Continuing our commitment to helping organizations around the world deliver a public cloud experience in the data center through VMware’s Virtual Cloud Network, we’re excited to announce the general availability of VMware NSX-T 3.1. This latest release of our full stack Layer 2 – 7 networking and security platform delivers capabilities that allow you to build modern networks at cloud scale while simplifying operations and strengthening security for east-west traffic inside the data center.
As we continue to adapt to new realities, organizations need to build modern networks that can deliver any application, to any user, anywhere at any time, over any infrastructure — all while ensuring performance and connectivity objectives are met. And they need to do this at public cloud scale. NSX-T 3.1 gives organizations a way to simplify modern networks and replace legacy appliances that congest data center traffic. The Virtual Cloud Network powered by NSX-T enables you to achieve a stronger security posture and run virtual and containerized workloads anywhere.
Key Capabilities in NSX-T 3.1
The NSX-T 3.1 software release builds on the foundation of key innovations shipped in NSX-T 3.0, released earlier this year, across cloud-scale networking, security, and operations. NSX-T 3.1 delivers enhancements to existing features — like federation, multicast, and advanced threat prevention — while simplifying operations, improving usability, and enhancing the user experience.
Architect for Cloud Scale
With NSX-T 3.1, you can get public cloud scalability in private and hybrid cloud environments. Auto-scaling that’s built into the platform provides the flexibility to seamlessly grow and contract as demand dictates, while ensuring security policies scale with capacity. Advanced routing and multicast enhancements in this latest release enable network resiliency and faster recovery.
- Federation – NSX-T 3.1 includes a highly available management plane with clustering support for the NSX Global Manager, simplified disaster recovery workflows for active-active and active-standby data centers, automation of deployment workflows using Terraform provider, and improved scale for large–scale deployments, with support for up to four sites.
- Multicast – Multicast feature enhancements enable multicast in a multi-tenant environment with support for congruent unicast and multicast topologies. New tenant multicast deployments are automated through APIs and require no changes to the underlying network configuration, which reduces the time needed to on–board new tenants.
NSX-T 3.1 provides public cloud operational workflows to private and hybrid cloud environments with data–driven network analytics from vRNI for improved network uptime.
- vRealize Network Insight (vRNI) – vRNI integration enhances network modeling with configuration assurance and intent verification. This enables better network planning and a better understanding of the impact of a change before implementation. The intent verification mathematical model is built on well-known best practices and a user-defined golden state configuration — so it proactively alerts administrators if the network deviates from intended behavior.
- Faster Upgrades – Support for VMware Life Cycle Manager (vLCM) simplifies NSX life cycle management and improves upgrade times. VMware Cloud Foundation (VCF) will leverage the vLCM to automate life cycle management on NSX-T.
Secure East–West Traffic with new Advanced Threat Prevention (ATP) Capabilities
The NSX-T 3.1 software release allows organizations to purchase Internal Firewall and Advanced Threat Prevention (ATP) security capabilities independent of networking. The ATP capabilities include Distributed IDS/IPS, Network Sandboxing, Network Traffic Analytics/Networking Detection and Response (NTA/NDR). For more information, please refer to our new Advanced Threat Prevention capabilities.
Industry’s First Distributed Intrusion Detection and Prevention System (IDS/IPS)
NSX-T 3.1 enhances existing advanced threat protection to detect and block lateral threat movements inside the data center. This includes the industry’s first distributed intrusion detection and prevention solution that uniquely applies application–specific signatures to reduce false positives.
- Distributed IDS/IPS – Enhancements to our advanced threat detection engine improve the ability to detect and prevent lateral threat movement on east-west traffic across your environments — helping enterprises to eliminate security blind spots, replace discrete appliances, and meet compliance needs.
- Operators can deliver virtual patching at the workload level and reduce the risk of exposure to newly found threats and malware that are not yet patched.
- Performance upgrades enable the detection of network anomalies and threat signatures with much lower overhead.
NSX Intelligence 1.2 – Advanced Visibility for East-West Traffic
The latest enhancements to NSX Intelligence add physical server support and improve recommendations and visualization features.
- Physical server support allows organizations to manage their security posture across physical and virtual machines.
- Policy Recommendations has been augmented with L7 content profile recommendations based on App-ID, support for existing groups and merge of rules, and a new permissive mode and connectivity strategy to control the granularity of rule recommendations.
- Visualization has been upgraded to display user and process level context from workloads and include information from deep packet inspection. This improves flow visibility, extends group support based on IP addresses and physical servers, and enhances filtering with search, select/deselect, and new filter types.
NSX for vSphere to NSX-T Migration for Large Scale Networks
The acceleration of digital transformation requires a modern network. Our latest release helps organizations automate their NSX for vSphere to NSX-T migrations. Organizations can selectively migrate configurations based on deployment needs and migrate large–scale vRA deployments seamlessly.
- vRealize Automation –NSX 3.1 brings in capabilities to simplify migrations from existing NSX for vSphere deployments to NSX-T. This capability supports migration of multiple topologies defined by vRA integration.
- Migration Coordinator Enhancements – Configuration migration tool enhancements allow organizations to migrate different aspects of an existing configuration to the new environment based on deployment needs. This capability allows you to migrate firewall rules with lift and shift deployment from existing NSX for vSphere environments to NSX-T.
NSX-T 3.1.0 is also a maintenance release, with serviceability enhancements for prior NSX-T 3.x releases. It brings in additional user interface (UI) improvements — like dark mode support, UI click reduction for simplified customer experience and enhanced topology visualizations support for services. NSX-T 3.1 also delivers new certifications that allow you to run your NSX deployments with vSphere 6.7 and vSphere 7.0 in FIPS–compliant mode.
NSX-T 3.1 delivers public cloud capabilities to private and hybrid cloud environments through improvements in networking, security, and usability — giving organizations the scalability, flexibility, security, and simplicity they need to deploy and migrate to NSX-T at scale. This new modern network architecture, built on NSX-T, gives organizations the network flexibility and scalability to deliver any application, to any user, anywhere at any time, over any infrastructure or connection.
- Download NSX-T 3.1
- NS-T 3.1 Release Notes
- NSX Data Center Product Datasheet
- NSX Data Center Solution Brief
- Get started with a Beginner or Advanced NSX Hands-On-Lab (HOL)
- Take a Virtual Cloud Network Assessment
- VMware NSX Product Page
- VMware NSX YouTube Channel, including 45+ Light Board videos!
VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.