This content is part of the Essential Guide: The ins and outs of VMware security products and features

What are the benefits of the NSX network virtualization platform?

VMware's NSX network virtualization platform applies software-layer abstraction to networking, adds network functionality and enforces granular security policies.

Network virtualization enables administrators to provision, organize and secure the enterprise network using only...


VMware NSX is a network virtualization platform that defines and manages logical networks at the hypervisor layer, foregoing the time-consuming and error-prone manual configuration usually required for network devices. When combined with server and storage virtualization, NSX helps to create end-to-end virtualization that leads to a full-featured, software-defined environment for the enterprise.

The pros and cons of virtualization

Virtualization has changed the way that data centers and businesses function. Before virtualization, servers and their workloads had to be configured and deployed manually without the ability to share unused computing resources.

Server virtualization gave organizations the tools to abstract computing resources from the underlying hardware. This abstraction enables administrators to provision compute resources to form VMs with software, while multiple VM workloads can share the server's resources for server consolidation.

Virtualization also made it possible to exercise far more powerful VM management. Administrators can create, protect and move VMs between host servers on demand without the problems of reinstallation or reconfiguration.

Server virtualization has boosted the fast and efficient use of server resources. However, the LAN that secures and ties together servers, storage and users has remained largely manual. Switches, firewalls, routers and other network components continue to rely on copious setup and configuration to invoke network rules, create subnets and so on. This manual process limits what server virtualization can do for the data center and the business, and it can expose the business to potential security vulnerabilities from configuration oversights.

Adding NSX to the mix

VMware's network virtualization platform, NSX, aims to extend the effective reach of virtualization out of servers and storage and into the network.

NSX adds network functionality, such as switching routing and firewalls, into the hypervisor layer independent of the underlying physical network hardware. With network functionality built into the hypervisor layer of each server, virtual networks can effectively extend across the data center and support the same types of software-based provisioning, management, security, protection -- such as snapshots -- and restoration that VMs use.

NSX adds network functionality, such as switching routing and firewalls, into the hypervisor layer independent of the underlying physical network hardware.

NSX is a key component of VMware's software-defined data center initiative. Administrators can use NSX to create multiple virtual networks for different groups of VMs, with each virtual network logically isolated and secured from others, just as VMs are logically isolated from each other despite sharing the same hardware.

NSX is built in layers. The data plane implements NSX vSwitch and provides the kernel components needed to integrate with the ESXi hypervisor to handle the virtual network services; these components include distributed firewalls, distributed routing, virtual extensible LAN to virtual LAN bridging and connectivity to physical network devices, such as server network interface cards.

The control plane is always isolated from the data plane, and it uses NSX Controller modules to handle distributed logical routing and routes/forwards traffic in ESXi. VMware supports the management plane with NSX Manager software, which supports the provisioning and configuration of logical networking components, networking services, security services, distributed firewalls and more. At an even higher level, NSX can integrate with cloud infrastructures through frameworks, such as OpenStack.

The advantages of the NSX network virtualization platform

NSX bolsters security, automation and integrity in the network. Security typically involves the use of microsegmentation to divide the virtual network into extremely small segments that are logically enforced regardless of where the corresponding workloads are located or the segments' underlying physical subnet. Security policies and controls can speed proper VM deployment and maintain security posture for the VM even after it's migrated to other physical host servers in other parts of the physical network, which creates lateral security.

Due to the lack of central control for the physical devices involved, configuring a physical network can be a tedious and fallible process. A network administrator can overcome these manual limitations by constructing a virtual network with NSX, which enables the admin to quickly create new networks and dynamically change them to accommodate changing workload demands. NSX automates many of the tasks related to the provisioning and configuration of virtual networks.

The NSX network virtualization platform also improves the integrity of VM workloads on the virtual network. For example, the security and configuration of a virtual network can be associated with individual VM workloads. As VMs move, the virtual network details of the VMs move too, ensuring the same network security and setup regardless of where the workloads operate. Virtual networks can also be created, protected through snapshots, recovered from those snapshots if needed, replicated to other data centers and so on.

Dig Deeper on VMware networking

Virtual Desktop
Data Center
Cloud Computing