What is VMware NSX :

What is VMware NSX :

There have been many advancements in modern IT infrastructure. Virtualization has totally revolutionized the way that organizations view compute, storage, and networking. The notion of “virtualizing” the modern datacenter was a paradigm shift in many areas of IT infrastructure and datacenter technology. Workloads abstracted from the physical hardware have opened up tremendous efficiencies, and advantages in the way businesses can provide digital resources.

Along with server virtualization that allowed businesses to abstract running operating systems from the physical hardware, network virtualization has brought tremendous networking advantages. Much as they were in the area of server virtualization, VMware has been a pioneer in the area of network virtualization.?VMware NSX?is well-known in network virtualization and is a powerful solution that enables network virtualization, both in the data center, public cloud, and multi-cloud environments.

What challenges exist in data centers still leveraging traditional networking? What is VMware NSX? What is the difference between NSX-V and NSX-T? What advantages does NSX-T offer over NSX-V? What is the migration process to get from NSX-V to NSX-T? What features does NSX-T offer today to empower modern workloads

Traditional data center networking challenges

VMware’s Software-Defined Data Center (SDDC) vision incorporates next-generation virtualization technologies. It allows organizations to realize automated, non-disruptive deployments of business-critical infrastructure in a way that helps reduce operational complexity and extend technical agility to deliver applications. By now, most organizations have virtualized most of their server infrastructure in their data centers and are also taking advantage of software-defined storage technologies.

Datacenter networks have historically been extremely slow to respond to the changing needs of the enterprise. Networking is often too rigid, complicated and presents many barriers to innovation and realizing the full potential of virtualizing other data center components such as servers and storage. Traditional networking technologies constrain the advantages gained by virtualizing servers and storage.

Traditional networking presents the following challenges:

• Provisioning new routers, switches, and other technologies is slow
• Proprietary networking technologies historically bind traditional networking from specific networking vendors
• Automated network configuration is generally non-existent
• Changes generally require manual interaction
• Even for experienced network engineers, network changes are error-prone
• Many traditional network constructs such as VLANs, firewalls, load balancers, ACLs, and others present roadblocks to fast-paced development and DevOps-style infrastructure
• Traditional networking depends on workload placement
• Workload mobility is limited
• Firewall rule sprawl
• VLAN and IP topology sprawl

What is VMware NSX?

Vmware NSX is a robust?software-defined networking (SDN) technology?that solves complex networking challenges in the modern data center environment. It enables organizations to move rapidly to deploy new networks, change existing network designs, and effectively automate networks in code. It allows businesses to connect their virtual cloud networks and protect applications across on-premises data centers, multi-cloud environments, bare-metal workloads, and modern container infrastructure with ease. Aside from delivering software-defined networking capabilities to the enterprise, VMware NSX empowers businesses with an L2-L7 security virtualization solution. With VMware NSX, companies can manage their virtual networking and network security from a single pane of glass UI with the management and security tools in a seamless interface.

VMware NSX brings both networking and security constructs closer to where the application lives. Applications can reside inside virtual machines, bare-metal physical Servers , and modern containerized applications. Regardless of where the application lives or the underlying physical network, networks can be provisioned and managed independently. Since VMware NSX is a software-defined solution and does not rely on physical networking gear, it provides logical networking and security capabilities, including:

·?????? Logical switching?– VMware NSX provides logical switching capabilities that extend Layer 2 switching boundaries across a routed Layer 3 fabric. The extensions can include both within and across data center environments and public/private clouds.

·?????? Routing?– With VMware NSX, organizations have a much more modern approach to Layer 3 routing distributed in the hypervisor kernel.

·?????? Gateway firewall?– The software-defined gateway firewall provides stateful firewall capabilities up to Layer 7, with NSX providing app identification and distributed FQDN whitelisting. Again this is distributed with centralized policy and management.

·?????? Distributed firewall?– Similar to the gateway firewall, the distributed firewall as part of the VMware NSX solution provides stateful Layer 7 firewall capabilities with app ID and distributed FQDN whitelisting

·?????? Load balancing?– Organizations can use the VMware NSX load balancer to provide L4-L7 load balancing features with SSL offloading. Other features such as server health checks and passive health checks and API interaction are part of the solution.

·?????? Virtual Private Network (VPN)?– Site-to-Site VPN, remote-access VPN, and cloud gateway services are possible with VMware NSX VPN

·?????? NSX Gateway?– You can bridge physical Layer 2 VLANs from the physical network with NSX overlay networks using the NSX Gateway

·?????? NSX Intelligence?– The NSX Intelligence platform uses automated artificial intelligence (AI) and machine learning (ML) to provide continuous monitoring and visualization for network traffic flows to recognize malicious traffic and intent

·?????? NSX Distributed IDS/IPS?– VMware NSX has evolved to provide centralized advanced threat detection and prevention engine that allows detecting and preventing east-west movement of malicious threats. It provides a distributed architecture and application context in software that can replace the functionality provided by discrete security appliances.

·?????? Federation?– For organizations managing multiple VMware NSX environments, the Federation capability allows managing and configuring numerous environments with a single pane of glass using centralized policy and enforcement

·?????? Virtual Routing and Forwarding (VRF)?– For multi-tenant environments, VMware NSX provides complete data plan isolation using the NSX Tier 0 gateway that provides separate routing tables, NAT, and edge firewall support in each VRF.

·?????? NSX Data Center API?– Developers and DevOps automation tools have access to RESTful APIs that allow interacting with VMware NSX programmatically.

·?????? Operations?– VMware NSX includes native tools such as traceflow, overlay logical SPAN, and IPFIX and also allows easy integration with other tools such as vRealize Network Insight (vRNI).

·?????? Quality of Service (QoS)?– Define software-based QoS features to applications

·?????? Context-aware micro-segmentation – Security groups and policies with VMware NSX can automatically be created and updated based on various environmental attributes outside of the typical network constructs such as IP address, port, and others.

?

How does VMware NSX work :

Software-defined network solutions, including VMware NSX, make use of an?underlay?and an?overlay?network. It provides the ability to separate the control and data planes between the two. Let’s see how both the underlay and overlay networks play a part in network communication with a software-defined network (SDN) solution.

• Underlay?– The underlay network includes the physical network infrastructure that enables the transmission of packets. The underlay network also consists of the routing protocols needed to allow for IP connectivity between locations. Routing protocols including OSPF, IS-IS, and BGP are examples of common routing protocols for this purpose.
• Overlay?– The overlay network is where the “magic” of a software-defined network happens. The overlay network is formed “on top of” the underlay physical network architecture. Both the data plane traffic and control plane signaling are controlled within the virtualized network. Multiple virtual networks can overlay on top of a single physical network. Overlay networks use overlay protocols such as VXLAN, NVGRE, OTV, and GENEVE

?

high-level overview of the Overlay and Underlay network in software-defined networking

VMware NSX key benefits

VMware NSX provides many critical benefits to organizations looking to modernize networking operations in their environments. These include the following:

• Micro-segmentation?– The notion of having a “trusted” internal network is no longer practical with new-age threats and the way attackers are compromising networks via east-west attacks
• Automated network provisioning?– The ability to automate network provisioning, configuration, and security policy management allows businesses to be much more agile in their operations
• Consistent management of networking and security policies?– Since logical networks can be controlled through code, it allows much more consistent management of networking and security policies
• Built-in network visualization and monitoring?– VMware NSX provides monitoring and visualization of application topologies, security policies, and flow monitoring
• Advanced east-west threat prevention and distributed IPS/IDS?– To bolster the built-in micro-segmentation capabilities of VMware NSX, distributed IPS/IDS provides automated threat protection and prevention capabilities. The benefits include elastic throughput, reducing false positives, improved utilization of computing capacity.

VMware NSX use cases

These are alluded to with the key benefits covered. However, what are the specific use cases for using VMware NSX solutions? These include the following:

• Security
• Multi-cloud networking
• Network automation
• Networking and security for cloud-native applications

?

Security

Arguably the most obvious use case with using VMware NSX is security. There is a new cybersecurity best practice model known as “Zero-Trust.” The traditional network operates on the notion of an “untrusted” zone, typically the Internet, and a “trusted” zone, which has historically included the internal LAN. With new threats that have emerged, such as ransomware and other malicious tools used by attackers, there the “trusted” network is no longer a practical approach for security

Using the Zero-Trust approach, all network traffic is viewed as untrusted, regardless of where the traffic originates. In the Zero-Trust model, even if two servers share the same network, they should not implicitly trust all network traffic communicated between them. Using micro-segmentation, distributed IPS/IDS, and context-aware firewalling, VMware NSX allows organizations to have the tools to implement a Zero-Trust model in their networks effectively. It helps to prevent attackers from compromising internal resources due to lateral east-west movement.

Multi-cloud networking

Traditional networking in a single on-premises data center can be difficult, let alone networking between data centers and even on-premises and cloud environments. With VMware NSX software-defined solutions, networking and security boundaries can be extended between heterogeneous sites. It allows stretching sites and moving workloads between on-premises and cloud environments without disruption.

Traditional physical networking cannot achieve the mobility and flexibility that VMware NSX provides for workloads. It decouples the requirements that a physical network exists in a particular location and allows networks to be placed where logically needed to solve challenging technical and business use cases.

Network Automation

One of the compelling capabilities afforded by the VMware NSX platform is the ability to automate the solution. The deployment of full-stack solutions can be accomplished in code without entering a CLI interface or deploying physical appliances. VMware NSX exposes various APIs that allow interacting with the solution through RESTful API calls. You can also integrate VMware NSX with other automation solutions such as Ansible, Terraform, and vRealize Automation, automation solutions commonly used within the enterprise.

Networking and security for cloud-native applications

VMware NSX allows your organization to provide both networking and security capabilities for modern workloads and containerized applications. You can do this with a very granular policy based on each container. It allows applying the same micro-segmentation capabilities for virtual machines?to containers.

?

?

?

?