Hi all,

Just before summer time our VMware Cloud BU delivered a major SDDC release (v1.15) with huge improvements and new features to enhance networking performance, enable cross regions connectivity, add security features like IDS/IPS, identity based firewall,....

Kudos to the developer team!

Here's the complete list below and to be regularly updated, don't forget to read our release notes page here: link

New Features for VMware Cloud on AWS: SDDC v1.15

• VMware Transit Connect/ SDDC Group connectivity to Transit VPC
  • VMware Transit Connect enhancement to enable Transit VPC connectivity. VMware Transit Connect customers can configure a static route for a VPC attachment in the same AWS region. This capability becomes immediately available to all SDDC Group deployments (compatible with SDDC version 1.12 and above).
• VMware Transit Connect/ SDDC Group connectivity across regions
  • SDDC Groups can now be expanded across regions. Customers can select SDDCs in more than one region for an SDDC Group. VMware Transit Connect provides automatic provisioning and connectivity for SDDCs Group members across multiple regions. This provides high bandwidth connectivity for SDDC to SDDC communication across regions.
• VMware NSX® Advanced Firewall for VMware Cloud on AWS
  • VMware Cloud on AWS introduces major security capabilities. NSX Advanced Firewall includes NSX Distributed IDS/ IPS, NSX Identity Firewall and Distributed Firewall Layer7 with Application Identification and FQDN Filtering. Available as an Add-on for SDDC version 1.15. 
  • NSX Distributed IDS/ IPS
    • VMware NSX Distributed IDS/IPS is an intrusion detection and prevention system for SDDC network traffic. Customers can detect and prevent lateral threats to workloads using curated threat signatures and apply rules at the relevant VM level. Distributed IDS/IPS utilizes threat signatures updated by the VMware NSX Threat Intelligence Service.
  • NSX Distributed Firewall Layer7 with Application Identification and FQDN Filtering
    • Customers can apply stateful layer 7 access controls and filtering. The Distributed Firewall is built with L7 application profiles (L7 Application IDs) for common enterprise applications. Customers can also define specific FQDNs that are allowed or denied access to applications in the SDDC. 
  • NSX Identity Firewall
    • Distributed Firewall integrates with Active Directory to provide User Identification rules. Customers can utilize Active Directory Groups to define distributed firewall rules to control access to workloads and applications such as virtual desktops (VDI) in SDDCs.
• vSphere Distributed Switch (VDS)
  • VMware Cloud on AWS ESXi hosts will use the vSphere Distributed switch (VDS) for networking, replacing the current NSX-T Virtual distributed Switch (NVDS). The VDS switch will be introduced in SDDC version 1.15. Customers can opt-in to use VDS in 1.15. Please chat with the Support team or open an SR to get access to this feature.
  • Future deployments starting with version 1.16 will use VDS. Existing deployments will be converted to VDS prior to 1.18 upgrade.
  • The vSphere Web Services API Opaque Network objects will be converted to NSX DistributedVirtualPortGroup (DVPG) objects. The corresponding API parameters/ return values are changing, therefore customers need to update applications that are using these API calls. vSphere Opaque Network objects will not be supported beyond 1.16.
  • For more details, please refer to the KB https://kb.vmware.com/s/article/82487
• Local User Management in PCI
  • It provides the ability to add local users to NSX Manager in order to allow users to operate the SDDC in environments that don't use CSP to authenticate users.
• Networking performance improvement for i3EN hosts
  • This release incorporates improvements for i3EN.metal (approximately 50% higher packet processing compared to the previous release). Customers can realize higher throughput for their workloads, depending upon the specific application network profile.
• VMC Networking UI in standalone mode with CSP Authentication
  • Using CSP credentials, VMC users would be able to authenticate to Networking UI in standalone mode. This will enable private access to Networking UI from on-prem over Direct Connect, Transit Connect or VPN. 
• VMware Cloud on AWS Networking enhancements. 
  • Enhancements to minimize data plane impact due to planned edge failover events. Communication over Transit Connect/ Connect VPC is affected for sub-second duration. Communication over Direct Connect/ VPN is affected for less than 10 seconds due to planned edge failover event.
  • Enable RPF on a per interface Basis. This will allow the customer to enable/disable/change Reverse Path Forwarding (RPF) on the Intranet and Services Interface.  This will enable customers who have asymmetric routing in their environment to control the RPF behavior on these interfaces.
  • This release also optimizes communication from VM to Edge on the same host, which benefits VDI workloads.