This content is part of the Essential Guide: Stay connected with tips and trends in vSphere networking
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Does the VMware NSX firewall require a separate virtual machine?

VMware's NSX network virtualization product offers advanced security measures the company is calling micro-segmentation to extend protection of the data center all the way down to the hypervisor kernel. Will it replace VMware vCloud Networking & Security over time?

One of VMware's more compelling draws to pull prospective clients into its software-defined data center vision is its NSX network virtualization product, which was recently updated to version 6.1 in September.

This update tweaks the NSX firewall and load balancer features to make security and networking react in a more fluid manner in the data center, where traditionally these functions took time to implement and weren't very flexible. The vCloud Networking & Security (VCNS) product was just gaining steam when VMware bought Nicira for the technology that serves as the basis for NSX. Is VCNS still a viable product?

As Melanie Spencer, senior systems engineer for VMware, explained at the October Boston VMUG conference, the recent NSX update inserts more networking and security features into the hypervisor, allowing security rules to stay with a virtual machine no matter where it moves in the network. Spencer said there may be times a business may prefer to use different networking gear. VMware has partnered with F5 for customers who want to use the F5 load balancer instead of the NSX version.

"The [NSX] distributed firewall is … embedded in the ESX kernel. A load balancer is a separate edge appliance. You're still probably going to have your perimeter stuff. If you have a lot of stuff coming in, you're going to keep your F5 [load balancer] or whatever up front. You're going to have your routers and your perimeter firewalls," she said. "What we're really doing is optimizing the virtual machine traffic that is running east-west."

Spencer said there are customers with new application models who are using load balancers between the apps and would want to use VCNS between them added security.

"What we've done with NSX is we've taken our Nicira acquisition with all that controller based capability and all the logical networking, routing, etc., and incorporated that with the vCloud Networking and Security solution on the edge VMs, improved on those and pulled them together. VCNS will eventually be replaced by NSX," said Spencer.

Dig Deeper on VMware and networking

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.