Reading Time: 4 minutes

VMware NSX-T Data Center is the next generation product that provides a scalable network virtualization and micro-segmentation platform for multi-hypervisor environments, container deployments, and native workloads. It has not yet become features parity with NSX-v, but the gap is closing faster and there are also several new features and capabilities available ONLY on NSX-T.

And the product is growing faster: on June was release the NSX-T Data Center 2.2.0 and now there is the new NSX-T Data Center 2.3.0 release (see the release notes).

NSX-T Data Center 2.3 is the incremental upgrade release that enhances the new multi-hypervisor platform delivered for cloud and containers.

The main big news of this release is the bare-metal support that includes Linux-based workloads running on bare-metal servers and containers running on bare-metal servers without a hypervisor. In this way, NSX-T can really span across different type of workloads and environments.

NSX-T Data Center leverages the Open vSwitch, to enable any Linux host to be an NSX-T Data Center transport node to allow users to network bare-metal compute workloads over VLAN, overlay backed connections, and to enforce micro-segmentation policies (stateful Layer 4 enforcement) for Virtual-to-Physical and Physical-to-Physical communication flows.

Supported Linux distributions are:

  • RHEL 7.4 (native compute workloads and Docker Containers using Kubernetes and RedHat OpenShift Container Platform)
  • RHEL 7.5 (Docker Containers using Kubernetes and RedHat OpenShift Container Platform)
  • CentOS 7.4 (native compute workloads only)
  • Ubuntu 16.0.4 (native compute workloads only)

NSX-T 2.3 has also some cloud specific enhancements:

  • Support for AWS Deployments: NSX Cloud support for AWS workloads.
  • Automatic NSX Agents Provisioning in Azure VNETs
  • VPN Support Between On-Premise to Public Cloud: includes built-in VPN capabilities within the NSX Cloud Public Cloud Gateway using APIs. You can use the VPN capabilities to create IPSEC links between the following:
    • Managed compute Amazon VPCs/Azure VNets and third-party service VMs in transit Amazon VPCs/Azure VNets
    • Managed Amazon VPC/Azure VNET and an on-premise VPN device
  • Expanded OS Support for NSX Cloud Agent: NSX Cloud supports RHEL 7.5 operating systems in the public cloud.

But also several security enhancements:

  • Service Insertion Support on Tier-0 and Tier-1 Routers: includes the ability to onboard third-party security solutions, deploy a High Availability third-party security solution at Tier-0 or Tier-1 or both and insert the third-party security solution via redirect policy.
    Check the VMware Compatibility Guide – Network and Security for the latest certification status of third-party solutions on NSX-T Data Center.
  • Multiple Section Support in NSX Edge Firewall: adds multiple sections in the NSX Edge Firewall for ease of manageability
  • Firewall Rule Hit Count and Rule Popularity Index: monitors rule usage and quick identification of unused rules for clean-up
  • Firewall Section Locking: enables multiple security administrators to work concurrently on the firewall
  • Grouping Objects: supports an object to be added to a group if it matches all five specified tags, which was previously two tags
  • Tag Length: increases tag length value from 65 to 256 and tag scope from 20 to 128

And much more. So it’s not a minor release but it’s a big step with huge improvements and enhancements.

For more information, see also: Announcing general availability of VMware NSX-T Data Center 2.3.0

Will NSX-T become the main NSX Data Center product and replace somewhere the NSX-v? Probably yes, but it will require more times.

But it’s quite clear that NSX-T is becoming a better product with an independent management plane, that makes it more flexible to manage multiple hypervisors (but still does not have a native Hyper-V support) and multiple cloud support. And it’s mature enough.

Considering the support and lifecycle of NSX-v 6.x we have to assume that this migration of shift will be not before 2020.