NSX-T offers federation capabilities which consolidate multiple NSX instances (locations) into a single pane of glass. in the past VMware NSX for vSphere offered the same capabilities through the concept of universal objects: one primary NSX manager was responsible for the management of universal objects (groups and tags) and synchronized these objects with all...
Prevent Password Lockout on Local NSX-T Managers when using Federation
Introduction NSX Federation enables admins to manage multiple local NSX-T Managers from a single pane of glass, though the use of a global NSX-T Management cluster. NSX-T Federation is available since NSX-T version 3.0 (production-ready since 3.1) and it’s available through a manual guide for VMware Cloud Foundation version 4.2 and later. One of...
PowerShell: Automating NSX-V Firewall Filter to Export Version 1000
For the migration of NSX-v to NSX-T there is a “small” step which requires to set the ExportVersion set to 1000 (for all VMs on all vSphere hosts), as per this doc. You can circumvent this step by quickly re-enabling the firewall on the clusters: but this is like shooting a misquito with a...
Dealing with seamless NSX DFW migrations (1/2)
Introduction One of the use cases provided by VMware NSX is the Distributed Firewall, which secures application workloads within the datacenter. It’s fully decoupled from the underlying network infrastructure, being able to focus on application-based security. Many customers have already implemented NSX to secure their workloads. With the upcoming EOL of NSX-v there is...
vSphere/NSX-T – Network Port Diagram
a vSphere and NSX-T network port diagramm...
How to become better in (Powershell) script-writing.
How to become a better powershell script writeere...
Full explanation of NSX-T Federation (and that rhymes)
With the General Availability of VMware NSX-T version 3.0, one of the most anticipated features is released: “Federation”. NSX-T Federation enables customers to stretch their NSX-T deployments over multiple site and/or towards the public cloud, but still keeping one Single Pane of Management. With NSX for vSphere (NSX-v) this feature was also available and...
Using PowerShell to enumerate Log Insight events
When using the VMware NSX Distributed firewall, it’s common to use vRealize Log Insight for firewall rule analyses but there is a little problem with it, which I will try to explain and resolve. The great thing about the VMware NSX Distributed Firewall is that you can assign vSphere objects directly to the firewall...
PowerNSX: missing NSX Firewall rule functionality
PowerNSX (for vSphere) is a great tool for SDN automation. I use it on a daily basis and helps me and my customers a lot! But with every good product, there is always room for improvement! One of my customers asked me to add descriptions to existing IpSet object, add services to existing DFW...
Usefull vRNI queries to enable micro segmentation
This blog is related to earlier blogs: https://datacenterdennis.wordpress.com/2018/10/11/designing-a-nsx-security-framework/https://datacenterdennis.wordpress.com/2019/01/09/next-gen-network-security-topologies/https://datacenterdennis.wordpress.com/2018/10/10/nsx-security-vs-workability/ Introduction This blog may help you implement micro-segmentation by providing helpful vRNI queries. You can use these queries to identify VMs which should be placed into the different segments. You can read here what vRealize Network Insight is and how it works. This blog will help...