In a previous blog post, NSX-T architecture explained and now we can start implementation of NSX-T. Deployment process of NSX-T Data Center beings with deployment of NSX-T Management cluster. In NSX-T 3.0 management cluster is consist of three NSX-T managers which include both management and control plane. The management plane provides Web UI, REST API and also interface to other management platforms like vCenter Server, vCloud Director or vRealize Automation. The Control plane is responsible for computing and distributing network run time state.
NSX-T managers can be deployed on ESXi or KVM hypervisor. If you are planning to use ESXi platform to host NSX-T managers, an OVA file should be used. On the other hand for KVM platform, a QCOW2 image will be used for NSX-T manager deployment. It is important to note that mixed deployments of managers on both ESXi and KVM are not supported. Based on type of deployment and size of environment, NSX-T manager node size configuration should be selected. Following is the four different configuration options and their requirements.
On April 7th 2020, VMware introduced next major release of its Network Virtualization & Security solution. NSX-T 3.0 introduces variety of new features which enhance the adoption of software-defined networking in private, pubic and hybrid-cloud environment.
Following are some of the new features and enhancements that are available in NSX-T 3.0 Datacenter;
On March 10th 2020, VMware released VMware Cloud Foundation(VCF) 4.0 along side a refresh on its other SDDC protofolio including vSphere 7.0, vSAN 7.0 and vRealize Suite 2019 latest release. By deploying VCF 4.0, you can take advantage of all the components that are included in the package and there are some features which only available with VCF 4.0. For example Kubernetes capabilities of vSphere 7 are only included as part of VCF 4.0 with Tanzu. Following you can find Bill of Materials(BoM) for VCF 4.0.
One of the new capabilities that have been added to VCF 4.0 is the possibility to use NSX-T in Management workload domains. Before VCF 4.0, Management workload domain had to use NSX-V as networking and security virtualization solution. NSX-T will also used as a defacto network and virtualization solution for VM and container workload. With use of NSX-T we have the option to bring up one NSX-T Management cluster that can serve many workload domains.
VCF 4.0 also supports latest update of vRealize Suite 2019 which includes;
vRealize Automation 8.1
vRealize Opertions 8.1
vRealize Log Insight 8.1
All the above products have the capability to operate based on container workloads beside normal VM workload. VCF SDDC Manage 4.0 together with vRealize Suite Lifecycle Manager 8.1 will automate the process of lifecycle management for both VCF core components and also vRealize suite components.
As it mentioned in Introduction to VMware NSX , NSX-T Datacenter is built on three integrated layers of components which are Management Plane, Control plane & Data plane. This architecture and separation of key roles enables scalability without impacting workloads.
NSX-T Management cluster which built from three-node NSX-T managers controller nodes. Management plane and control plane are converged on each node. NSX managers provides Web-GUI and REST API for management purposes. This is one of the architectural difference compared to NSX-V which had to integrate into vSphere Client & vCenter server. NSX Manager is also could be consumed by Cloud Management Platform(CMP) like vRealize Automation to integrate SDN into cloud automation platforms. NSX-T Manager can also connect to vSphere infrastructure through integration with vCenter Server(Compute Manager).
VMware has announced new update to per-CPU licensing model. Ok don’t panic VMware is not going to bring back vRAM licensing model but they added new CPU related license type. Effective from April 2nd 2020, building a server with a processor which has more than 32 cores needs additional license. According to VMware’s website, “Under the new model, one CPU license covers up to 32 cores in a single CPU”. This means, additional license requires to be purchased for every 32 physical CPU cores! So if there is a single-CPU server with up to 32 physical cores, as before, 1 license should be purchased. But if there is single-CPU server with 64 cores, 2 licenses needed because as it said before every license covers a single CPU with up to 32 cores. To get a better view of this change, take a look at below image from VMware.
Fortunately for those who are going to buy servers and VMware licenses till April 30th 2020, there is “Free per CPU licensing” program. According to VMware website, “Any existing customers who purchase VMware software licenses, to be deployed on a physical server with more than 32-cores per CPU, prior to April 30, 2020 will be eligible for additional free per-CPU licenses to cover the CPUs on that server”.
VMware Cloud Foundation(VCF) is VMware’s integrated SDDC platform for private and hybrid cloud infrastructures. This software package integrates VMware’s Compute, Storage and Network Virtualization solutions with a centralized automated lifecycle management tool call SDDC Manager. The core components of VCF are vSphere (Compute), vSAN (Storage) and NSX (Network & Security). VMware vRealize Suite can also be optionally added to VCF to increase the capability of SDDC infrastructure with performance & capacity Management and cloud management. Since VCF 3.8 beside running normal virtual machine workloads, you can also run containers with use of VMware Enterprise PKS.
To start implementing VCF at least seven ESXi hosts is needed, four for Management Workload Domain(WLD) which hosts infrastructure components of SDDC and another three host for running actual infrastructure WLD. These nodes can be vSAN ready nodes or you can take advantage of DellEMC’s VxRAIL platform and run more integrated Hyper-converged(HCI) platform. The Management WLD brought up with use of special virtual appliance call Cloud Builder. This awesome tool brings up four first nodes in management cluster alongside Platform Service Controllers(PSC), vCenter Servers, NSX manager & controllers and vRealize Log Insight. After the initial bring up process VCF infrastructure management will be done through SDDC Manager.
On January 14th 2020, VMware announced general availability of VMware Cloud Foundation (VCF) 3.9.1. This new release supports new features such as Application Virtual Network (AVN), improvements to Cloud Builder, many resolved issues specially around NSX-T and also BOM updates.
Application Virtual Network (AVN) enables vRealize Suite deployment to use NSX overlay networks in addition to VLAN-backed port groups. New installation of VCF 3.9.1 can use AVNs for vRealize Suite components and if you upgrade VCF from a prior release to 3.9.1 and willing to use AVNs, VMware Support should be contacted. VMware Cloud Builder which is being used for bring-up process of VCF now includes several new workflows and also deployment report of bring-up phase.
Of Material(BOM), VCF 3.9.1 now supports vSphere and vSAN 6.7 Update 3b which
holds many security and bug fixes. If you are using NSX-V in your management or
VI workload domains, you can take advantage of NSX-V 6.4.6 and lastly VDI workload
domain will also upgraded to Horizon 7.10. Those who are using VCF on VxRAIL,
now VxRAIL Manager 4.7.410 is supported with this new release of VCF on VxRail
VMware NSX is a network
virtualization and security platform and it is part of VMware’s Software Define
Datacenter (SDDC) architecture. VMware NSX has emerged as VMware acquisition of
a company call Nicira in 2012 which had a solid product on Software Defined
Network (SDN). The product comes in four different forms;
NSX Data Center
NSX Hybrid Connect
NSX Data Center itself comes
in two different flavors, NSX-V which mainly designed to work in VMware vSphere
environments and NSX-T, formerly known as Multi-Hypervisor, which offers
network virtualization and cyber-security features for multi-hypervisor,
container-based and multi-cloud environments like AWS or Azure cloud services.
Software-Defined networking delivers L2 to L7 network functions in software and
allowing virtualization and cloud administrators to provision required services
on hypervisor level.
On December 17th, VxRail 4.7.410 software package has been released by DellEMC. The software package includes;
VxRail Manager 4.7.410(26262335)
VMware ESXi 6.7 Patch 01 (15160138)
VMware vCenter Server Virtual Appliance 6.7 Update 3b (15132721)
VMware vSAN 6.7 Patch 01(15160138)
VMware vRealize Log Insight 4.8(13036238)
This new release contains vSphere 6.7 Patch 1 which covers the heap overwrite security issue in OpenSLP as used in ESXi hosts. This vulnerability may allow network access to port 427 on ESXi host to OpenSLP service and result in remote code execution. (CVE-2019-5544). Other new features in 4.7.410 are;
Supports vSAN 2-node deployments with network switches.
Allows the order in which sites are upgraded to be specified for stretched clusters.
Improves the handling of VxRail alarms in vCenter.
Adds a Chat with Supportbutton on the Support tab.
Disables node removal for vSAN 2-node clusters.
You can directly upgrade you VxRail cluster if you are running VxRail
software 4.0.510 or later release. You may not upgrade VxRail appliance in the
following circumstances without opening a service request;
If you are running a 3-node cluster running VxRail
4.5.152 or earlier
If you are running a stretched cluster and running
VxRail 4.7.212 or earlier
If your cluster is in unhealthy state or has critical