NSX-T Security Reference Guide - This talks about NSX Service-defined Firewall capabilities, different use cases, architecture, consumption model and the best practices around the security design. 1.3 version mainly has following updates along with minor update to all section:
* Chapter -1: NSX Service-defined firewall value prop/positioning.* Chapter -2: NSX Use cases – What/why/how and NSX deployment Options.* Chapter -5: Best practices around Groups/Tags/Policy
Readers are encouraged to send a feedback to NSXDesignFeedback_at_groups*vmware*com (replace _at_ -> @ and * -> .)
We will continually updating this document so please re-download this document.
--The VMware NSX Product Management
Thanks! This document is long awaited and highly valuable. Some feedback below - if I may.
Last two lines in the attached picture tells 11 and just below that 10 predefined roles.
Page 17 - I would amend Option 1 with the term "security focused design" as this was the name of this approach back in the time with NSX for vSphere.
Page 20 - "In the physical representation, both T0 and the T1 firewalls are on the Edge Transport Node. Thus the packed does not leave the Edge host until it has passed through T1 Gateway Firewall" This is true, but not always as active instance of the T1 can be elsewhere, so within an other Edge node and in that case the traffic will leave the T0 hosing Edge node and flow to the one hosting the active T1.
Page 32 - Flow 3 is in the text as example but picture talks about flow 2.
Page 34 - I'd iclude some lines about that the "applied to" can be configured at the section level also which is also important.
All very good points. Look forward to a revised version 1.1 coming out in a few weeks with these and other edits.