This month VMware released NSX 6.4.0. This version provides many features, improvements and bug fixes.
What's new in NSX 6.4.0?
Following Release Notes we can find some interesting features and improvements. In my opinion, the most important:
- Upgrade Coordinator provides a single portal to simplify the planning and execution of an NSX upgrade. Upgrade Coordinator provides a complete system view of all NSX components with current and target versions, upgrade progress meters, one click or custom upgrade plans and pre- and post-checks.
- Distributed Firewall: Distributed Firewall (DFW) adds layer-7 application-based context for flow control and micro-segmentation planning. Application Rule Manager (ARM) now recommends security groups and policies for a cohesive and manageable micro-segmentation strategy.
- Distributed Firewall rules can now be created as stateless rules at a per DFW section level.
- Multi-syslog support for up to 5 syslog servers.
- Enhancement to Edge load balancer health check. Three new health check monitors have been added: DNS, LDAP, and SQL.
- Faster failover of edge routing services.
One click upgrade to NSX 6.4.x
I couldn't wait and I upgraded a pretty new environment based on 6.3.5. It was a good time to check the Upgrade Coordinator, one of a feature of NSX 6.4.
- Login to NSX Manager and do upgrade.
- After login to vSphere Web Client, there is some difference in NSX UI already.
- Formally named Upgrade Coordinator provides simplified upgrade process. When you click on Plan Upgrade - there is an option "One Click Upgrade" and you can start the upgrade process. Also you can plan an upgrade but it is not a "one click" 😉 For more information please follow: Plan and Start an Upgrade
- Components are being upgraded. Finished.
* vSphere 5.5 is not supported. You have to upgrade to at least 6.0 U2.
NSX Manager is also a little bit integrated with vCenter HTML 5 UI - there is possible to perform upgrade, check maximums (and current usage), Packet Capture and Support Bundle:
I deployed a new NSX Controller and there is a small improvement. The NSX Controller VM contains name typed during deployment. On the below figure - old and new naming style (one controller was deployed before upgrade to 6.4.0).
Resources from Network Field Day 17
Last week, during Network Field Day 17 VMware did some interesting demos.
- Application Rule Manager - a feature introduced in 6.3.x but improved in 6.4. It can be used to gather flow in virtual environment and automatically create and publish rules. Very useful during implementing micro-segmentation because it can help avoid unnecessary interruptions between virtual machines.
- Identity Firewall (IDFW) supporting user sessions on remote desktop and application servers (RDSH) sharing a single IP address - e.g. to block a specific resource (e.g. access to Web Server) for specific users (based on NSX Security Group with AD integration) using the same virtual desktop.
Additional useful resources
NSX 6.4 Upgrade Guide <---- Highly recommended before upgrade!