After a long wait, VMware finally announced NSX-T 3.2 on November 7th, 2021! There was a lot of buzz around this release for the past 2-3 months. In this article, we will look at the new features of this release. The new capabilities are grouped into three major areas; Security, Advanced Networking, and Simplified Operations, which I will list as the most significant enhancements in this article.
When we look at the new features and capabilities list, security enhancements are very bold. So let’s start with the security features and continue with networking and operations enhancements.
Network Traffic Analysis (NTA)
While the IDS/IPS uses signature-based traffic analysis, NTA uses multi-hopes network behavioral analysis techniques. This is useful in the case that attackers try to breach into the network and their behavior in that process is totally different than authorized users that access the system. Alongside NTA, sandboxing can also take unknown files and analyze those files and run a complete system emulation.
Enhanced Gateway Firewall
In NSX-T 3.2, the gateway firewall has been enhanced by adding URL filtering and advanced threat prevention with use of malware analysis and also sandboxing. Because gateway firewalls are the first line of defense into the NSX-T environment, it is crucial to have full-feature firewall functionalities like what we have on DFW. Alongside this the Application ID and User ID have been expanded and more than 750 Application ID is available on the gateway firewall.
Distributed Firewall for VDS Switchports
Before NSX-T 3.2, if you want to apply DFW rules to your workloads, you have to migrate them to NSX-T segments so the rules could be applied to the workloads. Starting with NSX-T 3.2, we can use native VLAN-backed distributed port groups for application of DFW. It is particularly important for DFW-only NSX-T implementations.
NSX Federation
NSX federation was introduced in NSX-T 3.0, and since then, it has been enhanced with every NSX-T release. With NSX-T 3.2, NSX Federation supports VM tag replication between local managers when recovering workloads in other sites while retaining their security policy. In this release NSX-T federation also enhanced health monitoring for communication channels between global and local managers.
Enhanced Migration Coordinator
If you want to migrate from NSX-Y to NSX-T you need to use the Migration Coordinator. With NSX-T 3.2 supports the migration of VMware Integrated OpenStack (VIO), fixed topologies with OSPF, and identity-based firewall (IDFW/RDSH) configurations.