With this latest release, VMware NSX Data Center for vSphere 6.4.2 continues to improve overall efficiency of the network, enhance security with Context-Aware Micro-Segmentation, and deliver operational enhancements to the NSX platform. Here are just a few highlights of what’s new.
Multicast Routing Support
With VMware NSX Data Center for vSphere 6.4.2, NSX Logical Routers now have the capability of routing IPv4 multicast traffic.
The location of the Virtual Machine multicast receivers (identified by their hypervisor, Logical Switch and Virtual NIC) is discovered thanks to IGMP snooping within the NSX domain. The Edge Service Gateway (ESG) runs PIM sparse mode with physical routers and coordinates with the Distributed Logical Router (DLR) in order to provide both ways multicast connectivity from Virtual Machines to the outside world.
For added multicast replication performance in the VXLAN Overlay, NSX leverages Layer 2 multicast in an underlying physical infrastructure running IGMP snooping.
New Layer 7 Application Context
VMware has been taking security to the next level with Context-Aware Micro-Segmentation, better securing application using the full context of the application. This latest release includes the following new Layer 7 Application Context:
- EPIC – Epic EMR is an electronic medical records application that provides patient care and healthcare information.
- MSSQL – Microsoft SQL Server is a relational database.
- BLAST – A remote access protocol that compresses, encrypts, and encodes computing experiences at a data center and transmits it across any standard IP network for VMware Horizon desktops.
To learn more about Context-Aware Micro-Segmentation:
- Context-Aware Micro-segmentation – an innovative approach to Application and User Identity Firewall by Stijn Vanveerdeghem
- Context-Aware Micro-segmentation – Remote Desktop Session Host Enhancements for Citrix by Geoff Wilmington
- Context-Aware Micro-segmentation – Remote Desktop Session Host Enhancements for VMware Horizon by Geoff Wilmington
Security – Usability Enhancements
Firewall Rule Hit Count
Looking for a way to monitor rule usage and easily identify unused rules for clean-up? NSX 6.4.2 has enhanced the firewall rule table to display total rule hits, as well as information on when the rule was first hit, and when the rule was most recently hit.
Firewall Section Locking
With NSX 6.4.2, firewall rule sections can be locked while making modifications, to prevent multiple users from simultaneously making changes to the same sections. You can easily see who has locked the section, at what time, and any comments relevant to why they have locked the section.
NSX Application Rule Manager – Scale Improvements
NSX Application Rule Manager takes the allowed flows observed in the network and pushes policies directly into the distributed firewall within a few clicks. In NSX 6.4.2, we have improved scale and visibility to 100 vNICs per session, further simplifying the process of creating security groups and allowlisting firewall rules for existing applications.
To learn more about NSX Application Rule Manager:
Some additional enhancements include:
- Authentication & Authorization: Introduces 2 new roles (Network Engineer and Security Engineer). Adds ability to enable/disable basic authentication.
- NSX Scale Dashboard: Provides visibility into 25 new metrics. Adds ability to edit usage warning thresholds and filter for objects exceeding limits.
- NSX Controller Cluster Settings: Specify common settings (DNS, NTP, Syslog) to apply to NSX Controller Cluster.
For more details on What’s New in VMware NSX for vSphere 6.4.2: