Data Centre

Virtualization

VMware pushes NSX deeper into containers, security

Microsegmentation for microservices, plus automated key management for all those tiny, transient networks

By Simon Sharwood

1 SHARE

VMware's released a new version of NSX-T, the version of its NSX network virtualization tool that runs in multiple environments.

NSX-T's roots lie in NSX-MH, the early version of NSX VMware created not long after acquiring software-defined networking pioneer Nicira. Before VMware acquired Nicira, it made sense for the company to address multiple hypervisors, but once VMware was in control it steered things towards its own ESX.

But NSX-T stayed alive because Virtzilla VMware feels that there are plenty of people who can benefit from network virtualization without having to go all-in on the VMware ecosystem. Hence billing the new NSX-T 2.0 as “an agile software-defined infrastructure to build cloud-native application environments.”

The most interesting new bits this time around include the addition of microsegmentation for Kubernetes. Microsegmentation sees virtual networks spun up to give workloads their very own connections that are logically isolated. Microsegments can be torn down at will, making it easy to kill connections on which something untoward is occurring. Their applicability to orchestrated containers comes from the potential to create networks just for each instance of a microservice, giving its component containers the connectivity they need without requiring arrangements

Another addition is distributed network encryption, which handles encryption and key management among anything that NSX touches. This is handy for NSX-T because it is designed to connect workloads running on different hypervisors, be they on-prem or in the cloud. Or in Kubernetes-orchestrated containers. Sensible organisations won't be comfortable with any of the chat among those resources being unencrypted. NSX-T will let users define and apply policies to enforce encryption and then take care of the messy, messy business of getting the right keys in place to make crypto happen.

There's also a new Edge Firewall to secure north/south traffic inside NSX domains.

As our own Matt Asay pointed out yesterday, VMware's container strategy is far from convincing, other than as a salve for organisations that need to keep on virtualizing indefinitely. NSX-T might make matters a little more coherent by giving VMware a product that helps cloud-native types that don't care about vSphere and complements Kubernetes rather than trying to surround it. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

VMware's GM for networking and security jumps to Google

Veteran Jeff Jennings to get the band back together with VMware founder Diane Greene

Dell's hokey cokey IPO takes new turn – VMware in, VMware out....

Investor roadshow delayed as Mick D considers alternative plan

Microsoft postpones VMware-on-Azure details release by two weeks

What's Redmond got to hide? Or clear with lawyers?

VMware, AWS preview database-on-vSphere

VMworld US Database ops need less 'muck' says AWS boss Andy Jassy

VMware and Microsoft make up and get NSX-y together

Virtzilla's virtual cloud networking push is on and Switchzilla is in its sights

Microsoft to run VMware on Azure, on bare metal. Repeat. Microsoft to run VMware on Azure.

VMware-certified partners will help as Redmond also starts vSphere-to-Azure migrations

Slow your roll: VMware urges admins to apply workarounds to DoS-inducing 3D render vuln

Take your foot off the accelerator, admins told

Facebook, Google, Microsoft, Twitter make it easier to download your info and upload to, er, Facebook, Google, Microsoft, Twitter etc...

GDPR put a gun to their heads

Who wants to read 34 pages about getting VMware Private Cloud to run on NetApp HCI?

Deployment in 'less than 30 min' – but not including reading the manual

Dell Tech: We'll let shareholders vote on VMware deal in Q4

Icahn hardly believe it