Introduction

VMware NSX is network virtualization and security platform that separates all network functions from classic network devices such as switches and routers. It brings completely new paradigm how we manage networks. VMware addresses many challenges in today’s physical network infrastructure, doing the same thing virtualization has done for virtual machines and storage. The physical layer simply serves as a backplane transmitter and does not need any physically change except increasing MTU size to 1600 to accommodate additional frame payload. Create, save and restore virtual networks without touching the physical layer. It would be interesting to check how VMware architecture is designed.

Understand the background Of VMware NSX

VMware NSX provides a fast source of simple and multi-layered networks in matter of seconds. Administrators can now initialize, control, change, and manage network security and dynamically. VMware NSX allows L2 connectivity via L3 thanks to VXLAN and VTEPs. Imagine the amount of work needed to be done through the L3 network configured on two sites.

You can simply connect L2 which are separated with physical L3 devices and locations. VMware NSX enables all services from layer2 to layer7, going beyond routing and switching. There are new players and features like logical switches, NSX gateways, logical routing to logical firewalls, logical load balancers, logical VPNs and NSX API. All these functionalities are installed as software running in hypervisor kernel. From my point these features were astonishing when I first start to learn NSX from Learning VMware NSX.

What are the benefits of VMware NSX?

Security and micro-segmentation

Thanks to micro-segmentation, VMware NSX boosts data center security and brings it to completely another level. Automated fine-grained security policies are directly linked to virtual machines, while VMware NSX allows you to create networks within the software. This approach isolates networks from each other, providing a better quality of security model for the data center.

Implementation speed

Reduces provisioning time from weeks to seconds. For example, provisioning a new VLAN does not require any changes in physical network and can be done in matter of seconds. This great benefit gives you faster installation and agility, and in the same time provides the flexibility to run VMware NSX on top of any network.

Cost

Switching to VMware NSX has proven to save millions in capital and operational expenses. You will reduce both OPEX and CAPEX because it eliminates the need for configuration of network hardware. You no longer need to secure funds to buy a new network hardware together with person-hours that are needed to configure your physical network. Imagine how much you can reduce the possibility of a human error when manually configuring the network.

Choice

Works on any hypervisor, any network hardware, and network infrastructure and cloud management platforms. You do not have to modify workloads and applications because virtual networks are not different from the physical model. VMware NSX supports a large group of hypervisors such as Xen, KVM, VMware ESXi and Microsoft Hyper-V. Cloud management platforms such as CloudStack, OpenStack, and VMware vCloud Automation Center interoperates with the VMware NSX.

Why is everyone talking about micro-segmentation?

One of the significant VMware NSX features is micro-segmentation which enables isolation, segmentation and advanced services. Isolation allows complete isolation between virtual networks as well as physical. Segmentation provides security at a very granular level reaching to virtual machine itself. Security policy can be defined not only by IP address, but with names, virtual networks, operating systems and much more. Advanced services enable the use of existing security solutions such as Palo Alto Networks, Trend Micro, Symantec, McAfee and Rapid 7.

VMware NSX implementation use cases

Security

All new compute resources can be automatically provisioned by security policy which can be enforced on individual workload level. Each desktop can be in its own perimeter defense and there is no need to install and manage AV agents on workloads. All guest introspection activities and offloaded to hypervisor. Security policies are moving along with the workload, regardless where the workload are in the network topology.

Multi-cloud networking mobility

Expand your existing infrastructure to other data centers and cloud using VMware NSX. Applications and services quickly and safely move between datacenters, retaining application network services to retain scalability and efficiency. Fully synchronize your network and security configuration to a recovery data center without having to reconfigure IP addresses, reapply your security policies, or use manual tools and scripts.

Automation

VMware NSX virtualizes all network and security features to enable faster installation via automation by reducing hand-action prone errors. VMware NSX integrates with cloud platforms such as Kubernetes (K8s), Red Hat OpenShift, Pivotal Container Service (PKS) and many others. This integration encourages development engineers to use network and security as a code, improving the speed of the business process.

VMware NSX Interoperability

VMware NSX integrates with the vSphere, VMware vCloud Director® and VMware vCloud® Automation Center™, vRealize Automation, OpenStack, Active Directory and many more.Cloud management platform to fully utilize VMware NSX using RESTful API to automate delivery of network services. Main well-known VMware partners like Arista networks, Extreme Networks, Dell EMC, HPE, Huawei, Juniper Networks and Palo Alto Networks integrate with VMware NSX.

Cost models

Standard Edition: For small and midsize organizations
Professional Edition: For organizations which require micro-segmentation
Advanced Edition: For large data centers which require more granular level of security and multiple sites
Enterprise Plus Edition: For large organizations that require networking and security across more domains.
Remote Branch Office Edition: Combination of all above, suitable for secure workloads in branch locations.
Here is comparison chart.