Tons of new features for VMware Cloud on AWS were released yesterday with my favorite one being the managed Kubernetes service aka Tanzu, at no additional cost. Want to secure your east-west and north-south traffic? Or looking to implement distributed intrusion detection/prevention services updated regularly on the NSX Threat Intelligence Cloud? Say no more! NSX Advanced Firewall is now generally available too! What about extra visibility mainly for troubleshooting purposes with NSX traceflow? Or simply looking for SDDC group connectivity across regions?
Official list of the features announced:
- Managed Kubernetes service (Available)
- Tanzu-based Managed Kubernetes Service on VMware Cloud on AWS is Available. This enables a consistent managed experience on-premises, in the public cloud, and on the edge. IT or cloud admins can enable the Kubernetes service on VMware Cloud on AWS cluster to deploy, run and scale containerized workloads. Once enabled, customers will be able to manage VMs and containers through the familiar vCenter Server interface. This service is available in all VMware Cloud on AWS regions and is currently supported on three (3) or more host SDDC clusters. Customers will get access to a set of Tanzu Mission Control capabilities, to centrally manage cluster lifecycle, operate, and secure their Tanzu Kubernetes clusters on VMware Cloud on AWS.
- VMware NSX Advanced Firewall
- VMware NSX Advanced Firewall is Generally Available to paying customers on October 1 2021. Customers using the service after October 1 2021 will incur charges as published at https://www.vmware.com/products/nsx-advanced-firewall-for-vmc.html
- NSX Advanced Firewall 1-year and 3-year Subscriptions. NSX Advanced Firewall is available with 1-year and 3-year subscriptions. Customers can avail of significant cost savings compared to on-demand consumption of the NSX Advanced Firewall by making a commitment to a number of hosts per region. Subscriptions can be purchased on the VMC console on a per-region and per host-type basis. NSX Advanced Firewall provides the advanced security of NSX Distributed IDS/ IPS, NSX Identity Firewall and Distributed Firewall Layer7 with Application Identification and FQDN Filtering. Available as an Add-on for VMware Cloud on AWS SDDCs version 1.15 and higher. For more information please see this page.
- VMware Transit Connect/ SDDC Group connectivity to External TGW (across regions). This feature enables VMware Cloud on AWS customers to peer their native Transit Gateways (TGW) with VMware Transit Connect, simplifying access between VMC and AWS resources across accounts and across regions, while retaining control over connectivity in the respective environments. This capability becomes immediately available to all SDDC Group deployments (compatible with SDDC version 1.12 and above). For more information please see VMware Transit Connect Enhancements.
- NSX Traceflow for Visibility and Self-serve Troubleshooting
- VMware Cloud on AWS customers can utilize Traceflow to inspect the path of a packet from source to destination in the SDDC. Traceflow provides visibility for external communication over VMware Transit Connect.
- VMC Networking UI in standalone mode
- VMC users can access the VMC Networking UI in standalone mode from the Internet using the Open NSX Manager button in the VMC UI for easy access. The standalone Networking UI features the VMware NSX Manager user interface with a streamlined layout and separate tabs for Networking, Security and Troubleshooting. Users can authenticate themselves using CSP credentials. Users can also access the VMC Networking UI in standalone mode over Direct Connect, Transit Connect or VPN.
- Networking and Security – Operational Improvements
- Customers can view network traffic stats per external interface to the SDDC. The Global Configuration tab provides user visibility in terms of bytes/ packets received and transmitted per uplink. Users can also control interface settings on the Global Configuration tab.
- vSphere Distributed Switch (VDS)
- The vSphere Distributed Switch (VDS) enables customers to manage NSX network segments as vCenter DVPG objects. New deployments in 1.16 will use VDS. Existing deployments will be converted to VDS prior to 1.18 upgrade. The vSphere Web Services API Opaque Network objects will be converted to NSX DistributedVirtualPortGroup (DVPG) objects. The corresponding API parameters/ return values are changing, therefore customers need to update applications that are using these API calls. vSphere Opaque Network objects will not be supported beyond 1.16.
- For more details, including the latest VMware and partner application versions that are compatible with VDS, please refer to the KB https://kb.vmware.com/s/article/82487
- Managed Storage Policy: Monitoring and alerting about VMs with SLA non-compliant policies
- Managed Storage Policy has been enhanced to perform a daily scan of your environment and to notify you about VMs with non-compliant policies. Customers will be notified via email about VMs with non-compliant policies. They will be able to view an inventory of VMs with non-compliant objects in the VMC console and they will also have the option to remediate a few or all of the VMs with SLA compliant policies with a single click of a button.
- Custom Metering for Elastic IP: This feature will only meter against those elastic IPs that are unattached.
- EIPs are the public IPs which are created to fulfill different purposes in SDDC instances. They can be requested by customers or requested for SDDC functionality such as those used on MGW, vCenter etc. \EIPs result in charges, the cost per EIP is $0.005 per hour which could compute to about $10K per month across the fleet. Having identified that customers should be billed only for the EIPs requested by them and not for the ones created for functioning of SDDC, we made a policy decision to ensure they are only billed for the IPs they create. This resulted in cost savings of up to 50% for a customer and has also addressed issues related to timing of billing as custom metering allows for customers to be billed in relevant bill period
- Custom Metering for Transit Connect: custom metering for Transit Connect charge type which provides the following benefits:
- Customers can view, manage, and interpret their billing and usage data in real time: Transit connect usage and bill data will now be visible on console in the relevant bill period and monthly cycle with usage data visible every 4 hours
- Customers will be billed in the appropriate bill cycle: Prior to custom metering, we had a dependency on the cost and usage report provided by AWS to pass these charges to the customer. This was provided in arrears with a month’s delay from the actual bill period. This is now eliminated with custom metering of this charge type which allows for timely billing and cost management for the customer.
More information can be found on the official VMware site below: