NSX 6.2.3 pulled by VMware

Hmm…. well that was unfortunate timing….. I’ve been penning the last blog post for the past 2 weeks after I downloaded 6.2.3 and played around with it…. and I didn’t really double check my blog post before publishing it.

Turns out there are quite a number of bugs in 6.2.3 which was causing loss of connectivity to VMs and also issues applying DFW rules using Security Groups…. so VMware pulled the distribution last Friday!

TBH, I didn’t really encounter any issues during my deployment – probably because it’s in a lab/demo environment with not much going on. =)

Anyways, 6.2.2 is the now the latest version available for download. Only issue is I don’t think it supports vShield Endpoint/NSX Guest Introspection….. so at present vCNS 5.5.x is still required!

More info on why 6.2.3 was pulled can be found here: http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html

NSX 6.2.3 Released – support for vShield Endpoint Management

As most people are aware, VMware pulled their support for vCloud Network & Security (and with that vShield Manager) earlier this year and a lot of my customers have been wondering what’s going to happen to their vShield Endpoint deployments (for agentless AV). It was strange that VMware announced the EoA for vCNS without really announcing it’s successor – although that said, most of us already had an inkling that NSX Manager would probably pick up the management of vShield Endpoint.

NSX 6.2.3 was released in June (as always to limited/no fanfare) and with this release was the announcement that NSX now supports the management of vShield Endpoint (now renamed NSX Guest Introspection). Customers who purchased vSphere with vShield Endpoint (pretty much all versions, Essentials Plus and above) are now able to download NSX Manager from their My VMware portal, under the vSphere product – download site. The license that comes embedded in NSX Manager 6.2.3 includes an unlimited capacity NSX for vShield Endpoint license key. To ensure customers do not use any other unlicensed NSX features (For example VXLAN, DFW, Edge services), the license key will have hard enforcement to prevent NSX host preparation and block Edge creation.

VMware NSX for vSphere provides NSX Guest Introspection, which provides all features of vShield Endpoint and support for additional service categories like vulnerability management, IDS/IPS using the in-guest thin agent.

vCloud Networking and Security Manager version 5.5 is supported until September 2016 after which customers will need to upgrade to NSX Manager in order to continue with vShield Endpoint support (Technical Guidance will still be available for vCNS till March 2017).

More information on the procedures for upgrading from vCNS 5.5.x to NSX 6.2.x can be found here: http://pubs.vmware.com/NSX-62/index.jsp#com.vmware.nsx.upgrade.doc/GUID-D2CDB014-39D8-48CC-9733-981308249F52.html or at this VMware KB: https://kb.vmware.com/kb/2144620

The process of upgrading can be summarised as follows:

  1. Upgrade vShield Manager to NSX Manager.
  2. Deploy NSX Controller cluster (update Transport Zones and Logical Switches).
  3. Install the new VIBs on ESXi hosts in the cluster (virtual wires are renamed as logical switches).
  4. Upgrade vShield App to NSX Distributed Firewall – configuration is migrated across.
  5. Upgrade vShield Edge devices to NSX Edge devices – configuration is migrated across.
  6. Upgrade vShield Endpoint to NSX Guest Introspection

Note that for upgrade to work, each function must be on version 5.5.

NSX 6.2.3 Release Notes: http://pubs.vmware.com/Release_Notes/en/nsx/6.2.3/releasenotes_nsx_vsphere_623.html

Pick up the pace with VMware NSX network virtualization

Finally got round to finishing off my article on NSX for SearchVMware.com…. I’ve been sitting on this article since last year, but given that my company, MTI Technology, are one of the focus NSX partners in UK this year (one of five partners), it’s probably appropriate if I got the article published…. =)

http://searchvmware.techtarget.com/tip/Pick-up-the-pace-with-VMware-NSX-network-virtualization

Enjoy…