Highlights:
This updated version of the document aligns with NSX version 3.2. It includes the following updates:
- NSX vCenter server plug-in for the simple security for applications use case
- Distributed Firewall on vCenter distributed virtual port-groups for VLAN-only micro-segmentation
- NSX Application platform as an optional component to support NSX intelligence and Advanced Threat Prevention features for both the simple security for applications and the data center in a box use cases
- NSX Next-Generation gateway firewall as an optional component for the data center in a box use case
- NSX Advanced Load Balancer as an optional component for the data center in a box use case
About the NSX Easy Adoption Design guide:
VMware NSX Data Center is a full-stack Software-Defined Networking and Security platform from VMware. The full-stack solution (L2/L3 to L4-L7 services ) is flexible and scalable from a minimum footprint of two hosts to the cloud-scale need of large enterprises. This document aims to build a simplified consumption model based on two prescriptive use cases suitable for small footprint, single rack, and satellite data centers.
The two use cases offered in this design guide are:
- A simplified security solution designed for existing workloads where the physical network retains many networking functionalities.
- A full-stack design that primarily targets new deployments minimizing interaction with the external network while providing extensive flexibility and Network and Security services inside the solution.
The solutions presented focus on the following goals and parameters:
- Physical network-friendly configuration – minimum configuration
- Leverage existing knowledge base from vSphere and Security Admin
- Exploit the features and capabilities from NSX-T to build a flexible yet consolidated solution for a variety of application needs, services (NAT, VPN, FW, LB), and security
- Scope of deployment meeting most common footprint for small workload, satellite DC, and hosted solutions
- Self-contained guidance and step-by-step design rational
This document incorporates two main sections. Each of them addresses the two use cases at a different level.
Section 2 covers a high-level overview of the two solutions, together with their value proposition in the context of well-defined requirements and constraints. We also include a brief overview of the relevant NSX-T components.
Section 3 provides a detailed design and engineering specification for both use cases. It includes a comprehensive list of assumptions on the supporting infrastructure. Design decisions have accompanying justifications and implications for making the designs actionable and the rationale behind the choices clear and transparent.
Additional resources and next steps
An example of end-to-end automation for the DC in a Box use case leveraging Ansible is available on github The repository has different branches for different NSX versions.
!!!New!!! Sample automation via Terraform is available on this GitHub repository
Readers are encouraged to reference the NSX Reference Design Guide for NSX implementations outside of the scope of the NSX Easy Adoption Design Guide.
Readers are encouraged to send feedback to NSXDesignFeedback_AT_groups_vmware_com (convert to email format).