VMware pushes NSX deeper into containers, security

Microsegmentation for microservices, plus automated key management for all those tiny, transient networks

By Simon Sharwood, APAC Editor

Posted in Virtualization, 12th September 2017 06:29 GMT

VMware's released a new version of NSX-T, the version of its NSX network virtualization tool that runs in multiple environments.

NSX-T's roots lie in NSX-MH, the early version of NSX VMware created not long after acquiring software-defined networking pioneer Nicira. Before VMware acquired Nicira, it made sense for the company to address multiple hypervisors, but once VMware was in control it steered things towards its own ESX.

But NSX-T stayed alive because Virtzilla VMware feels that there are plenty of people who can benefit from network virtualization without having to go all-in on the VMware ecosystem. Hence billing the new NSX-T 2.0 as “an agile software-defined infrastructure to build cloud-native application environments.”

The most interesting new bits this time around include the addition of microsegmentation for Kubernetes. Microsegmentation sees virtual networks spun up to give workloads their very own connections that are logically isolated. Microsegments can be torn down at will, making it easy to kill connections on which something untoward is occurring. Their applicability to orchestrated containers comes from the potential to create networks just for each instance of a microservice, giving its component containers the connectivity they need without requiring arrangements

Another addition is distributed network encryption, which handles encryption and key management among anything that NSX touches. This is handy for NSX-T because it is designed to connect workloads running on different hypervisors, be they on-prem or in the cloud. Or in Kubernetes-orchestrated containers. Sensible organisations won't be comfortable with any of the chat among those resources being unencrypted. NSX-T will let users define and apply policies to enforce encryption and then take care of the messy, messy business of getting the right keys in place to make crypto happen.

There's also a new Edge Firewall to secure north/south traffic inside NSX domains.

As our own Matt Asay pointed out yesterday, VMware's container strategy is far from convincing, other than as a salve for organisations that need to keep on virtualizing indefinitely. NSX-T might make matters a little more coherent by giving VMware a product that helps cloud-native types that don't care about vSphere and complements Kubernetes rather than trying to surround it. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Microsoft postpones VMware-on-Azure details release by two weeks

What's Redmond got to hide? Or clear with lawyers?

Microsoft to run VMware on Azure, on bare metal. Repeat. Microsoft to run VMware on Azure.

VMware-certified partners will help as Redmond also starts vSphere-to-Azure migrations

VMware's GM for networking and security jumps to Google

Veteran Jeff Jennings to get the band back together with VMware founder Diane Greene

VMware: Sure, you might run our stuff on bare-metal Azure, but we don't have to like it

Imaginary server biz gets super salty, outs Cisco, NetApp

Roses are red, violets are blue, VMware's made a new vSphere for you

Version 6.7 should land in Q2, may end support for older CPUs

VMware vids revealing new vSphere vanish

Blink and you’ll have what missed what looks like a premature promo release

VMware refuses to support its wares running in Azure

Who is Microsoft's mystery partner? We think it's a hyperconverged player

VMware ponders baking backup into VSAN

And disaster recovery too, by painting a target on AWS

Beware VMware! Nutanix sprays all over Virtzilla's networking territory

Teases FLOW product as alternative to NSX