VMware Cloud on AWS

 View Only
  • 1.  VMC (NSX-T) and "service insertion"

    Posted Jun 18, 2021 12:32 PM

    Hello.

    Question to VMware Product Team.

    In this article from 2019  https://aws.amazon.com/blogs/apn/integrating-next-gen-firewalls-with-vmware-cloud-on-aws/ there is information about "service insertion" which  can give possibility to integrate for example some external third party firewall vendor .

    Now we have 2021. Some news about this functionality ? which was in NSX-V ?

    We are in time when customers which use NSX-V onpremise are looking some alternative for their current solution to switch to NSX-T

    If they are using in their  datacenter some Network introspection in NSX-V and currently they cant for example migrate also to VMC without this functionality.

     

     



  • 2.  RE: VMC (NSX-T) and "service insertion"

    Broadcom Employee
    Posted Jun 18, 2021 01:08 PM

    Hi Sebastian - Thank you for your question.  I will engage one of our Product Managers to addrress your question.  Stay tuned.



  • 3.  RE: VMC (NSX-T) and "service insertion"

    Posted Jun 18, 2021 01:47 PM

    Hi Sebastian,

    Thank you for your question, indeed this is an important topic.

    Lei asked to our Product Management team but since this is holiday time in US, let me just give you some inputs regarding your question:

    Service insertion was initially planned to embed 3rd party security features within VMC, it was 2 or 3 years ago as the AWS article is showing. But in the meanwhile some events appeared: we switched from NSX-V to NSX-T and we acquired companies and enhance NSX features.

    So, based on these events, VMware has decided to choose another option, at least for the mid-term:

    - Enhance NSX features into VMC (like in the latest release with L7, IDS-IPS, identity firewall)

    - let our customer choose another security vendor by leveraging AWS services (ALB, ELB, 3rd party firewall in marketplace) https://cloud.vmware.com/community/2020/06/08/integrating-aws-application-load-balancing-vmware-cloud-aws/ 


    - or for larger environment including many VPC's or SDDC's, leverage in 1st case a Transit Gateway: https://blogs.vmware.com/networkvirtualization/2020/06/vmware-cloud-on-aws-with-transit-gateway-demo.html/ or build a Transit Connect in 2nd case: https://blogs.vmware.com/networkvirtualization/2020/09/vmware-transit-connect-simplifying-networking-for-vmc.html/ 

    Hope these details are clear and are fully addressing your question!
    Cheers



  • 4.  RE: VMC (NSX-T) and "service insertion"

    Broadcom Employee
    Posted Sep 09, 2021 09:12 PM

    Adding on to this already amazing response:

    VMware Cloud recently introduced NSX Advanced Firewall Features in VMC M14 version. These new features include

    1. Distributed IDS/ IPS
    2. Distributed Firewall with Layer 7 Application ID
    3. Distributed Firewall with Active Directory based User ID – IDFW
    4. Distributed Firewall with FQDN Filtering

    Blog / Product Page

     

    Added in VMC M12 version, the VMware-managed Transit Connect Gateway can be an alternative to the Native-AWS TGW. Through the use of SDDC Groups, customers can link their SDDC vCenter servers together and attach a single Direct Connect Gateway (DXGW / Native AWS Concept) to the backing TGW, allowing for there to be a single global resource available for all participating SDDCs to utilize for routing traffic to OnPrem.

    Blog



  • 5.  RE: VMC (NSX-T) and "service insertion"

    Posted Mar 05, 2024 05:38 PM

    Hi Team

    Can we use Palo Alto for traffic Inspection between East-West Traffic inside the compute work load in VMC SDDC?

    If yes can you please share some documentation or blogs how can we Integrate Third party tool Palo Alto with VMC SDDC to do a traffic Inspection between East-West Traffic.

     

    Regards

    MurthySai