Ask the Expert: VMware NSX definition and features

This Ask the Expert session is now open for questions. For the next couple of weeks our Subject Matter Expert will be around to reply to your questions, comments or inquiries about our topic.

Let’s make this conversation useful, respectful and entertaining for all. Enjoy!

Hi Raymundo,

What is the difference between VCNS (vCloud Network and Security) and VMware Nsx?

In terms on private and public cloud what options does NSX offers?

Hello there,

From a holistic perspective, the NSX is a core piece both in the solutions of public cloud, hybrid or private, first hybrid cloud or public cloud mainly composed of vCloud Director and vCloud Air VMware NSX is not only an element in the underlying all the virtual network infrastructure but also provides advanced network services, namely translation of IP addresses, DHCP, firewall, routing, VPN "site to site" ipsec VPN or extensibility to other data centers or cloud based on VMware vSphere with NSX also have a level of security that no one has at hypervisor level, distributed routing as well as  abstraction of network segments in layer 2 (OSI) by means of logical switches (VXLAN).

The issue of virtual networks is not new within the VMware cloud computing, however VMware NSX potentiates the possibilities of setting up virtual networks, making more simplified the complexity of operation and implementation, and are profitable costs against the benefits of purchasing hardware for managing a multi-tenant service in terms of physical network, ie can provide even more services network independent of physical network topology.

As VCD-SP is in my opinion, 90% networking virtual NSX gives us a cloud solution less complicated and more complete, sticking not only the functions Commercial papers to but can provide the necessary service provisioning elasticity Network to virtual machines.

In the field of private cloud with VRA (vRealize Automation) in conjunction with NSX results in a greater degree of control over the services of virtualized to provide network, such as talking about a tier virtual machines or applications, it can be a demand to provide services such as networking pack, routing to demand, demand security, load balancing among others, and even more integration with third-party software through the API's (the dvfilter) shades are possible; also through the plug-in NSX VRO (vRealize Orchestrator) "zero trust model" -Forrester- a virtual level possible.

In conclusion VMware NSX gives us a different way of services as they have always been on the market, where technically possible schemes never seen before are provided, and a degree of control, integration and operation very important intra / inter clouds like for example DRP to cloud, cloud extensibility between virtual data center, and very soon hypersegmentacion and hybrid networking.

Forrester Research : Research : No More Chewy Centers: The Zero Trust Model Of Information Security

NSX and vCloud Director - The Missing Guide

http://cacm.acm.org/magazines/2014/10/178789-abstractions-for-software-defined-networks/abstract

http://yuba.stanford.edu/~casado/nsdi14-paper-koponen.pdf

What does the concept of GoldiLocks mean?

Hi there,

-In the story "Goldilocks and the Three Bears," a little girl named Goldilocks liked everything just right. Her porridge couldn't be too hot or too cold. And her bed couldn't be too hard or too soft. On Earth, everything is just right for living things. It's warm, but not too warm. And it has water, but not too much water-.

Then Planet Earth is a goldilocks planet or a planet in the goldilocks zone, according to NASA definition, in short, the planer earth has the duality in conditions mutually exclusive which gives the sustainability of life.

So if we made the extrapolation of concepts in terms of security, the duality mutually exclusive of properties for secure the apps running in a VM by taken the security as near as the VM, but not so far to not control the physical network to not to know what is the application, what is the data and users accessing that application.

Let me try to be concise on his point, the hypervisor is the goldilocks zone for the security, which means that we can have nowadays thanks to NSX and nobody has it, let’s called security zone running inside the hypervisor been able to be enough isolated like the memory management mechanisms does for VM’s, for nor to be in the same attack zone in same “wire” or communication channel of threats, this is called isolation or micro-segmentation, at the same time we have a channel of communication inside the VM to know what is going on, again like the memory management mechanism in VMware vSphere does for instance for ballooning driver, so we can have the ability to control everything thanks to the universe of third party vendors for wherever security condition, thanks again to API’s (netX or EPSec API’s) exposure of VMware NSX. Where in addition can take actions or orchestrate what to do in presence of some conditions.

So VMware NSX empowers security to be everywhere at same time in VMware hypervisor turning in VMware vSphere hypervisor into the Virtual Networking and Security hypervisor, for the Software Defined Datacenter.

+vRay

What is the difference with other solutions in the market?

Hi there,

First, doing a little bit of history, VMware is not new to virtualization as it is known by everyone in the same way has continued in parallel the development of solutions initially network virtualization in a virtual environment of vSphere, from the characteristics in VSS (vSphere Standard Switch) and VDS (vSphere Distributed Switch), things that today are taken for granted without a virtual data center simply would not be complete, following in this regard the development of management technologies networks became more and more sophisticated, it realize products like vShield, which brought changes to the network services of the hand of the already existing natural behavior of vSphere Virtual Network finally in this last wave with Nicira acquisition, VMware is betting on the abstraction of the network and network services, making a merger between vShield and the NPV (Network virtualization platform), resulting VMware NSX.

As a platform for software defined networks, NSX comes to add more abstraction functions that only a check box or button on a nice GUI, NSX is embedded in the most determinant level of performance of VMware virtualization, ie the hypervisor, in the days of the switches distributed N1KV, this pointed to physical network functions and security would be reduced to a special purpose virtual machine (security or switching), and that the market would remain gray and shades,as per today NSX moved in all that security and network control to the hypervisor, see your proposed solutions with third party vendror as IDS, NGFWs, among others. VMware NSX as solution SDN although not only is the most disruptive in many ways, and its main difference between all solutions is basically the way works to the SDN within a data center defined by software, not the aggregation of another layer to the hypervisor, nor a passive intermediary between virtual machines and the Kingdom of the network, it is the network itself, it is the security running in the hypervisor at service of Virtual Machines.

+vRay

What are the training options and knowledge sources?

Hello,

Today there are many sources but not all are reliable and easy to get lost among so much information, I enlisted some that I think are the most important, depending the goal is that we can count:

Intro NSX

This is an online course of short duration (3hrs), it's any basis for understanding NSX in friendly way, this can take you to  the exam VCA-NV or entry level VMware NSX, however, if the goal is to learn without NSX enter in depth, this course is appropriate.

For the purpose of certification VCP-NV, apart from the "blue print" this link to guide crumbling all points mentioned in the official print of Blue exam.-

https://richdowling.wordpress.com/vcp-nv/

Just take into account the examination code version NSX being evaluated.

If the goal is to learn only a little more detail tech talks of VMware on YouTube are a good choice if flat or have access to recorded sessions from VMworld some also on YouTube, mainly those that are not technical about NSX, otherwise, the 2014 and 2015 sessions of NSX and Security are good sources of knowledge, including to fine issues NSX performance and design.

for the purpose of certification VCIX-NV, also apart from Blue print Official certification for this link:

VCIX-NV Study Guide | Lostdomain.org

which is an excellent guide who covers all points in the Blue print, continuing the theme of VMworld sessions, in addition to those mentioned in the preceding paragraph, the good operational practice sessions and design are fundamental.

In both cases it is helpful to take hols (Hands On Labs) of VMware, if for VCP follow procedures for each laboratory, if it is to VCIX-NV try to assess configurations or leave a little script, that is all is reduced to follow the Blue print and evaluate everything about the lab we have available without following the proceeding described in each laboratory, it is very useful to experiment and likewise have the feeling of an advanced exam, since the VCIX-NV is a Live examination based on assessed by human tasks for the pass.

HOLS catalog networking

HOLS NSX

In addition there are very good documents about good design practices on specific hardware vendors, Cisco UCS, edge, Dell etc. communities in VMware NSX:

VMware Communities Docs

There are sources of payment for example in VMware the list of official VMware courses NSX:

VMware Certification

VCP-NV

VCIX-NV

Books:

Networking for VMware Administrators (VMware Press Technology): Christopher Wahl, Steve Pantol: 9780133511086:

1. Amazon.co…

Other sources:

NPV o NSX-Multi Hypervisor

VMware NSX | Network Virtualization 

Troubleshooting NSX

+ vRay

This Ask the Expert event has officially ended, but don't let that retract you from asking more questions. At this point our SME are still welcomed to answer and continue the discussion though not required. Here is where we ask our community members to chime in and assist other users if they're able to provide information.

Many thanks to our SMEs who selflessly made themselves available to answer questions. We also appreciate our users for taking part of the discussion and ask so many interesting questions.

ATE events are made for your benefit as members of ECN. If you’re interested in pitching a topic or Subject Matter Experts we would be interested in hearing it. To learn more on what it takes to start an event please visit our Ask the Expert Program Space on ECN.