PowerNSX (for vSphere) is a great tool for SDN automation. I use it on a daily basis and helps me and my customers a lot! But with every good product, there is always room for improvement! One of my customers asked me to add descriptions to existing IpSet object, add services to existing DFW...
Usefull vRNI queries to enable micro segmentation
This blog is related to earlier blogs: https://datacenterdennis.wordpress.com/2018/10/11/designing-a-nsx-security-framework/https://datacenterdennis.wordpress.com/2019/01/09/next-gen-network-security-topologies/https://datacenterdennis.wordpress.com/2018/10/10/nsx-security-vs-workability/ Introduction This blog may help you implement micro-segmentation by providing helpful vRNI queries. You can use these queries to identify VMs which should be placed into the different segments. You can read here what vRealize Network Insight is and how it works. This blog will help...
NSX-v: understanding and overcoming DFW firewall rule maximums
In this blog I’m going into the deep down holes of the DFW firewall rule maximums of VMware NSX for vSphere. As the stated maximum on the configmax-website are soft-limits and not hard-limits. Let discuss what the hard limit of the amount of DFW rules is. Let’s start by talking about the Distributed Firewall...
Me presenting @NLVMUG: talking about modern datacenter security
...
Me explaining VMware AppDefense & NSX
...
Me explaining a VMware NSX Security Framework
...
NSX-V: Security Framework implementation script
This Powershell script is used as an example for deploying a NSX Security Framework as described in this blog. Installing PowerNSX is a prerequisites, and before running this script connect to a greenfield NSX Environment, with the cmdlet: “connect-nsxserver”.This script modifies the default rule to a deny rule, creating a zero trust environment. So...