In May 2020, the NSX Lastline team sent an announcement to our customers about the migration of NSX Lastline Enterprise to NSX Lastline Defender or Defender Limited. Starting with the On-premises release version 9.3 (mid-July 2020) and Hosted release 2020.4 (mid-May 2020) the Defender Limited options became available as a free upgrade to all NSX Lastline Enterprise customers.  

Who should read this? 

All Customers running NSX Lastline Enterprise who have not upgraded to Defender Full or Defender Limited, please read the rationale and steps needed for continued operation below. The NSX Lastline Enterprise product may run but will no longer be supported after the On-premises 9.3.2 release. Please see the notification from the 9.3.2 Release notes here. 

What architecture changes were made for NSX Lastline Defender Limited?  

Lastline Defender Limited expands the architecture for storing all network metadata processed by Lastline sensors. To store and analyze this network traffic, the product requires a new component called Data Node.  

I am using NSX Lastline Enterprise on-premise. Will I need to plan for this new architecture?  

Yes. All NSX Lastline Enterprise on-premises customers will be migrated to this new product - NSX Lastline Defender Limited with the new architecture requirements of installing a Data Node. Before you migrate to NSX Lastline Defender Limited as part of the NSX Lastline 9.3 on-premises release, you will need to prepare for this architecture change and be ready to install the Data Node as part of this migration. If customers are unable to get Data Node installed, they can continue using NSX Lastline Enterprise 9.3.2. 

What are the specifications for the Data Node?  

The technical specifications for the Data Node can be found here (NSX Lastline Hardware Specifications - Dell Hardware ). Note that the Data Node can be installed on either a physical server or in a Virtual Machine (VM).  

I am using NSX Lastline Enterprise hosted. Will I need to plan for this new architecture?  

No. All NSX Lastline Enterprise hosted customers have already been moved to Defender Limited. Customers are not be required to make any changes to their deployment. 

What are the new product capabilities with NSX Lastline Defender Limited?  

There are a substantial number of new features and improvements in NSX Lastline Defender Limited compared to NSX Lastline Enterprise: 

What action do I need to take in order to upgrade to Defender Full or Defender Limited? 

You will need to perform two actions related to this product change. 

1) Decide which product you would like to migrate your Enterprise license to. 

• Defender Limited: This is a Free Upgrade.  Please contact VMWare Technical Support and we will be able to upgrade your license at no charge. Once we have upgraded your license, you will need to add a data node to your environment. See FAQ questions above “I am using NSX Lastline Enterprise on-premise. Will I need to plan for this new architecture?” and “What are the specifications for the Data Node?” 
• Defender Full: This is a paid upgrade.  Please contact VMWare Technical Support  and we will help you get in contact with the sales team, as this will require a paid upgrade from your existing license. 

2) Install one or more Data Node appliances into each of your NSX Lastline Enterprise On-premises installations. 

• Defender Limited: Only a single Data Node appliance needs to be added to your on-premises installation.  As depicted in the above graphic, you will receive facts about your network, however, no network anomaly detection (NDR/NTA) features will be enabled with the “Limited” license type. 
• Defender Full: Determining the correct number of Data Nodes is dependent upon a few factors related to number of sensors, where they are placed and protocols for anomalous network activity detection which you wish to enable.  Generally, we recommend an odd number of 3 or 5 to allow for redundancy should the system fail. 

What can I expect to happen if I take no actions to migrate my Enterprise license? 

After the On-premises 9.3.2 release, NSX Lastline will disable “Auto-Update” (in the Admin->Appliances->Configuration screen) on all appliances.*

   * Auto-update was disabled on Manager and Pinbox appliances on 02/08/2021 for On-Premise customers without a Defender license.

If NSX Lastline upgrades my Enterprise license to Defender Limited and I do not have a Data Node installed, what should I expect? 

If you do not have a data node installed, your portal experience may show missing data or potentially an API permission errors on some screens. This will appear in areas where the UI (User Interface) attempts to display data stored on the data node. 

We suggest that customers who cannot install a Data Node remain on version on-premises 9.3.2 and leave “Auto-Update” turned off for all appliances until they are able to install a data node. The UI will allow you to manually upgrade to newer versions manually using the “Upgrade” button, however we recommend against this since the portal experience will be degraded. Note, NSX Lastline detection capabilities will continue to function as expected. 

Note: Upgrading to version 9.4 without a Data Node is not officially supported and has not been QA'ed by NSX Lastline. NSX Lastline Technical Support will provide best-effort support if you upgrade to 9.4 without a Data Node, but cannot guarantee resolution of any issues and may require you to install a Data Node with a Defender Limited license should we be unable to resolve the problem.

What if I have more questions about this transition? 

Please open a ticket with VMWare Technical Support  so we can help.