Category Archives: VMware

vExpert 2018 – The Value Remains!

After a longer than expected deliberation period the vExpert class of 2018 was announced late last Friday (US Time).  I’ve been a vExpert since 2012 with 2018 marking my seventh year in the program. I’ve written a lot about the program over the past three or four years since it’s “perceived” value started to go downhill. I’ve criticised parts of the program around the relative ease at which some people where accepted and also on the apparent inability for numbers to be better managed.

However, make no mistake I am still a believer in the value of the vExpert and more importantly I have come to realise over the past few years (solidified over the past couple of months) that apart from the advocacy component that’s critical to the programs existence…people continue to hold the program in extremely high regard.

There are a large number of vExpert’s who expect entry year after year, and rightly so. In truth there are a large number that legitimately demand membership. But there are others who have struggled to be accepted year after year and for who, acceptance into the program represents a significant achievement.

That is to say that while many established vExpert’s assume entry there are a number of people that desire entry. This is an important indicator on the strength of the program and the continued high regard the vExpert program should still be held in.  It’s easy to criticise from the inside, however that can’t be allowed to tarnish the reputation of program externally.

This is a great program and one that is valued by the majority of those who actively participate. VMware still commands a loyal community base and the vExpert’s lead from the front in this regard. Remembering that it’s all about the advocacy!

Well done again to the team behind the scenes…The new website is testament to the program moving forward. The vExpert team are critical the success of the program and having been part of the much smaller Veeam Vanguard program, I have a lot of respect for the effort that goes into sorting through two thousand odd applications and renewals.

And finally, well done to those first time vExpert’s! Welcome aboard!


For those wondering, here are the official benefits of the program:

  • Invite to our private #Slack channel
  • vExpert certificate signed by our CEO Pat Gelsinger.
  • Private forums on
  • Permission to use the vExpert logo on cards, website, etc for one year
  • Access to a private directory for networking, etc.
  • Exclusive gifts from various VMware partners.
  • Private webinars with VMware partners as well as NFRs.
  • Access to private betas (subject to admission by beta teams).
  • 365-day eval licenses for most products for home lab / cloud providers.
  • Private pre-launch briefings via our blogger briefing pre-VMworld (subject to admission by product teams)
  • Blogger early access program for vSphere and some other products.
  • Featured in a public vExpert online directory.
  • Access to vetted VMware & Virtualization content for your social channels.
  • Yearly vExpert parties at both VMworld US and VMworld Europe events.
  • Identification as a vExpert at both VMworld US and VMworld EU.

Released: vCloud Director 9.1 – New HTML5 Features, vCD-CLI and more!

Overnight VMware released vCloud Director 9.1 (build 7905680) which builds on the 9.0 release that came out last September. This continues to deliver on VMware’s promise to release major vCD updates every six months or so. This update, on the surface contains fewer big ticket items than the 9.0 release however the enhancements included are actually significant and continue to build on where 9.0 left off.

New Features and Enhancements:
  • Enhanced Tenant Portal
  • HTML Provider Portal
  • User Interface Extensibility
  • Service Integration
  • Standalone VMRC
  • Multi-Site Management View
  • SR-IOV
  • FIPS Mode
  • Python SDK
  • vCD-CLI
  • vRealize Orchestrator Integration
Enhanced Tenant Portal:

The new Tenant UI features include vApp and Catalog enhancements while delivering on probably the biggest pain point with the Flex UI tenant portal…that is OFV/OVA management. We now have native upload and download integration without the need for the client integration plugin.

You now also get an overview of resources consumed in your Virtual Datacenters and also get a view of the multiple organisation feature introduced into 9.0.

A new Provider Portal has been seeded in this release and at the moment can only be used for the new vRealise Orchestrator extensibility functionality. The administrator can import workflows from vRO through the import option. An administrator clicks the import workflow button, selects the vRO instance, and then chooses all the workflows they would like to import. On that note, there is an updated vRO Plug-In that allows both providers and tenants to automate tasks from the portal which is an excellent feature.

There is also a new workflow for the provision of standalone VMs and vApps.

Standalone VMRC:

If the management of OVAs/OVFs wasn’t the number one pain point with the FlexUI then the next one would have had to be the pain caused by the lack of functionality in the Console window. A HTML VM console is supported in version 9.0, but 9.1 now adds support for standalone VMware Remote Console. The VMRC provides more functions such for the tenant and significantly improves access to the VM consoles and gives greater flexibility accessing the VMs.


I’ve blogged about the old VCA-CLI on a number of occasions and it’s great to see the project officially brought back into the vCD world. Development on this stopped for a while with the demise of vCloud Air, however I’m glad to see it picked up on as it’s a great tool for managing vCloud Director tenant Organisations and objects from a command line without having to get stuck into the APIs directly. It’s also used for the new Container Services Extension that has also been released side by side with this release of vCD.

Compatibility with Veeam, vSphere 6.5 and NSX-v 6.4.x:

vCloud Director 9.1 is compatible with vSphere 6.5 Update 1 and NSX-v 6.4 and supports full interoperability with other versions as shown in the VMware Product Interoperability Matrix. With regards to Veeam support, I am sure that our QA department will be testing the 9.1 release against our integration pieces at the first opportunity they get, but as of now, there is no ETA on offical support.

A list of known issues can be found in the release notes.


Overall this is a very strong release with a lot of emphasis on extensibility behind the visual enhancements and functionality of the ever evolving HTML Tenant UI. As usual, I’ll look to write a few more blog posts on specific 9.1 features over the next couple of weeks.

There is a White Paper where you can find more details about what’s contained in the 9.1 release. Tom Fojta and Daniel Paluszek VMware have a what’s new blog posts as well.



VMware vCloud Director 9.1 is out!

VMware Cloud Briefing Roundup – VMware Cloud on AWS and other Updates

VMware has held it’s first ever VMware Cloud Briefing today. This is an online, global event with an agenda featuring a keynote from Pat Gelsinger, new announcements and demos relating to VMware Cloud as well as discussions on cloud trends and market momentum. Key to the messaging is the fact that applications are driving cloud initiatives weather that be via delivering new SaaS or cloud applications as well as extending networks beyond traditional barriers while modernizing the datacenter.

The VMware Cloud is looking like a complete vision at this point and the graphic below highlights that fact. There are multiple partners offering VMware based Cloud Infrastructure along with the Public Cloud and SaaS providers. On top of that, VMware now talks about a complete cloud management layer underpinned by vSphere and NSX technologies.

VMware Cloud on AWS Updates:

The big news on the VMware Cloud on AWS front is that there is a new UK based service offering and continued expansion into Germany. This will extend into the APAC region later in the year.

VMware Cloud on AWS will also have support for stretch clusters using the same vSAN and NSX technologies used on-premises on top of the underlying AWS compute and networking platform. This looks to extend application uptime across AWS Availability Zones within AWS regions.

This will feature

  • Zero RPO high Availability across AZs
  • Built into the infrastructure layer with synchronous replication
  • Stretched Cluster with common logical networks with vSphere HA/DRS
  • If an AZ goes down it’s treated as a HA event and impacted VMs brought back in other AZ

They are also adding vSAN Compression and Deduplication for VMware Cloud on AWS services which in theory will save 40% in storage.

VMware Cloud Services Updates:

Hybrid Cloud Extension HCX (first announced at VMworld last year) has a new on-premises offering and is expanding availability through VMware Cloud Provider Partners. This included VMware Cloud on AWS, IBM Cloud and OVH. The promise here is an any-to-any vSphere migration that cross version while being still secure. We are talking about Hybridity here!

Log Intelligence is an interesting one…it looks like Log Insight delivered as a SaaS application. It is a real-time big data log management platform for VMware Cloud on AWS adding real-time visibility into infrastructure and application logs for faster troubleshooting. It support any SYSLOG source and will ingest over the internet in theory.

Cost Insight is an assessment tool for private cloud to VMware Cloud on AWS Migration. It calculates VMware Cloud on AWS capacity required to migrate from on-premises to VMC. It has integration with Network insight to calculate networking costs during migration as well.

Finally there is an update to Wavefront that expands inputs and integrations to enhance visibility and monitoring. There are 45 new integrations, monitoring of native AWS services and integration into vRealize Operations.

You can watch the whole event here.

NSX Bytes: Updated – NSX Edge Feature and Performance Matrix

For a few years now i’ve been compiling features and throughput numbers for NSX Edge Services Gateways. This started off comparing features and performance metrics between vShield Edges and NSX Edges. As the product evolves, so does it’s capabilities and given the last time I updated this was around the time of NSX-v 6.2 I thought it was time for an update.

A reminder that VMware announced the End of Availability (“EOA”) of the VMware vCloud Networking and Security 5.5.x that kicked in on the September of 19, 2016 and that from vCloud Director 8.10 and above vShield Edges are no longer supported…hence why I don’t have the VSE listed in the tables. For those still running VSEs for what ever reason, you can reference my original post here.

As a refresher…what is an Edge device?

The Edge Services Gateway (NSX-v) connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of Edges include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the Edge creates virtual boundaries for each tenant.

The following relates to ESG maximums per NSX and ESXi maximums.

Item Maximums
ESGs per NSX Manager 2,000
ESGs per ESXi Host 250
ESG Interfaces 10 (Including Internal, Uplink and Trunk)
ESG Subinterfaces 200
The function of an ESG is as follows:

The ESG gives you access to all NSX Edge services such as firewall, NAT, DHCP, VPN, load balancing, and high availability. You can install multiple ESG virtual appliances in a datacenter. Each ESG virtual appliance can have a total of ten uplink and internal network interfaces. With a trunk, an ESG can have up to 200 subinterfaces. The internal interfaces connect to secured port groups and act as the gateway for all protected virtual machines in the port group. The subnet assigned to the internal interface can be a publicly routed IP space or a NATed/routed RFC 1918 private space. Firewall rules and other NSX Edge services are enforced on traffic between network interfaces.

Below is a list of services provided by the NSX Edge.

Service Description
Firewall Supported rules include IP 5-tuple configuration with IP and port ranges for stateful inspection for all protocols
NAT Separate controls for Source and Destination IP addresses, as well as port translation
DHCP Configuration of IP pools, gateways, DNS servers, and search domains
Site to Site VPN Uses standardized IPsec protocol settings to interoperate with all major VPN vendors
SSL VPN SSL VPN-Plus enables remote users to connect securely to private networks behind a NSX Edge gateway
Load Balancing Simple and dynamically configurable virtual IP addresses and server groups
High Availability High availability ensures an active NSX Edge on the network in case the primary NSX Edge virtual machine is unavailable
Syslog Syslog export for all services to remote servers
L2 VPN Provides the ability to stretch your L2 network.
Dynamic Routing Provides the necessary forwarding information between layer 2 broadcast domains, thereby allowing you to decrease layer 2 broadcast domains and improve network efficiency and scale. Provides North-South connectivity, thereby enabling tenants to access public networks.

Below is a table that shows the different sizes of each edge appliance and what (if any) impact that has to the performance of each service. As a disclaimer the below numbers have been cherry picked from different sources and are subject to change.

NSX Edge (Compact) NSX Edge (Large) NSX Edge (Quad-Large) NSX Edge (X-Large)
vCPU 1 2 4 6
Memory 512MB 1GB 1GB 8GB
Disk 512MB 512MB 512MB 4.5GB + 4GB
Interfaces 10 10 10 10
Sub Interfaces (Trunk) 200 200 200 200
NAT Rules 2,048 4,096 4,096 8,192
ARP Entries
Until Overwrite
1,024 2,048 2,048 2,048
FW Rules 2000 2000 2000 2000
FW Performance 3Gbps 9.7Gbps 9.7Gbps 9.7Gbps
DHCP Pools 20,000  20,000  20,000  20,000
ECMP Paths 8 8 8 8
Static Routes 2,048 2,048 2,048 2,048
LB Pools 64 64 64 1,024
LB Virtual Servers 64 64 64 1,024
LB Server / Pool 32 32 32 32
LB Health Checks 320 320 320 3,072
LB Application Rules 4,096 4,096 4,096 4,096
L2VPN Clients Hub to Spoke 5 5 5 5
L2VPN Networks per Client/Server 200 200 200 200
IPSec Tunnels 512 1,600 4,096 6,000
SSLVPN Tunnels 50 100 100 1,000
SSLVPN Private Networks 16 16 16 16
Concurrent Sessions 64,000 1,000,000 1,000,000 1,000,000
Sessions/Second 8,000 50,000 50,000 50,000
LB Throughput L7 Proxy) 2.2Gbps 2.2Gbps 3Gbps
LB Throughput L4 Mode) 6Gbps 6Gbps 6Gbps
LB Connections/s (L7 Proxy) 46,000 50,000 50,000
LB Concurrent Connections (L7 Proxy) 8,000 60,000 60,000
LB Connections/s (L4 Mode) 50,000 50,000 50,000
LB Concurrent Connections (L4 Mode) 600,000 1,000,000 1,000,000
BGP Routes 20,000 50,000 250,000 250,000
BGP Neighbors 10 20 100 100
BGP Routes Redistributed No Limit No Limit No Limit No Limit
OSPF Routes 20,000 50,000 100,000 100,000
OSPF LSA Entries Max 750 Type-1 20,000 50,000 100,000 100,000
OSPF Adjacencies 10 20 40 40
OSPF Routes Redistributed 2000 5000 20,000 20,000
Total Routes 20,000 50,000 250,000 250,000

Of interest from the above table it doesn’t list any Load Balancing performance number for the NSX Compact Edge…take that to mean that if you want to do any sort of load balancing you will need NSX Large and above. To finish up, below is a table describing each NSX Edge size use case.

Use Case
NSX Edge (Compact) Small Deployment, POCs and single service use
NSX Edge (Large) Small/Medium DC or mult-tenant
NSX Edge (Quad-Large) High Throughput ECMP or High Performance Firewall
NSX Edge (X-Large) L7 Load Balancing, Dedicated Core

The Quad Large model is suitable for high performance firewall abilities and the X-Large is suitable for both high performance load balancing and routing. You can convert between NSX Edge service gateway sizes upon demand using a non-disruptive upgrade process, so the recommendation is to begin with the Large model and scale up if necessary. A Large NSX Edge service gateway is suitable for medium firewall performance but as detailed later, the NSX Edge service gateway does not perform the majority of firewall functions.


Released: Runecast Analyzer 1.7 with vSAN Support

Runecast has released version 1.7 of their Analyzer today and it has added support for VMware vSAN. By using a number of resources within VMware’s knowledge base Runecast offers a platform that looks at best practices, log information and security hardening guides to monitor your vSphere infrastructure which in turn brings to your attention issues through a simple yet intuitive interface. This now extends to vSAN as well. Also in this release is an improved dashboard called the VMware Stack view and improved vSphere Web Plugin.

Version 1.7 focuses on VMware vSAN support and proactive issue detection with remediation. vSAN, having gained market lead in the HCI space is deployed in vSphere environments more commonly these days as the storage component. It is critical to not only monitor performance but also keep the vSAN configuration in the best condition and prevent from any future failures or outages.

Runecast Analyzer v1.7 scans vSAN clusters and looks at cluster configurations against a large database of VMware Knowledge Base and Best Practices rules. This results in the ability to list issues and then offer suggestions on how to fix those issues which may affect vSAN availability or functionality. This acts as a good way to stop issues before they become more serious problems that impact environments.

As mentioned version 1.7 also offers an upgrade to the vSphere Web Client and as you can see below the integration is tight with the HTML5 client.

Finally, I wanted to highlight the new VMware Stack dashboard. This new visual component aims to very quickly prioritize what problem to solve and where it exists. The VMware stack contains 5 layers, Management, VM, Compute, Network and Storage. Runecast prioritizes and sorts all detected problems into those five categories so an admin can easily see where the critical issues are and what is the risk they pose.

Overall for those that have vSAN in their environments I would recommend a look at this release. The guys at Runecast are taking a unique approach to monitoring and I’m looking forward to future releases as they expand even more beyond vSphere and vSAN.

The latest version is available for a free 14-day trial.

vCloud Director Tenant UI: Dude…Where is my VM Web Console?

As most of you should know buy now, vCloud Director 9.0 features a new HTML5 Tenant UI Portal which is not only very pretty, but also functional. As of the 9.0 release the HTML5 Tenant UI has a limited scope of functionality compared to the legacy Flex based web console but is still a great example of where vCD is going in terms of continuing to enhance vCD.

I was having a discussion on Slack with Mark Ukotic talking about future vCD releases when he commented that he was looking forward to the Web Console coming to the HTML5 UI. To which I said “It was already there!” He replied saying “Really?” to which I replied…

On the Virtual Machines page, you can click on the VMware graphic which will open a Web Console window.

You won’t see the mouse change to indicate that the area is hot, which is why most people assume that the option to launch the Web Console isn’t there. But if you click on it, the Web Console window will pop up and you will be able to interact with the VM.

It is a very limited console in terms of remote actions you can perform. There is a lot more functionality in the VMware Remote Console…hopefully we will see that available to launch through the new Tennant UI in upcoming versions.

If the VM if powered off you will get the following message if you try to click on the image.

So there you have it! The Web Console is there in the new HTML5 Tenant UI in vCloud Director 9.0…it’s not super obvious, but it is there!


NSX Bytes: NSX 6.4 UI Enhancements and Upgrade Coordinator

NSX-v 6.4 was released a couple of weeks ago and as I talked about in my launch post, there are a lot of new features and enhancements that make this release significant. A big focus for this release was around enhancing NSX’s ease of use and serviceability. There have been a number of additions to the UI with additional dashboards and menu items. Also importantly, a first port of the NSX Web Client functionality over the to HTML5 Web Client.

What’s interesting about the approach that the NSX product team has taken is that they have decided to have each new feature in the HTML5 Web Client accessible from the old Flash based Web Client as well. They have also continued to improve on the layout and usability of the flash based vSphere Web Client so what you have now is a combination of Flash and HTML5 inside the old Web Client as well as a limited pure HTML5 NSX experience in the new Web Client.

UI Enhancements:

Among the enhancements to the UI is the improvement in the navigation menu where some commonly used menu items that where clicks away have been brought into the main tree. As you can see below there is a lot more happening in the 6.4 menu tree on the right vs the previous releases on the left.

The HTML5 menu is a little shorter with only a couple of items added however it shows you what it will look like when the porting is complete. Also shown in the picture below is the new System Scale Dashboard that provides visibility into the current usage of various NSX components and system capacity relative to configuration maximums with warning thresholds configurable.

Highlighting the Flash+HTML cross over in the Flash Web Client, the System Scale Dashboard is also present in the old Web Client and shown below.

In terms of other UI additions there is now an EAM status monitor in the Host Preparation Tab and a direct way from the Web Client to generate Support Bundle…which again, is available from both Web Clients.

NSX Upgrade Coordinator:

Probably one of the coolest features in NSX-v 6.4 is the Upgrade Coordinator.

When you upgrade using Upgrade Coordinator, you can select to perform a One Click Upgrade, where everything is upgraded during one upgrade session. Or you can select to Plan Your Upgrade, and customize which components are upgraded, and organize component objects into upgrade groups.

Working you way through the wizard you can select which components to upgrade.

For me have control of the NSX Edge upgrades is super important as this has historically been a monotonous task for Service Providers with lots of customer using vCloud Director Edge services. The Upgrade Coordinator streamlines this upgrade task and makes the process a lot more efficient.

Having the ability to group and order the upgrade process for Edges (and Service VMs) is also an excellent enhancement. Once the wizard has been completed you are shown a progress dashboard which you can click into to view the current state of upgrading components.

Once completed, you should have all components upgraded and you can go through the post upgrade tasks and once completed you can always get an overview of the NSX environment by clicking on the main dashboard.


There is a lot to like about where the NSX team is taking the user interface and it’s good to see an initial move over to the HTML5 Web Client while also having that same functionality still accessible via the Flash Web Client. To have a loot at what is currently supported and what is not in the HTML5 vs Flash Client head to this page and check out the support tables.

I’m looking forward to future updates that will look to push more functionality directly into the HTML5 Web Client.


Released: vCloud Director – Important Networking Fixes!

Last week VMware put out a new point release for vCloud Director 9.0 (Build 7553273) for Service Providers. While there is nothing new in this release there are a significant number of resolved issues as listed in the release notes. One thing to mention is that even though this was released during a similar timeframe to NSX-v 6.4 there is no offical compatibility just yet.

Reading through the list of resolved issues there where some pretty impactful errors that seem to be related mostly to NSX operations and networking in general.

  • Deleting a Provider VDC can corrupt VXLAN network pools that are in use After you delete a Provider VDC, its associated VXLAN network pool becomes unusable by organization VDCs backed by other Provider VDCs.
  • The Redeploy an Edge Gateway from vCloud Director task succeeds instantly but the Edge does not actually redeploy in NSX When you attempt to redeploy an Edge Gateway from vCloud Director, the API initiates a task in vCloud Director and in vCenter Server but does not send a redeploy request to the NSX server. As a consequence, the Edge Gateway does not redeploy.
  • Registration of an NSX Server fails when you supply the credentials of an SSO user vCloud Director SSO users are not authorized to access an NSX endpoint required for registration, so registration fails.
  • Changes on Edge Gateway Services are not synchronized between vCloud Director and NSX When you modify one of the Edge Gateway Services, for example by creating a Static Route, the change is saved on the vCloud Director side but cannot be saved on the NSX server.
  • Creating or updating a firewall rule for an Advanced Gateway Portal with enabling the Show only user-defined rules toggle causes the action of the default firewall rule to change. When you create a new firewall rule or update an existing rule for an Advanced Gateway Portal, if you enable the Show only user-defined rules toggle, the action of the default firewall rule changes incorrectly to match the last modified rule.
  • Deleting an external network that uses a distributed virtual port group with a Private VLAN does not work When you try to delete an external network that is liked to a private VLAN associated with a distributed virtual port group (dvPortgroup), the deletion fails with an InternalError: Only single VLAN or trunk VLAN is supported error message.
  • You cannot add a DNAT rule configuring an original or a translated port or port range through the tenant portal When you attempt to add a DNAT rule from the Edge Gateway screen in the tenant portal, you cannot enter either a port or a port range in the Original Port and the Translated Port text boxes.
  • Creating a SNAT or a DNAT network rule by using a public IP address that is not associated to a particular network interface fails When you try to create a SNAT or a DNAT network rule for either an internal or an external interface in vCloud Director, if the public IP address is not added to a particular network interface, you receive a the following error message:
  • Configuring a static route fails if you set the gateway of an external network as a next hop IP address When you configure a static route for an organization network, if you enter the address of an existing default gateway in the Next Hop IP text box, saving the static route configuration fails with the following error message:

Good to seem them fixing issues quickly but it also tells me that a lot of people participating in the beta for 9.0 didn’t test deep enough against real word scenarios…a lot of what is listed above isn’t what you would consider corner cases. These issues should have bene picked up before going to GA. Possibly also shows that a lot of VCPP Service Providers haven’t upgraded to 9.0 just yet. In any case the vCloud product development team has been hard at work resolving the bugs and Service Providers should be confident deploying or upgrading to 9.0 now.


If you are a vCAN SP and have the right entitlements follow this link to download vCloud Director




NSX-v 6.4.0 Released! What’s in it for Service Providers

This week VMware released NSX-v 6.4.0 (Build 7564187) and with it comes a new UI Plug-in for vSphere Client (HTML5) which includes some new dashboards including a new Update Lifecycle Manager built right into the Web Client. Reading through the release notes, for me the biggest improvements seem to be around NSX Edges and Edge services. These are central to Service Providers who offer NSX services with vCloud Director or otherwise via their service offerings. There are also as usual, a number of Resolved Issues which can be skimmed through in the release notes page.

What’s New:

As mentioned above there is a lot to get through and there are a lot of new enhancements and features packed into this release. I’ve gone through and picked the major ones as they might pertain to Service Providers running NSX on their platforms. I’ve basically followed the sections in the Release Notes but summarised for those that don’t want to troll through the page. Ad the end of each section i’ve commented on the benefits of the improvements.

Security Services

  • Identity Firewall now supports user sessions on remote desktop and application servers (RDSH) sharing a single IP address, new “fast-path” architecture improves processing speed of IDFW rules. Active Directory integration now allows selective synchronization for faster AD updates.
  • Distributed Firewall adds layer-7 application-based context for flow control and micro-segmentation planning.
  • Distributed Firewall rules can now be created as stateless rules at a per DFW section level.
  • Distributed Firewall supports VM IP realization in the hypervisor. This allows users to verify if a particular VM IP is part of a securitygroup/cluster/resourcepool/host.

These security features listed above will make a lot of people happy and improves end user experience and the DFW supporting within the VM is a small but important feature.

NSX User Interface

  • Support for vSphere Client (HTML5): Introduces VMware NSX UI Plug-in for vSphere Client (HTML5).
  • HTML5 Compatibility with vSphere Web Client (Flash): NSX functionality developed in HTML5 (for example, Dashboard) remains compatible with both vSphere Client and vSphere Web Client, offering seamless experience for users who are unable to transition immediately to vSphere Client.
  • Improved Navigation Menu: Reduced number of clicks to access key functionality, such as Grouping Objects, Tags, Exclusion List and System Configuration.

It’s great to see NSX jump over to the HTML5 Web Client and even though it’s a small first step its a great preview of what’s to come in future releases. The fact that it goes both ways, meaning older flash clients still have the features is important as well.

Operations and Troubleshooting

  • Upgrade Coordinator provides a single portal to simplify the planning and execution of an NSX upgrade. Upgrade Coordinator provides a complete system view of all NSX components with current and target versions, upgrade progress meters, one-click or custom upgrade plans and pre- and post-checks.
  • A new improved HTML5 dashboard is available along with many new components. Dashboard is now your default homepage. You can also customize existing system-defined widgets, and can create your own custom widgets through API.
  • New System Scale dashboard collects information about the current system scale and displays the configuration maximums for the supported scale parameters. Warnings and alerts can also be configured when limits are approached or exceeded.
  • A Central CLI for logical switch, logical router and edge distributed firewall reduces troubleshooting time with centralized access to distributed network functions.
  • New Support Bundle tab is available to help you collect the support bundle through UI on a single click. You can now collect the support bundle data for NSX components like NSX Manager, hosts, edges, and controllers.
  • New Packet Capture tab is available to capture packets through UI.
  • Multi-syslog support for up to 5 syslog servers.
  • API improvements including JSON support. NSX now offers the choice or JSON or XML for data formats. XML remains the default for backwards compatibility.

There is a lot going on here but for me it continues to solidify the vision that Martin Casado had around Nicira in it being efficient in software to get a deep view of what’s happened and what’s happening in your network. The System Scale dashboard (shown below) also is a great way to get an understanding of how loaded an NSX environment is…one of my favourite news features.

NSX Edge Enhancements

  • Enhancement to Edge load balancer health check. Three new health check monitors have been added: DNS, LDAP, and SQL.
  • You can now filter routes for redistribution based on LE/GE in prefix length in the destination IP.
  • Support for BGP and static routing over GRE tunnels.
  • NAT64 provides IPv6 to IPv4 translation.
  • Faster failover of edge routing services.
  • Routing events now generate system events in NSX Manager.
  • Improvements to L3 VPN performance and resiliency.

I’ve highlighted this in red because the improvements above continue to build on a very strong foundation that is the NSX Edge Gateway that still continues vShield DNA. Though I’ve been away from the day to day of a service provider for almost a year and a half I recognise that these new features create a more enterprise class of edge device. The little thing added will make network engineers happy.


Overall this looks like a strong release for NSX-v and good to see that there is still a ton of development going into the platform. Service providers have the most to gain from this release which is a good thing! The only thing that I do hope is that as a 6.x.0 release that it’s stable and without any major bugs…the history of these first major release builds hasn’t been great but hopefully that’s a thing of the past with 6.4.0.

EDIT: Just to clarify after a couple of comments, it seems that for the moment vCD 9.0 and 8.20 is not compatible with NSX-v 6.4.0 just yet. More news when it comes to hand.


9.5 Update 3 Officially Compatible with VMware Cloud on AWS

At VMworld 2017 Veeam was announced as one of only two foundation Data Protection partners for VMware Cloud on AWS. This functionality was dependant on the release of Veeam Backup & Replication 9.5 Update 3 that contained the enhancements for it to interoperate with VMware Cloud on AWS locked down vCenter.

This week 9.5 Update has been listed on the VMware Compatibility Guide (VCG) for Data Protection.

In terms of what you now get in Update 3, there is little noticeable difference in the process to configure and run backup or replication jobs from within Veeam Backup & Replication. The VMware Cloud on AWS resources are treated as just another cluster so most actions and features of the core platform work as if the cloud based cluster was local or otherwise.

There were a few limitations that VMware have placed on the solution which means that our NFS based features such as Instant VM Recovery, Virtual Labs or Surebackups won’t work at this stage. HotAdd mode is the only supported backup transport mode (which isn’t a bad thing as it’s my preferred transport mode) which talks to a new VDDK library that is part of the VMC platform.

With that the following features work out of the box:

  • Backup with In Guest Processing
  • Restores to original or new locations
  • Backup Copy Jobs
  • Replication
  • Cloud Connect Backup
  • Windows File Level Recovery
  • Veeam Explorers

I’m really excited where VMware takes VMware Cloud on AWS and I see a lot of opportunities for the platform to be used as an availability resource. Over the next couple of months I’m hoping to be able to dive a little more into how Veeam can offer both backup and replication solutions for VMware Cloud on AWS.


« Older Entries