Posts

Showing posts from November, 2022

Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Image
Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting
Read more

VMware on AWS Cloud - Moving VMware HCX from VPN to Direct Connect

Image
One of my customers are in the journey of migrating the workloads from On-Premise Datacenter to VMware Cloud on AWS. They have a 6 node VMC SDDC brought up and they are connected via a VPN tunnel over the public Internet. They also have HCX deployed on premise with multiple stretched networks and two HCX Service Meshes. The existing service meshes was created over the HCX VPN tunnel for the workload migration. Due to the fact that the customer is now planning for the mass VM migration from On-Premise to VMC, they decided to go with Direct Connect (AWS Direct Connect)  In this blog spot, I share the steps we performed.  Architecture:  We have setup the Direct Connect between On-Prem and AWS Datacenter and the connections are made available in AWS network account. Then created the Transit Virtual interfaces and associated with the Direct connect gateway ( detailed steps here ). Then attach the Direct Connect Gateway to an SDDC group steps here.    The high-level architecture looks like: 
Read more