2018 was a great year for NSX with Cloud seeing increased customer traction, strong partnerships established across the board, and a whole host of new features being released throughout the year! While most of our competitors are just starting on their public cloud solution, NSX Cloud is entering its second year of adoption, enabling consistent networking and security across on-premises Datacenter, AWS, and Azure. With NSX-T 2.4, we’re extending our industry-leading capabilities, which will further enable our customers to seamlessly, & consistently manage their public cloud and private cloud workloads.
If you would like to have a refresher on NSX Cloud before we get into the details of what’s new in NSX-T 2.4, here are some pointers to our previous blogs:
- NSX Cloud – Overview
- NSX Cloud – Consistent Security Posture across Hybrid Cloud
- NSX-T 2.3 – NSX Cloud Feature Updates
At a high level these are some of the key NSX Cloud features that were released in NSX-T 2.4:
- Shared Gateway in Transit VPC/VNET for simplified, faster onboarding and consolidation
- VPN support in Public Cloud
- Selective North-South Service Insertion and Partner Integration
- Micro-segmentation on Horizon Cloud for Azure.
- Declarative Policy for Hybrid Workloads
Now, let’s take a closer look at each of these features:
Shared Gateway & Simplified Transit VPC/VNET architecture:
Instead of having to install an NSX Cloud gateway in every VPC/VNET, customers can now choose to have a single NSX cloud gateway (deployed in a transit VPC/VNET) manage multiple compute VPCs/VNETs. This greatly reduces the PCG footprint, deployment costs and operational overhead involved in managing Public Cloud workloads. It also solves the transitive routing limitation in AWS and reduces the number of VPN tunnels required to back-haul data traffic. Consolidated NSX Cloud Gateways would enable quicker on-boarding of VPCs/VNETs and these gateways can be shared by Compute VPCs/VNETs across different accounts. Since this would prevent unauthorized termination of the Cloud Gateway by any end user, this provides an additional layer of security.
VPN Support in Public Cloud
NSX Cloud now has built-in support to setup VPN tunnels to back-haul traffic from public cloud to on-premises Data Center. VPNs from on-premises Data Center can now be directly terminated at the NSX Cloud Gateway in the public cloud. Customers don’t need the VGW provided by public cloud vendors and this reduces cost. It also reduces the management overhead as NSX Cloud Gateway automatically propagates the routes over BGP. From a BW perspective, NSX Cloud gives a huge bump in the capacity as well: Inter-VPC traffic flows can be at 5Gbps over peered VPCs vs. just 1Gbps offered over VGW
It is also possible to establish VPN connectivity to NSX Cloud Gateways located in different regions in different public clouds. The termination need not necessarily be an NSX Cloud gateway and the user can choose to have a third-party VPN Gateway at any of the endpoints. This gives great flexibility when a user tries to architect their VPNs.
Selective North-South Service Insertion & Partner Integration:
Customers can deploy Partner Service directly from Public Cloud Marketplace in the Shared Services / Transit architecture. The NSX Cloud gateway present in the transit VPC/VNET can be programmed to selectively route traffic to partner service appliance based on NSX policies. This can be huge cost savings to a customer as they are not forced to direct all traffic through a virtual L7 firewall appliance that they have bought for the public cloud which is billed based on the traffic that passes through it. And if that wasn’t enough, service insertion with NSX Cloud requires no VPNs to compute VPCs/VNETs. More cost savings and less operational overhead
Micro-segmentation on Horizon Cloud for Azure: NSX Cloud now has a combined solution with Horizon Cloud for Azure. For customers who choose to have a Horizon VDI environment deployed in Azure, NSX Cloud will provide the necessary micro-segmentation and secure the VDI env. We did write a blog about this few months ago. The feature is now GA in 2.4
Declarative Policy for Hybrid Workloads: With NSX 2.4, the NSX platform moves to declarative policies. Users can now define a single intent-based policy from the Policy Manager without worrying about where the workloads are deployed or where they will move in the future. NSX Cloud, as an extension to the on-premises NSX-T platform, enforces this policy in a consistent manner across your public cloud footprints in both Azure and AWS. This makes managing the public cloud simply an extension of your on-premises DC.
With the NSX 2.4 release, NSX offers a full suite of capabilities for public cloud management but we’re not done. As we gather feedback from customers regarding native services, NSX cloud life-cycle management we’re working hard to augment these capabilities in our upcoming releases. Reach out to us and check out the NSX Cloud product page to find out more about what’s in-store for NSX Cloud in 2019! Exciting times ahead…