This content is part of the Essential Guide: The ins and outs of VMware security products and features

Which VMware NSX features handle networking and security?

The VMware NSX network virtualization platform provides a flexible software-defined networking overlay and granular security to round out the company's software-defined data center.

VMware NSX features, such as logical switching, load balancing and microsegmentation, bring robust networking, operations and security support, as well as capabilities to the company's software-defined networking platform. Let's take a closer look at some of these features and how NSX puts them to good use.

Layered networking

NSX handles switching as Layer 2 extensions over a Layer 3 fabric, which enables traffic across data center boundaries, as well as support for Virtual Extensible LAN (VXLAN) networks. NSX handles dynamic routing between virtual networks performed by the hypervisor, operates scale-out/active-active failover between physical routers and also handles static and dynamic routing protocols, such as Open Shortest Path First and Border Gateway Protocol.

Distributed stateful firewalls in the hypervisor can handle up to 20 Gb of traffic bandwidth per host while supporting Active Directory (AD) and activity monitoring.

NSX also provides load balancing with a Layer 4 to Layer 7 load balancer with Secure Socket Layer offload and pass-through to boost performance. Regular server health checks ensure hardware integrity.

The network administrator can employ traffic shaping to manipulate traffic through programmable rules. VPN features allow cross-site and remote-access traffic, while an NSX gateway handles VXLAN to virtual LAN bridging for seamless physical workload access.

Key VMware NSX features
VMware NSX features add security and flexibility to the company's software-defined data center.

NSX operations

There are many VMware NSX features that enable seamless integration with other VMware and third-party tools. NSX provides a REST API that can interoperate with cloud management frameworks, such as OpenStack; tools in the vRealize family, such as vRealize Automation; and third-party tools, such as firewalls, intrusion detection/prevention systems, antimalware, application delivery systems and so on.

Explore the capabilities of NSX

VMware NSX addresses the problems posed by physical networks and manual configuration by defining and managing logical networks at the hypervisor layer. VMware currently offers four NSX licenses -- Standard, Advanced, Enterprise and Remote Office/Branch Office.

NSX can support data center operations through comprehensive infrastructure troubleshooting capabilities like Internet Protocol Flow Information Export and SPAN.

NSX also supports integrations with vRealize Operations for orchestration and automation and vRealize Log Insight for log analytics, trends and alerts. NSX's Application Rule Manager and Endpoint Monitoring tools enable the administrator to visualize traffic and create security rules that span across the data center.

NSX security features

From a security perspective, microsegmentation is perhaps the most compelling of the VMware NSX features. Microsegmentation enables the creation and management of dynamic, logically isolated security groups based on policies and application context. This can offer more security than conventional IP and MAC address details.

Security policies also extend to user login with identity-based policies that combine login information from VMs and AD, and mobile device management platforms enable comprehensive user access security for the NSX network. Security also extends across vCenter and physical data center borders. This enables data center disaster support for redundant -- active-active -- data center facilities while ensuring consistent security postures.

Dig Deeper on VMware networking

Virtual Desktop
Data Center
Cloud Computing