So What’s New?
VMWare NSX is the latest product offering that VMWare has launched into the market. This is something very different from what I am personally used to from my own past experience. In the past, the network has been controlled by the networking equipment. It was done in a traditional sense with vlans for the server environment and things like the DMZ. When a VMWare server was connected, it was done so with a standard trunk port. Then, depending on what the designated vlan was, the interface and all traffic would be tagged accordingly. NSX is something that is putting a twist on this traditional datacenter model.
VMWare NSX uses logical networking, to bring the control strictly into the VMWare product. For reference, the design guide is located here: https://communities.vmware.com/docs/DOC-27683 . I want to call out one diagram that really sums up how things are configured:
This is very important in the overall scheme of things. First off their is the NSX manager that is your dashboard and control panel over the NSX network aspect to your virtual environment. Then you have the NSX logical controllers and routers on the control plane. This is what a virtual machine will actually be “connected” to, virtually of course.
Integrating NSX with Existing Network
The big question a lot of people have first off is “How do you integrate this with my ___insert vendor here___ network?” The answer is very straight forward. There is a layer 3 connection back to your network via a common routing protocol such as BGP or OSPF. Then, the subnets that you used to control with vlans, will be managed from within NSX, keeping your datacenter subnets out of the rest of your network. When I say “managed by NSX” too, I do not mean just connecting a device to the network. The ability to firewall devices and create unique policies is part of this as well. Sure, you won’t be using your usual network hardware such as firewalls, etc but you are not going to lose any of the security features you expect. You are still able to keep your servers locked down, providing specific access to only those you specify.
Beyond the Datacenter
The final thought I have over this summary of the new NSX system is that you can go beyond the datacenter with this. Cloud environments such as AWS are supported as well! That is big to me at least. If I am going to start taking part in the recent big push of cloud computing, I want to work with a platform that I know. VMWare is just about as popular and familiar as it gets. Now you can work with a system that is the same whether your systems are in the cloud or onsite with you. That is huge to me personally. Lastly, I was recently at Network Field Day 15 and the following point was made to me that changed it all. As long as there is a RTT of <150ms, you can vmotion between adjacent datacenters, while retaining network configurations! Therefore you have geographical control now of where your servers are running from. The possibilities from this alone are huge I think personally.
I hope this was informative and a brief look into the new VMWare NSX product. Expect much more coverage from me on this topic, as I have barely covered the tip of the iceberg. If you want to learn more in the mean time, visit http://www.vmware.com/products/nsx.html
Disclaimer: Gestalt IT, organizers of Network Field Day was responsible for my travel expenses to attend Network Field Day. I do not receive any cash compensation as a delegate from either Gestalt It or any of the mentioned vendors. All opinions are my own.