VMware NSX: Software Features & Services
VMware NSX is a software-defined network (SDN) solution that mimics the virtual machine deployment model by programmatically reproducing complex networks and security. NSX virtualizes the network and security functions. NSX has no hardware dependency and reproduces the network model for virtual workloads in software.
In simple words, VMware’s NSX-V software abstracts the underlying physical network by introducing a software layer that makes it easy to consume network resources by creating multiple virtual networks. NSX-V also allows for deploying multiple logical network services on top of the abstracted layer.
VMware acquired NSX from Nicira in July 2012. Nicira’s NSX was primarily being used for network virtualization in a Xen-based hypervisor.
Let us have an overview of these features in brief.
Logical switching: NSX allows the ability to create Layer 2 (L2) and Layer 3 (L3) logical switching. This, in turn, helps in workload isolation and separation of IP addresses between logical networks. NSX can create logical broadcast domains in the virtual space. This helps in preventing the need to create any logical networks on the physical switches. Technically speaking, we are no longer limited to 4,096 physical broadcast domains (VLANs).
NSX gateway services: The interconnection between logical and physical networks is facilitated by the Edge gateway services, namely, the NSX gateway service. In simple words a virtual machine connected to a logical network can send and receive traffic directly to the physical network through the gateway.
Logical routing: NSX supports the creation of multiple virtual logical networks that may be used by multiple virtual machines. Logical routing helps in routing the traffic across different logical switches or even between a logical switch and public networks. Logical routing can be extended to perform east-west routing that saves unnecessary network hops, and thus, increasing network efficiency. Logical routers can also provide north-south connectivity that allows access to workloads living in the physical networks. Logical routers also help avoid hair-pinning of traffic, and hence, increases network efficiency.
Logical firewall: A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. NSX offers an additional service similar to the firewall that allows the option of a distributed logical firewall or an Edge firewall for use within software-defined networking architecture. A virtual firewall runs in the kernel of the ESXi host. A distributed logical firewall allows building rules based on attributes that includes IP addresses, VLANs, virtual machine names, and vCenter objects too.
Extensibility: In order to have seamless connectivity integration and ensure smooth interpretability between VMware NSX and other services, there are third-party VMware partner solutions that allow a vendor choice in multiple service offerings. There are many VMware partners who offer solutions such as traffic monitoring, IDS, and application firewall services that can integrate directly into NSX. This indirectly enhances management and end-user experience.
Load balancer: NSX Edge offers a variety of services, and the logical load balancer is one of them. The logical load balancer distributes incoming requests among multiple servers to allow for load distribution. To ensure maximum uptime of hosted application, the logical load balancer can also be used in a high availability (HA) mechanism.
Virtual private networks (VPN): A virtual private network extends a private network across a public network and enables users to send and receive data across shared or public networks as if the computing devices are directly connected to the private network. The NSX Edge offers the VPN service that allows provisioning secure encrypted connectivity for end users to the applications and workloads. Edge VPN service offers SSL-VPN plus it allows for user access and IPSEC site-to-site connectivity, which enables two sites to be interconnected securely.
Dynamic Host Configuration Protocol (DHCP): NSX Edge offers DHCP services that allow IP address pooling and static IP assignments. The DHCP service can also relay DHCP requests to the existing DHCP server as well. The NSX Edge DHCP service can relay any DHCP requests generated from the virtual machines to a pre-existing physical or virtual DHCP server without any interruptions.
Domain name system (DNS): DNS translates domain names into IP addresses, hence, allowing to access an Internet location by its domain name. NSX Edge offers a DNS relay service that can relay any DNS requests to an external DNS server.
Service composer: The service composer allows you to allocate network and multiple security services to security groups. Virtual machines that are part of these security groups are automatically allocated the services.
Data security: NSX data security provides visibility into sensitive data, ensures data protection, and reports back on any compliance violations. A data security scan on designated virtual machines allows NSX to analyze and report back on any violations based on the security policy that applies to these virtual machines.
NSX is uniquely positioned to solve these challenges as it can bring networking and security closest to the workload itself and carry the policies along with the workload.
NSX requires a vSphere environment with vCenter to coordinate changes, including deploying, configuring, and removing NSX components and services. NSX and vCenter have a tight integration. NSX is not an NFV solution but an SDN solution. NSX does virtualize network and security functions, but it does so by using a methodology that goes beyond just replicating the functionality, and all the caveats, the physical network or security appliance provides.
Hope this was helpful.