VMware Cloud Foundation

#VMwareVCFchat Recap: Cloud Foundation 4 + NSX-T 3.0

On April 22, the Cloud Foundation team hosted our second #VMwareVCFchat tweet chat! We asked a series of questions regarding the latest release of Cloud Foundation 4, but this time we focused on the features of NSX-T 3.0. We kicked off the Tweet Chat by introducing our guests Josh TownsendRick Walsworth, and Varun Santosh, (Tweet Link), then it was off to the first question. Continue reading for the highlight reel recap to our Q&A!


Q1: First question, what are some of the benefits of Cloud Foundation, and what does the latest release offer? (Tweet Link)

Josh: Cloud Foundation provides consistent infrastructure and operations across hybrid clouds, and now with VMware Cloud Foundation 4, a new layer of consistency for apps with the integration of VMware Tanzu Kubernetes!

Rick: VMware Cloud Foundation 4.0 delivered the latest vSAN, vRealize, NSX and vSphere with Kubernetes and is now GA! Read this blog for more information.


Q2: Can you talk about the key networking and security features NSX-T 3.0 delivers in Cloud Foundation 4? (Tweet Link)

Josh: Following along with the ‘consistent’ stuff in my A1, NSX-T 3.0 provides consistent security tools, policies and constructs to protect workloads wherever they move in your hybrid cloud.

Varun: NSX-T 3.0 covers three key areas: Cloud scale networking for consistent policy across data centers and clouds, Intrinsic security that delivers micro-segmentation and context-based IDS; and full-stack networking and security for modern apps.

Rick: VMware Cloud Foundation 4.0 runs NSX-T in both management & workload domains, utilizing new features including service chaining, distributed firewall IDS/IPS and much more. Read this blog for more details.


Q3: What does intrinsic security mean for Cloud Foundation? What security does NSX-T 3.0 provide within VCF? (Tweet Link)

Josh: With VMware Cloud Foundation you have a platform with security engineered into all layers – compute, storage, network, management, and apps. vSphere7, vSAN7, NSXT3, vRealize, and Tanzu all bring complementary features that help you secure both your infrastructure and apps.

Varun: The recently announced ‘VMware Advanced Security for Cloud Foundation’ bundle leverages micro-segmentation and VMware NSX Distributed IDS/IPS delivered in NSX-T 3.0 for advanced threat detection for east-west data center traffic.

Rick: Intrinsic security in VMware Cloud Foundation means that the security is built-in rather than bolted-on. Using the power of NSX-T 3.0, features such as distributed IDS/IPS and firewalling are included within the VCF product SKU. Learn More here.


Q4: How do NSX-T 3.0 + Cloud Foundation 4 work together to provide a more secure data center? (Tweet Link)

Rick: Good question – VMware NSX provides complete security for traditional and modern apps, on top of Microsegmentation, you have distributed firewalling, as well as IDS/IPS provide best in class intrusion detection and prevention included within VMware Cloud Foundation. VMware Cloud Foundation provides intrinsic security at each layer of the full stack HCI architecture, in addition to NSX, vSphere and VMware vSAN have leading security capabilities all managed by vRealizeSuite. Learn More in this blog.

Josh: With VMware Cloud Foundation 4, NSX-T is the default networking stack for both management and workload domains. Having a single, powerful virtual networking and security stack brings consistency to your network ops

Varun: VMware Cloud Foundation has a set of foundational security capabilities: Data & VM encryption, compliance and micro-seg. NSX-T 3.0 adds advanced threat detection with distributed IDS/IPS which scales with workloads to improve utilization and ops while radically reducing false positives.


Q5: Let’s talk cloud. How does Cloud Foundation with NSX-T 3.0 enable cloud-scale networking? (Tweet Link)

Josh: VMware Cloud Foundation and NSX-T 3.0 together helps you scale your cloud both up and out with ease by automatically deploying the full SDDC stack in workload domains, as well as spanning multiple hybrid clouds so you can scale when and where you need it!

Rick: NSX-T 3.0 has cloud-scale network agility built into Cloud Foundation, Sec policies maintained during workload failover/migration between sites. Now meets stringent AWS, GovCloud and Azure Government requirements. Read More.

Varun: VMware Cloud Foundation provides the simplest path to hybrid cloud through a simple, secure and agile cloud infrastructure across private and public clouds. NSX-T 3.0 enables the simplicity and agility expected from a cloud-scale network through NSX Federation.

Varun: Federation delivers policy consistency and fault isolation across NSX domains using the NSX-T 3.0 Global Manager, which greatly simplifies network management, visibility, and troubleshooting. More on NSX Federation here.


Q6: Why was NSX-T 3.0 designed-in as the default networking solution for vSphere 7 with Kubernetes? (Tweet Link)

Josh: Quite simply, NSX-T 3.0 is the latest and greatest version of VMware NSX that brings scalability, performance, security and container-ready networking to Cloud Foundation.

Rick: NSXT designed from ground up as ultimate networking solution for vSphere with K8s because of distributed security, firewalling, networking, load balancing, IPAM and much more…VMware Cloud Foundation automates deployment all. Read more here.

Varun: NSX-T 3.0 is unique in that it is a true full-stack network platform for K8s and VMs. As the default solution for vSphere7 with Kubernetes, NSX-T 3.0 provides distributed switching, routing, firewalling, load balancing, NAT, IPAM, and more. More on that here.


Q7: How does NSX-T 3.0 provide networking and security for both the vSphere Supervisor Cluster and VMware Tanzu Kubernetes Cluster? (Tweet Link)

Rick: VMware Cloud Foundation is deployed with NSXT in management & VI workload domains and Kubernetes, taking full advantage of the advanced security and network load balancing with visibility through vRNI. Makes deploying Kubernetes at scale a snap. Learn more here.

Varun: NSX-T 3.0 delivers a prescriptive network design to simplify the implementation of vSphere Namespaces. It automatically implements logical segments, distributed routing and firewalling, and IPAM services for Namespace isolation in the vSphere7 Supervisor Cluster. NSX-T 3.0 also simplifies the deployment of VMware Tanzu Kubernetes Grid clusters through integration with Cluster API. This includes creation of logical segments, Tier-1 Gateways, and load balancers needed in Tanzu Kubernetes Grid clusters.


Q8: Discuss how advances in NSX-T 3.0 and Cloud Foundation 4 make it the best Kubernetes solution available. (Tweet Link)

Josh: VMware Cloud Foundation 4 brings Tanzu Kubernetes Grid and native container services in vSphere7 into the platform, making it easy to deploy and manage a fully compliant Kubernetes environment with advanced networking and security built-in with NSX-T 3.0.

Rick: By standardizing on NSX-T 3.0 within all VI domains within VMware Cloud Foundation, network admins can deploy new systems faster than ever before, by automating the Day 0 deployment and the Day 1 configuration and lifecycle management thereafter, admins can manage larger networks with much less effort.

Varun: NSX-T 3.0 handles network complexities behind the scenes. Admins can easily create isolated vSphere7 Namespaces and security policies while developers focus on app development. Workloads automatically inherit security policy, allowing developers to self-service resources in the namespace.


Q9: Which features does Cloud Foundation 4 automate for NSX-T 3.0 in order to help customers simplify and accelerate deployment? (Tweet Link)

Rick: NSX-T 3.0 within VMware Cloud Foundation has many features that are automated including deployment configuration and lifecycle management that automates and streamlines the initial deployment and ongoing management. Learn more in this blog.


Q10: In regards to networking and security, what else about VMware Cloud Foundation should we know to accelerate deployment of modern apps? (Tweet Link)

Rick: NSX-T 3.0 is legendary for Microsegmentation, but since networking and security policies can be applied to a Namespace, it makes deploying (and destroying) Kubernetes clusters self-service through APIs in fast-paced DevOps environments. Read more here.

Josh: Cloud Foundation 4 provides both Tanzu Kubernetes grid as well as Hybrid Infrastructure Services in vSphere7 – all accessible through Kubernetes and RESTful APIs. This greatly simplifies consumption of infrastructure and deployment of apps for DevOps teams.


Q11: Without spilling any secrets, what do you see for the future of NSX + Cloud Foundation? What challenges and solutions are you and the VMware team thinking about? (Tweet Link)

Rick: No state secrets being given away here, but you can expect more integration and automation on all of the components of the full-stack solution, tighter integration with Tanzu and Kubernetes. What would you like to see in VMware Cloud Foundation?

Josh: The goal is to simplify deployment of infrastructure in your clouds so you can focus on the things that really matter – provisioning resources for apps to drive your business forward. We’re looking at many ways to drive simplicity and automation!


Q12: Final countdown! For our last question, what are some of your favorite resources for learning more about Cloud Foundation and NSX? (Tweet Link)

Josh: Check out the Cloud Foundation Resource Center on StorageHub: Lots of great resources to learn about VMware Cloud Foundation with overviews, guides, and step-by-step learning paths!


Varun: Some of my favorites:


Rick: Here are my favorite go-to pages:

Thank you for joining us for this month’s #VMwareVCFchat! Stay tuned for when we announce the next chat. See you on Twitter!

Related Articles


Leave a Reply

Your email address will not be published. Required fields are marked *