NSX Cloud helps customers implement consistent networking and security from on-premises to AWS and Azure. In our latest release of NSX-T 2.4, we’ve added a host of improvements to the service. Read on to discover which updates will have the biggest impact on your hybrid cloud strategy.
With the release of NSX-T 2.4, we’ve extended the capabilities of NSX Cloud to make it easier than ever to seamlessly, and consistently manage networking and security across on-premises data center and workloads running natively in public clouds such as AWS and Azure.
Here’s a topline view of the new updates:
- Lower costs and faster onboarding with shared gateways in transit VPC/VNET
- Improved cloud efficiency and cost-effectiveness with VPN support
- Cost savings with selective north-south service insertion and partner integration
- Support for Hybrid Cloud on Azure for use-cases such as micro-segmentation
- Declarative Policy for Hybrid Workloads
Read on to explore each of the new features in depth.
Lower Costs and Faster Onboarding with Shared Gateways in Transit VPC/VNET
You can now choose to have a single NSX cloud gateway deployed in a transit VPC/VNET that manages multiple compute VPCs/VNETs, rather than having to install an NSX Cloud gateway in every one. This cuts down your Public Cloud Gateway (PCG) footprint, deployment costs and operational overhead, while also helping to solve transitive routing limitation in AWS and reducing the number of VPN tunnels required to backhaul data traffic.
By consolidating NSX Cloud gateways, you can also on-board VPCs/VNETs more quickly, and share these gateways across accounts. It also adds an additional layer of securing by preventing unauthorized termination of the cloud gateway by end users.
VPN Support in Public Cloud
In NSX-T 2.4, we’ve included built-in VPN tunnel setup support, to help backhaul traffic from the cloud to on-prem. You can now terminate on-premises VPNs in your NSX Cloud Gateway, and you no longer need a public cloud vendor provided VGW to do this, reducing costs. This update also reduces management overhead as by automatically propagating routes over BGP in NSX Cloud Gateway. NSX Cloud also provides a huge bump in capacity from a bandwidth perspective with Inter-VPC traffic flows up to 5Gbps over peered VPCs vs. just 1Gbps offered over VGW.
You can now also establish VPN connectivity to NSX Cloud Gateways located in different regions across multiple clouds. Flexibility when architecting VPNs is improved by the ability to have a third-party VPN Gateway at any of the endpoints.
Cost savings with Selective North-South Service Insertion & Partner Integration
You can now deploy Partner Service directly from the Public Cloud Marketplace in the Shared Services / Transit architecture. You can also program the NSX Cloud gateway in the transit VPC/VNET to selectively route traffic to partner service appliances, based on NSX policies.
This addition can provide significant cost savings by allowing you to selectively bypass virtual L7 firewall appliances that are billed based on the traffic. Service insertions within NSX Cloud also require no VPNs to compute VPCs/VNETs, providing additional cost savings.
Support for Horizon Cloud on Azure
For customers with a Horizon VDI environment deployed in Azure, NSX Cloud now provides the micro-segmentation and a secure VDI environment. You can read more about NSX Cloud can enhance security on Horizon Cloud on Azure in our recent post.
Declarative Policy for Hybrid Workloads
In the latest release, we’ve also moved the NSX platform to declarative policies. This allows users to define single intent-based policies within the Policy Manager regardless of where workloads are, or will be deployed. As an extension to VMware’s NSX-T platform, NSX Cloud enforces this policy consistently from on-premises to the cloud.
Let us Know what you Think
NSX Cloud now offers a comprehensive suite of security, networking, and operational capabilities, but we’re just getting started. We look forward to gathering your feedback and building on these capabilities in future releases. Let us know what you think of the updates in the comments below, and we look forward to continuing to provide improvements that simplify networking, management and security from on-premises to the cloud.