This past week at VMware has been quite exciting! Pat Gelsinger, VMware CEO, reported on the Q4 2016 earnings call that VMware NSX has more than 2,400 customers exiting 2016. Today, we continue that momentum by announcing new releases of our two different VMware NSX platforms – VMware NSX™ for vSphere® 6.3 and VMware NSX-T 1.1.

These releases continue to accelerate digital transformation for organizations through the most critical IT use cases – Security, Automation, and Application Continuity – while expanding support for new application frameworks and architectures.

NSX use case projects

Security, Automation and Application Continuity with VMware NSX

As more and more customers adopt NSX for vSphere, we continue to add features to make it easier for you to deploy, operate and scale-out your environment. NSX empowers customers on their cloud journey. It is driving value inside the data center today and expanding across datacenters and to the cloud via our Cloud Air Network partnerships, and soon to VMware Cloud on AWS and native public cloud workloads via VMware Cross-Cloud Services.

Let’s take a look at some of the new features in NSX for vSphere 6.3:

Security

Some of the new capabilities delivered in NSX for vSphere 6.3 are the Application Rule Manager (available in NSX Advanced and Enterprise editions) and Endpoint Monitoring (available in NSX Enterprise Edition).

Application Rule Manager simplifies the way you create security groups and firewall rules for applications based on their real-time network traffic flows. Endpoint Monitoring enables you to profile applications inside the guest including visibility into specific application processes and their associated network connections. Used together, you have end-to-end visibility of your applications and simplified firewall rule creation to help operationalize micro-segmentation even faster and more effectively than ever before.

NSX application rule manager

Figure. Screenshot of Application Rule Manager showing ability to create firewall rules bases on real-time flow analysis.

Keep an eye out on the Security section of the NSX blog over the next few weeks for technical deep-dives into exactly how these Application Rule Manager and Endpoint Monitoring features work.

Our product certifications team was busy in 2016 and intends to deliver additional certifications throughout 2017. They have been working hard on guiding our development efforts and ensuring a number of key security and compliance enhancements made their way into the NSX for vSphere 6.3 release. In 2016, Coalfire, an independent cyber risk management advisor and assessor, certified that VMware NSX for vSphere meets regulatory compliance requirements such as PCI DSS. NSX was also the first software-defined networking solution to have the Defense Information Systems Agency (DISA) Risk Management Executive publish a Security Technical Implementation Guide (STIG), signifying that the solution meets the security hardening guidance required for installment on Department of Defense (DoD) networks. Watch the blog Security section in the coming months for updates on certifications related to ICSA Labs, FIPS 140-2 and Common Criteria EAL-2 certification.

Automation

When I meet with customers, they continue to tell me that NSX has the most transformative impact on their organizations, once they begin automating their manual networking and security processes. It’s not easy and requires organizational, people, and processes changes. But the value NSX brings to the organization is huge. To help support this, we continue to make enhancements to the automation capabilities in NSX for vSphere 6.3. We have enhanced the integration of NSX Load Balancers within vRealize Automation and added support for third-party IP Address Management (IPAM) systems for on-demand routed networks. We have also enhanced the integration with NSX for vSphere and vCloud Director, enabling new multi-tenant capabilities for our vCloud Air Network partners, and adding support for emerging NFV use case.

NSX load balancer in vRA

Figure. Screenshot of Load Balancing integration into vRealize Automation blueprints.

Multi-tenancy is often thought about as something only service providers care about, but we’re seeing increased demand from non-service providers looking to operate in more of a service provider model in the way they deliver services to their organization. The University of New Mexico is a great example of this, where they are collapsing their disaggregated IT from dozens of departments back to a centralized IT model, reducing provisioning time for new workloads and services from 3 weeks down to 20 minutes!

Application Continuity

As NSX continues to mature and adoption becomes mainstream, we are seeing customers deploy NSX for a range of different use cases. AeroData Inc., for example, is leveraging the network overlay capabilities in NSX to create a highly-available, Active-Active data center architecture. In NSX for vSphere 6.3, we have further enhanced the security tagging capabilities in multi-vCenter deployments, simplifying security policy management at scale across multiple data centers. (Read more about multi-site with cross-vCenter NSX.)

Picture4 - App Cont

Emerging use-cases: Containers and Remote Office Branch Office (ROBO)

With NSX for vSphere 6.3, we are helping to further improve the developer experience with containers via integration with the recently announced vSphere Integrated Container (VIC). As VIC is built on vSphere 6.5, you can leverage NSX for vSphere 6.3 to connect and secure VIC infrastructure, enabling you to deliver a secure container environment on demand for developers.

Another addition as part of NSX for vSphere 6.3 release is a new NSX for ROBO edition SKU. Using this capability, NSX provides a comprehensive solution to network and security policy for environments across remote and branch offices, which reduces the operational costs of branch connectivity and maintenance. In upcoming blog postings, we will share more details about the NSX for ROBO features, use case, and customer success stories as we have been seeing keen interest from our customers in this space.

Expanded support for new platforms with NSX-T: KVM, OpenStack

Let’s now look at VMware’s other NSX platform – NSX-T 1.1 – and some of the new capabilities being delivered in this latest release.

VMware NSX-T is focused on emerging application frameworks and architectures that have heterogeneous endpoints and technology stacks. In addition to vSphere hypervisors, these environments may also include other hypervisors, containers, bare metal, and public clouds. NSX-T allows IT and development teams to choose the technologies best suited for their particular applications. NSX-T is also designed for management, operations, and consumption by development organizations – in addition to IT.

NSX-T 1.1 offers expanded support for multiple KVM distributions, including Canonical Ubuntu and Red Hat Enterprise Linux. NSX-T starts at the source of the application, within the hypervisor kernel, delivering optimal security granularity and line-rate performance. NSX-T delivers distributed firewalling, logical switching, and distributed routing.

NSX-T 1.1 also delivers support for private IaaS clouds based on OpenStack. With this release, NSX-T supports the latest versions of OpenStack, i.e., Newton and Mitaka.  In addition to using the OpenStack APIs, development teams can also use Puppet, Chef, and Terraform to describe and automate the networking and security for their application workloads within an OpenStack environment.

Support for new app frameworks: Photon and Container Networking Interface (CNI)

NSX-T is integrated with the VMware Photon Platform. This capability allows IT to offer virtual networking and security as services to developers building and running containerized, cloud-native applications. NSX will auto-create and scale networks and routers when a new namespace/project/organization is created, and define and enforce micro-segmentation security policies for containers and pods. (Read more about Photon Platform and NSX-T.)

Currently in beta, the NSX-T Container Networking Interface (CNI) plugin will allow developers to configure network connectivity for their application containers helping deliver developer ready infrastructure.

Pricing and Packaging

Though not a new NSX feature, we are also excited to announce changes to our VMware NSX pricing and packaging.

Starting today, customers who purchase VMware NSX have the option of downloading and installing either platform and can switch between the two if needed without having to re-purchase NSX. And should your needs change, you can switch between the two.

As mentioned earlier, with NSX for vSphere 6.3, we have introduced a new NSX for ROBO (Remote Office Branch Office) packaging option. For those of you familiar with the vSphere for ROBO and vSAN for ROBO offerings, NSX for ROBO is packaged in the same way.

NSX Everywhere

In last week’s Q4 VMware earnings call, Pat Gelsinger mentioned that NSX is an essential element to VMware Cloud Foundation, Cross-Cloud Services and VMware Cloud on AWS. With both NSX for vSphere and NSX-T, NSX intends to be everywhere in the containerized, multi-cloud future. NSX becomes the bridge that enables customers to unify networking and security across their private and public clouds.

What You Can Do Now