Continuing our commitment to helping organizations around the world deliver a public cloud experience in the data center through VMware’s Virtual Cloud Network, were excited to announce the general availability of VMware NSX-T 3.1. This latest release of our full stack Layer 2 7 networking and security platform delivers capabilities that allow you to build modern networks at cloud scale while simplifying operations and strengthening security for east-west traffic inside the data center.  

As we continue to adapt to new realities, organizations need to build modern networks that can deliver any application, to any user, anywhere at any time, over any infrastructure all while ensuring performance and connectivity objectives are met. And they need to do this at public cloud scale. NSX-T 3.1 gives organizations a way to simplify modern networks and replace legacy appliances that congest data center traffic. The Virtual Cloud Network powered by NSX-T enables you to achieve a stronger security posture and run virtual and containerized workloads anywhere. 

Key Capabilities in NSX-T 3.1 

The NSX-T 3.1 software release builds on the foundation of key innovations shipped in NSX-T 3.0, released earlier this year, across cloud-scale networking, security, and operations. NSX-T 3.1 delivers enhancements to existing features like federation, multicast, and advanced threat prevention while simplifying operations, improving usability, and enhancing the user experience. 

Architect for Cloud Scale 

With NSX-T 3.1, you can get public cloud scalability in private and hybrid cloud environments. Auto-scaling that’s built into the platform provides the flexibility to seamlessly grow and contract as demand dictates, while ensuring security policies scale with capacity. Advanced routing and multicast enhancements in this latest release enable network resiliency and faster recovery. 

  • Federation NSX-T 3.1 includes a highly available management plane with clustering support for the NSX Global Manager, simplified disaster recovery workflows for active-active and active-standby data centers, automation of deployment workflows using Terraform provider, and improved scale for largescale deployments, with support for up to four sites. 
  • Multicast Multicast feature enhancements enable multicast in a multi-tenant environment with support for congruent unicast and multicast topologies. New tenant multicast deployments are automated through APIs and require no changes to the underlying network configuration, which reduces the time needed to onboard new tenants. 

Simplify Operations 

NSX-T 3.1 provides public cloud operational workflows to private and hybrid cloud environments with datadriven network analytics from vRNI for improved network uptime.  

  • vRealize Network Insight (vRNI) – vRNI integration enhances network modeling with configuration assurance and intent verification. This enables better network planning and a better understanding of the impact of a change before implementation. The intent verification mathematical model is built on well-known best practices and a user-defined golden state configuration so it proactively alerts administrators if the network deviates from intended behavior.  
  • Faster Upgrades  Support for VMware Life Cycle Manager (vLCM) simplifies NSX life cycle management and improves upgrade times. VMware Cloud Foundation (VCF) will leverage the vLCM to automate life cycle management on NSX-T.  

Secure EastWest Traffic with new Advanced Threat Prevention (ATP) Capabilities 

The NSX-T 3.1 software release allows organizations to purchase Internal Firewall and Advanced Threat Prevention (ATP) security capabilities independent of networking. The ATP capabilities include Distributed IDS/IPS, Network Sandboxing, Network Traffic Analytics/Networking Detection and Response (NTA/NDR). For more information, please refer to our new Advanced Threat Prevention capabilities

Industry’s First Distributed Intrusion Detection and Prevention System (IDS/IPS) 

NSX-T 3.1 enhances existing advanced threat protection to detect and block lateral threat movements inside the data center. This includes the industry’s first distributed intrusion detection and prevention solution that uniquely applies applicationspecific signatures to reduce false positives.  

  • Distributed IDS/IPS  Enhancements to our advanced threat detection engine improve the ability to detect and prevent lateral threat movement on east-west traffic across your environments helping enterprises to eliminate security blind spots, replace discrete appliances, and meet compliance needs. 
  • Operators can deliver virtual patching at the workload level and reduce the risk of exposure to newly found threats and malware that are not yet patched. 
  • Performance upgrades enable the detection of network anomalies and threat signatures with much lower overhead.  

Check out a video that gives you a quick introduction to our Distributed IDS/IPS and learn more about our advanced threat detection and prevention capabilities.  

NSX Intelligence 1.2 Advanced Visibility for East-West Traffic 

The latest enhancements to NSX Intelligence add physical server support and improve recommendations and visualization features.  

  • Physical server support allows organizations to manage their security posture across physical and virtual machines. 
  • Policy Recommendations has been augmented with L7 content profile recommendations based on App-ID, support for existing groups and merge of rules, and a new permissive mode and connectivity strategy to control the granularity of rule recommendations. 
  • Visualization has been upgraded to display user and process level context from workloads and include information from deep packet inspection. This improves flow visibility, extends group support based on IP addresses and physical servers, and enhances filtering with search, select/deselect, and new filter types. 

NSX for vSphere to NSX-T Migration for Large Scale Networks 

The acceleration of digital transformation requires a modern network. Our latest release helps organizations automate their NSX for vSphere to NSX-T migrations. Organizations can selectively migrate configurations based on deployment needs and migrate largescale vRA deployments seamlessly. 

  • vRealize Automation  –NSX 3.1 brings in capabilities to simplify migrations from existing NSX for vSphere deployments to NSX-T. This capability supports migration of multiple topologies defined by vRA integration. 
  • Migration Coordinator EnhancementsConfiguration migration tool enhancements allow organizations to migrate different aspects of an existing configuration to the new environment based on deployment needs.  This capability allows you to migrate firewall rules with lift and shift deployment from existing NSX for vSphere environments to NSX-T.

NSX-T 3.1.0 is also a maintenance release, with serviceability enhancements for prior NSX-T 3.x releases. It brings in additional user interface (UI) improvements like dark mode support, UI click reduction for simplified customer experience and enhanced topology visualizations support for services. NSX-T 3.1 also delivers new certifications that allow you to run your NSX deployments with vSphere 6.7 and vSphere 7.0 in FIPScompliant mode.  


NSX-T 3.1 delivers public cloud capabilities to private and hybrid cloud environments through improvements in networking, security, and usability giving organizations the scalability, flexibility, security, and simplicity they need to deploy and migrate to NSX-T at scale. This new modern network architecture, built on NSX-T, gives organizations the network flexibility and scalability to deliver any application, to any user, anywhere at any time, over any infrastructure or connection. 


NSX-T Resources 


VMware is a registered trademark or trademark of VMware, Inc. in the United States and other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.