NSX

here have been many advancements in modern IT infrastructure. Virtualization has totally revolutionized the way that organizations view compute, storage, and networking. The notion of “virtualizing” the modern datacenter was a paradigm shift in many areas of IT infrastructure and datacenter technology. Workloads abstracted from the physical hardware have opened up tremendous efficiencies, and advantages in the way businesses can provide digital resources.

?

Along with server virtualization that allowed businesses to abstract running operating systems from the physical hardware, network virtualization has brought tremendous networking advantages. Much as they were in the area of server virtualization, VMware has been a pioneer in the area of network virtualization. VMware NSX is well-known in network virtualization and is a powerful solution that enables network virtualization, both in the data center, public cloud, and multi-cloud environments.

?

What challenges exist in data centers still leveraging traditional networking? What is VMware NSX? What is the difference between NSX-V and NSX-T? What advantages does NSX-T offer over NSX-V? What is the migration process to get from NSX-V to NSX-T? What features does NSX-T offer today to empower modern workloads? Traditional data center networking challenges

?

VMware’s Software-Defined Data Center (SDDC) vision incorporates next-generation virtualization technologies. It allows organizations to realize automated, non-disruptive deployments of business-critical infrastructure in a way that helps reduce operational complexity and extend technical agility to deliver applications. By now, most organizations have virtualized most of their server infrastructure in their data centers and are also taking advantage of software-defined storage technologies.

Datacenter networks have historically been extremely slow to respond to the changing needs of the enterprise. Networking is often too rigid, complicated and presents many barriers to innovation and realizing the full potential of virtualizing other data center components such as servers and storage. Traditional networking technologies constrain the advantages gained by virtualizing servers and storage. Traditional networking presents the following challenges:

·???????? Provisioning new routers, switches, and other technologies is slow

·???????? Proprietary networking technologies historically bind traditional networking from specific networking vendors

·???????? Automated network configuration is generally non-existent

·???????? Changes generally require manual interaction

·???????? Even for experienced network engineers, network changes are error-prone

·???????? Many traditional network constructs such as VLANs, firewalls, load balancers, ACLs, and others present roadblocks to fast-paced development and DevOps-style infrastructure

·???????? Traditional networking depends on workload placement

·???????? Workload mobility is limited ? Firewall rule sprawl

·???????? VLAN and IP topology sprawl

?

What if the network could be abstracted from the underlying physical network infrastructure and placed into the software layer? VMware NSX allows eliminating the challenges mentioned above with traditional physical networks.

What is VMware NSX? VMware NSX is a robust software-defined networking (SDN) technology that solves complex networking challenges in the modern data center environment. It enables organizations to move rapidly to deploy new networks, change existing network designs, and effectively automate networks in code. It allows businesses to connect their virtual cloud networks and protect applications across on-premises data centers, multi-cloud environments, bare-metal workloads, and modern container infrastructure with ease. Aside from delivering software-defined networking capabilities to the enterprise, VMware NSX empowers businesses with an L2-L7 security virtualization solution. With VMware NSX, companies can manage their virtual networking and network security from a single pane of glass UI with the management and security tools in a seamless interface.

VMware NSX brings both networking and security constructs closer to where the application lives. Applications can reside inside virtual machines, bare-metal physical servers, and modern containerized applications. Regardless of where the application lives or the underlying physical network, networks can be provisioned and managed independently. Since VMware NSX is a software-defined solution and does not rely on physical networking gear, it provides logical networking and security capabilities, including:

·???????? Logical switching – VMware NSX provides logical switching capabilities that extend Layer 2 switching boundaries across a routed Layer 3 fabric. The extensions can include both within and across data center environments and public/private clouds.

·???????? Routing – With VMware NSX, organizations have a much more modern approach to Layer 3 routing distributed in the hypervisor kernel.

·???????? Gateway firewall – The software-defined gateway firewall provides stateful firewall capabilities up to Layer 7, with NSX providing app identification and distributed FQDN whitelisting. Again this is distributed with centralized policy and management.

·???????? Distributed firewall – Similar to the gateway firewall, the distributed firewall as part of the VMware NSX solution provides stateful Layer 7 firewall capabilities with app ID and distributed FQDN whitelisting

·???????? Load balancing – Organizations can use the VMware NSX load balancer to provide L4-L7 load balancing features with SSL offloading. Other features such as server health checks and passive health checks and API interaction are part of the solution.

·???????? Virtual Private Network (VPN) – Site-to-Site VPN, remote-access VPN, and cloud gateway services are possible with VMware NSX VPN

·???????? NSX Gateway – You can bridge physical Layer 2 VLANs from the physical network with NSX overlay networks using the NSX Gateway

·???????? NSX Intelligence – The NSX Intelligence platform uses automated artificial intelligence (AI) and machine learning (ML) to provide continuous monitoring and visualization for network traffic flows to recognize malicious traffic and intent

·???????? NSX Distributed IDS/IPS – VMware NSX has evolved to provide centralized advanced threat detection and prevention engine that allows detecting and preventing east-west movement of malicious threats. It provides a distributed architecture and application context in software that can replace the functionality provided by discrete security appliances.

·???????? Federation – For organizations managing multiple VMware NSX environments, the Federation capability allows managing and configuring numerous environments with a single pane of glass using centralized policy and enforcement

·???????? Virtual Routing and Forwarding (VRF) – For multi-tenant environments, VMware NSX provides complete data plan isolation using the NSX Tier 0 gateway that provides separate routing tables, NAT, and edge firewall support in each VRF.

·???????? NSX Data Center API – Developers and DevOps automation tools have access to RESTful APIs that allow interacting with VMware NSX programmatically.

·???????? Operations – VMware NSX includes native tools such as traceflow, overlay logical SPAN, and IPFIX and also allows easy integration with other tools such as vRealize Network Insight (vRNI).

·???????? Quality of Service (QoS) – Define software-based QoS features to applications

·???????? Context-aware micro-segmentation – Security groups and policies with VMware NSX can automatically be created and updated based on various environmental attributes outside of the typical network constructs such as IP address, port, and others. The logical, software-defined architecture allows easily provisioning networking non-disruptively over existing physical networks. VMware NSX logical networks can extend across data centers, public and private cloud environments, containers, and bare-metal servers.