Amazon Web Services has a few ways of giving you connectivity: internet, Direct Connect (a physical line) and VPN. While AWS has a ton of examples for firewall/VPN vendors, there is none for connecting with NSX. I needed to connect a NSX network with AWS for a proof of concept and had to figure out how to configure AWS and what settings to use on the NSX Edge VPN. Behold, the fruits of my labor!

aws-nsx-vpn-topology

This is what we are going to be building in this post. Compute resources inside AWS connected with a VPN towards VMware NSX for corporate … Read more


vRealize Network Insight (vRNI) is most famous for its ability to help you with getting insight into your virtual traffic flows. Using that information you have all you need to configure micro-segmentation. vRNI is much more than that though and this post is the first of a series going into depth of some of the awesome capabilities of vRNI.

All Your Firewall Rules Belong to vRNI

One thing vRNI does, is inventory all the network configuration of the data sources (devices such as switches, routers, firewalls) you add to it. Among those data sources, NSX and Palo Alto Network devices … Read more


Just before all the buzz started from VMworld (such as the vSphere 6.5 release), the VMware fling team dropped a huge release. The first version of PowerCLI for OS X and Linux is available!

PowerCLI – Current State

While this is a fling, a lot of work has gone into making the proper cmdlets available for your everyday vSphere management duties. But there’s still a lot of work to be done. The comparison table between the PowerCLI version for Windows and the fling that has just been released is below:

powercli-fling-features

This is the beginning of an awesome cross-platform experience for … Read more


VMware NSX provides a (heavily underestimated) SpoofGuard functionality, which prevents virtual machines to use IP addresses that are not approved by the network engineers. It guards for, guess what, IP spoofs. Virtual machines will not be able to change their IP addresses without administrative approval, which prevents issues with unauthorized changes or duplicate IPs.

SpoofGuard in NSX

SpoofGuard can operate in 3 modes:

– Approve everything (the default);
– Automatically approve first detected IP, manual approve changes;
– Manually approve all first detected IPs and changes.

While having control of the IP address changes in the virtual network is pretty … Read more


The VMware Validated Designs (VVD) is a set of documentation that is maintained by VMware to provide a holistic and standardised datacenter designs that span across compute, storage, networking and management platforms. It’s basically a blueprint on how to implement and operate a SDDC-based private cloud.

Each VVD documentation set contains a Solution Overview, a Reference Architecture, a Design Guide and a set of Operational Guides and tools that includes best practices on how to plan, deploy and operate your SDDC. Here’s what’s new:

Flexible Deployment with Distributed Management and Workload Architecture

With the release of the VVD … Read more


Network admins hate stretching VLANs across data centers, we absolutely hate it. It causes potential instability on a inter-data center scope, destroys our isolated fault domains; something happens with VLAN X on site A, it also can take down site B (unless you take special precautions). I spent a few hours last week and the week before to help out customers that had that exact issue, which triggered this post.

The entire idea of stretching VLANs between data centers is about virtual machine mobility. You can do a failover between sites and don’t have to make adjustments to your applications … Read more


NSX 6.2.3 was released a few weeks ago and brought a bunch of new stuff and fixes. I came across an undocumented change not mentioned in the release notes, which caused me some head ache, this post describes that change.

The NSX Edge Services Gateway can provide you with a SSL-VPN solution, making it possible for road-warriors to connect to the secured virtual network or make it possible for developers to connect to duplicate development environments. The SSL-VPN client is a lightweight and easy to use VPN client and you can set all kinds of policies as the VPN … Read more