VMware NSX 6.2.4 released

So after the huge cock-up with 6.2.3, VMware have turned around a new version of NSX in a matter of weeks to fix all the bugs!

http://blogs.vmware.com/kb/2016/08/vmware-nsx-vsphere-6-2-4-now-available.html

Of major concern was the whole HA issue that meant DLR nodes got stuck in a ‘split-brain’ mode after 24 days of operations – and every 24 days after that! It also didn’t help that the previous version was causing VMs to lose network connectivity if the pMAC of the DLR was the MAC address in the default gateway.

Anyways, hopefully all the bugs have been ironed out and the new release is more stable!

Release Notes can be found here.

For some of my customers, the release of 6.2.4 brings back the vShield Endpoint management support which is great given vCNS and vShield Manager is going end of general support on the 19th Sept!

For more info about this, read my previous blog entry: NSX 6.2.3 Released – support for vShield Endpoint Management

VMworld 2016 US – Day 1 General Session Overview

So the replay of yesterdays Day 1 General Session is now online:

The biggest announcement is the tech preview of Cross-Cloud Architecture. This is obviously VMware’s next step in their “Any Cloud, Any Application, Any Device” vision.

According to VMware:
“This architecture extends VMware’s hybrid cloud strategy, enabling customers to run, manage, connect and secure their applications across clouds and devices in a common operating environment. VMware Cross-Cloud Architecture is delivered through VMware Cloud Foundation, a new set of Cross-Cloud Services VMware is developing, and VMware vRealize Cloud Management Platform.”

This new architecture gives customers a set of tools to manage their virtual estate both on-premise and off-premise across multiple clouds – a single pane of glass to manage VMs on the likes of AWS, Azure, Google, as well as vSphere clouds.

Most customers already utilise multiple clouds (unbeknownst to IT) and this new architecture will enable IT to resume control of what is out in the cloud – allowing network and security policies to be applied to workloads being deployed in the cloud. In addition to allowing migration between clouds!

Much like how vSphere ESXi was used to allow you to span multiple server hardware vendors (HP, Dell, IBM), and how NSX allows you to span multiple network hardware vendors (Cisco, Arista, Brocade), VMware Cross-Cloud Services will offer a common platform to overlay your cloud vendors to offer you the ability to deploy your applications across clouds without having to mess around with the underlying cloud services (which are inherently different depending on cloud vendor)!

VMware Cross-Cloud Services will centralize management, operations, networking, security and data management.

Cross-CloudServices

It looks like the common Network & Security piece will be handled by NSX – which will include a forthcoming feature called Distributed Network Encryption (DNE).

The Management and Visibility piece will be SaaS based (a cloud service) and allows you to connect your existing public cloud accounts to ingest those workloads into the management platform, it will then show you cost and utilisation across your clouds and allow you to deploy applications across clouds.

The other major announcement was the new VMware Cloud Foundation offering which basically bundles vSphere, VSAN and NSX into a single, fully integrated, SDDC stack that can be provisioned on premise or be run as a service in the cloud.

To quote VMware:
“VMware Cloud Foundation is a next-generation hyper-converged infrastructure for building private clouds that for the first time combines VMware’s highly scalable hyper-converged software (VMware vSphere and VMware Virtual SAN) with the world’s leading network virtualization platform, NSX. Cloud Foundation provides a consistent multi-cloud IaaS that is simple to deploy, operate, and maintain, and gives applications a consistent, scalable and highly available infrastructure services, regardless of where they run”

“The goal of Cloud Foundation is to be able to provision cloud infrastructure like you provision VMs.”

CloudFoundation

In addition to this announcement was the partnership with IBM Cloud to offer VMware Cloud Foundation as a service.

The key to the Cloud Foundation is the SDDC Manager which will be the tool for IT admins to build and maintain their cloud (making use of a lot automation policies to build the cloud and deploy workloads)

Other announcements include vCloud Availability for vCloud Director, which enables customers to leverage the vCloud Air Network ecosystem (ie VMware Partner cloud solutions) for simple, automated disaster recovery as a service (DRaaS) – much like the offering from vCloud Air DR.

VMware vCloud Air Hybrid Cloud Manager has added several major enhancements, including zero-downtime, bi-directional application migrations in and out of vCloud Air. This includes the migration of NSX security policies, providing simple migration of workloads to vCloud Air with no need for any network or security reconfiguration once the migration completes.

 

It seems that the main takeaway from yesterdays general session was that now it’s time to take back control of your cloud.

Schedule Builder now live for VMworld 2016 Europe

Schedule Builder is now live for VMworld 2016 Europe….

http://www.vmworld.com/en/europe/learning/schedule-builder.html

I’ve been checking out the content catalog for a few weeks now to try and plan my time at VMworld Europe in October.

Previous years I’ve been quite mad, dashing around to as many sessions as possible, which has been quite tiring! This year I’m planning to focus my sessions around What’s new with vSphere, NSX and VSAN. I’m also planning to spend a lot more time in the Solutions Exchange speaking to vendors who we partner with at MTI!

Anyways, if you haven’t already started scheduling your sessions then hurry up! All the good ones tend to get full very quick!

Roll on VMworld US (next week).

As a footnote – have you signed up for the live stream of the General Sessions at VMworld US?!?
http://www.vmworld.com/en/us/learning/general-sessions.html

VMware VSAN & NSX vExperts 2016 Announced

Proud to say that I’ve been chosen as a VSAN vExpert for 2016…. Honoured to have my name amongst some highly rated peers who were chosen out of the large pool of current vExperts!

I didn’t really set out to become a subject matter expert, but when VMware announced they were going to create 2 new subject tracks this year (NSX & VSAN), I thought I’d stick my name into the hat….. =)

Didn’t quite get there for the NSX track, only because I hadn’t really blogged about NSX much – which is funny considering my company is actually one of 5 focused NSX partners in UK&I…. =)

Anyways, congrats to everyone who was chosen to become a VSAN or NSX vExpert!

https://blogs.vmware.com/virtualblocks/2016/08/18/announcing-vsan-vexperts/

http://blogs.vmware.com/vmtn/2016/08/vexpert-nsx-2016-award-announcement.html

 

Roll on VMworld!! =)

NSX 6.2.3 pulled by VMware

Hmm…. well that was unfortunate timing….. I’ve been penning the last blog post for the past 2 weeks after I downloaded 6.2.3 and played around with it…. and I didn’t really double check my blog post before publishing it.

Turns out there are quite a number of bugs in 6.2.3 which was causing loss of connectivity to VMs and also issues applying DFW rules using Security Groups…. so VMware pulled the distribution last Friday!

TBH, I didn’t really encounter any issues during my deployment – probably because it’s in a lab/demo environment with not much going on. =)

Anyways, 6.2.2 is the now the latest version available for download. Only issue is I don’t think it supports vShield Endpoint/NSX Guest Introspection….. so at present vCNS 5.5.x is still required!

More info on why 6.2.3 was pulled can be found here: http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html

NSX 6.2.3 Released – support for vShield Endpoint Management

As most people are aware, VMware pulled their support for vCloud Network & Security (and with that vShield Manager) earlier this year and a lot of my customers have been wondering what’s going to happen to their vShield Endpoint deployments (for agentless AV). It was strange that VMware announced the EoA for vCNS without really announcing it’s successor – although that said, most of us already had an inkling that NSX Manager would probably pick up the management of vShield Endpoint.

NSX 6.2.3 was released in June (as always to limited/no fanfare) and with this release was the announcement that NSX now supports the management of vShield Endpoint (now renamed NSX Guest Introspection). Customers who purchased vSphere with vShield Endpoint (pretty much all versions, Essentials Plus and above) are now able to download NSX Manager from their My VMware portal, under the vSphere product – download site. The license that comes embedded in NSX Manager 6.2.3 includes an unlimited capacity NSX for vShield Endpoint license key. To ensure customers do not use any other unlicensed NSX features (For example VXLAN, DFW, Edge services), the license key will have hard enforcement to prevent NSX host preparation and block Edge creation.

VMware NSX for vSphere provides NSX Guest Introspection, which provides all features of vShield Endpoint and support for additional service categories like vulnerability management, IDS/IPS using the in-guest thin agent.

vCloud Networking and Security Manager version 5.5 is supported until September 2016 after which customers will need to upgrade to NSX Manager in order to continue with vShield Endpoint support (Technical Guidance will still be available for vCNS till March 2017).

More information on the procedures for upgrading from vCNS 5.5.x to NSX 6.2.x can be found here: http://pubs.vmware.com/NSX-62/index.jsp#com.vmware.nsx.upgrade.doc/GUID-D2CDB014-39D8-48CC-9733-981308249F52.html or at this VMware KB: https://kb.vmware.com/kb/2144620

The process of upgrading can be summarised as follows:

  1. Upgrade vShield Manager to NSX Manager.
  2. Deploy NSX Controller cluster (update Transport Zones and Logical Switches).
  3. Install the new VIBs on ESXi hosts in the cluster (virtual wires are renamed as logical switches).
  4. Upgrade vShield App to NSX Distributed Firewall – configuration is migrated across.
  5. Upgrade vShield Edge devices to NSX Edge devices – configuration is migrated across.
  6. Upgrade vShield Endpoint to NSX Guest Introspection

Note that for upgrade to work, each function must be on version 5.5.

NSX 6.2.3 Release Notes: http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html