Securing virtual machines using NSX Distributed Firewall and migrating traditional networks to NSX overlay networking

by Farhan Patel, posted in Network Security, Software Defined Networking, VMware NSX

Why VMware NSX? VMware NSX is L2 to L7 network virtualization and advanced security platform. NSX overlay networks which are backed by Geneve overlay protocol provide software defined networking capabilities. Overlay networking allows cloud scale networking whereby multiple overlay networks (NSX overlay segments backed by NSX overlay transport zone) related to multiple tenants can be … Continue reading Securing virtual machines using NSX Distributed Firewall and migrating traditional networks to NSX overlay networking

NSX Federation – Peering with physical firewall cluster across two locations

by Farhan Patel, posted in Uncategorized

NSX Federation: Provides single pane of glass for managing networking and security constructs of more than one location. Allows stretching of overlay networks between locations VM mobility between locations using the same IP address. This is possible because NSX Federation ensures same network is available across multiple locations. Recover VMs in disaster recovery location using … Continue reading NSX Federation – Peering with physical firewall cluster across two locations

NSX-T VRF Gateway use-case and Traffic Flows

by Farhan Patel, posted in Network Design, Routing, Software Defined Networking, VMware NSX

Similar to routers with VRF lite feature, NSX Tier 0 Gateway supports VRF gateway feature which allows multiple VRF gateways to exist under the parent Tier 0 Gateway. Based on the VMware configmax portal, NSX version 4.1.2 supports up to 100 VRF gateways per edge node. VRF gateways in NSX save CPU, memory and storage … Continue reading NSX-T VRF Gateway use-case and Traffic Flows

NSX-T Multi Site and NSX Advanced Load Balancer in No Orchestrator Mode

by Farhan Patel, posted in load balancer, nsx-t, Software Defined Networking, VMware NSX

Brief introduction about NSX-T Multi Site: Provides overlay networking which spans multiple locations. Consistent security using NSX Distributed Firewall in cases where the VM moves to another location. There is no Distributed Firewall configuration that needs to be updated in NSX when VM moves to other location. NSX use cases like logical switching, logical routing, … Continue reading NSX-T Multi Site and NSX Advanced Load Balancer in No Orchestrator Mode

VMware NSX for Identity Firewall Use Case

by Farhan Patel, posted in Network Security, Security, VMware NSX

Identity firewall Identity firewall IDFW enables one to configure distributed firewall rules based on Active Directory user group. Identity firewall can be utilized for virtual desktops, remote desktop sessions RDSH and also for physical machines. VMware NSX will control access to the target/destination servers based on the user logged in to the source VM. In … Continue reading VMware NSX for Identity Firewall Use Case

VMware NSX Distributed Firewall

by Farhan Patel, posted in Network Security, nsx-t, Security, VMware NSX

Technical References: NSX-T Reference Design Guide VMware NSX-T Administration Guide VMware NSX Distributed Firewall is software defined Layer 7 stateful firewall which provides protection at vnic level of a virtual machine. Layer 7 Application ID, FQDN filtering, identity based fire-walling are important capabilities of NSX Distributed Firewall. A very popular use case of NSX Distributed … Continue reading VMware NSX Distributed Firewall

NSX Advanced Load Balancer – Multiple NSX-T Clouds under NSX ALB

by Farhan Patel, posted in VMware NSX

NSX Advanced Load Balancer Architecture ALB NSX Advanced Load Balancer ALB provides L4+L7 load balancing services and is built on software-defined principles where easy scale out is provided. This approach removes the complexity of managing multiple physical appliances, gets rid of scale out issues when throughput requirements increase. NSX ALB consists of two main components: … Continue reading NSX Advanced Load Balancer – Multiple NSX-T Clouds under NSX ALB

Multiple VDS’ on host for Overlay on compute hosts

by Farhan Patel, posted in nsx-t, Routing

 Multiple VDS' for Overlay on compute hosts   This use case is also referenced in NSX-T Reference Design Guide which mentions that starting with NSX 3.1, a host can have virtual switches part of different overlay transport zones and the TEPs on each virtual switch can be on different VLAN/IP subnets (still, all the TEPs … Continue reading Multiple VDS’ on host for Overlay on compute hosts

NSX Advanced Load Balancer: NSX-T VLAN Cloud

by Farhan Patel, posted in VMware NSX

NSX Advanced Load Balancer ALB Architecture: Controller: NSX ALB control plane comprises of three controller nodes. The controller is used for management purpose. Controller places virtual service on the data plane component referred to as service engine. Controller nodes communicate with each other and with service engines. Clients access virtual service over required port as … Continue reading NSX Advanced Load Balancer: NSX-T VLAN Cloud

NSX v2T Migration Methodologies & introduction of user-defined topology in NSX-T 3.2

by Farhan Patel, posted in nsx-t, VMware NSX

Above mind map is based on the online Migration Coordinator Guide for NSX-T version 3.2 Brief about the methods: User defined Topology: This got introduced in version 3.2 and has two modes: Complete migration: which does not need additional hardware and will migrate NSX-V edges, DLRs, hosts and workloads. This mode allows you to map … Continue reading NSX v2T Migration Methodologies & introduction of user-defined topology in NSX-T 3.2