Data Centre

Virtualization

VMware pushes NSX deeper into containers, security

Microsegmentation for microservices, plus automated key management for all those tiny, transient networks

By Simon Sharwood, APAC Editor

1 SHARE

VMware's released a new version of NSX-T, the version of its NSX network virtualization tool that runs in multiple environments.

NSX-T's roots lie in NSX-MH, the early version of NSX VMware created not long after acquiring software-defined networking pioneer Nicira. Before VMware acquired Nicira, it made sense for the company to address multiple hypervisors, but once VMware was in control it steered things towards its own ESX.

But NSX-T stayed alive because Virtzilla VMware feels that there are plenty of people who can benefit from network virtualization without having to go all-in on the VMware ecosystem. Hence billing the new NSX-T 2.0 as “an agile software-defined infrastructure to build cloud-native application environments.”

The most interesting new bits this time around include the addition of microsegmentation for Kubernetes. Microsegmentation sees virtual networks spun up to give workloads their very own connections that are logically isolated. Microsegments can be torn down at will, making it easy to kill connections on which something untoward is occurring. Their applicability to orchestrated containers comes from the potential to create networks just for each instance of a microservice, giving its component containers the connectivity they need without requiring arrangements

Another addition is distributed network encryption, which handles encryption and key management among anything that NSX touches. This is handy for NSX-T because it is designed to connect workloads running on different hypervisors, be they on-prem or in the cloud. Or in Kubernetes-orchestrated containers. Sensible organisations won't be comfortable with any of the chat among those resources being unencrypted. NSX-T will let users define and apply policies to enforce encryption and then take care of the messy, messy business of getting the right keys in place to make crypto happen.

There's also a new Edge Firewall to secure north/south traffic inside NSX domains.

As our own Matt Asay pointed out yesterday, VMware's container strategy is far from convincing, other than as a salve for organisations that need to keep on virtualizing indefinitely. NSX-T might make matters a little more coherent by giving VMware a product that helps cloud-native types that don't care about vSphere and complements Kubernetes rather than trying to surround it. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Microsoft postpones VMware-on-Azure details release by two weeks

What's Redmond got to hide? Or clear with lawyers?

VMware and Microsoft make up and get NSX-y together

Virtzilla's virtual cloud networking push is on and Switchzilla is in its sights

Microsoft to run VMware on Azure, on bare metal. Repeat. Microsoft to run VMware on Azure.

VMware-certified partners will help as Redmond also starts vSphere-to-Azure migrations

VMware's GM for networking and security jumps to Google

Veteran Jeff Jennings to get the band back together with VMware founder Diane Greene

Xen Project patches Intel’s Lazy FPU flaw, VMware doesn't need to

UPDATE Guest register states are readable, but the patch cavalry has arrived

Desktop hypervisor fiends. Both of you. VMware's testing a new cut of Workstation

Complete with a REST API for automated amusement

VMware: Sure, you might run our stuff on bare-metal Azure, but we don't have to like it

Imaginary server biz gets super salty, outs Cisco, NetApp

Roses are red, violets are blue, VMware's made a new vSphere for you

Version 6.7 should land in Q2, may end support for older CPUs

VMware set to reveal blockchain, better app store, new AWS client

VMworld content catalogues are live and we’ve trawled ‘em

VMware vids revealing new vSphere vanish

Blink and you’ll have what missed what looks like a premature promo release