Skip to content. | Skip to navigation

IT Virtualization Blog

Personal tools

This is SunRain Plone Theme
You are here: Home / Users / lmarzke / howto / NSX / Intro


by lmarzke last modified Oct 11, 2017 01:30 PM

Intro to NSX


What is NSX

VMware ESX is the versatile hypervisor that virtualizes 'compute' workloads.    There is no question that virtual workloads have many advantages over the old physical one-server-per-host model.   It is so much easier to snapshot, clone,  and recover VM in the virtual model, not to mention how much easier disaster recover works with virtual workloads.

NSX is VMware's answer to controlling networking features in the modern data center.    Just like ESX server was the hypervisor for 'compute' workloads,  'NSX' is the central set of services to virtualize networking.    Of course this means that we get the same ablity to snapshot, clone and recover entire networks and make disaster recover of the network much easier.

But what does virtualizing the network actually mean ?   It signifies, for instance, that all the internal networks and their properties of a 3-tier application,  and their firewall configurations can be snapshot, cloned, and recovered.   So basically an entire 3-tier application can be treated as a single entity.

In addition, just like we can create new VM's easily from templates,   we now can create entire 3-tier apps with their networks, and firewall rules, etc. from a clone.





From a high level,  NSX, together with vSAN attempt to virtualize the Data Center , instead of the server.   This means it will be possible to replicate or replace any VMware Data center easily in the cloud with minimal changes.    Think of it as VMware moving up the stack ( from server to the entire DC ).

For those thinking of a hybrid-cloud solution, having a cloud solution that is exactly the same as the in-house solution makes a lot of sense as workloads can be moved back-and-fourth to the cloud without any changes.   Even live vMotion is supported in many cases.

However there are more items that NSX addresses that we covered above.

  • Supports massive East/West (E/W) connectivity as is typical in the modern DC.
    • The E/W firewall rules are applied by the host kernel,  so VM's on the same host can talk directly to each other without hair-pinning traffic out through the physical network to a physical firewall.
    • E/W rules can be written in high-level terms ( such as by VM name, Folder Name, Tag ).    Rules written in such terms automatically apply to new VM's matching the VM name regEX,  Folder, or Tag.    So in essence firewall rules are automatically written and removed as VM's are added or removed from the infrastructure.   No more stale firewall rules from years ago that are left behind.
  • North/South traffic uses VM appliances supporting ( DHCP, NAT, Firewall, routing , VPN , etc. )
  • All of the above is controlled by a new Menu tab ( Networking & Security ) inside vCenter web appliance.


Use cases

The top use cases for deploying NSX then are:

  1. Security - Enable micro-segmentation ( also called zero-trust )
    Every NIC connection to/from a VM is inspected via a firewall rule.
    This means for instance, that the web-tier can only talk to the db-tier on ONE port, to one VM.
    Since the hypervisor enforces this,  no hair-pinning results
    Firewall rules are generated automatically for new VM's according to a template.

  2. Disaster Recovery - DR location is identical to source
    This means that IP's do not need to change, and all load-balancers, firewalls, etc. are the same on both ends.
    Optionally cross-vCenter NSX can keep both main site and DR site in sync.

  3. Automation - Automatically deploy entire 3-tier applications and their networks, load-balancers etc.



Document Actions