Author Archives: Daniel Paul

About Daniel Paul

Based in Leipzig, Germany. Supporting customers making k8s enterprise ready

Antrea to NSX-T Integration

By | 20. December 2021

Starting with NSX-T 3.2 its now possible to act as central security control plane for Antrea enabled k8s clusters. This post shows how to set up and gives a short introduction how it works. Prerequisites: have NSX-T 3.2 up and running Prepare 3 Ubuntu 18.04 VMs (4 CPU, 4GB RAM, 25GB Storage), minimum install with… Read More »

Use idsreplay Appliance to easily demo NSX IDS/IPS

By | 24. August 2021

Often customers want to see the ease of use of VMware NSX distributed IDS/IPS. But to demonstrate its capabilities it might be necessary to setup tools like metaspoit and vulnerable software versions. With idsreplay I’ve created an easy way to run you IDS/IPS Demo “out-of-the-box” without the need to setup & configure potentially dangerous software… Read More »

Installing Antrea Container Networking and AVI Kubernets Operator (AKO) for Ingress

By | 22. January 2021

Update: January 2021 update with current versions (Antrea v0.12.0 AKO 1.13 / Controller 20.1.3) This post shows how to integrate Antrea Container Networking with NSX Advanced Load Balancer (NSX ALB) using AVI Kubernetes Operator (AKO) This example shows integration of a single K8S cluster with NSX ALB. If you plan to integrate more than one… Read More »

Configuring VMware NSX Cloud for consistent On-Premises and AWS Public Cloud Microsegmentation

By | 16. December 2020

This post is intended to show a very basic setup of VMware NSX Cloud to demonstrate the capability to enforce consistent microsegmentation policy for hybrid cloud environments. I will describe the setup of NSX Cloud and the operation of the Native Cloud Enforced Mode which relies on firewall functions delivered natively by AWS (or Azure).… Read More »

Using OpenVPN to connect on-premises Datacenter to AWS VPC

By | 9. December 2020

For a customer demo I needed a quick way to interconnect my on-premises environment with a AWS VPC without getting a AWS direct connect or the possibility to open the on-premises firewall for a NSX IPSEC tunnel. So I made it work with OpenVPN which just needs TCP Port 443 to be allowed on the… Read More »

Troubleshooting DNS on Kubernetes with NSX-T

By | 17. June 2020

After integrating NSX-T with K8S I sometimes get issues with coredns not working. Common root cause: K8S internal DNS infrastructure needs non-NAT’ed network access from container PODs to K8S Nodes and vice versa. As NSX-T NCP default behaviour is to NAT your K8S Namespaces this can – depending on you overall architecture – cause connection… Read More »

L7 Firewall – enforce Application Protocol by NSX-T Context Profile / AppID

By | 27. January 2020

This post introduces NSX-T L7 capabilities. You will create a MySQL Daemon on an VM and configure NSX-T Distributed Firewall to allow traffic on TCP 3306. When replacing this MySQL Daemon with sshd listening on 3306 NSX-T L4 firewall will not prevent access – by design. After enabling NSX-T L7 Firewall (Context Profile / Application… Read More »

Integrating CentOS 7.5 BareMetal Server with NSX-T 2.5

By | 20. December 2019

This post demonstrates how to integrate a bare-metal server on OS-Level into NSX-T overlay networking and security. As there was no bare-metal system in my demo environment available I created a CentOS 7.5 VM on a non-NSX enabled ESXi Server. Topology shown below After successful installation it should look like this Pre-Requisites: Have NSX-T up… Read More »