sunvmware1's Posts

The NSX Distributed Firewall has added malware detection and prevention support for Linux guest endpoints (VMs). Linux has become the most common operating system across multi-cloud environments. In addition, we expanded the support for malware analysis for known and unknown files. Along with hash-based detection for new files, we added support for local and cloud analysis for unknown files of up to 64MB. Prior to NSX 4.0.1.1, the NSX Gateway supported Active/Standby High Availability mode where traffic is forwarded through a single active NSX Gateway.  This deployment mode required additional design and architecture considerations such as limits induced by the Active/Standby mode on bandwidth and CPU utilization. Additionally, 4.0.1.1 brings added support for malware detection to the NSX Gateway Firewall running directly on bare metal, allowing for consistent protection regardless of whether customers choose a virtual or physical form factor NSX 4.0.1.1 introduces 16 additional NSX Edge metrics that further enhance monitoring and troubleshooting.  This includes flow cache metrics, queue occupancy for fast path interfaces, and NIC throughput on ingress and egress on the NSX Edge fast path interfaces. more details refer - https://blogs.vmware.com/networkvirtualization/2022/11/nsx-4-0-innovations.html/  

When completing an upgrade precheck in SDDC-Manager the NSX-T password validity check fails:   Impact - HIgh: Password has expired and upgrade will fail due to this.  You will see the following in the /var/log/vmware/vcf/lcm/lcm-debug.log:   2021-06-17T19:10:20.089+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validation status for API credential type of resource: nsx.corp.local is VALID 2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.util.PrimitiveHelper,pool-3-thread-48] Password validation for API credential type of resource: nsx.corp.local is VALID 2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry data for API credential type of resource: nsx.corp.local is SUCCEEDED 2021-06-17T19:10:20.090+0000 DEBUG [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.c.u.VmwPrimitiveUtils,pool-3-thread-48] Password validationexpiry for API credential type of resource: nsx.corp.local is in -22 days 2021-06-17T19:10:20.090+0000 INFO  [vcf_lcm,0000000000000000,0000,precheckId=af8ce3f0-615b-4387-919c-f123e797d4a5,resourceType=NSX_T,resourceId=nsx.corp.local] [c.v.e.s.l.p.i.nsxt.NsxtPrimitiveImpl,pool-3-thread-48] Completed precheck task NSX_T_PASSWORD_VALIDITY_CHECK  on resource id nsx.corp.local  with status RED   Note: This precheck will also fail if the password expiry is cleared using the command "clear user admin password-expiration". It is a known issue, please refer the KB SDDC manager falsely shows the password for NSXT component as expired for more information.      Cause NSX-T does not support setting password expiry for root or admin to 99999 NSX-T password expiry can be set to a maximum period of 9999      Resolution Set password expiry for root and admin to 9999: 1. SSH to NSX-T VIP with admin credentials 2. Check password expiry for both root and admin accounts get user admin password-expiration 3. If the password has expired or is set to 99999 use the following command to set password expiry to 9999 set user admin password-expiration 9999 4. Retry upgrade precheck in SDDC-Manager

We are pleased to announce the introduction of VMware NSX Advanced Firewall for VMware Cloud on AWS, which takes the network security capabilities of VMware Cloud on AWS SDDC to a new level. Adding NSX Advanced Firewall features allows organizations to define security policies at Layer 7 while enabling deep packet inspection across all vNICS within the software-defined data center (SDDC).      NSX Advanced Firewall capabilities help you secure your applications against a never-expanding set of threats on the internet. Specifically, it includes a robust set of networking and security capabilities that enable customers to run production applications in the cloud.  This capability allows you to:  Detect attempts at exploiting vulnerabilities in your workloads.  Gain protection against vulnerabilities inside your SDDC with granular application-level security policies.  Reduce the attack surface of your workloads by allowing only the intended application traffic to run in your SDDC.  Seamlessly provide inspection for all traffic without a single inspection bottleneck.  Achieve your compliance goals.  Customers can purchase the NSX Advanced Firewall as an add-on in VMware Cloud on AWS. 

Modern apps need to run in multi-cluster, multi-cloud environments across a mix of traditional and microservices architectures. In this context, enterprise platform, infrastructure, and operations teams are presented with unique challenges in securely connecting and managing modern workloads, in delivering scalable services, or bridging between traditional VM workloads and containers, and supporting production operations for modern apps.   VMware recently introduced the “VMware Modern Apps Connectivity solution”, which brings together the advanced capabilities of Tanzu Service Mesh (TSM) and VMware NSX Advanced Load Balancer ALB (formerly Avi Networks) address today’s unique enterprise challenges.