Skip to content

Release Notes

AutoNSX 3.2.4.0 Arrived Major release

( January, 2025 )

Check regularly for additions and updates to these release notes.

AutoNSX is a micro-segmentation platform that leverages VMware NSX and vRNI to
deliver comprehensive policy management, visibility, and compliance with the data
center. AutoNSX provides a lightweight user interface to make segmentation easy
and provides the following features:

  • Segmentation and micro-segmentation of applications in a data center within a minute
  •  Ability to view past information about segmented applications, firewall configurations, and changes at any time
  • Application Owner Module for better firewall rules view
  • Automated micro-segmentation planning by extracting firewall rules, services, and traffic patterns from vRNI
  • Ability to enrich and customize vRNI “raw” rules
  • Ability to build a security framework and tweak its behaviour
  • Define Global Policies across the entire organization
  • Define and Reuse firewall policies
  • Apply a set of conditions to match the desired behaviour
  • Automatic rule duplication avoidance
  • Comprehensive governance with detailed reports and configuration changes of NSX infrastructure and more…
  • ServiceNow and CMDB Integration for ITIL process governance (change
    requests, tickets, updates, etc.)

What’s in the Release Notes?

The release notes cover the following topics:

  • What’s New
  • System Requirements
  • Compatibility Notes

What’s New in This Release?

AutoNSX 3.2.4 introduces the following new features and enhancements

System enhancements:

  •  AutoNSX 3.2.4 runs on Ubuntu 22.04.5 LTS
  • AutoNSX code runs on the new. Net Framework v8 LTS
  • AutoNSX 3.2.x is shipped with a new User Interface and supportability of Light and Dark Mode:

 

AutoNSX Functionalities:

  • Application renaming functionality with the option to choose whether to
    rename vRNI and/or NSX items and the ability to update the rule’s descriptions.
  • Default rule ordering update workflow
  • My Applications – transformed to a full Dashboard Space With the ability to:

– See executed workflows on the top page

– Live rules from NSX policy

– Enhanced load speed

– Load on request

– Search within the application

  • New workflow history dashboard that includes:

– Details of who was executing the workflow
– When workflows were executed
– State of the workflows
– Type of the workflow (Manual/Automated)
– What kind of action workflow was performing
– Bulk actions on workflows
– UI paging for better focus on interested areas
– Global search capabilities in all workflows for specific actions (e.g.
adding tag, removing VM, etc.)

  • Detailed workflow history. Previously workflow history showed limited
    amounts of information. Each workflow has the following improvements in this
    release:

– Summary of the workflow pane
– Policies pane, which was created/deleted and updated by the workflow
– Security groups pane, which was created/deleted and updated by the workflow
– Information on what kind of action was executed against the security
groups
– Detailed information on old and new values before and after workflow
execution on IP and/or VM members, Tags, etc.
– VMs detailed pane with actions (adding/removing tag, state)
– Local Search capabilities within each pane

  • Export/Import rule conditions between different data sources. This allows users to reuse the same conditions without the need to recreate them in different data sources.
  • Definition of Security Zones matrix with allow or denied cross zone
    communication

– Adding security zones will automatically create system rule conditions for cross-zone communications that are inherited from the Zone Matrix
and conditions will apply during the segmentation. Previously users had to create conditions manually

  • Improved segmentation workflows. If there are no Security Zones defined,
    segmentation workflow will skip/hide window for security zones and redirect directly to select applications step
  • AutoNSX 3.2.4.0 allows rule reordering in UI before publishing to NSX
  • AutoNSX in release 3.2.4.0 has capabilities to publish rules in different
    categories in NSX Distributed Firewall like: Infrastructure, Environment, etc
  • Rule Conditions can be created as exceptions in any L3 category of NSX
  • All Security groups that are managed by AutoNSX in NSX are marked with
    description “Managed by AutoNSX”. This increased awareness which groups
    is managed by whom
  • AutoNSX introduces platform upgrades via UI in version 3.2.4. From now on
    digitout will ship upgrade bundles with the format of. aub (AutoNSX upgrade bundle). All upgrade bundles are signed by digitout to ensure validation of the
    package

System Requirements

  • AutoNSX platform requires: 4GB of RAM, 60GB of hard drive, 128MB video
    adapter
  • AutoNSX Platform port and protocols: TCP 443 to NSX-T Manager and vRNI,
    TCP 443 to access the AutoNSX Platform
  • User credentials that can execute API calls to vRNI and NSX-T manager.
    Special considerations for vRNI – user must be able to access and UI
  • AutoNSX-2.0.ova runs on ESXi 6.5 or above (hardware version vmx-13)

AutoNSX Compatibility notes

  • AutoNSX is compatible with vRNI version 4.x, 5.x, 6.x
  • AutoNSX is compatible with NSX-V version 6.x
  • AutoNSX is compatible with NSX-T version 2.x, 3.x, 4x
  • AutoNSX is compatible with NSX-T Manager API and Policy API
  • AutoNSX is compatible with NSX-T Cloud
  • AutoNSX is compatible with NSX-T Federation, including posturing on the Local
    Managers and Regions (applying for tags, security groups membership on
    NSX-T Local Managers). Users can select “apply to” a specific Region in the
    AutoNSX policy recommendation
  • CMDB integration with ServiceNow

AutoNSX 2.5 Arrived

( February, 2023 )

Check regularly for additions and updates to these release notes.

AutoNSX is a micro segmentation platform that leverages VMware NSX and vRNI to deliver comprehensive policy management, visibility and compliance with the data center. AutoNSX provides a lightweight user interface to make segmentation easy and provides the following features:

  • Segmentation and micro-segmentation of applications in a data center within a minute’s time
  •  Ability to view past information about segmented applications, firewall configurations and changes at any time
  • Application Owner Module for better firewall rules view
  • Automated micro-segmentation planning by extracting firewall rules, services and traffic patterns from vRNI
  • Ability to enrich and customize vRNI “raw” rules
  • Ability to build security framework and tweak its behaviour
  • Define Global Policies across the entire organization
  • Define and Reuse firewall policies
  • Apply set of conditions to match desired behaviour
  • Automatic rule duplications avoidance
  • Comprehensive governance with detailed reports and configurations changes of NSX infrastructure and more…

What’s in the Release Notes?

The release notes cover the following topics:

  • What’s New
  • System Requirements
  • Compatibility Notes

What’s New in This Release?

AutoNSX 2.5 introduces the following new features and enhancements for real-time network traffic flow visualizations and firewall rule planning.

AutoNSX Reporting & Visualizations

  • Ability to focus on interesting firewall rules in the report by coloring
  • Application owners are automatically assigned to application in AutoNSX, in case they are defined in Service Now CMDB 
  • Application Owners can view applications that belong only to them with historical data on what was changed to their  application in regards to firewall rules 
  • Enhanced governance where application owners can approve firewall rules before application is segmented
  • Report containing firewall rules are send to application owner to be reviewed in AutoNSX, application owner has final approval segment or not segment
  • Added functionality to filter ports and protocols on more granular way, beneficial with high dynamic ports 49152 to 65535 where firewall rules contain mixed low and high ports in the same rule
  • Ability to add IP addresses instead of VM names in the security groups in case VMs are not present in NSX inventory
  • Support of Global Manager and NSX-T Federation 
  • Support of vRNI  6.4 to the latest version
  • Support of NSX-T 4.x 

System Requirements

  • AutoNSX platform requires: 4GB of RAM, 60GB of hard drive, 128MB video adapter
  • AutoNSX Platform port and protocols: TCP 443 to NSX-T Manager and vRNI, TCP 443 to access AutoNSX Platform
  • User credentials that can execute API calls to vRNI and NSX-T manager. Special considerations for vRNI – user must be able to access and UI
  • AutoNSX-2.0.ova runs on esxi 6.5 or above (hardware version vmx-13)

AutoNSX Compatibility notes

  • AutoNSX is compatible with vRNI version 4.x, 5.x, 6.x
  • AutoNSX is compatible with NSX-V version 6.x
  • AutoNSX is compatible with NSX-T version 2.x, 3.x, 4x
  • AutoNSX is compatible with NSX-T Manager API and Policy API
  • AutoNSX is compatible with NSX-T Cloud
  • AutoNSX is compatible with NSX-T Federation, including posturing on Local Managers and Regions (applying for tags, security groups membership on NSX-T Local Managers). Users can select “apply to” a specific Region in the AutoNSX policy recommendation

AutoNSX 2.0 Arrived

( November, 2021 )

Check regularly for additions and updates to these release notes.

AutoNSX is a micro segmentation platform that leverages VMware NSX and vRNI to deliver comprehensive policy management, visibility and compliance with the data center. AutoNSX provides a lightweight user interface to make segmentation easy and provides the following features:

  • Segmentation and micro-segmentation of applications in a data center within a minute’s time
  •  Ability to view past information about segmented applications, firewall configurations and changes at any time
  • Automated micro-segmentation planning by extracting firewall rules, services and traffic patterns from vRNI
  • Ability to enrich and customize vRNI “raw” rules
  • Ability to build security framework and tweak its behaviour
  • Define Global Policies across the entire organization
  • Define and Reuse firewall policies
  • Apply set of conditions to match desired behaviour
  • Automatic rule duplications avoidance
  • Comprehensive governance with detailed reports and configurations changes of NSX infrastructure and more…

What’s in the Release Notes?

The release notes cover the following topics:

  • What’s New
  • System Requirements
  • Compatibility Notes

What’s New in This Release?

AutoNSX 2.0 introduces the following new features and enhancements for real-time network traffic flow visualizations and firewall rule planning.

AutoNSX Reporting & Visualizations

  • Generated report flows with matching firewall rule sequence
  • Report includes all members of the security groups including VM IDs, IP addresses, port numbers
  • Exposed to the user interface firewall rules that are common between applications, including infrastructure rules
  • AutoNSX user interface now includes information on VMs that belong to multiple security zones. VM Id is displayed during segmentation on Recommended firewall rules pane
  • Application Owner segmented application applied security policy’s dashboard
  • Support of vRNI 6.4 and 5.3

AutoNSX Recommendations

  • Security recommendations support correlation to existing firewall rules and groups
  • Security recommendations firewall rules and groups for physical servers have always been part of AutoNSX
  • Recommendation output and validation of the rules
  • Enhancement on Global Rules in AutoNSX
  • Customized option for automatically removing duplicate rules from the suggested rules
  • Support of the new policy on NSX-T 3.2
  • Updating History capabilities for future enhancements and many more
  • Improved History view of a published workflow
  • NSX-T Federation full support. AutoNSX besides creating and publishing policies to NSX-T Global Manager now is able to apply all security tags on related applications in Local NSX-T Managers and automatically update group memberships for VMs and IP addresses and other NSX entities

AutoNSX Platform

  • AutoNSX appliance is moved from CentOS to Ubuntu 20.0.4 LTS
  • Certificate management enhancements are introduced, including support for new certificate types
  • AutoNSX license self-update is now available
  • Improved speed of micro segmentation. Multi-tab publishing capabilities. Users can run multiple workflows in a separate tab within the same browser
  • 3 vector Licensing model change, now we support data source, CPU and Number of Applications. Recommended to use a combination of data source and CPU as licensing model
  • Updated code framework that speeds up runtime and fixes recently announced security issues
  • AutoNSX was born as a cross-platform software solution this continues to be the case

System Requirements

  • AutoNSX platform requires: 4GB of RAM, 60GB of hard drive, 128MB video adapter
  • AutoNSX Platform port and protocols: TCP 443 to NSX-T Manager and vRNI, TCP 443 to access AutoNSX Platform
  • User credentials that can execute API calls to vRNI and NSX-T manager. Special considerations for vRNI – user must be able to access and UI
  • AutoNSX-2.0.ova runs on esxi 6.5 or above (hardware version vmx-13)

AutoNSX Compatibility notes

  • AutoNSX is compatible with vRNI version 4.x, 5.x, 6.x
  • AutoNSX is compatible with NSX-V version 6.x
  • AutoNSX is compatible with NSX-T version 2.x, 3.x
  • AutoNSX is compatible with NSX-T Manager API and Policy API
  • AutoNSX is compatible with NSX-T Cloud
  • AutoNSX is compatible with NSX-T Federation, including posturing on Local Managers and Regions (applying for tags, security groups membership on NSX-T Local Managers). Users can select “apply to” a specific Region in the AutoNSX policy recommendation

The AutoNSX introduces new features for NSX-T 3.2.

In the coming weeks, a new major release of NSX-T 3.2 will be in GA. AutoNSX follows a new release version and introduces a few new features:

  • NSX-T Federation improvement

NSX-T Global Manager doesn’t keep the inventory of the VM of the local managers. With help of the Global Manager, security policies are visible in a single pane of glass. There is a limitation on NSX-T
Federation, while provisioning all objects the most important object, VMs, are not postured. Administrators had to log in to the local NSX-T manager and manually add tags to VMs. With help of AutoNSX is not needed anymore. AutoNSX will add all corresponding VMs from the local manager inventory to a global defined security group. With this, the simplified operations will reach a new level, and will make segmentation easy.

  • NSX-T 3.2 global rule policies

AutoNSX will automatically match globally defined rules, like infrastructure, and mark them as exiting in the policy proposal structure. With this approach, the administrator will be focusing on the new rules and improvements in the security model.

Migration from NSX-v to NSX-T

The end of General Support of NSX-v is on January 16, 2022. Most of the VMware customers are satisfied with NSX product line, hence migration is an obvious path for every organization that wants to use NSX in the future.

NSX- T can be used in various areas, including:

  • Application Modernization running containerized workloads
  • Building automation infrastructure with NSX-T is much more convenient. An example provisioning security policies with AutoNSX makes segmentation easy
  • Extending data centers to the public cloud-like AVS, VMC and others

In other words, NSX-v is in its final stage of life.

Easy to say hard to execute

What would be the actual impact of the migration from NSX-v to NSX-T?

License wise, VMware current statement is that NSX-v licenses can be reused in NSX-T installation. Operational wise, NSXv and NSX-T are similar but NSX-T comes with a new architecture new terms and a new way to provision networks. Organizations must prepare for the Operations activities in NSX-T. Here, digITout can help adapt your organization for NSX-T to transform the OPS team.

Architecture wise, NSX-T differs almost in everything that NSX-v was providing. Depending on the customer’s use case, a new design of the NSX environment can be necessary, we can help you with that as well. Afterwards, digITout can deploy the newly designed infrastructure including Cloud Environments.

Migration Approaches

The migration approaches can be defined in two main groups:
In Place Migration & In Parallel migrations shown below:

None of these can be considered as the best migration method. What would best approach for your organization?

Introducing digITout NSX V2T Migration Assessment Service

We care about our customer’s success and based on our expertise we developed a Migration Assessment Service. On average it takes 5 to 7 days, we assess your infrastructure and provide a purpose-built migration plan by discovering current NSX-V infrastructure, matching NSX-V construct and objects to NSX-T, creating a compatibility matrix between used features and mapping to a new feature in NSX-T. Special accent is made on risk assessment and potential gaps that have to be covered from the technology and business side of the migration.

In general, NSX-v to NSX-T migration is a one-time effort. Because it is a one-time effort there is no “lesson learned” possibility for the customers, which makes migration from NSX-V to NSX-T as high-
risk activity. As n VMware Partner, with in house VCDX-NV experts, digITout successfully migrating NSX-v to NSX-T infrastructure. Being Partners we have direct access to the VMware support organization “GSS”. While creating assessments we use only supported tools by VMware or our own purpose developed tools that have been proven in the battle.

If you are running NSX-V, please reach out to us and we will assign our best experts. Our migration assessment can guarantee the best migration approach for your environment.

digITout can help your organization successfully transition from NSX-v to NSX-T. We have all houses; certified consultants, certified implementations. On every exit we provide “warm” had over to
operation and ensure that your team can operate the new NSX-T infrastructure.

Accelerate Micro-segmentation

Speed up your micro-segmentation delivery times
Integrating the AutoNSX with VMware vRNI provides the ability to automate micro-segmentation, enabling both professional services organizations and enterprises to speed up micro-segmentation implementations.

Benefits
Integrating VMware vRNI with AutoNSX lets you: 

  • Design and publish security policy from scratch
  • Change existing security policy
  • Avoid rule/policy duplications
  • Control Security zoning traffic patterns (Production/DMZ/DEV)
  • Avoid complex scripting tasks
  • Reduce time and effort on implementing PoC for micro-segmentation
  • Automate security rules suggestion by vRNI
  • Enrich security rules that come from vRNI
  • Optimize security rules prior to publishing to the firewall
  • Hand over to the customer a fully segmented environment within one sprint.
  • Go beyond the “teach to fish” concept – usually, PSOs implement a pilot micro-segmentation for a few applications and show the customer how to do them. Then they leave, and the customer is usually left puzzled when it comes to segmenting additional applications or updating already segmented ones. With AutoNSX they can implement the entire micro-segmentation in one sprint.
  • Easy adoption to the customer’s change management – with AutoNSX’s generated detailed application policy report organizations can move faster through the policy approval process. For a smoother and even more seamless AutoNSX Solution can be integrated with ITSM (ServiceNow, BMC Remedy)
  • All of the above will definitely lead to higher customer satisfaction

AutoNSX is a Governance focused solution that keeps the process of micro-segmentation under tight control:

  • By using AutoNSX customers will be able to focus on the actual micro-segmentation design as opposed to running scripts, educating staff and tracking changes in the environment. This will lead to a fast time to market, a low total cost of ownership and a high ROI.
  • Application owners focused: Application Owners can track and verify all the changes as well as view the current rules for their assigned applications.
  • Avoid unnecessary outages driven by human errors.
  • IT Generalist with minimum to zero knowledge of security can implement a strong security framework out-of-box.
  • Reduced to zero firewall misconfigurations.
  • Eliminates configurations drifts.
  • Follow approved security architecture design conceptions.
  • Avoid rule/policy duplications.
  • Easier housekeeping.
  • Documented environments changes with detailed workflow settings.
  • Preparation of audits is simplified and reduced time efforts.
  • Last but not least – with AutoNSX there is no vendor lock. If the customers don’t want to use it anymore, they can immediately switch back to manual operations. AutoNSX does not store any objects needed for the micro-segmentation and customer-related data. It keeps history and details around who executed the last update.

What is VMware vRealize Network Insight?

VMware vRealize Network Insight also known as vRNI is a monitoring tool that provides high-grade visibility on software-defined network flows and integrates with most of the big vendors like Cisco & Arista. The main focus of vRNI is VMware software-defined datacenter and WMware NSX (link to NSX page). vRNI provides suggested firewall rules for the micro-segmentation. However, exporting those rules are not very handy and the rules are “rough” and require additional manipulation.
This is the use case of AutoNSX. The AutoNSX Solution can be seen as an extension to the vRNI functionality that allows the IT security/networking team to adjust the rules based on their need. Implement additional actions and rules behaviour like:

  • optimizing rules
  • merge similar rules in one
  • adjust port and protocols
  • adjust IP ranges
  • apply specific condition
  • prevent rules mismatch
  • spotlight rouge tariffing patterns

Micro-segmentation with vRNI and AutoNSX

To achieve micro-segmentation with AutoNSX is a 5-step workflow that includes:

  • Select source and destination. In this particular case source and destination are vRNI and NSX-T
  • Select security zone/ environment/group (not mandatory depending on the security framework)
  • Select Application that must be segmented

Select micro-segmentation

Select macro-segmentation

Select Flow types (Allowed, Protected, dropped or unprotected)

Select timeframe for the rule generation

  • Customize security groups (if that is needed)

Review Security rules, add comments etc.

  • Publish rules – DONE Segmented!

Solving complexity challenges while micro-segmentation

Having rules provided by vRNI gives a “raw” estimation of what is real communication. As we mentioned above suggested by vRNI can be implemented in two ways – manually and with a script. Manual implementation is complex by default and implies errors repetitive tasks and long implementation times. On the other hand, scripts are faster but require good scripting knowledge. By running a script, it is very easy to create configuration drifts and the governance is very poor.
AutoNSX solves the challenges of micro-segmentation by providing unique configuration parameters with all automation under the hood. Even highly complex tasks such as micro-segmentation become native to IT personnel. Additionally, governance is the key capability here, as audit groups or application owners can review all changes in the environment.

The AutoNSX and vRNI integration

The AutoNSX solution intelligently orchestrates and automates micro-segmentation to make Professional Service Organizations more successful in their deliveries and Enterprises more agile, secure and more compliant – at any given time. Thought AutoNSX IT personnel and application owners can rapidly plan and execute network security across the data center and in the cloud. With AutoNSX automation of the security rules, customers can process the security framework and apply security policy within one sprint time (agile methodology).

How it works?

AutoNSX uses vRNI provided API and RPA (robot process automation) to cover full integration to vRNI. AutoNSX then uses this information from vRNI and apply different conditions criteria.

Today there is no solution like AutoNSX that can automate every single chunk of data provided by vRNI. vRNI doesn’t expose all API methods publicly. This is where AutoNSX has a unique position as full automation of security policy is possible only with AutoNSX.

VMware NSX-T and AutoNSX

Integrating AutoNSX and VMware NSX allows automated security policy implementation. Organizations using AutoNSX will be able to perform faster micro-segmentation in the data center.

Benefits:
Integrating VMware NSX with AutoNSX let you:

  • Accelerates business security
  • Reduces time to market security posturing and keep it within reasonable timelines
  • Nearly eliminates human errors which lead to minimum unplanned outages
  • Abstract security groups creation, tags, IPsets etc
  • Creates all necessary objects to achieve micro-segmentation
  • Creates policy in NSX by Application or by tier
  • Avoids rules duplications
  • Prohibit unwanted behaviour of objects mapping

 

What is VMware NSX?
VMware NSX is a Network & security platform that fits in the category of Software Defined Networking aka SDN. The primary use case of NSX is VMware Data Center with recent releases NSX become more and more stable on BareMetal hardware, as well. NSX has rich capabilities in the security field. The NSX has three main use cases:

  • Networking
  • Security
  • Automation

 

The AutoNSX Solution uses the Security and Automation capabilities of NSX.

Micro-segmentation with NSX & AutoNSX
The main security component of the NSX is the distributed firewall. Additionally, to the distributed firewall, NSX provided capabilities to dynamically match objects in Datacenter by utilizing tags, OS, or directly with IP addresses. All the objects in NSX are grouped with a logical construct called Security group. Members of the security group can be dynamically or sterically assigned, based on the mentioned above criteria, VMs. Micro-segmentation with NSX is an easy task for small datacenter but in medium, to large data centers it can be a real challenge. Even when NSX is used in a small data center then usually organizations suffer from the security knowledge of their staff and how to approach security and especially complex micro-segmentation implementations. AutoNSX Solution come to play a role in mitigating knowledge gaps. IT generalists can use AutoNSX with a “no brainer”.
AutoNSX Solution is used by wide enterprise and professional services organizations to speed up the micro-segmentation in any size Datacenter.

Solving the real complexity challenge with AutoNSX
As is mentioned before, medium and big data centers have real complexity challenges with complexity to maintain micro-segmentation. Fast deployments, the agility of the security can become very complex in a shorter time. All NSX constructs must be automated and managed in an orchestrated way to keep agility and fast deployment as the main benefits of SDN, but security is always present as the main complex factor. There are multiple ways to achieve this result. The most common ones are: manually, scripting and automation. Manual works require intensive knowledge and keeping track of every single NSX object and item. Scripts are usually used for a single task or task that doesn’t require deep logic of implementation. However, all those methods have a weak side of uncontrolled governance. In comparison, while leveraging AutoNSX organizations can simply implement micro-segmentation in a few clicks by having all of the weak sides under control. Instead, all the complexity is kept in the AutoNSX Software intelligence. This allows organizations to focus on their main activity – achieve faster, complied and solid security of their data center by utilizing AutoNSX Solution.

The VMware NSX and AutoNSX integration
AutoNSX uses rest API to connect to NSX the same way as vSphere vCenter doses. Having this level of integration, allows AutoNSX to manage, provision, update and orchestrate the organization’s security frameworks. The AutoNSX automatically updates NSX constructs in case of any change, for example, VM is decommissioned in CMDB and must be removed out of Application Security Model, a new port has to be opened etc. AutoNSX gives an additional layer of governance to the application owners as they can see all the rules and objects that belong to their applications at any given time. Application owners can track the changes made by the IT department, what was changed, when by whom.

ProtectApp

ProtectView

ProtectNow

Let's have a call!

Please provide us with your contact details and one of our experts will reach out →