One of our customers is preparing to migrate Virtual Machines from VLAN to VXLAN with the NSX L2 Bridge and asked me how to test the L2 Bridge and get confirmation that it is actually configured correctly and operational. All commands in this blog post are from the NSX Troubleshooting Documentation.
We can test if a bridge is functional by issuing a command on the NSX Manager.
In this blog post I would like to share some information regarding possibilities of on-boarding existing workloads or tenants in new or current VMware NSX deployments.
VMware NSX deployment projects I’ve been involved in mostly are designed and deployed in a greenfield environment where a customer has invested in hardware and software to run their new Cloud environment on. From this point forward new workloads and deployments are aimed to run on that infrastructure and the current (brownfield) environment has to be migrated or will be shut down in a certain amount of time. Migrating applications to NSX and securing them with means of NSX Micro-Segmentation involves obviously good knowledge of your application. In other words: Which Virtual Machines talks to each other, and over which protocols and ports? The more information you’ve got about those applications the better you are able to secure them. A tool like vRealize Network Insight can help a great deal here, but that’s a topic on each own. Another solution would be to have applications isolated with NSX Distributed Firewall allow rules with logging enabled. If you have a solution like Log Insight, you would then see all that traffic logged which includes the protocol communications between source and destination.
Figure 1: Micro-segmentation for a 3-tier application
In this blog post I would like to share how BGP is configured on VMware NSX to automatically update routing information with the physical network.
Recently I was involved in a project where we used BGP to peer the NSX environment with the physical network. The design we did was challenging because of scale. The NSX environment we deployed meant for a multi-tenant Cloud platform scaled for several hundreds of tenants.
In this post I would like to share a demo by Rory Clements from VMware’s End-User Computing team about network micro-segmentation using VMware NSX™ and Horizon® 6. This demo shows how NSX Security Groups and Policies can be used to allow or deny specific Active Directory Groups and Users to access to resources on the network.