VMware NSX provides a (heavily underestimated) SpoofGuard functionality, which prevents virtual machines to use IP addresses that are not approved by the network engineers. It guards for, guess what, IP spoofs. Virtual machines will not be able to change their IP addresses without administrative approval, which prevents issues with unauthorized changes or duplicate IPs.

SpoofGuard in NSX

SpoofGuard can operate in 3 modes:

– Approve everything (the default);
– Automatically approve first detected IP, manual approve changes;
– Manually approve all first detected IPs and changes.

While having control of the IP address changes in the virtual network is pretty … Read more

NSX 6.2.3 was released a few weeks ago and brought a bunch of new stuff and fixes. I came across an undocumented change not mentioned in the release notes, which caused me some head ache, this post describes that change.

The NSX Edge Services Gateway can provide you with a SSL-VPN solution, making it possible for road-warriors to connect to the secured virtual network or make it possible for developers to connect to duplicate development environments. The SSL-VPN client is a lightweight and easy to use VPN client and you can set all kinds of policies as the VPN … Read more

If you want to remove VMware NSX from your vSphere environment, it’s as simple as reversing the installation steps (remove logical network configuration, remove NSX Service VMs, remove the NSX VIBs from the ESXi hosts and remove the NSX Manager). NSX is completely managed through the vSphere Web Client connecting to your vCenter. After you have reversed the installation steps, you are left with the NSX solution inside the vSphere Web Client.


Removing the NSX Solution from vCenter

Inside vCenter there’s the Managed Object Browser (MOB), which has access to all objects in the vCenter system and you can … Read more

VMware NSX 6.2.3 was released today and it’s a good one! There’s a lot of improvements and some new stuff in there, it’s a hell of a maturing release. Below are a few highlights.

NSX for vShield Endpoint license

There’s a default license generated when you install NSX now, and it defaults on the NSX for vShield Endpoint license. This means you can by default (and without cost) manage anti-virus offloading functionality. This is one step closer to a vShield replacement and an open download.

NSX Hardware Layer 2 Gateway Integration

This has been in the works for a while … Read more

VMware NSX is completely software based. This means it’s flexible as heck and you can have a lot of instances running concurrently. It also means you can go crazy with your network topology designs and amount of tinkering you can do with your virtual network. I am someone who loves to tinker. Sometimes a bit too much. A consequence of this, is that I sometimes break my virtual test lab and have to re-install it and return to the starting point. This has happened … Read more

VMware NSX has an open API and it’s pretty easy to consume. PowerShell is the same way; it’s easy to learn and easy to extend. This week, Anthony Burke and Nick Bradford released a PowerShell extension called PowerNSX. As the name suggests, it’s all about managing VMware NSX.

Nick and Anthony put PowerNSX on Bitbucket, which means there will be a continuos release cycle (whenever someone pushes something to the Git repository). You can download and install PowerNSX using Git or by downloading … Read more

Over the last few weeks, I have been working on a VMware NSX integration with one of my existing PHP applications. This application is tied into a development process with a new testing schematic which needed to use a the NSX features to test the code inside a tiered network setup. Of course, this needed to be automated and available on demand; enter the NSX API. Using the NSX API, I’ve been able to integrate network deployment and configuration inside the existing application (with … Read more