VMware NSX

 View Only

NSX Easy Adoption Design Guide

By Luca Camarda posted 25 days ago



This updated version of the document aligns with NSX version 3.2 (Guidelines are still valid and 100% applicable to the NSX 4.1 version). It includes the following updates:

  • NSX vCenter server plug-in for the **** security for applications use case
  • Distributed Firewall on vCenter distributed virtual port-groups for VLAN-only micro-segmentation
  • NSX Application platform as an optional component to support NSX intelligence and Advanced Threat Prevention features for both the **** security for applications and the data center in a box use cases
  • NSX Next-Generation gateway firewall as an optional component for the data center in a box use case
  • NSX Advanced Load Balancer as an optional component for the data center in a box use case

About the NSX Easy Adoption Design guide:

VMware NSX Data Center is a full-stack Software-Defined Networking and Security platform from VMware. The full-stack solution (L2/L3 to L4-L7 services ) is flexible and scalable from a minimum footprint of two hosts to the cloud-scale need of large enterprises. This document aims to build a simplified consumption model based on two prescriptive use cases suitable for small footprint, single rack, and satellite data centers.
The two use cases offered in this design guide are:

  • A simplified security solution designed for existing workloads where the physical network retains many networking functionalities.
  • A full-stack design that primarily targets new deployments minimizing interaction with the external network while providing extensive flexibility and Network and Security services inside the solution.

The solutions presented focus on the following goals and parameters:

  • Physical network-friendly configuration – minimum configuration
  • Leverage existing knowledge base from vSphere and Security Admin
  • Exploit the features and capabilities from NSX-T to build a flexible yet consolidated solution for a variety of application needs, services (NAT, VPN, FW, LB), and security
  • Scope of deployment meeting most common footprint for small workload, satellite DC, and hosted solutions
  • Self-contained guidance and step-by-step design rational

This document incorporates two main sections. Each of them addresses the two use cases at a different level.

Section 2 covers a high-level overview of the two solutions, together with their value proposition in the context of well-defined requirements and constraints. We also include a brief overview of the relevant NSX-T components.

Section 3 provides a detailed design and engineering specification for both use cases. It includes a comprehensive list of assumptions on the supporting infrastructure. Design decisions have accompanying justifications and implications for making the designs actionable and the rationale behind the choices clear and transparent.

Additional resources and next steps

An example of end-to-end automation for the DC in a Box use case via Ansible is available on this GitHub repo. The repository has different branches for different NSX versions.

An equivalent automation via the NSX Terraform provider is available on this GitHub repository.

Readers are encouraged to reference the NSX Reference Design Guide for NSX implementations outside of the scope of the NSX Easy Adoption Design Guide.

Readers are encouraged to send feedback to NSXDesign-Feedback_pdl@broadcom_com (replace _  with .)

0 Favorited
1 Files