VMware NSX 6.4.0 (NSX for vSphere 6.4.0) Released

VMware NSX has always been an exciting topic for me and my readers. With every release of NSX, VMware continuously improve the NSX features. As similar to that, VMware released VMware NSX for vSphere 6.4.0 (NSX-V 6.4.0) on Jan 16, 2018. VMware NSX 6.4.0 released with a lot of new features with serviceability enhancements and addresses a number of specific customer bugs. One of the important features which I see is VMware NSX UI plug-in support for HTML5 vSphere client with limited functionality. Take a look at the article to see functionality updates for NSX UI in HTML5 vSphere Client.

NSX functionality developed in HTML5 (e.g. Dashboard) remains compatible with both vSphere Client and vSphere Web Client, offering the seamless experience for users who are unable to transition immediately to vSphere Client. You need to have to have NSX 6.4.0, vCenter Server 6.5 Update 1 & vSphere Client (HMTL 5) 6.5 Update 1 to use NSX UI in HTML5 vSphere client. This article will just share the information from NSX 6.4.0 release notes.

Image Thanks to Eric Sloof on Twitter

System Requirements for VMware NSX 6.4.0(NSX-V 6.4.0)

For vSphere 6.5
vSphere 6.5a and 6.5 Update 1 is supported with NSx 6.4.0

For vSphere 6.0
vSphere 6.0 Update 2 and 6.0 Update 3

What’s New in VMware NSX 6.4.0?

Let’s see what are all the new features released with VMware NSX 6.4.0

Security Services:

Identity Firewall: Identity Firewall (IDFW) now supports user sessions on remote desktop and application servers (RDSH) sharing a single IP address, new “fast-path” architecture improves the processing speed of IDFW rules. Active Directory integration now allows selective synchronization for faster AD updates.
Distributed Firewall: Distributed Firewall (DFW) adds layer-7 application-based context for flow control and micro-segmentation planning. Application Rule Manager (ARM) now recommends security groups and policies for a cohesive and manageable micro-segmentation strategy.
Distributed Firewall rules can now be created as stateless rules at a per DFW section level.
Distributed Firewall supports VM IP realization in the hypervisor. This allows users to verify if a particular VM IP is part of a security group/cluster/resource pool/host which is used in the source, destination, or appliedTo fields of a DFW rule.
IP address discovery mechanisms for VMs: Authoritative enforcement of security policies based on VM names, or other vCenter-based attributes requires that NSX know the IP address of the VM. NSX 6.2 introduced the option to discover the VM’s IP address using DHCP snooping, or ARP snooping. In NSX 6.4.0, the number of ARP discovered IPs have been increased up to 128 and are configurable from 1 to 128. These new discovery mechanisms enable NSX to enforce IP address-based security rules on VMs that do not have VMware Tools installed.
Guest Introspection: For vCenter 6.5 and later, Guest Introspection (GI) VM’s are named Guest Introspection (XX.XX.XX.XX), where XX.XX.XX.XX is the IPv4 address of the host on which the GI machine resides. This occurs during the initial deployment of GI.

NSX User Interface: (HTML 5 Support for NSX UI)

Support for vSphere Client (HTML5): Introduces VMware NSX UI Plug-in for vSphere Client (HTML5). For a list of supported functionality, please see VMware NSX for vSphere UI Plug-in Functionality in vSphere Client.
HTML5 Compatibility with vSphere Web Client (Flash): NSX functionality developed in HTML5 (for example, Dashboard) remains compatible with both vSphere Client and vSphere Web Client, offering the seamless experience for users who are unable to transition immediately to vSphere Client.
Improved Navigation Menu: Reduced number of clicks to access key functionality, such as Grouping Objects, Tags, Exclusion List and System Configuration.

NSX Edge Enhancements:

Enhancement of Edge load balancer health check. Three new health check monitors have been added: DNS, LDAP, and SQL.
You can now filter routes for redistribution based on LE/GE in prefix length in the destination IP.
Support for BGP and static routing over GRE tunnels.
NAT64 provides IPv6 to IPv4 translation.
Faster failover of edge routing services.
Routing events now generate system events in NSX Manager.
Improvements to L3 VPN performance and resiliency.

Operations and Troubleshooting:

Upgrade Coordinator provides a single portal to simplify the planning and execution of an NSX upgrade. Upgrade Coordinator provides a complete system view of all NSX components with current and target versions, upgrade progress meters, one-click or custom upgrade plans and pre- and post-checks.
A new improved HTML5 dashboard is available along with many new components. The dashboard is now your default homepage. You can also customize existing system-defined widgets and can create your own custom widgets through API.
New System Scale dashboard collects information about the current system scale and displays the configuration maximums for the supported scale parameters. Warnings and alerts can also be configured when limits are approached or exceeded.
Guest introspection reliability and troubleshooting enhancements. Features such as EAM status notification, upgrade progress, custom names for SVMs, additional memory and more improve the reliability and troubleshooting of GI deployments.
A Central CLI for logical switch, logical router and edge distributed firewall reduces troubleshooting time with centralized access to distributed network functions.
New Support Bundle tab is available to help you collect the support bundle through UI on a single click. You can now collect the support bundle data for NSX components like NSX Manager, hosts, edges, and controllers. You can either download this aggregate support bundle or can directly upload the bundle to a remote server. You can view the overall status of data collection and status for each component.
New Packet Capture tab is available to capture packets through UI. If there is a host which is not in a healthy state, you can get the packet dump for that host, and administrator can examine the packet information for further debugging.
You can now enable Controller Disconnected Operation (CDO) mode from the Management tab on the secondary site to avoid temporary connectivity issues. CDO mode ensures that the data plane connectivity is unaffected in a multi-site environment when the primary site loses connectivity.
Multi-syslog support for up to 5 syslog servers.
API improvements including JSON support. NSX now offers the choice or JSON or XML for data formats. XML remains the default for backward compatibility.
Some of the NSX Edge system event messages now include Edge ID and/or VM ID parameters. For example, event code 30100, 30014, 30031.
These message parameters will not be available for older system events. In such cases, the event message will display {0} or {1} for the Edge Id and/or VM Id parameters.

I hope this is informative for you. For more information, refer VMware NSX 6.4.0 release notes. Thanks for Reading!!!. Be social and share it with social media, if you feel worth sharing it.

VMware Arena

Reserved Space for Virtualization