Why NSX?

There is no doubt that IT organizations have gained significant benefits as a direct result of server virtualization. Tangible advantages of server consolidation include reduced physical complexity, increased operational efficiency, and simplified dynamic pooling of compute and storage resources. These technology solutions have delivered on their promise of helping IT to quickly and optimally meet the needs of increasingly dynamic business applications.

VMware’s Software-Defined Data Center (SDDC) architecture moves beyond the server, extending virtualization technologies across the entire physical data center infrastructure. VMware NSX, the network virtualization platform, is a key product in the SDDC architecture. With VMware NSX, virtualization now delivers for networking what it has already delivered for compute.  Layer 2 to layer 7 networking services (e.g., switching, routing, firewalling, and load balancing) can be quickly, flexibly and securely reproduced in software to make today’s IT organization more agile, secure and resilient.

Why would I want to virtualize network services? What’s a use case?

Security & Distributed Firewalling. Existing network security solutions are optimized for perimeter-based defense, but server-to-server traffic (East-West), which represents 80 percent of overall data center traffic, is not inspected by security controls. An attacker who gains access to one server may be able to move freely within the data center after penetrating the perimeter.
Blog Graphic
A traditional solution to this scenario is to perform all routing on a firewall device to steer VM traffic to the edge of the datacenter. But, hardware firewalls are expensive and impose throughput limits on traffic. This usage of hardware firewalls undermines the performance and low latency of modern, line-rate, Layer 3 switches and routers while increasing latency. VMware NSX is a disruptive approach to data center security:

  • Micro-segmentation. Firewall rules can be imposed granularly, at the VM Port level allowing for intra-host access controls.
  • Scales with every ESXi host added to the data center. A single hypervisor can outperform some of the industry’s most expensive firewalls with firewall and routing functions performed in kernel.
  • NSX can be deployed without changing the underlying physical network.

In addition to NSX’s native features, the platform also allows for rich partner integrations from vendors like Palo Alto Networks.
We’ll be covering this further at a series of events. Head over to our events calendar to find an event near you.



About the author

Director of Engineering

Nick is a key figure on the networking and security team at Candoris. His extensive knowledge and experience with infrastructure systems design has made him an invaluable asset to the data center engineering team. Nick holds an impressive amount of professional and expert level certifications with network, security, virtualization and storage vendors. He seeks to understand emerging technologies and solutions, and how they might be leveraged to advance business goals.