Episode 26 - NSX Gateway and Distributed Firewall
Hello, and welcome. We are celebrating episode 26 of the VCD round table.
Matthias Eisner:Sorry.
Yves Sandfort:Matthias is celebration. We will have a lot of fun about Matthias tomorrow once we talk a bit more about, all the different places where he has pain, from celebrating too much. But, nevertheless, we are going to get started. Today's episode of the VCD roundtable is going to cover the, topics around NSX edge clusters, distributed firewalls, license optimization, and all these wonderful things, but we thought we'd get a bit back out of the whole license discussion, which we have been doing too much for or not too much, but have been doing a lot in the last couple of weeks into a more technical topic. And, Matthias was actually trying to convince his buddy to do all kinds of other things, and he now finally figured out that he is better in technology.
Yves Sandfort:And so he's going to need this topic now. And, so I'm going to head over, but, Toby, maybe 1 or 2 words from your side before we get started so that Matthias can at least get some bread back.
Tobias Paschek:Yeah. Not not really. Let's see what Matthias is ramping up, and I have prepared some collection. Nice.
Matthias Eisner:Yeah. Matias. Go. Hello and welcome. Right.
Matthias Eisner:Oh, I need to click on percent. Yeah. I'm good at technology. Congratulations. So let's get the slides on on the screen, hopefully.
Matthias Eisner:Or maybe Toby does it. Oh, no. There we are. So, as you've mentioned today, we're we're talking about edge clusters and licensing. I know it's again the the the topic or the term licensing.
Matthias Eisner:But today, we're we're sneaking into the topic from a more technical perspective, as Yifal already mentioned. So the idea is what was the basic configuration? I I did not fat finger the acronym, so I really wrote most cases in VCPP, which was the old model. But that that's a basic configuration for for many service providers. Right?
Matthias Eisner:We have an edge transfer, no cluster, 2 edges, a t zero, which is to provide a gateway x or zed amount of t one edge gateways. And, if you just needed more throughput, in most cases, you just scaled up so you added more virtual CPUs to the edge transport nodes. In the old world, it was perfectly fine because you paid on virtual RAM. But in the new world with Broadcom, it ends up that you need to commit more gateway firewall licenses because you scale up, you add CPUs, you add, licenses to the edge transport nodes. Right?
Matthias Eisner:So in the new role, this model might not not make sense, might be wrong. It makes only sense if every tenant has a gateway firewall or most tenants has a gateway firewall. So I I think that's more like a small to medium sized environment. Toby, any idea, if we talk about, like, large edge transport nodes, how many edge gateways with an average throughput can be handled? 50, 60?
Tobias Paschek:At least 50 and and assume and this and this is something I have in in also prepared. Assuming we are talking and this is more obvious, the new licensing model also becomes maybe an interesting part. We should now also take in in charge that we have the possibility to bring in bare metal edges as well. And to be honest on the bare metal edge, I would easily say 200, 250, maybe more.
Matthias Eisner:Yeah. Yeah. That's true. So math needs to be done. What might be more efficient from a licensing cost licensing perspective.
Matthias Eisner:But let's stick with the virtual world. So I think that's the base model, and if most of the the tenants have edge gateways, so we should deploy large, can run 50, 60 edge gateways. It really depends on the throughput each tenant needs. So very, very basic. But what if only a few tenants need gateway firewall?
Matthias Eisner:So because with the gateway firewall, we are all aware that you license the course times 4 times firewall add on list price times discount, if you commit. So if you have only a few tenants needed needing a gateway firewall, it doesn't make or it might not make sense to license the basic edge cluster with 2 times 8 virtual CPUs. So that in total would be a 128, gateway firewall licenses, if I did the math correctly, maybe. Or it's just 64. But we're good.
Matthias Eisner:And the few tenants you have, you place those edge gateways on a separate edge cluster, which is licensed with the gateway firewall. And those edge transport nodes have only 2 virtual CPUs instead of 8. So it's 2 times 2 is 4 times 4, so you license only 16 instead of 64. It's not it's not a huge amount of money. But on the other hand, if most customers refuse to for refuse having a a stateful gateway because of the firewall because they don't need it, it doesn't make any sense to pay for it because you can't monetize that many gateway firewall licenses just out of a few tenants.
Matthias Eisner:So on the base cluster, you could run the t one edge gateways stateless, but that's a managed service. So be be careful with the stateless t one. Toby, what's the what's the really cool thing about a stateless t one? The headless. It's not me talking all the time.
Matthias Eisner:It's headless, stateless, whatever.
Tobias Paschek:Headless. No.
Matthias Eisner:It's headless.
Tobias Paschek:What what's the what's the cool feature of an of an stateless t one? I don't need an extra transport node. That's the cool feature about it.
Matthias Eisner:Exactly. So only the distributed router component is deployed or or, instantiated.
Tobias Paschek:Instantiated. Yep.
Matthias Eisner:But there are a few caveats around that because it's only a managed service, so it can only be configured by the service provider. And if a tenant manages the networks themselves, they cannot connect the network to the edge gateway because it's a managed service. So that's the really downside of this configuration, because you need to provision the GENEVE based segments in NSX and import those segments to Cloud Director as an ODBC network.
Tobias Paschek:And and to be honest, also, I you you I lose the functionality of utilizing a distributed firewall because I also had this discussed already that some some service provider said, yeah. But, okay, at the end, I can also do the the whole firebalding or the tenant could do the whole firebalding also with the with the distributed firewall only. Mhmm. Which is basically true, to be honest. But technically, it there is also a a little bit of an, issue because Cloud Director, as you has already mentioned, always provides a tier 1 gateway state full, and there is the default firewall rule as well, which is an any any block.
Tobias Paschek:So I have already my firewall in place.
Matthias Eisner:Yes. Yeah. That's so true what you just have said. But, back to the distributed firewall idea you come came up with, it could be offered as a managed service again.
Tobias Paschek:Yep.
Matthias Eisner:But then you start the whole discussion, what if someone fat fingers to firewall rule? Whose fault is it? Who pays for it? Is it unplanned downtime? Yes?
Matthias Eisner:No? So that's a very difficult discussion. So that's a possible idea. What else? What if only a few tenants need the gateway firewall, but we need high throughput?
Matthias Eisner:So we can increase or scale up, the the edge transport or cluster hosting the t 0. We could run edge gateway stateless over there. We could, have, more t one clusters somewhere else running, and I currently see I fact figured a few a few boxes. So you can have multiple edge clusters for t ones as well. So that would decrease the size of a single edge transport mode if needed.
Tobias Paschek:If needed. Yeah.
Matthias Eisner:Interestingly enough, we could play the same game with ATP,
Yves Sandfort:advanced threat protection.
Matthias Eisner:So, I think that's one of Toby's favorite most favorite topics because ATP Advanced Threat Protection offers IDS, IPS, or let that in our scenarios, we're currently talking about gateway IDS, IPS. IDS, IPS. So we could have an edge transport node cluster hosting the provider gateway, set t ones. In the new example, they're all stateful. So the cluster is licensed with gateway firewall.
Matthias Eisner:It can be scaled up, so we increase the size of the edge transport nodes. We can also scale out, add additional edge edge transport nodes. But again, it's it's only licensed gateway firewall. Yep. And
Tobias Paschek:and the add on for the for the ATP stuff because if you get the firewall, there is no IDS, IPS.
Matthias Eisner:Exactly. So what you could do because, gateway IDS, IPS is bound to a t one.
Tobias Paschek:Yep.
Matthias Eisner:You can add a sec oh, I'm sorry for that. Sorry, guys. You can add a second edge transfer node cluster only hosting edge gateways with ATP license. So you need to commit less course. If I put matches in a separate customer with hosts with 8 course, Oh, okay.
Matthias Eisner:Thank you for your question. So, we're currently, so the underlying infrastructure is always licensed with VCF. It doesn't matter. So I'm currently not taking VCF or DSXI hosts, hosting those edge transport nodes into into the equation. So vcf licenses is all over the place.
Matthias Eisner:Vcf is licensed on a minimum of 16 cores per socket. Yes. Even though a physical CPU has less than 16 cores, still 16 cores VCF are licensed. The same for the add ons, which are host kind of host related add ons, which is the distributed firewall. That's kind of a host related add on, and that is also licensed in 16 cores per socket.
Matthias Eisner:The gateway firewall is licensed on the number of virtual CPUs the edge transport node has configured times 4. Same for, as Toby mentioned, the bare metal edge. You just count the physical CPUs times 4, and that's the gateway firewall license.
Tobias Paschek:But one one add on on that, Matthias, if you run your edges on a separate cluster, you don't need to take this cluster in the count for, for the 5 for the VMifiable add on. So you just need to bring in your VCF course. Correct. No Correct. It will firewall stuff because the firewall the gateway firewall is always licensed as you just mentioned with the with the, edges.
Matthias Eisner:Exactly. So gateway firewall and distributed firewalls are 2 separate licensing. Exactly. But for the gateways, now over here, we can also do one dedicated edge transport node cluster for, ATP because ATP licenses are more expensive than, the gateway firewall or the firewall license at all. So it's also a pretty interesting, idea.
Matthias Eisner:And you can combine those edge clusters and gateways and distribute all over the place. So it doesn't matter. So the only thing, Toby, is, what could be interesting with the bare metal edge, the bare metal edge does not consume a VCF license.
Tobias Paschek:The bare metal latch does not consume a VCF license. That's that's fully right.
Matthias Eisner:Or or at least 32.
Tobias Paschek:It's 42. But As we are speaking today.
Matthias Eisner:Yeah. So, that could be taken into into account as well. But if I just rethink or think about the last few weeks, all the calculations I've done with various, service providers, Being really honest, the gateway firewall in terms of cost and licensing cost is not the big game changer. No. It's it's not adding tens of 1,000 of US dollars per month.
Tobias Paschek:Abs absolutely on on that. And I would just say we did more and more we have done a clear clarification what is the gateway 5 o because there is slightly a difference between, let's call it enterprise licensing and service provider licensing. There is a slight difference as we have figured out. And so for all of our service providers, we need or you need to take care, yes, there is the gateway firewall, which brings us some interesting features as you just prefer, to it, and, but also can bring in or save some additional cost.
Matthias Eisner:Yeah. And it's always a trade off because if you introduce multiple edge clusters, you need to be fair because you need to, take into account that you need more maintenance. You have more administrative overhead. But on the other hand, all the upgrades and updates are orchestrated using VCF and or, NSX manager. So it's not that big big of a deal anymore.
Matthias Eisner:Alright. Speaking as of today, because we started talking ATP, with CalDirect 10511 gateway IDS, IPS is still a managed service. So there is currently no self-service around that. And another interesting, technical aspect, if you have multiple edge clusters in your infrastructure and you will deploy edge transport nodes or edge gateways to a very specific edge transport node cluster, make sure to configure Cloud Director correctly to choose the right one by default. Or be very careful during the creation of an edge gateway and do not just click yeah.
Matthias Eisner:I used to say next cluster as the t zero users. Be very careful. Yeah. So what if you fact finger, like, an edge gateway creation and the t one ends up on an edge cluster where it should not be, you consume a few hours. If you if you are not changing it immediately, you will consume a few hours over each gateway firewall.
Matthias Eisner:Can't change that.
Yves Sandfort:Until you know Which is which is still the biggest question is how how all of that is going to be handled because officially, it's still all documentation says that all add ons are commit licenses only, where no one actually, so far, could answer the question, what happens if I'm utilizing more than I actually committed? Does that mean Broadcom automatically turns any overage into commit licenses? That would be an interesting game changer.
Matthias Eisner:It's part of the interruption, but the product usage guide launched on the 26th March 2024 has a dedicated section about allowing firewall overage usage.
Yves Sandfort:The contract, however, still has a password switch. There is no overage for add ons.
Matthias Eisner:But but if you play poker, a Smith and Wesson is more than 4 aces.
Yves Sandfort:But I'm not sure how I would classify the product usage guide now.
Matthias Eisner:So we will figure it out sooner or later. But yeah. Okay. So
Yves Sandfort:I think we shouldn't worry too much about it in the beginning anyway because I have my doubts that the user should be taken and even track it at the moment. So
Matthias Eisner:48 can't, but I have never said that.
Yves Sandfort:Silence. Silence.
Matthias Eisner:Okay. So Businesses what
Yves Sandfort:we are talking about.
Matthias Eisner:So so these are are a few aspects around gateways, gateway placement, and the license turned up from license perspective. Another very big deal is with w because that adds a complete different price tag to the whole story. So this is a basic example. 20 hosts, 2 sockets each, host related or correlated, add ons, so we license at least 16 16 course per socket. So that's, 640 DFW course.
Tobias Paschek:That's it.
Matthias Eisner:Did I did I no. It's okay. Just we redid the math. So at the the list price is still a 120 US dollars. So that's a pretty nice price tag per year If none of your customers used the DFW, none of the customers would like to pay for it.
Matthias Eisner:Or if only a few very few uses DFW, you cannot monetize that amount of money out of it. I would say the very easiest approach is to split clusters. Just have multiple clusters, so we just, have this very simple example. We have 16 hosts in the base cluster. So 2 sockets, 32 cores, blah blah blah, and that cluster is licensed with VCF.
Matthias Eisner:And the second cluster, in our example, just 4 hosts, now has 2 sockets, 16 cores. It's a 128 cores, and the cluster is also licensed for VCF, of course. But in the cluster, all cores are licensed with, DFW, a 128 cores. So that's a a big game changer. So your license of roughly oh, no.
Matthias Eisner:You could do it exactly. So your license, 512 course less.
Tobias Paschek:Yes. Yep.
Matthias Eisner:Times a 120 US dollars per year. This price, that's a huge amount of money you can save. Yeah. And Yes, sir.
Tobias Paschek:But to be honest on that, we are still awaiting the final answer on that question because I have heard some rumors that maybe drs groups will solve here some stuff. Not talking too much about it right now, but let's see let's see what the Yves is now canceling the stream.
Matthias Eisner:Eve ate 3 lines.
Tobias Paschek:Let's see what the future is. What's going on, buddy?
Yves Sandfort:The there are apps groups for distributed firewall, whoever keeps up comes up with that. Yeah. Yes. But whatever.
Tobias Paschek:Whatever. Let's call it whatever.
Yves Sandfort:Because it wouldn't really it would not really limit the DFW in the first place. It would limit where the VM is run, but
Tobias Paschek:Yeah. And that's the that's the interesting part because I from a from a technical perspective, I only need to take care about where my VMs are running.
Matthias Eisner:Ah, so what you're referring to is the overage possibility.
Tobias Paschek:I mean, let's let's see.
Matthias Eisner:Yeah. So if a host has no active workloads running on, there's a need to license it. So if it's on a VCF license, it's the same for all the add ons. So yeah. Yep.
Matthias Eisner:But then you need to do the math again. What's what's cheaper from an operations perspective, having a a few hours a year or a few days a year overage or commit the course. The only thing what from a technical standpoint of view, what need to what you need to be careful with is how the transport zones are designed. And I'm more precisely talking about the overlay transport zones. Because if you have the the great idea of, oh, yeah, let's do 2 different, overlay transport zones.
Matthias Eisner:Please reconsider all the implications, like, virtual machines can't talk to each other if they run on different clusters. You need separate edge transport node clusters because of different overlay transport zones. So there is, again, a lot of design work which needs to be done if you start splitting your clusters because of licensing. But, again, I think with, the DFW, you can or the DFW licensing enables us as service providers to to, reduce the license payments massively. Because, if you license a whole cluster, and that's how you license the DFW, that's what I wanna say.
Matthias Eisner:You can't just license a few hosts of a cluster. It's the whole cluster. So e z x I host cluster. That's it. You can't just slice and dice it.
Matthias Eisner:So, yeah, license only half. So that's not what Toby meant with the DRS groups. So so that's also something, which needs to be considered. But, again, from a technical standpoint of view, I I haven't seen that many service providers using the distributed firewall currently because of, tenants breaking their own infrastructure because any any any block means any any any block. And there is no a bit of any.
Matthias Eisner:So any is any.
Tobias Paschek:Yeah. But the just a little bit of any.
Yves Sandfort:Basic firewall guide says it's like the first rule you should reapply is always the default deny any any
Matthias Eisner:rule. Yeah. So if if you apply the rule
Yves Sandfort:It's your it was a distributed firewall, highly protected.
Matthias Eisner:Yeah. But that's what we call micro segmentation, highly secure infrastructure. Cool. So that's from a Slack perspective. So these are slides we prepare.
Yves Sandfort:I would say any questions from the audience? We have 26, 27 people watching us live, over all the different channels. And
Matthias Eisner:just I I have to this is a real background.
Tobias Paschek:And that's a real write up. That's a real write up beside behind me.
Matthias Eisner:Any questions? Any comments? I think if if we from in the in the near future, if we just spend, a few minutes on analyzing the features our or your customers would like to use, and then you start considering how to size the edge transport nodes and where to place and how to license it. But it's highly tenant service consumption related. And, again, charge for it.
Matthias Eisner:Yeah. Yeah. Yep.
Tobias Paschek:I think this is maybe
Yves Sandfort:That's an overall, an overall topic wherever we talk about the service provider space at the moment is it's very, very important for service providers to know, fully understand all the feature sets, all the functions, all the things you have, and how you can actually solve customer problems with this. And I just had a call this morning with another service provider, and he said it's like, yeah. But we are utilizing, solution ABC for this and solution DEF for that. And I said it's like, for sure you can continue to do that, but you're now actually paying double for it. So even if your other solution might be more sophisticated for the other customers, maybe the smaller one is actually a good idea to, to fix some of that.
Yves Sandfort:So, it's it's definitely a good point to really go and look deeper into that one.
Tobias Paschek:But you're you're
Matthias Eisner:No. I I know I know what the question is.
Yves Sandfort:Then read it first.
Matthias Eisner:And end I
Yves Sandfort:only listen to it. Not yet.
Matthias Eisner:Oh, yes. Sorry. So the question is, I don't use DFW, but I can only activate it over altogether in MSX team manager. So splitting clusters would mean a second NSX manager, or could I deactivate DFW for single clusters? So, we need to reformulate that a bit.
Matthias Eisner:What you're talking about is if you navigate in NSX to security DFW and then change the settings sub tab, there is a slider which allows you to deactivate the PFW, from from a licensing principle, from from a a running perspective, but I don't think they need to deactivate it.
Tobias Paschek:No. Because the funny thing is it is only possible in the other direction because at the moment, you can enable the distributed firewall without using networking. So just enable security only, which is basically the distributed firewall solution then also working on a on a traditional, distributed virtual switch. Or assume if you prepare a full cluster, you have networking and security always in the combination, which brings us to the point so at the moment, technically, there is no difference. And coming back to the question is, there is no feature to the to to deactivate because it is not there as we are talking about NSX 4.1.2.1.
Tobias Paschek:Hopefully hopefully, new version number is coming up as soon as possible. But, technically, as soon if you enable a cluster for NSX, currently, you always enable firewalling, and and networking, but you don't utilize it at the end. So you just need to dis you don't need to, enable anything because it is, it is there by by good.
Matthias Eisner:But if you're if you're not adding any rules, it should not be counted.
Tobias Paschek:Counted. Yeah.
Matthias Eisner:Yeah. And for cloud director, if we now talk, against CSP, you really need to activate the DFW from a tenant perspective. So you need to create the data center group, increase the scope of the edge gateway and the OBDC networks. And once you have the data center groups with the increased scope, then you have a field in cloud director enabling to click activate UFW. UFW.
Matthias Eisner:Yep. As soon as you click that configuration, Cloud Director creates a new section within the NSX VFW firewall rule set, and then it's counted.
Tobias Paschek:Yeah.
Matthias Eisner:Or if you built a few rules. So if you do, like, oh, I do manage service, it's default you. It doesn't matter who uses it.
Tobias Paschek:Nope. Please don't do this.
Matthias Eisner:It's an option. Yeah. Didn't say it's a good option, but it's an option. Any other questions?
Yves Sandfort:Looks like we have a pretty silent group today.
Matthias Eisner:Yeah. So, well, we need to be precisely off with the DFW and how does it count or maybe not or yes or maybe. It's our opinion. Just to be very clear on that statement.
Yves Sandfort:It it is our opinion. It is subject to change. And as always, the latest product usage guide in combination with whatever you have as a contract with Broadcom is going to apply. If you are a white label host, you should actually contra you should not only you have basically 3 contracts to check. 1 is your click through agreement, which you have as a registered partner.
Yves Sandfort:1 is the contract you have with your uplevel host, and 1 is the product usage guide. I would at least expect that you have all 3 of them. So, if you miss any one of them, talk to whoever your host is, because they should provide you with clear guidance from a contract perspective. Otherwise, it's up to you. Good.
Yves Sandfort:But we covered already 30 minutes, so that is, I think, a good length for the podcast in the first
Tobias Paschek:Just one last add on, because as we as we have talked about, metering and also do the do the, cost calculation for your customers. There is a episode available where we had our at the, as a guest, where we had talked about all of the stuff. So if you are interested in this stuff, just go back to 1, one episode.
Matthias Eisner:Was 23 or 24?
Yves Sandfort:It is 25. It was the last one. We finally
Tobias Paschek:Oh, yeah. We fed you.
Yves Sandfort:We finally we find so there is always the live version, which is immediately available, which is the one like what we are currently doing. And, typically, 1 or 2 weeks later, depending on how long it takes us to get all the transcript and everything done, is when we put the recording version including transcript and everything online, and that actually was done, I think, yesterday or something or today or somewhere. But, so, that's episode 25. And that's will there be a mini T version to use with the new license keys? We all hope no.
Matthias Eisner:I think it's very easy if you go to the supported product versions. You know which ones to use.
Yves Sandfort:Yes. It's double tiers because it's, there are exceptions in the, for service providers if they have a running infrastructure. Yeah.
Matthias Eisner:But I
Tobias Paschek:So Then it's yeah. What's really interesting is if you currently have a look to different portals, there NSX license keys are gone. Dot. So let's let's see let's see what's what's coming up in the next couple of days, hours, weeks, whatever.
Matthias Eisner:So so we should restart a rumor Broadcom sold NSX to Microsoft.
Yves Sandfort:Well, Mattias, don't. Don't don't don't do that. No. All license portals should be back up, online again, I think, by May 6th or something like that.
Tobias Paschek:That has been the something like that. May
Matthias Eisner:5th or 6th. Yeah.
Yves Sandfort:So but the good, the good warning message which came out a few days ago is that as a whether you are, I mean, for the service providers because they all get new license keys and they must destroy the old ones anyway, there is not necessarily any good reason for doing so anymore. But for any enterprise commercial customers, it might be a good idea to pull a complete export of all the license keys out of the portal now because it's going to go into, I think, read only modes in a week or 2. And by the point in time it goes into read only mode, I'm not sure if you can generate reports anymore or if at that stage, you would need to manually pick each individualized key.
Matthias Eisner:But I think Broadcom already sent a few emails asking for please export your data.
Tobias Paschek:Your data. Yep.
Yves Sandfort:Yes. Because it really will not be accessible anymore.
Matthias Eisner:Yeah. Yeah.
Yves Sandfort:It's not
Matthias Eisner:I can't remember the systems.
Yves Sandfort:Terms is like, yeah. We just thought we are turning it off. We are going to not turn it off. If Broadcom says it's going to be turned off, it's going to be turned off. We have seen that already for other systems.
Yves Sandfort:It's like, that is 22nd or 24th?
Matthias Eisner:Something around that.
Yves Sandfort:I log into the my customer portal. I currently can't do that in parallel, because I'm in a different Broadcom system in parallel because that would confuse things again. But, better check your systems and better check your portals and things like that. And at least, I think that gives us the hope that for a few couple of weeks or months is we can potentially use the license portal without going into private or incognito mode every time.
Tobias Paschek:Yeah. So the customer connect will go into read only, fully read only at Thursday Thursday, of April, and we'll be back at Monday, 6th May. But to be honest, we are talking now talking about really the whole customer connect. The licensing sites will be offline. I think it was 1 week earlier.
Yves Sandfort:Yeah. So there are individual date lines for that. And, but it says it's like, you should also potentially, as emergency support number. Because if something goes wrong in all these transitions, and you can't actually file support tickets online anymore, it might be quite handy to have the new support phone number because I think that's a new one. That's not the old VMM by which they published it.
Yves Sandfort:Yes. Good. That being said, I think that was a good, warning at the end. Toby, there was a security warning you wanted to raise at the beginning of the show. I just actually went through my notes again.
Tobias Paschek:What?
Yves Sandfort:Wasn't there a securities thing you wanted to actually put into today's session?
Tobias Paschek:Yes. Yeah. Yes. Yes. Sure.
Tobias Paschek:Sure. Sure. Now this that's what was we was talking yesterday. So cloud director 10 dot 5 dot 1 dot 1 is there since mid of March. No.
Tobias Paschek:Begin end of March. And so for those service providers who are currently running on 10.5.1, please update your VCD because there is a security issue in 10.5.1. So please patch your cloud directed to 10.5.1.1. Thank you for that.
Matthias Eisner:So that that's that's what I would call famous last word.
Yves Sandfort:Yeah. That being said, I think we are due to do another recording where we have the partner week in 3 weeks?
Tobias Paschek:3 weeks. Yes.
Matthias Eisner:2 weeks. 3 weeks? 2 weeks? 2 and a half?
Yves Sandfort:2 and
Matthias Eisner:a half.
Yves Sandfort:I'm I'm going to, if it's if it's yeah. I'm going to be here in in in Middle East for 2 and a half more weeks, so it's going to be, the week after.
Tobias Paschek:The week the 1st week the first couple of days of May will be the next episode.
Yves Sandfort:But everything else is going to be a bit more complicated.
Tobias Paschek:Yep. Talking about the second of May, we will have the next episode.
Yves Sandfort:And we will let everybody know what's going to be the topic for that session. In the meantime, if you have any questions, as always, feel free to drop us a note, drop us a question, and then we can make sure that we add that to our topic list for one of the next sessions. We will still publish a lot of, other news in the next couple of days over social media around the Cloud Director license changes and a few other things which haven't been mentioned yet, but we wanted to get this podcast back into more of a technical, round. In parallel, also a reminder, because in approximately 20 minutes time, Toby and I are going to go back online with the VCF Musketeers. So we are going to continue our journey through the configuration things.
Yves Sandfort:Toby and, Patrick are live on a, at least, weekly basis with We are
Tobias Paschek:currently also also talking about multiple stuff. Yesterday, we had the SD WAN session. So let's see.
Yves Sandfort:So there are multiple different ways on, also, how to attend any of our live sessions and actually, jump in there and ask us any questions over there. Feel free to do that at any point in time. We are always happy to have, attendees joining us. And with that being said, thank you all for watching, and thank you all for listening to the podcast. Talk hear you
Tobias Paschek:soon. Bye.
Matthias Eisner:Thanks. Bye.