VMware NSX: Virtualizing networks

VMware NSX

VMware NSX: All you need to know

Virtualization, in Layman’s language, is the abstraction of a hardware. Virtualization has given this generation the freedom to run more than one independent computer system on a single physical computer system, saving costs and definitely the complexities. In simple terms, virtualization can be understood simply as the replacement of some physical component with a virtual one.

Virtualization means building a model for something, such as a machine or server, into code and creating a software program function that acts similar to what it is modeling. For instance, a virtual machine performs tasks just like a physical machine, even though it doesn’t have its own physical components.

Virtualization can easily be understood through the following example. Suppose an organization requires a total of 12 servers to meet its needs. Each of these 12 servers could run on 12 separate computers, in which case there will be 12 computers in the server room. Alternatively, through virtualization 12 servers could run on just two computers.

In effect, each of those computers would simulate six separate computer systems, each running one of the servers. This is how virtualization simulates the existence of a physical computer.

The replicated computers are called virtual machines or VMs. Each virtual machine appears to be a complete, self-contained computer system with its own processor, memory, disk drives, CD-ROM/DVD drives, keyboard, mouse, monitor, network interfaces, USB ports, and so on.

Just like a real computer requires an operating system, each virtual machine requires an operating system too to do productive work. The operating system has no idea that it’s running on a virtual machine rather than on a real machine.

Some specific types of virtualization that exist are virtual storage devices, virtual machines, virtual operating systems and virtual network components for network virtualization. Here, we will focus on Network Virtualization. Network virtualization can be thought of as being similar to cloud computing, but there exists some differences.

In network virtualization, individual servers and other components are replaced by softwares which are the replica of the physical system and hence operate operate exactly in the same manner as the physical hardware pieces. For example, a virtual machine is just a software representation of a computer and not an actual computer.

VMware NSX is one such platform which facilitates network virtualisation. VMware NSX is the network virtualization platform that enables the implementation of virtual networks on your physical network and within your virtual server infrastructure. It delivers the operational model of a virtual machine for the network.

NSX can be categorized as a Software-Defined Networking (SDN) solution that allows network administrators to programmatically initialize, control, change, and manage network and security behavior dynamically.

Security is the major concern of every business these days. Hackers are lurking around the corner and securing the data becomes of utmost importance for businesses. Also, the new generation of mobile workers wants flexibility, in the sense to use their mobile devices anytime and anywhere. And this calls for ensuring security even more.

Companies pay large sum of money in order to keep up with the security and simultaneously grow their market. End-to-end security is crucial, but higher security often compromises flexibility.

The more security, the harder to adapt things. We all know that making changes in your physical datacenter or on your network takes some time. If you want flexibility and agility on your network without compromising your security, VMware NSX is the solution.

VMware, a software virtualization company, works on the concept of ‘do more with less’. The company has very well been able to stick to its policy and has built certain softwares which actually do more with less. With virtual storage and virtual operating system already blooming the IT industry, VMware has reached yet another milestone by developing a software which virtualizes network.

We all need a network that is fortified form threats, a network that is fast enough to meet your business needs and a network which is agile enough to instantly accommodate your demands. And if we get handy of something which does all of this using less time and money.

Vmware has used less-is-more software defined approach to network and has developed VMware NSX, which allows to provision and manage our networking functions from firewalling to switching using a software rather than hardware. This development has resulted in level of security, speed, agility and cost efficiency which was impossible with the traditional architecture.

Greatest security is of top concern to everyone. With micro segmentation, VMware NSX data centre has addressed this issue. VMware has also tied security policies to applications. This ensures that even if applications change, it will maintain its protection. VMware NSX data centre for automation brings immediate gains, efficiency and innovation while enabling IT to keep up with the speed of business.

VMware NSX also make use of standardised predefined templates to provision consistent networking and security, speeding up provisioning time from days or weeks to seconds.

VMware NSX connects various users sharing the same physical environment using virtual networks invisible to each other. VMware NSX factors in the demand for greater agility in the application infrastructure. With multi-cloud networking, VMware NSX can replicate the networking and security configuration of our environment across multiple clouds. This also assists in seamlessly connecting applications deployed anywhere and extending the network.

If your IT team needs to improve your organization’s security and at the same time it needs to capture the speed that your business demands, VMware NSX data center will do it for you.

VMware NSX reproduces the entire network model in software which enables any network topology, ranging from simple to complex multi-tier networks, to be created and provisioned in seconds. From logical switches to routers, firewalls, load balancers, VPN, and workload security; VMware NSX enables a library of logical networking elements and services. Users also have the freedom to create isolated virtual networks through custom combinations of these capabilities.

NSX can be deployed in a VMware vSphere environment where it is completely integrated with the vSphere, VMware vCloud Director and VMware vCloud Automation Center. The VMware NSX network virtualization use approach of third-party operators to treat their physical network as a pool of transport capacity that can be consumed and repurposed on demand. A virtual network is actually a software container that provides logical network components to connected workloads.

VMware NSX Features

VMware NSX is a full package which comes with umpteen features that have in one or the other way lead to progression. With such an advancement in technology, network provisioning time has reduced from days to seconds. Our businesses are said to be achieving efficiency in their operations because of automation.

VMware NSX can be deployed on any hypervisor and consumed through any cloud management platform. We can place and move workloads independent of physical topology. VMware NSX has also made integration of third-party network and security solutions through standard APIs. Let’s look at these features in detail.


VMware NSX logical switches make use of a unique VXLAN expanded as Virtual Extensible LAN network identifiers. This is used to create a logical overlay extension for the L2 network, to which applications and tenant virtual machine can then be logically wired. These logical broadcast domains not only provide greater flexibility but also faster deployment.


VMware NSX performs routing via two channels – logical distributed routers and physical routers. Logical distributed routers create routes between virtual networks at the hypervisor kernel and physical routers scale-out routing with active-active failover.

Distributed firewalling

The VMware NSX distributed firewall is nothing but simply a hypervisor kernel-embedded firewall which spreads out over the ESXi host. A network administrator can create custom firewall policies. These policies are enforced at the virtual network interface card (vNIC) level. They have come to force to enforce stateful firewall services for virtual machines and to increase visibility and control for virtualized networks and workloads.

Load balancing

VMware NSX offers a L4-L7 load balancer. The task of load balancer is to intercept, translate and manipulate network traffic to improve enterprise application availability and scalability. The VMware NSX load balancer is incorporated with support from Secure Sockets Layer (SSL) offload for pass-through and server health checks. The L4 load balancer renders packet-based load balancing whereas the L7 load balancer renders socket-based load balancing. Packet-based load balancing aids in sending the packet to a specific server after it is manipulated. On the other hand, socket-based load balancing establishes client- and server-facing connections for a single request.

Virtual private network (VPN)

VMware NSX encompass site-to-site and remote access VPN capabilities and unmanaged VPN for cloud gateway services.

VMware NSX Edge gateway

The VMware NSX Edge gateway is a virtual machine that behaves exactly like an appliance to perform L3 routing, firewalling, site-to-site virtual private networking, load balancing and more. This feature is also said to offer support for VXLAN to VLAN which bridges for seamless connection to physical workloads.

Application programming interface (API)

VMware NSX uses a Representational State Transfer-based (REST) API. This simplifies third-party product and service integration. This also helps to integrate VMware NSX with cloud management for additional automation capabilities.


Native operations capabilities which include central CLI, Switch Port Analyzer (SPAN), IP Flow Information Export (IPFIX), Application Rule Manager (ARM), Endpoint Monitoring and integration with VMware vRealize Suite ensures proactive monitoring, analytics and troubleshooting.

Dynamic security policy

VMware NSX is equipped with a feature called Service Composer which enables the network administrator to provision and assign network and security services to applications. The administrator can also use Service Composer to create dynamic securBottomoups with custom filters, such as VMware vCenter objects and tags, OS type and Active Directory (AD) roles.

Cloud management

For cloud management, VMware NSX natively integrates with vRealize Automation and OpenStack.

Cross-vCenter Networking and Security (Cross-VC NSX)

This capability of VMware NSX scales NSX vSphere across vCenter and data center bouna daries, hence enabling the network administrator to address capacity pooling across vCenters, simplify data center migration, perform long-distance vMotions and perform disaster recovery (DR).

Log management

VMware NSX integrates with vRealize Log Insight, which receives log entries from ESXi hosts, uses content packs to process the information each log entry contains and identifies issues within the NSX deployment.

The Bottom Line

Similar to virtual machines for computer, virtual networks are programmatically provisioned and managed independent of the underlying hardware. This is very cost effective because you do not need to make changes in your physical network. All updates and adaptations can be performed remotely and much quicker and in an automated way. Network virtualization works as an overlay above any physical network hardware and works with any server hypervisor platform. It is completely decoupled from physical hardware.

The only requirement from a physical network is that it provides IP transport. There is no dependence on the underlying hardware or hypervisor. The VMware NSX is the pathway to network virtualization. It allows legacy VLANs and physical hosts to be mapped into virtual networks.

Related posts