VMware NSX: Secure and Flexible Network Virtualization

 

 

 

 

Why do you need VMware NSX?

Standing still is not an option. If you want to achieve the required security, you have to break new ground. The new generation of mobile workers wants flexibility. They use multiple mobile devices to work anytime and anywhere. This of course, implies many additional security issues. Hackers are lurking around the corner. And we must admit, it has become a very lucrative business, just think of ransomware. Companies are paying large sums to avoid image damage. Brand protection is of utmost importance. One breach can destroy your good name forever.

Therefore, the road from your source to your devices must be highly secure. End-to-end security is crucial, but higher security often compromises flexibility. The more security, the harder to adapt things. We all know that making changes in your physical datacenter or on your network takes some time… If you want flexibility and agility on your network without compromising your security: think VMware NSX!

 

What is VMware NSX?

VMware NSX is the network virtualization platform that enables the implementation of virtual networks on your physical network and within your virtual server infrastructure. It delivers the operational model of a virtual machine for the network. NSX can be categorized as a Software-Defined Networking (SDN) solution that allows network administrators to programmatically initialize, control, change, and manage network and security behavior dynamically.

Similar to virtual machines for compute, virtual networks are programmatically provisioned and managed independent of the underlying hardware. This is very cost effective because you do not need to make changes in your physical network. All updates and adaptations can be performed remotely and much quicker and in an automated way.

NSX reproduces the entire network model in software, enabling any network topology—from simple to complex multi-tier networks—to be created and provisioned in seconds. It enables a library of logical networking elements and services, such as logical switches, routers, firewalls, load balancers, VPN, and workload security. Users can create isolated virtual networks through custom combinations of these capabilities.

Contact

Would you like to know more about VMware NSX or do you want one of our experts to contact you? Please fill out this form:

*Is this form not visible? Please send an email to [email protected]

  • Logical switching :
    Reproduce the complete L2 and L3 switching functionality in a virtual environment, decoupled from the underlying hardware.
  • NSX Gateway :
    L2 gateway for seamless connection to physical workloads and legacy VLANs.
  • Logical Routing :
    Routing between logical switches, providing dynamic routing within different virtual networks.
  • Logical Firewall :
    Distributed firewall, kernel enabled line rate performance, virtualization and identity aware, with activity monitoring .
  • Logical Load-Balancer :
    Full featured load balancer with SSL termination.
  • Logical VPN:
    Site-to-Site & Remote Access VPN in software
  • NSX API :
    RESTful API for integration into any cloud management platform

Like server virtualization for compute, the NSX network virtualization approach allows data center operators to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand. A virtual network is actually a software container that provides logical network components to connected workloads—logical switches, routers, firewalls, load balancers, VPNs and more. You can compare it to a virtual machine that is also a software container that provides logical CPU, memory and storage to an application.

Virtual networks are programmatically created, provisioned and managed, utilizing the underlying physical network as a simple packet forwarding backplane. Network services are programmatically distributed to each virtual machine, independent of the underlying network hardware or topology, so workloads can be dynamically added or moved and all the network and security services attached to the virtual machine move with it, anywhere in the data center.

Completely decoupled from physical network hardware

Network virtualization works as an overlay above any physical network hardware and works with any server hypervisor platform. The only requirement from a physical network is that it provides IP transport. There is no dependence on the underlying hardware or hypervisor. The NSX Gateway allows legacy VLANs and physical hosts to be mapped into virtual networks.

Reproduce the physical network model in software

NSX reproduces the entire networking stack in software within each virtual network. It offers a distributed logical architecture for L2-7 services including, logical switch, router, firewall, load balancer and VPN. These logical network services are provisioned programmatically when virtual machines are deployed and move together with the virtual machines during a vMotion. Existing applications operate un-modified and see no difference between a virtual network and a physical network connection.

Automate the delivery of network services

NSX exposes a RESTful API, allowing cloud management platforms to automate the delivery of network services. Network provisioning, which used to take days or weeks, now only takes seconds. That is because network services are now delivered to applications by the virtual network, no manual reconfiguration of physical network devices is necessary.

NSX Service Composer enables the automation of the consumption of services and their mapping to virtual machines using a logical policy. Customers can assign policies to groups of virtual machines and as more virtual machines are added to the group; the policy is automatically applied to the virtual machine.

Customers can build advanced workflows automating security, compliance and network provisioning including load balancing and firewall rules.

Extensibility

NSX offers a platform to insert other vendor services. Integrated software and hardware partner products can range from network gateway services, application delivery services, and network security platforms to security services. The next visual shows the integration of the Palo Alto Networks Next-Generation virtual firewall with VMware NSX. The firewall connects seamlessly with the hypervisor and all the virtual firewall features are available for each virtual machine. If a virtual machine vMotions to another location, it remains protected because the set firewall rules will follow the movements of the virtual machines.

 

 

 

 

 

 

 

 

 

 

NSX can be deployed in a VMware vSphere® environment where it is completely integrated with the vSphere, VMware vCloud Director® and VMware vCloud® Automation Center™.

  • Network provisioning time reduced from days to seconds
  • Achieve operational efficiency through automation
  • Place and move workloads independent of physical topology
  • Deploy on any hypervisor and consume through any cloud management platform
  • Integrate third-party network and security solutions through standard APIs
  • Non-disruptive deployment over existing physical networks or next generation topologies