NSX-T 3.0 goes GA

Major release of our full stack Layer 2 to Layer 7 networking platform that offers virtual networking, security, load balancing, visibility, and analytics in a single platform.

As a key component of Virtual Cloud Network, innovation at it best NSX-T 3.0 also introduces 

  • Global policy consistency
  • AWS and Azure gov cloud support
  • VMware NSX® Intelligence enhancements, 
  • Layer 3 EVPN, and powerful networking and security services for vSphere with Kubernetes

Cloud-scale Network Agility

Scaling up and managing a cloud environment – whether public or private.

NSX Federation – NSX Federation in NSX-T 3.0 helps deliver a cloud-like operating model by simplifying the consumption of networking and security constructs. It introduces the NSX Global Manager, a centralized console for managing the network as a single entity while keeping configuration and operational state synchronized across multiple locations.

Support for AWS GovCloud and Azure Government – NSX-T 3.0 extends support for public clouds with VMware NSX™ Cloud support for AWS GovCloud and Azure Government.

Enhanced Multi-tenancy with VRF Lite and Layer 3 BGP EVPN – VRF Lite greatly reduces the networking infrastructure footprint by introducing complete data plane tenant isolation with separate routing table, NAT, and firewall within each VRF on NSX Edge. NSX Edge also implements Layer3 EVPN to seamlessly connect telco VNFs to the overlay network.  The Edge implements standards based BGP control plane to advertise IP Prefixes, running eBGP sessions to the VNF and MP-BGP sessions with the PE/DCGW(s). 

Dynamic Network Service Chaining – NSX service insertion is further enhanced with support for dynamic service chaining for traffic from and to VMs, containers, and bare metal workloads.  The Edge Node dynamically classifies incoming network traffic and applies a set of network services to achieve app-aware security and monitoring.

Intrinsic Security:

NSX-T 3.0 is a step further towards our goal of extending the NSX intrinsic security approach from every workload to data center, multi-cloud, and edge. 

NSX Distributed IDS/IPS : NSX Distributed IDS/IPS is an advanced threat detection engine purpose-built to detect lateral threat movement on east-west traffic across multi-cloud environments.  It eliminates security blind-spots and helps meet compliance needs.

  • L7 Edge Firewall Enhancements – The Layer 7 Edge Firewall is further enhanced in NSX-T 3.0 with the implementation of URL Analysis for URL Classification and Reputation. The Edge Firewall detects access from outside the datacenter for granular detection and categorization of in-bound and outbound URLs.
  • DFW for Windows 2016 workloads – In addition to existing support for Linux, NSX-T 3.0 adds NSX Distributed Firewall (DFW) support for Windows 2016 based physical workloads. 
  • Time-based rules and Configuration wizard – Firewall rules can be enforced based on a pre-scheduled timeline defined by the administrator. NSX-T 3.0 also simplifies the implementation of VLAN backed micro-segmentation using a new configuration wizard. 

Full-stack Networking and Security for Modern Apps

Networking for vSphere with Kubernetes – NSX-T is designed-in from the ground up as the default pod networking solution for vSphere with Kubernetes.  NSX provides a rich set of networking capabilities for vSphere with Kubernetes, including distributed switching and routing, firewalling, load balancing, NAT, IPAM, and more.

  • Prescriptive networking for vSphere Namespace isolation – NSX-T 3.0 delivers a prescriptive network design to greatly simplify the implementation of vSphere Namespaces. It automatically implements the logical segments, distributed routing and firewalling, and IPAM services required for Namespace isolation in the vSphere Supervisor Cluster.  Any workloads created in a Namespace automatically inherit the security policy applied to that Namespace, allowing developers to self-service resources into that Namespace. 
  • Integration with Cluster API in VMware Tanzu Kubernetes Grid Service – NSX-T integrates with VMware Tanzu Kubernetes Grid Service to allow developers to deploy Tanzu Kubernetes Grid clusters.  NSX-T greatly simplifies the necessary networking infrastructure, including the creation of logical segments, Tier-1 Gateway, and load balancers, needed for Tanzu Kubernetes Grid clusters.

Major enhancement on Operational Simplicity and Automation 

Converged vSphere® Distributed Switch™ – With NSX-T 3.0, admins can now deploy NSX-T directly on VMware vSphere Distributed Switch 7.0. This greatly simplifies NSX-T deployment in vSphere environments with no changes required to the existing vSphere Distributed Switch and no VM traffic disruption.
Policy Enhancements with Terraform Provider & Ansible Module – NSX-T 3.0 extends the use of Terraform Provider and Ansible Modules, two of the most widely used automation tools for config generation and deployment, beyond NSX-T installation use cases with support for the NSX-T Policy API.

Want to try hands-on, get started with a Beginner or Advanced NSX Hands-On-Lab (HOL)