Category Archives: NSX

Antrea to NSX-T Integration

By | 20. December 2021

Starting with NSX-T 3.2 its now possible to act as central security control plane for Antrea enabled k8s clusters. This post shows how to set up and gives a short introduction how it works. Prerequisites: have NSX-T 3.2 up and running Prepare 3 Ubuntu 18.04 VMs (4 CPU, 4GB RAM, 25GB Storage), minimum install with… Read More »

NSX-T – NCP Integration with Openshift 4.8 – The Super-Easy Way

By | 6. December 2021

Introduction If you have been following the blog posts on this site, we implemented NSX-T with Openshift 4.6 with NCP’s support for Openshift operators (see https://www.vrealize.it/2021/03/24/nsx-t-ncp-integration-with-openshift-4-6-the-easy-way/) using the UPI installation. In the meantime, NCP 3.2 was released, which supports Openshift 4.7 and 4.8 and is also able to get installed through the IPI installation process.… Read More »

Use idsreplay Appliance to easily demo NSX IDS/IPS

By | 24. August 2021

Often customers want to see the ease of use of VMware NSX distributed IDS/IPS. But to demonstrate its capabilities it might be necessary to setup tools like metaspoit and vulnerable software versions. With idsreplay I’ve created an easy way to run you IDS/IPS Demo “out-of-the-box” without the need to setup & configure potentially dangerous software… Read More »

NSX-T – NCP Integration with Openshift 4.6 – The Easy Way

By | 24. March 2021

Introduction If you have been following the blog posts on this site, we implemented NSX-T with Openshift 4.4 with NCP’s support for Openshift operators (see https://www.vrealize.it/2020/09/29/nsx-t-ncp-integration-with-openshift-4-4-the-easy-way). In the meantime, NCP 3.1.1 was released, which supports Openshift 4.6. Since 4.6 involves a new ignition format version, I took that opportunity to refresh this blog, to add… Read More »

Installing Antrea Container Networking and AVI Kubernets Operator (AKO) for Ingress

By | 22. January 2021

Update: January 2021 update with current versions (Antrea v0.12.0 AKO 1.13 / Controller 20.1.3) This post shows how to integrate Antrea Container Networking with NSX Advanced Load Balancer (NSX ALB) using AVI Kubernetes Operator (AKO) This example shows integration of a single K8S cluster with NSX ALB. If you plan to integrate more than one… Read More »

vSphere with Tanzu with NSX-T medium sized edge

By | 8. January 2021

vSphere with Tanzu automatically deploys an NSX-T based load balancer for its supervisor cluster control plane. The load balancer size is defined as MEDIUM and requires an EDGE node of large size which is defined with 8 vCPU and 32GB RAM. While the creation of a supervisor cluster does also work with a medium sized… Read More »

Configuring VMware NSX Cloud for consistent On-Premises and AWS Public Cloud Microsegmentation

By | 16. December 2020

This post is intended to show a very basic setup of VMware NSX Cloud to demonstrate the capability to enforce consistent microsegmentation policy for hybrid cloud environments. I will describe the setup of NSX Cloud and the operation of the Native Cloud Enforced Mode which relies on firewall functions delivered natively by AWS (or Azure).… Read More »

NSX-T – NCP Integration with Openshift 4.4 – The Easy Way

By | 29. September 2020

Introduction In my previous post, we implemented NSX-T with Openshift 4 based without NCP’s support for Openshift operators (see https://www.vrealize.it/2020/07/15/nsx-t-ncp-integration-with-openshift-4-3-the-hard-way/). In the meantime, NCP 3.0.2 was released, which is implemented using an Openshift operator. The operator is also published on the Redhat Openshift Operator Hub (https://catalog.redhat.com/software/operators/detail/5ef0f362701a9cb8c147cf4b). That makes the installation way more simple, as you… Read More »

NSX-T – NCP Integration with Openshift 4.3 – The Hard Way

By | 15. July 2020

Introduction Today, we’ll take a look at how to implement NSX-T’s container integration with Redhat Openshift 4.3.Before we begin, let me quickly explain why this blog post is called “The Hard Way”. Today with NSX-T 3.0 and NCP 3.0.1, support for Redhat Openshift can be provided by configuring the corresponding network config files during Openshift’s… Read More »

Troubleshooting DNS on Kubernetes with NSX-T

By | 17. June 2020

After integrating NSX-T with K8S I sometimes get issues with coredns not working. Common root cause: K8S internal DNS infrastructure needs non-NAT’ed network access from container PODs to K8S Nodes and vice versa. As NSX-T NCP default behaviour is to NAT your K8S Namespaces this can – depending on you overall architecture – cause connection… Read More »

NSX-T 3.0 available – a decade of innovation

By | 8. April 2020

Yesterday the eighth release of NSX-T went GA. Yes, you can hear and marvel, besides the expiring, NSX for vSphere (early 2022) this is already the eighth public release of NSX-T.  In addition to on-premise multi-hypervisor support, it allows a uniform security policy to be implemented in hybrid and multi-cloud environments, no matter whether the… Read More »

L7 Firewall – enforce Application Protocol by NSX-T Context Profile / AppID

By | 27. January 2020

This post introduces NSX-T L7 capabilities. You will create a MySQL Daemon on an VM and configure NSX-T Distributed Firewall to allow traffic on TCP 3306. When replacing this MySQL Daemon with sshd listening on 3306 NSX-T L4 firewall will not prevent access – by design. After enabling NSX-T L7 Firewall (Context Profile / Application… Read More »