This content is part of the Essential Guide: The ins and outs of VMware security products and features

Refresh your networking knowledge with this NSX overview

Discover the benefits and drawbacks of VMware's network virtualization platform and answer any lingering questions you may have about NSX in this overview.

VMware's NSX platform enables IT administrators to create and manage virtualized networks easily and efficiently. An NSX overview can help admins evaluate NSX to see if it will help them oversee network traffic, security and automation.

Before virtualization, organizations relied on manual server configuration and deployment, a lengthy and error-prone process that didn't let those servers share resources. Virtualization changed the game by abstracting processor, memory, storage and network resources from the hardware, which enables VMs to share resources and, ultimately, aids in server consolidation.

By virtualizing the network, admins can gain management efficiency. For example, NSX abstracts network operations from the hardware onto a virtualization layer, meaning there's no command-line interface and no need for direct administrator intervention. With NSX, admins can create and control virtual networks with access to switches, routers, ports, firewalls and many other networking elements.

Pros and cons of NSX

The NSX platform helps admins create full-featured, software-defined environments by defining and managing networks at the hypervisor level. NSX bolsters security, automation and integrity in the network. Admins have a greater degree of control over their virtual networks with NSX, and networks aren't subject to fallible manual processes.

Admins can associate security and configuration to individual workloads, which means that as VMs move, the virtual network details move, too, ensuring the same security and setup no matter where the VMs operate. Admins can also protect and recover virtual networks with snapshots.

However, there are some drawbacks to the NSX platform. The LAN that secures and links servers, storage and users remains largely manual. Many network components require a great deal of setup and configuration, and this manual process limits the capabilities of server virtualization. Any configuration oversights can also expose organizations to security vulnerabilities.

NSX overview: Networking and security

Because of its layered networking setup, NSX enables traffic across data center boundaries and support for Virtual Extensible LAN. The platform handles dynamic routing between virtual networks performed by the hypervisor as well as static and dynamic routing protocols. The admin can then employ traffic shaping to manipulate traffic, enabling cross-site and remote-access traffic.

NSX has a REST API that enables it to operate with cloud management frameworks, vRealize and third-party tools, such as firewalls, intrusion prevention systems and antimalware. It also uses microsegmentation, a process that isolates security groups from one another, meaning that compromised workloads can't infect or compromise other workloads.

VMware NSX editions

Any NSX overview should discuss the platform's variety of flavors: there's NSX Standard, a base-level edition for SMBs; NSX Advanced, for larger data centers that require greater security; NSX Enterprise, for even larger organizations that need networking and security across two or more domains; and NSX Remote Office Branch Office (ROBO), which virtualizes and secures workloads in off-site locations.

The standard version of NSX comes with features that enable distributed switching, distributed and dynamic routing, and network address translation, as well as a built-in edge firewall, API support, integration with vRealize and OpenStack, log management and Layer 2 interoperability with the physical network. NSX Advanced includes all the standard features as well as stronger security, edge load balancing, distributed firewalls, Active Directory and VMware AirWatch integration, service inspection and support for Application Rule Manager. Enterprise offers all standard and advanced features with additional support capabilities, and ROBO provides everything with the ability to virtualize and secure workloads off-site. However, ROBO doesn't offer distributed routing or Layer 2 interoperability.

NSX tools for virtual network management

VMware NSX integrates with a number of other VMware products and third-party products. NSX Manager is the primary security and virtual network management tool for NSX. It provides edge and security services, presents a simple view of available network services -- both native and third-party -- and orchestrates integration. NSX's REST API also enables admins to automate NSX usage.

Third-party platforms that integrate with NSX include AlgoSec Security Management, Tufin Orchestration Suite, Dell Network OS and Arista Extensible OS. The interoperability that NSX provides enables admins to extend virtualization to the network, rather than cobbling together disparate virtualized entities, and creates greater flexibility, speed and security.

The NSX message bus

NSX also comes with a message bus, which is a system that guarantees the delivery of a specific message to the host, even if the host is unavailable at the time the message is sent. It streamlines computer-to-computer communications and enables senders to specify instructions in each message.

The message bus is implemented with the Advanced Message Queuing Protocol, which enables admins to verify whether certain programs are running. NSX Manager uses the message bus to send information to ESXi hosts, and the message bus is responsible for handling distributed logical router requests. In addition, the message bus can securely transfer firewall rules to the ESXi host.

Dig Deeper on VMware networking

Virtual Desktop
Data Center
Cloud Computing