NSX-T 3.2 - Kubernetes Is Coming to Get Me

I’m sure we’ve all felt the wave that is Kubernetes over the past few years. I watched Getting started with Kubernetes from Nigel Poulton, which was enjoyable, but I still didn’t see the light, so to speak.

In 2019 when VMware first announced Tanzu, I knew it was going to be big, but I thought it would be another pillar with a range of products, like Cloud, EUC, Network and Security. I figured I’d ignore it to focus on going deeper with NSX-T.


Now with the release of NSX-T 3.2, which has a major security focus, I can’t ignore Kubernetes any longer. For NSX Intelligence, NSX Network Detection and Response, and NSX Malware Prevention features you need to deploy the NSX Application Platform (NAPP), which requires an existing Kubernetes environment. See the docs here.

The previous NSX Intelligence appliance was one big VM. Now that it’s broken up into Kubernetes pods, it scales better. It still has some beefy requirements.

NAPP requirements:

Form Factor Minimum # of Nodes vCPU Memory Storage
Standard 1 control node and 3 or more worker nodes 4 vCPU per node 16 GB RAM per node 200 GB per node
Advanced 1 control node and 3 or more worker nodes 16 vCPU per node 64 GB RAM per node 1 TB per node
Evaluation 1 control node and 1 worker node 16 vCPU per node 64 GB RAM per node 1 TB per node

For some organisations without existing Kubernetes experience this may be a hurdle to use the new security features, but this is our industry. The dinosaurs ignored modern applications, and that didn't work out so well for them.

I’m looking forward to this new challenge forced upon me. There’s already plenty of Tanzu / Kubernetes educational content out there, and I’ll be leaning on those early adopters for some pointers. This is where social networks, VMUGs, and friends come into it.

Look out for more content on the new security features in NSX 3.2 soon.