Along with the advancements in context-aware micro-segmentation and network virtualization, we are also continually raising the bar on making VMware NSX Data Center simple to deploy, manage, and operationalize at scale – and that, of course, involves a responsive and easy-to-use HTML-based UI to access VMware NSX Data Center functionality.

With VMware NSX for vSphere 6.4.1, you can now access all NSX installation and security functionality through a responsive HTML-based vSphere Client, including Distributed Firewall, Service Composer, Application Rule Manager, and more. This modern interface does not have any dependencies on browser plugins (e.g. Adobe Flash), has a more minimalistic look-and-feel, and loads so much faster! Beyond the immediate aesthetic improvements, here’s a quick look at some of the key enhancements to how we’re simplifying the NSX user experience.


NSX Firewall – Better Visibility and Efficient Rule Management


Given how feature-rich the NSX Firewall page is, our usability designers focused extra attention on streamlining the day-to-day tasks of creating, managing and troubleshooting firewall rules.

For starters, at the top of the Firewall page, we’ve introduced a new Status Bar and elevated table-level actions (like Publish and Save) to their own dedicated Toolbar. Now, at a glance, you can immediately see a summary of total number of rules (unpublished, disabled), sections, and a timestamp of the last successful firewall publish. New toggle icons and colorful visual indicators make it easier to scan through important fields, such as enable/disable rules, enable/disable rule logs, and allow/block/reject actions.



When it comes to creating and editing rules, sometimes it’s the little interactive details, like having one less click and the ability to drag-and-drop, that make the most difference — especially when you have hundreds of firewall rules to manage and need to get things done fast! Check out some of these new efficiency improvements:

In-Line Editing


Expand/Collapse Sections


Multi-Selection and Bulk Action Support: Enable/Disable rule logs, Enable/Disable rules


Drag and Drop


Move Sections and Rules


Additional UI enhancements for Firewall include:

  • Clone Rules
  • Undo: revert up to the last 10 unpublished rule and section changes
  • Move To: positional insert of sections and rules
  • Section anchors when scrolling: Provides a view of section names when scrolling, so that you always know where you are in the rule table




NSX Application Rule Manager – Streamlined Analysis for Firewall Rule Recommendations

NSX Application Rule Manager takes the allowed flows observed in the network and pushes policies directly into the distributed firewall within a few clicks. With NSX for vSphere 6.4.1, Application Rule Manager has been enhanced to suggest Universal Firewall Rules, to help build a more cohesive and manageable micro-segmentation strategy across multiple data centers.

Additional UI enhancements include a a new Session Management page for Application Rule Manager, which displays a list of sessions and their corresponding status (collecting data, analysis complete) and duration. During the Rule Planning stage, there is a new Status Bar which summarizes the number of grouping objects and firewall rules. When you’re done reviewing the recommendations, publishing the recommended FW rules is just a single click away!


To learn more about NSX Application Rule Manager, refer to our earlier blog article and demo videos:



VMware NSX – Information at Your Fingertips

Based on user feedback, we have enhanced the NSX user interface to ensure that key relevant information is displayed right where you need it – such as when you’re creating a new security group or as you are installing the product. Here are just a few examples.


NSX Security Groups: Where Used

One of the prior challenges for NSX Security Administrators was that they couldn’t easily determine where a Security Group was used, in which firewall rule or Service Composer security policy. Now that information is displayed prominently within the NSX UI.




Security Groups: Effective Members in terms of VM, IP, MAC, Login User

In prior releases, the security group members would show only in terms of VMs. In NSX for vSphere 6.4.1, you can now verify the list of members in a security group, in VMs (with info on who’s logged in), MACs, vNICs, and IP Addresses.


VM-centric view of Security: Showing Firewall Rules per VM

One of the key benefits of having a tight integration with vSphere Client is that we can display NSX-related information alongside your virtual machines. If you’ve ever wondered what Firewall Rules, Guest Introspection policies, and Network Introspection policies apply to a particular VM of interest, just navigate to vCenter > VM > Monitor > Service Composer.


NSX Installation and Host Preparation: Filters by Status

We’ve added quick filters to help you narrow down which clusters do not yet have NSX installed, and which clusters need additional attention. Each cluster now comes with a dedicated cluster summary page, and enhancements have been made to show communication channel health status for each cluster.


And More To Come…

With the NSX for vSphere 6.4.1 release, NSX Security Administrators can now access all the security functionality from the HTML5-based vSphere Client, and enjoy the many UI enhancements we’ve made to streamline, simplify, and speed up their day-to-day tasks. NSX Installation, Upgrade, and some of our NSX operational tools are also available in HTML5. For a full list of supported functionality, please see VMware NSX for vSphere UI Plug-in Functionality in vSphere Client.

So at this point, you may be asking… when will the NSX UI Plugin to vSphere Client be at full parity to vSphere Web Client? Our plan is to provide access to NSX functionality in vSphere Client (HTML) prior to deprecation of the vSphere Web Client (Flash), and we’ve greatly accelerated our HTML development as you can see with our latest release.

And don’t worry if your favorite feature is not yet available in HTML-based vSphere Client! During this transition, VMware NSX features developed in HTML (e.g. Firewall, Installation & Upgrade, etc.) will be accessible via BOTH vSphere Web Client and vSphere Client, eliminating the need to jump between the two clients until NSX UI Plugin for vSphere Client reaches functionality parity.

What this means is that for those of you who choose to stay within the vSphere Web Client, you can still benefit from the cleaner and more responsive NSX UI designs in HTML, without sacrificing any functionality. Try out the new NSX UI and let us know what you think!


For more details on What’s New in VMware NSX for vSphere 6.4.1: