VMware Cloud Community
SebastianGrugel
Hot Shot
Hot Shot
‎06-18-2021 05:31 AM

VMC (NSX-T) and "service insertion"

Hello.

Question to VMware Product Team.

In this article from 2019  https://aws.amazon.com/blogs/apn/integrating-next-gen-firewalls-with-vmware-cloud-on-aws/ there is information about "service insertion" which  can give possibility to integrate for example some external third party firewall vendor .

Now we have 2021. Some news about this functionality ? which was in NSX-V ?

We are in time when customers which use NSX-V onpremise are looking some alternative for their current solution to switch to NSX-T

If they are using in their  datacenter some Network introspection in NSX-V and currently they cant for example migrate also to VMC without this functionality.

 

 

vExpert VSAN/NSX/CLOUD | VCAP5-DCA | VCP6-DCV/CMA/NV ==> akademiadatacenter.pl
0 Kudos
4 Replies
Lei_T
Community Manager
Community Manager
‎06-18-2021 06:07 AM

Hi Sebastian - Thank you for your question.  I will engage one of our Product Managers to addrress your question.  Stay tuned.

0 Kudos
ebernard
Enthusiast
Enthusiast
‎06-18-2021 06:47 AM

Hi Sebastian,

Thank you for your question, indeed this is an important topic.

Lei asked to our Product Management team but since this is holiday time in US, let me just give you some inputs regarding your question:

Service insertion was initially planned to embed 3rd party security features within VMC, it was 2 or 3 years ago as the AWS article is showing. But in the meanwhile some events appeared: we switched from NSX-V to NSX-T and we acquired companies and enhance NSX features.

So, based on these events, VMware has decided to choose another option, at least for the mid-term:

- Enhance NSX features into VMC (like in the latest release with L7, IDS-IPS, identity firewall)

- let our customer choose another security vendor by leveraging AWS services (ALB, ELB, 3rd party firewall in marketplace) https://cloud.vmware.com/community/2020/06/08/integrating-aws-application-load-balancing-vmware-clou... 


- or for larger environment including many VPC's or SDDC's, leverage in 1st case a Transit Gateway: https://blogs.vmware.com/networkvirtualization/2020/06/vmware-cloud-on-aws-with-transit-gateway-demo... or build a Transit Connect in 2nd case: https://blogs.vmware.com/networkvirtualization/2020/09/vmware-transit-connect-simplifying-networking... 

Hope these details are clear and are fully addressing your question!
Cheers

Emmanuel BERNARD
Lead Solution Engineer | VMware Cloud | EMEA

Please mark "Helpful" or "Correct Answer" if applies. Appreciate it.
bsnurka
VMware Employee
VMware Employee
‎09-09-2021 02:12 PM

Adding on to this already amazing response:

VMware Cloud recently introduced NSX Advanced Firewall Features in VMC M14 version. These new features include

  1. Distributed IDS/ IPS
  2. Distributed Firewall with Layer 7 Application ID
  3. Distributed Firewall with Active Directory based User ID – IDFW
  4. Distributed Firewall with FQDN Filtering

Blog / Product Page

 

Added in VMC M12 version, the VMware-managed Transit Connect Gateway can be an alternative to the Native-AWS TGW. Through the use of SDDC Groups, customers can link their SDDC vCenter servers together and attach a single Direct Connect Gateway (DXGW / Native AWS Concept) to the backing TGW, allowing for there to be a single global resource available for all participating SDDCs to utilize for routing traffic to OnPrem.

Blog

murthy3
Contributor
Contributor
‎03-05-2024 09:37 AM

Hi Team

Can we use Palo Alto for traffic Inspection between East-West Traffic inside the compute work load in VMC SDDC?

If yes can you please share some documentation or blogs how can we Integrate Third party tool Palo Alto with VMC SDDC to do a traffic Inspection between East-West Traffic.

 

Regards

MurthySai

0 Kudos