On April 7th 2020, VMware introduced next major release of its Network Virtualization & Security solution. NSX-T 3.0 introduces variety of new features which enhance the adoption of software-defined networking in private, pubic and hybrid-cloud environment.
Following are some of the new features and enhancements that are available in NSX-T 3.0 Datacenter;
From NSX-T 3.0 there is a possibility to run NSX on top of VDS switch version 7.0 which is now part of vSphere 7.0 and this removes the necessity of using NSX-T VDS(NVDS). By using this capability, existing VDS port groups can be mapped internally and consumed by NSX-T. NVDS host switch will be deprecated in future release of NSX-T. This feature massively simplifies adoption of NSX-T.
With use of new component call Global Manager (GM), NSX-T 3.0 provides single pane of glass and centralized management across multiple NSX-T domains and public cloud environment. Global Manager can provide consistency for policies and micro-segmentation rule by use of replication across different NSX-T Datacenter environment and even to the cloud. This future also enhances Disaster Recover (DR) and Metro DC Pooling scenarios.
This new feature gives the possibility to configure various VRFs for different tenants on a Tier-0 gateway. This makes the architecture of multi-tenant environments simpler and removes the need to provision a Tier-0 gateway for each tenant. VRF has its own isolated routing table, uplinks, NAT and gateway firewall services.
With introduction of NSX-T 3.0, service defined firewall can utilize IDS/IPS in a distributed fashion. This distributed platform is available on an ESXi kernel level and uses what so called Curated signature distribution. This method pushes only relevant signature to respective workloads and lowers computational overhead. This new capability reduces required signature tuning and decrease the false positive cases. And finally, like DFW, IDS/IPS policy and state automatically move with workloads.
Native AD-based Authentication via LDAP
NSX-T 3.0 adds support to configure Role-Based Access Control(RBAC) through direct Active Directory (AD) integration with LDAP. Before this release, NSX administrators had to deploy VMware Identity Management (vIDM) to enable RBAC. Using vIDM still adds value in terms of visibility , Single Sign-On(SSO) and Multi-Factor Authentication but direct AD integration simplifies and accelerates customer on-boarding.
If you want to learn more about vIDM, you can read vIDM deployment and integration with NSX-T blog post.
You can read NSX-T 3.0 Release Notes to get more information about this new release.