Recently, VMware released its latest version of NSX, 6.3.3. With it came a number of bug fixes and some new features. One of the main new features to come along has to do with the NSX controllers. Starting with 6.3.3, the OS for the NSX controllers will be powered by Photon OS. Because a new OS is used, that means that your current NSX controllers will not be upgraded, but rather they will be deleted and recreated as part of the install process. There are also some other new features, that I will not dive too deep into, but just list:
Guest Introspection supports Windows Server 2016
New NSX API to retrieve a list of all unresolved alarms on NSX Manager
Crypto Module Changes Affecting FIPS Compliance
- NSS and OpenSwan: The NSX Edge IPsec VPN uses the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
- NSS and Password Entry: The NSX Edge password hashing use the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
- Controller and Clustering VPN: The NSX Controller uses IPsec VPN to connect Controller clusters. The IPsec VPN uses the VMware Linux kernel crypto module (Photon 1 environment), which is in the process of being CMVP validated.
In this blog post, I will take your through the steps to upgrade your current NSX environment to 6.3.3
First check compatibility with your current NSX environment. That can easily be done here.
The NSX components have to be upgraded in a certain order:
- NSX Manager
- NSX Controller Cluster
- VIBs on the host clusters
- NSX edges
- Guest Introspection (If enabled)
To begin our upgrade process, navigate to your NSX Manager and log in as the admin.
Read Full Article