What’s New:
As mentioned above there is a lot to get through and there are a lot of new enhancements and features packed into this release. I’ve gone through and picked the major ones as they might pertain to Service Providers running NSX on their platforms. I’ve basically followed the sections in the Release Notes but summarised for those that don’t want to troll through the page. Ad the end of each section i’ve commented on the benefits of the improvements.
Security Services
- Identity Firewall now supports user sessions on remote desktop and application servers (RDSH) sharing a single IP address, new “fast-path” architecture improves processing speed of IDFW rules. Active Directory integration now allows selective synchronization for faster AD updates.
- Distributed Firewall adds layer-7 application-based context for flow control and micro-segmentation planning.
- Distributed Firewall rules can now be created as stateless rules at a per DFW section level.
- Distributed Firewall supports VM IP realization in the hypervisor. This allows users to verify if a particular VM IP is part of a securitygroup/cluster/resourcepool/host.
These security features listed above will make a lot of people happy and improves end user experience and the DFW supporting within the VM is a small but important feature.
NSX User Interface
- Support for vSphere Client (HTML5): Introduces VMware NSX UI Plug-in for vSphere Client (HTML5).
- HTML5 Compatibility with vSphere Web Client (Flash): NSX functionality developed in HTML5 (for example, Dashboard) remains compatible with both vSphere Client and vSphere Web Client, offering seamless experience for users who are unable to transition immediately to vSphere Client.
- Improved Navigation Menu: Reduced number of clicks to access key functionality, such as Grouping Objects, Tags, Exclusion List and System Configuration.
It’s great to see NSX jump over to the HTML5 Web Client and even though it’s a small first step its a great preview of what’s to come in future releases. The fact that it goes both ways, meaning older flash clients still have the features is important as well.
Operations and Troubleshooting
- Upgrade Coordinator provides a single portal to simplify the planning and execution of an NSX upgrade. Upgrade Coordinator provides a complete system view of all NSX components with current and target versions, upgrade progress meters, one-click or custom upgrade plans and pre- and post-checks.
- A new improved HTML5 dashboard is available along with many new components. Dashboard is now your default homepage. You can also customize existing system-defined widgets, and can create your own custom widgets through API.
- New System Scale dashboard collects information about the current system scale and displays the configuration maximums for the supported scale parameters. Warnings and alerts can also be configured when limits are approached or exceeded.
- A Central CLI for logical switch, logical router and edge distributed firewall reduces troubleshooting time with centralized access to distributed network functions.
- New Support Bundle tab is available to help you collect the support bundle through UI on a single click. You can now collect the support bundle data for NSX components like NSX Manager, hosts, edges, and controllers.
- New Packet Capture tab is available to capture packets through UI.
- Multi-syslog support for up to 5 syslog servers.
- API improvements including JSON support. NSX now offers the choice or JSON or XML for data formats. XML remains the default for backwards compatibility.
There is a lot going on here but for me it continues to solidify the vision that Martin Casado had around Nicira in it being efficient in software to get a deep view of what’s happened and what’s happening in your network. The System Scale dashboard (shown below) also is a great way to get an understanding of how loaded an NSX environment is…one of my favourite news features.
NSX Edge Enhancements
- Enhancement to Edge load balancer health check. Three new health check monitors have been added: DNS, LDAP, and SQL.
- You can now filter routes for redistribution based on LE/GE in prefix length in the destination IP.
- Support for BGP and static routing over GRE tunnels.
- NAT64 provides IPv6 to IPv4 translation.
- Faster failover of edge routing services.
- Routing events now generate system events in NSX Manager.
- Improvements to L3 VPN performance and resiliency.
I’ve highlighted this in red because the improvements above continue to build on a very strong foundation that is the NSX Edge Gateway that still continues vShield DNA. Though I’ve been away from the day to day of a service provider for almost a year and a half I recognise that these new features create a more enterprise class of edge device. The little thing added will make network engineers happy.
Conclusion:
Overall this looks like a strong release for NSX-v and good to see that there is still a ton of development going into the platform. Service providers have the most to gain from this release which is a good thing! The only thing that I do hope is that as a 6.x.0 release that it’s stable and without any major bugs…the history of these first major release builds hasn’t been great but hopefully that’s a thing of the past with 6.4.0.
EDIT: Just to clarify after a couple of comments, it seems that for the moment vCD 9.0 and 8.20 is not compatible with NSX-v 6.4.0 just yet. More news when it comes to hand.
Resources:
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/rn/releasenotes_nsx_vsphere_640.html