch. When you power it on you can see a notification appear in the top left corner of VxRail dashboard. Click “ Add Node “. When you initially configured your VxRail Appliance, you specified an IP pool for ESXi, vMotion and vSAN. You can see that there available IP addresses in these pools, so the only additional action is to set an ESXi password. Click the scroll bar, then click the “ ESXi Password “. Enter the  ESXi  and ...
1 comment
Read more

UEFI Secure Boot with ESXi 6.5

UEFI Secure Boot: UEFI, or Unified Extensible Firmware Interface, is a replacement for the traditional BIOS firmware. In UEFI, Secure Boot is a “protocol” of the UEFI firmware. UEFI Secure boot ensures that the boot loaders are not compromised by validating their digital signature against a digital certificate in the firmware. UEFI can store whitelisted digital certificates in a signature database (DB). There is also a blacklist of forbidden certificates (DBX), a Key Exchange Keys (KEK) database and a platform key. These digital certificates are used by the UEFI firmware to validate the boot loader.  Boot loaders are typically cryptographically signed and their digital signature chains to the certificate in the firmware.The default digital certificate in almost every implementation of UEFI firmware is a x509 Microsoft UEFI Public CA cert. Most of the UEFI implementations also allows the installation of additional certificate in the UEFI firmware and UE...
Post a Comment
Read more