VMware NSX is the network virtualization platform that enables the implementation of virtual networks on your physical network and within your virtual server infrastructure. It delivers the operational model of a virtual machine for the network. NSX can be categorized as a Software-Defined Networking (SDN) solution that allows network administrators to programmatically initialize, control, change, and manage network and security behavior dynamically.
Similar to virtual machines for compute, virtual networks are programmatically provisioned and managed independent of the underlying hardware. This is very cost effective because you do not need to make changes in your physical network. All updates and adaptations can be performed remotely and much quicker and in an automated way.
NSX reproduces the entire network model in software, enabling any network topology—from simple to complex multi-tier networks—to be created and provisioned in seconds. It enables a library of logical networking elements and services, such as logical switches, routers, firewalls, load balancers, VPN, and workload security. Users can create isolated virtual networks through custom combinations of these capabilities.
Standing still is not an option. If you want to achieve the required security, you have to break new ground. The new generation of mobile workers wants flexibility. They use multiple mobile devices to work anytime and anywhere. This of course, implies many additional security issues. Hackers are lurking around the corner. And we must admit, it has become a very lucrative business, just think of ransomware. Companies are paying large sums to avoid image damage. Brand protection is of utmost importance. One breach can destroy your good name forever.
Therefore, the road from your source to your devices must be highly secure. End-to-end security is crucial, but higher security often compromises flexibility. The more security, the harder to adapt things. We all know that making changes in your physical datacenter or on your network takes some time… If you want flexibility and agility on your network without compromising your security: think VMware NSX!
Like server virtualization for compute, the NSX network virtualization approach allows data center operators to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand. A virtual network is actually a software container that provides logical network components to connected workloads—logical switches, routers, firewalls, load balancers, VPNs and more. You can compare it to a virtual machine that is also a software container that provides logical CPU, memory and storage to an application.
Virtual networks are programmatically created, provisioned and managed, utilizing the underlying physical network as a simple packet forwarding backplane. Network services are programmatically distributed to each virtual machine, independent of the underlying network hardware or topology, so workloads can be dynamically added or moved and all the network and security services attached to the virtual machine move with it, anywhere in the data center.
Network virtualization works as an overlay above any physical network hardware and works with any server hypervisor platform. The only requirement from a physical network is that it provides IP transport. There is no dependence on the underlying hardware or hypervisor. The NSX Gateway allows legacy VLANs and physical hosts to be mapped into virtual networks.
NSX reproduces the entire networking stack in software within each virtual network. It offers a distributed logical architecture for L2-7 services including, logical switch, router, firewall, load balancer and VPN. These logical network services are provisioned programmatically when virtual machines are deployed and move together with the virtual machines during a vMotion. Existing applications operate un-modified and see no difference between a virtual network and a physical network connection.
NSX exposes a RESTful API, allowing cloud management platforms to automate the delivery of network services. Network provisioning, which used to take days or weeks, now only takes seconds. That is because network services are now delivered to applications by the virtual network, no manual reconfiguration of physical network devices is necessary.
NSX Service Composer enables the automation of the consumption of services and their mapping to virtual machines using a logical policy. Customers can assign policies to groups of virtual machines and as more virtual machines are added to the group; the policy is automatically applied to the virtual machine.
Customers can build advanced workflows automating security, compliance and network provisioning including load balancing and firewall rules.
NSX offers a platform to insert other vendor services. Integrated software and hardware partner products can range from network gateway services, application delivery services, and network security platforms to security services. The next visual shows the integration of the Palo Alto Networks Next-Generation virtual firewall with VMware NSX. The firewall connects seamlessly with the hypervisor and all the virtual firewall features are available for each virtual machine. If a virtual machine vMotions to another location, it remains protected because the set firewall rules will follow the movements of the virtual machines.
NSX can be deployed in a VMware vSphere® environment where it is completely integrated with the vSphere, VMware vCloud Director® and VMware vCloud® Automation Center™.