Overview I am just back from VMware Explore in Barcelona after presenting an interesting session about securing containers with Antrea and NSX and I am very excited and pumped to see how our Tanzu portfolio has/is evolved/evolving and this just gave me a push to revisit a topic which is bit common, yet will be […]
Overview In the second part of this blog post I will be finalising my NSX Application Platform deployment on upstream Kubernetes. In Part 1 of this blog series I deployed a vanilla Kubernetes cluster from the ground up, deployed VMware Antrea as CNI, MetalLb as load balancer provider and vSphere storage plugin (CSI provider) which […]
Overview In a previous blog post (HERE) I deployed NSX Application Platform on top of TKGs kubernetes cluster, however I had different discussions with both customers and partners and based on that I decided to write another blog post to cover NSX Application Platform (NAPP) deployment on upstream (aka native) Kubernetes cluster, since not all […]
Overview One of the cool features that was introduced with vSphere 8 is Workload Availability zones, which is basically HA zones for your Tanzu workload clusters hosted on top of vSphere with Tanzu supervisor clusters. Workload availability zones require 3 independent vSphere clusters each with independent networking and storage components, this is needed to provide […]
Overview In this blog post which is the last in series of posts discussing VMware Antrea IDS configuration and visibility, I am going to configure VMware Aria Operations for Logs (formerly known as vRealize LogInsight) to ingest and display VMware Antrea logs including IDS events captured by Antrea IDS Suricata engine. VMware Aria operations for […]
Overview In my previous blog post HERE I deployed VMware Antrea IDS and demonstrated how VMware IDS can secure pods running Antrea as CNI against malicious attacks, and although the feature is in tech preview it is very promising to see that VMware is committed to the vision of bringing Tanzu/Kubernetes security as an integral […]
Overview With the release of NSX 4.0.0.1 and VMware Antrea 1.5.0 came a very interesting announcement that you can now secure Antrea containers integrated with NSX using NSX IDPS i.e. leveraging threat prevention sigantures and capabilities to secure your containerised workloads. This feature is however is tech preview only at the moment, which means it is not […]
Overview N-VDS (or NSX Virtual Distributed Switch) was introduced with the release of NSX-T, and its main function was to provide the host with NSX data plane for handling NSX managed traffic (VMs which are connected to NSX segments and handled by NSX policies). This meant that for every NSX enabled host, administrators had to […]
Overview NSX Application Platform (NAPP) was introduced by VMware with the release of NSX 3.2, as the underlying platform for running various NSX features such as NSX Intelligence, Network Detection and Response (NDR) and Malware detection. NAPP components and the mentioned features do not run as OVAs anymore but in containers, this matches the whole […]
In part two in this blog post series, we will be integrating our kubernetes cluster which is running Antrea as CNI with NSX and will be using NSX to configure centralised security policies for container workloads running on our kubernetes cluster. Lab Inventory For software versions I used the following: VMware ESXi 7.0.2.17867351 vCenter server […]
