VMware NSX Application Platform 4.2.0 |23 JUL 2024 | Build 24124098

NSX Application Platform Automation Appliance 4.2.0| Build 24095980

Check for additions and updates to these release notes.

What's New

VMware NSX Application Platform 4.2.0 introduces new features and enhancements to simplify the provisioning of underlying infrastructure using vSphere with Tanzu and activate related security services that collect, ingest, and correlate network traffic data in your environment.

Proxy support with HTTP and HTTPS authentication

The proxy support allows access to the container registry required for NSX Application Platform deployment. If a proxy is not configured in NSX, the proxy configuration is pushed to NSX. The automation appliance checks for inconsistencies if the proxy is configured in NSX.

Improved support for self-signed and private certificates

Self-signed and private certificates can be retrieved from Harbor. Support for using Harbor FQDN for container and Helm chart registry is available. Users can also select and assign a certificate in the NSX Application Platform UI.

Private certificates in NSX Application Platform Automation Appliance can be specified in the deployment wizard, which can be automatically pushed to NSX.

Evaluation form factor support

Availability of Evaluation Form Factor for NSX Application Platform deployments with limited scale and data retention.

Scaling enhancements

Advanced Form Factor now deploys a minimum of 4 worker nodes. In the NSX Application Platform Automation Appliance, if multiple security services are activated, a minimum of 5 worker nodes are required. Each instance can be scaled out to 15 worker nodes. Up to 5 instances are supported. The NSX Application Platform documentation lists the possible combinations of enabled services and the minimum number of nodes required.

This enhancement impacts the upgrades from previous NSX Application Platform versions. The Upgrade Coordinator verifies if any extra nodes are needed and notifies the user.

Performance and troubleshooting improvements

Enhanced troubleshooting options to collect comprehensive support bundle information and optimizations to improve performance.

Deprecation Notes

With this release, the following NSX Application Platform Cluster and Monitor APIs are being deprecated.

Compatibility and System Requirements

For information on compatibility and system requirements, see the VMware Product Interoperability Matrices. For information about ports and protocols, see the NSX Application Platform section of the VMware Ports and Protocols.

API Resources

See the NSX Application Platform API Reference page for the available NSX Application Platform REST API resources.

Available Languages

The number of supported localization languages will be reduced with the next major release. 

The following languages will no longer be supported:

  • Japanese, Spanish, French, Italian, German, Korean, Traditional Chinese, and Simplified Chinese.

Customer Impact:

  • Customers using the deprecated languages will no longer receive updates or support in these languages.

  • All user interfaces, help documentation, and customer support will be available only in English.

Since NSX Application Platform localization relies on browser language settings, ensure that your settings match the desired language.

After successfully installing the NSX Application Platform, you can access the following security service capabilities based on your license.

Note:

NSX Metrics is installed by default and does not require activation.

Security Intelligence (formerly known as NSX Intelligence)

NSX Network Detection and Response

NSX Malware Prevention

NSX Application Platform API Metrics

Resolved Issues

  • Fixed Issue 3374692: Newly added Transport Nodes fail to authenticate with the NSX Application Platform service, resulting in metrics delivery failure.

    Due to a missing entity ID, the newly added Transport Nodes fail to authenticate with the NSX Application Platform service, resulting in metrics delivery failure on the impacted ESXi host.

  • Fixed Issue 3355544: Applying an Advanced Threat Prevention (ATP) license after enabling NSX Intelligence causes the health status to incorrectly show as failed.

    If you enable NSX Intelligence with a base license and proceed to apply an advanced license that permits access to ATP features, NSX Intelligence health status incorrectly shows as failed, even though the services are running properly.

  • Fixed Issue 3374692: Newly added transport nodes might fail to authenticate with the NSX Application Platform, making the metrics data unavailable.

    When new transport nodes are added to NSX after the NSX Application Platform has been deployed, those transport nodes do not send metrics data because the authentication server has not received the transport node certificates from the trust manager. This triggers the Metrics Delivery Failure alarm in the NSX UI.

  • Fixed Issue 3373706 - Metrics pods are stuck in the crash loopback state on the NSX Application Platform.

    If one or more replication slots are inactive, WAL (Write-Ahead Logging) files can accumulate, causing the PostgreSQL server to crash.

  • Fixed Issue 3372869: NSX Application Platform Automation Appliance displays over two instances in the deployment wizard.

    The NSX Application Platform Automation Appliance deployment wizard displays more than two instances under Environment Configuration > Configure Load Balancer > Maximum Number Of NAPP Instances section. In the 4.1.2 release, the maximum number of supported instances was two per Supervisor cluster. The maximum number of supported instances has been increased to five.

  • Fixed Issue 3362836: NSX Application Platform deployment fails with an error message, Metrics post deployment plugin call failed.

    Deployment of the NSX Application Platform failed, but the metrics installation succeeded. All metrics pods are running and healthy.

  • Fixed Issue 3308601: PostgreSQL server fails and prevents applications from connecting to Postgres, rendering the NSX Application Platform unusable.

    PostgreSQL server fails, causing the Postgres pods to remain in the crash loopback state, resulting in the No space left on device error message.

  • Fixed Issue 3364484: In certain cases, the Kubernetes cluster might take an extended period to stabilize due to various reasons, resulting in a failed deployment of the NSX Application Platform.

    The stabilization delay of Kubernetes clusters can lead to a timeout during the registration phase, causing the NSX Application Platform deployment to fail.

  • Fixed Issue 3259929: In NSX Application Platform scaled setups, the process of collecting support bundles might fail due to a shortage of memory space.

    The problem occurs in scaled setups that have been running for about a month, as they can run out of memory space, leading to the failure of the support bundle collection process.

  • Fixed Issue 3360651: Transport nodes UI alarm might show that the transport nodes flow is disconnected. The alarm might disappear after 20-30 minutes and reappear later.

    In rare cases, one of the pods might run without the client certificates in its truststore, causing sporadic connectivity issues that recover upon retrying one of the other replicas.

Known Issues

  • New - Issue 3411866: Malware prevention events overload the PostgreSQL database, resulting in the unavailability of the NSX Application Platform UI.

    When Malware Prevention events exceed two million in less than 14 days, the PostgreSQL database becomes overloaded. As a result, the NSX Application Platform UI shows the UNAVAILABLE state, and new Malware Prevention events do not appear on the UI.

    Workaround: Delete the records from the PostgreSQL database and vacuum the database to resolve the problem. See KB article.

  • Issue 3411590: After a successful OVF deployment, the NSX Application Platform Automation Appliance UI might not be accessible.

    Not setting the admin password during the OVF configuration leads to a successful deployment but renders the NSX Application Platform Automation Appliance UI inaccessible.

    Workaround: Delete the NSX Application Platform Automation Appliance and redeploy OVF with the configured admin password.

  • Issue 3411875: Monitoring logs and metrics dashboard shows a zero value for Kafka average message input rate.

    The monitor cronjob fails to update Kafka metrics, causing the monitor pod to use outdated data. As a result, while Kafka is working properly, the monitor pod cannot log the latest input rate and pending messages from Kafka.

    Workaround: Restart the monitor pod using the command to retrieve the latest data.

    napp-k rollout restart deployment monitor.

Document Revision History

Revision Date

Edition

Changes

July 30, 2024

2

Added known issue 3411866.

July 24, 2024

1

Initial edition.
check-circle-line exclamation-circle-line close-line
Scroll to top icon