VMware NSX

 View Only
  • 1.  NSX and agentless virus protection

    Posted Mar 01, 2017 03:41 PM

    Hi,

    If i only want to use the NSX vshield endpoint function for virus protection, and does not want to use the complex SDN function(logical switch/routing), Is there any way? Can i use standard virtual switch for VM's ?



  • 2.  RE: NSX and agentless virus protection

    Posted Mar 01, 2017 04:10 PM

    You do not need any other NSX function such as VXLAN logical switching or logical routing (NSX DLR, NSX Edge) to be able to use NSX for vShield Endpoint.

    In fact, you would not be able to use them if you are not purchasing NSX and only on NSX vShield Endpoint license

    FAQ: Implementation of vShield Endpoint beyond EOA of vCNS (2110078) | VMware KB

    NSX 6.2.4 and later enables you to manage vShield Endpoint from NSX Manager.

    The license that comes embedded in NSX Manager 6.2.4 and later includes an unlimited capacity NSX for vShield Endpoint license key. To ensure you do not use any other unlicensed NSX features (for example VXLAN, DFW, Edge services), the license key will have hard enforcement to prevent NSX host preparation and block Edge creation.

    With the release of NSX 6.2.4, if you purchased vSphere with vShield Endpoint (Essential Plus and later), you can download NSX. This means that NSX will appear on the vSphere download site, similar to vCNS.

    For vSphere Standard Switch (vSS), I believe you can technically use vSS

    Use Agent VM settings for deploying Guest Introspection (GI) or Service VM (for example Trend Micro Deep Security Virtual Appliance/DSVA)

    However, in the documentation it says that both Service VM and workload VMs only supported on vSphere Distributed Switch (vDS)

    NSX and vSphere Distributed Switches

    NSX services are not supported on vSphere Standard Switch. VM workloads must be connected to vSphere Distributed Switches to use NSX services and features.


    NSX & vSphere Standard Switch Compatibility · vrandom

    it does work, but isn’t supported by VMware, so obviously shouldn’t be utilized in production environments.

    You may want to check with VMware Support (GSS) or at least VMware employee to confirm this