This content is part of the Essential Guide: The essential guide to VMware NSX SDN technology

Top VMware NSX use cases go beyond microsegmentation

Microsegmentation has become a popular reason for organizations to adopt VMware NSX. Emerging use cases, including multisite and multi-cloud, could broaden the SDN platform's scope.

VMware NSX owes much of its adoption to the popularity of its microsegmentation function, but other NSX use cases...

are starting to get IT departments' attention.

NSX use cases were initially few and far between, with network administrators citing cost and complexity as common roadblocks to adoption in midsize organizations. But the network virtualization platform saw consistent growth last year, with VMware reporting a 40% year-over-year increase in license bookings in its fiscal year 2018 second quarter earnings report.

Attendees at last month's Virtualization Technology User Group event in Foxborough, Mass., learned about the most common NSX use cases and how VMware's network virtualization platform handles security, automation, multisite connectivity and more.


One of the top NSX use cases is security -- microsegmentation in particular, said Luca Camarda, a solutions architect at VMware, in a session. Microsegmentation is an application policy and data management model that divides the virtual network into smaller logical units -- typically, applications or workloads -- to which administrators can apply custom security policies. This setup reduces the surface area for potential attacks and automatically restricts access to other units in the network if one unit is compromised.

VMware NSX also employs a distributed firewall, which sits in the hypervisor and can stretch across connected hypervisors. It's a stateful firewall, which means it monitors all east-west traffic on active connections and uses microsegmentation to prevent unauthorized VMs from communicating with each other.

Finally, policies are an integral part of NSX security, Camarda said. The administrator can apply security policies to different groups and the built-in NSX Service Composer automatically enforces them. NSX also integrates with vRealize Log Insight for centralized logging and monitoring of distributed components to make it easier for admins to identify issues.

Data center consolidation

VMware has seen a steady increase in the number of NSX implementations for the purpose of enabling data center consolidation, according to Peder Ulander, a vice president of product marketing at the company. Many large organizations have multiple data centers, each of which includes separate hardware and manages tens to hundreds of racks and hundreds of desktops. Data center consolidation can help mitigate costs and improve security and compliance, but the consolidation process can be time-consuming and can waste resources.

VMware NSX addresses this data center consolidation issue by offering network automation. Automating manual processes, such as resource provisioning, saves time, eliminates the risk of network misconfiguration and frees up IT staff to focus on more pressing tasks.

NSX integrates with vRealize Automation (vRA) and VMware Integrated OpenStack, so the network administrator can use NSX to set up the initial network configuration and vRA to define networks and profiles. The security administrator can then use NSX to define distributed firewall rules and security groups, policies, and tags, and can use automation to apply them to select VMs. If a VM is noncompliant with a policy, it's automatically quarantined until the issue is resolved.

Application continuity

Organizations require the ability to maintain consistent networking conditions -- across data centers and between the data center and the cloud -- to seamlessly deploy apps regardless of location, Camarda said.

One way NSX creates application continuity is through multi-data center pooling, which enables an organization to use its infrastructure in various locations while drawing from a single pool of resources without the need for IP reconfiguration.

NSX also uses disaster recovery (DR) to improve app continuity. Businesses need to be able to fail over to ensure continuous availability and avoid costly downtime. NSX integrates with VMware Site Recovery Manager (SRM), which automates failover and DR testing. In the event of a failure, SRM relies on multi-data center pooling to fail over from one data center in the network to another.

SRM also integrates with Cross-vCenter (VC) NSX, which establishes logical networking and security across multiple vCenters and enables admins to configure the same subnet on multiple sites, but only keep one active at a time. SRM and Cross-VC NSX offer multisite spanning with universal logical switches and active/active node configuration, which passes traffic from a failed node to another node in the same cluster, and can load balance traffic across the remaining nodes in the cluster for high availability.

This multisite capability is well on its way to becoming one of the primary NSX use cases, Camarda said.

Cloud integration

With the growing demand for multi-cloud services, VMware has made moves to incorporate NSX into VMware Cloud (VMC) on Amazon Web Services (AWS).

VMware NSX-T, a version of NSX for non-vSphere infrastructures, KVM distributions and OpenStack deployments, added support for multi-cloud and multi-hypervisor environments with version 2.0. Part of VMware Cloud Foundation, NSX Cloud is an as-a-service offering that integrates NSX-T features into the user's public cloud and delivers NSX policy and microsegmentation capabilities within the AWS Cloud. It also enables administrators of VMC on AWS to create and run multiple Virtual Private Clouds from a single point of management.

With these integrations, VMware shops can take the capabilities they're accustomed to using and apply them to the AWS Cloud, which prevents them from having to change the way they view infrastructure or build new silos, Ulander said.

Dig Deeper on VMware networking

Virtual Desktop
Data Center
Cloud Computing