Network speed, agility along with security and availability are of top priority to every IT organization. Since application infrastructures lay the foundation for business operating and innovating, it is imperative for organizations to keep up with the advancement and shift in IT. The fact, however, is that network architectures based on hardware actually impede the ability of data center to unleashing its full potential – it fails to match the speed, agility or security of those running virtualized networking. VMware NSX takes the initiative to address the problem: it creates a network virtualization platform that enables IT to perform without compromises.
Simply put it, VMware NSX is a network virtualization and security platform for software defined data center (SDDC). Which makes it possible to create entire networks in software with the functionality of switching, routing, load balancing and firewalling, and embeds them in the hypervisor layer, abstracted from the underlying physical hardware. In this case, it significantly simplifies network managements – instead of taking days or weeks provisioning, all network components can be provisioned in minutes, without the need to modify the application. NSX is proven as an ideal solution to achieve unprecedented levels of security at a speed that organization demands. Key features of VMware NSX are explained in the chart below.
| Switching | Enable logical layer 2 overlay extensions across routed (L3) fabric within and across data center boundaries. Support for VXLAN-based network overlays. |
| Routing | Dynamic routing between virtual networks performed in a distributed manner in the hypervisor kernel, scale-out routing with active-active failover with physical routers. Static routing and dynamic routing protocols supported. |
| Distributed Firewalling | Distributed stateful firewalling, embedded in the hypervisor kernel for up to 20Gbps of firewall capacity per hypervisor host. Support for Active Directory and actively monitoring. Additionally, NSX can also provide north-south firewall capability via NSX Edge. |
| Load Balancing | L4-L7 load balancer with SSL offload and pass-through, server health checks, and APP Rules for programmability and traffic manipulation. |
The challenge networks are consistently facing is to strengthen security while enhancing agility. Instead of purchasing extra network and security infrastructure, customers are more prefer to virtualize firewalls and implement micro-segmentation. Realizing virtualization with VMware NSX is found to be an ideal option for driving business benefits, in a way to enhance security, achieve IT automation and ensure application continuity. Moreover, VMware NSX also delivers numerous economic value as it saves significant capital expenditure on security appliances, reduces operational expenditures and enhance consistent network performance. Users can benefit from using NSX in a number of different ways:
- Micro-Segmentation for security: VMware NSX abstracts security functions and embeds it into the hypervisor. Thus delivers micro-segmentation and granular security to the individual workload, enabling a fundamentally more secure data center. Security policies travel with the workloads, independent of where workloads are in the network topology.
- IT Automation to reduce Manual Errors: with VMware NSX, you are able to treat your physical network as a pool of transport capacity, with network and security services attached to workloads using a policy-driven approach. This automates networking operations and eliminates bottlenecks associated with hardware-based networks, while reduces the manual effort and cycle time for provisioning and managing the network.
- Application continuity: VMware NSX abstracts networking from the underlying hardware and attaches networking and security policies to their associated workloads. Applications and data can reside and be accessible anywhere. Move workloads from one data center to another, or deploy them into a hybrid cloud environment.
- Compliance: VMware NSX enables micro-segmentation and granular security of workloads in virtualized network, isolating sensitive systems and reducing both risk and scope of compliance.
VMware NSX vs Cisco ACI, as two major players in the field of SDN and network virtualization, to decide which solution is right for data center has triggered lots of discussion among the industry. (a detailed explanations of Cisco ACI is in my former article ). Large enterprises are now reaping significant benefits by deploying SDN in the data center. Expect suggested to take your network requirements into consideration: if your business requires a dynamically provisioned, scalable and programmable network, ACI can be a sound choice. But if your business requires hypervisor-level micro-segmentation for VM-to-VM traffic, NSX is a solid option. If both are required by the business, the two can work together to meet those requirements.
| Cisco ACI | VMware NSX |
| Cisco ACI is an integrated solution that addresses the physical and virtual networks | VMware NSX is a hypervisor overlay-based model |
| Automated Application Centric, policy driven framework | VMware centric |
| Single pane of glass for managing application components with embedded security | Only manages overlay. Underlay is managed separately |
| Every leaf is a gateway for physical and virtual application, no additional gateway or compute nodes required. | Requires network gateways to talk to bare-metal applications and other network endpoints |
VMware NSX integrates security, management, functionality, VM control, and a host of other network functions directly into your hypervisor. It successfully addresses the problem facing enterprises and businesses, providing secure, agile and segmented network that effectively enhances business efficiency and end user productivity. For networks demand for high-level security but don’t want to compromise speed, VMware NSX is the right choice for you.
