Category Archives: NSX
Antrea to NSX-T Integration
Starting with NSX-T 3.2 its now possible to act as central security control plane for Antrea enabled k8s clusters. This post shows how to set up and gives a short introduction how it works. Prerequisites: have NSX-T 3.2 up and running Prepare 3 Ubuntu 18.04 VMs (4 CPU, 4GB RAM, 25GB Storage), minimum install with… Read More »
NSX-T – NCP Integration with Openshift 4.8 – The Super-Easy Way
Introduction If you have been following the blog posts on this site, we implemented NSX-T with Openshift 4.6 with NCP’s support for Openshift operators (see https://www.vrealize.it/2021/03/24/nsx-t-ncp-integration-with-openshift-4-6-the-easy-way/) using the UPI installation. In the meantime, NCP 3.2 was released, which supports Openshift 4.7 and 4.8 and is also able to get installed through the IPI installation process.… Read More »
Use idsreplay Appliance to easily demo NSX IDS/IPS
Often customers want to see the ease of use of VMware NSX distributed IDS/IPS. But to demonstrate its capabilities it might be necessary to setup tools like metaspoit and vulnerable software versions. With idsreplay I’ve created an easy way to run you IDS/IPS Demo “out-of-the-box” without the need to setup & configure potentially dangerous software… Read More »
NSX-T – NCP Integration with Openshift 4.6 – The Easy Way
Introduction If you have been following the blog posts on this site, we implemented NSX-T with Openshift 4.4 with NCP’s support for Openshift operators (see https://www.vrealize.it/2020/09/29/nsx-t-ncp-integration-with-openshift-4-4-the-easy-way). In the meantime, NCP 3.1.1 was released, which supports Openshift 4.6. Since 4.6 involves a new ignition format version, I took that opportunity to refresh this blog, to add… Read More »
Installing Antrea Container Networking and AVI Kubernets Operator (AKO) for Ingress
Update: January 2021 update with current versions (Antrea v0.12.0 AKO 1.13 / Controller 20.1.3) This post shows how to integrate Antrea Container Networking with NSX Advanced Load Balancer (NSX ALB) using AVI Kubernetes Operator (AKO) This example shows integration of a single K8S cluster with NSX ALB. If you plan to integrate more than one… Read More »
vSphere with Tanzu with NSX-T medium sized edge
vSphere with Tanzu automatically deploys an NSX-T based load balancer for its supervisor cluster control plane. The load balancer size is defined as MEDIUM and requires an EDGE node of large size which is defined with 8 vCPU and 32GB RAM. While the creation of a supervisor cluster does also work with a medium sized… Read More »
Configuring VMware NSX Cloud for consistent On-Premises and AWS Public Cloud Microsegmentation
This post is intended to show a very basic setup of VMware NSX Cloud to demonstrate the capability to enforce consistent microsegmentation policy for hybrid cloud environments. I will describe the setup of NSX Cloud and the operation of the Native Cloud Enforced Mode which relies on firewall functions delivered natively by AWS (or Azure).… Read More »
NSX-T – NCP Integration with Openshift 4.4 – The Easy Way
Introduction In my previous post, we implemented NSX-T with Openshift 4 based without NCP’s support for Openshift operators (see https://www.vrealize.it/2020/07/15/nsx-t-ncp-integration-with-openshift-4-3-the-hard-way/). In the meantime, NCP 3.0.2 was released, which is implemented using an Openshift operator. The operator is also published on the Redhat Openshift Operator Hub (https://catalog.redhat.com/software/operators/detail/5ef0f362701a9cb8c147cf4b). That makes the installation way more simple, as you… Read More »
Securing you K8S-Network with Antrea ClusterNetworkPolicy
Integrate NSX Advanced Load Balancer (Formerly Avi Networks) in NSX-T
Dual Stack (IPv4/6) in NSX-T with DHCP, SLAAC and Load Balancer
NSX-T – NCP Integration with Openshift 4.3 – The Hard Way
Introduction Today, we’ll take a look at how to implement NSX-T’s container integration with Redhat Openshift 4.3.Before we begin, let me quickly explain why this blog post is called “The Hard Way”. Today with NSX-T 3.0 and NCP 3.0.1, support for Redhat Openshift can be provided by configuring the corresponding network config files during Openshift’s… Read More »
Troubleshooting DNS on Kubernetes with NSX-T
After integrating NSX-T with K8S I sometimes get issues with coredns not working. Common root cause: K8S internal DNS infrastructure needs non-NAT’ed network access from container PODs to K8S Nodes and vice versa. As NSX-T NCP default behaviour is to NAT your K8S Namespaces this can – depending on you overall architecture – cause connection… Read More »
Integrating Kubernetes with NSX-T 3.0
This post shows how to integrate Kubernetes (1.18) running in vSphere 6.7 hosted Ubuntu 18.04 VMs with VMware NSX-T 3.0 This example uses the NSX NCP “shared Tier 1” topology meaning that all namespaces of the k8s cluster use the same T1 Gateway. Stateful services like Load-Balancing and NAT are applied to this T1 gateway.… Read More »
NSX-T 3.0 available – a decade of innovation
Yesterday the eighth release of NSX-T went GA. Yes, you can hear and marvel, besides the expiring, NSX for vSphere (early 2022) this is already the eighth public release of NSX-T. In addition to on-premise multi-hypervisor support, it allows a uniform security policy to be implemented in hybrid and multi-cloud environments, no matter whether the… Read More »
Using Firewall Rule in NSX created with PowerCLI
Creating a L7 Web Loadbalancer in NSX for HTTP and HTTPS
Working with Groups in NSX created with PowerCLI
L7 Firewall – enforce Application Protocol by NSX-T Context Profile / AppID
This post introduces NSX-T L7 capabilities. You will create a MySQL Daemon on an VM and configure NSX-T Distributed Firewall to allow traffic on TCP 3306. When replacing this MySQL Daemon with sshd listening on 3306 NSX-T L4 firewall will not prevent access – by design. After enabling NSX-T L7 Firewall (Context Profile / Application… Read More »