Much has been made of VMware NSX and software-defined networking in general, but for novices, the use cases and...
features can be a bit scattered. In many cases, they may not even seem to apply to your needs unless you look at them from the 10,000-foot level.
Depending on the marketing materials you read, the features of NSX can do anything, from completing the smallest of tasks to moving mountains. A good start to VMware NSX training is to know that NSX falls somewhere in the middle. NSX and software-defined networking (SDN) are wide ranging topics, so much so that it's almost impossible to cover everything about them in anything short of an entire book. Hopefully this tip can highlight a few key pieces that will show you why they have been hyped as game changers for the data center.
Understanding VMware NSX
To begin our VMware NSX training, let's discuss what NSX is. VMware NSX is a software layer inside of your virtualized environment. Since it is a software layer rather than a hardware appliance, NSX -- and SDN in general -- works best in infrastructures that are mostly virtualized.
The best way to understand the value of NSX is to compare it to the value of the physical environment. In the traditional physical network design of the past, data center servers were protected by routers and firewalls designed to mask and protect them from internal and external threats. This traditional, edge-based security model was focused on perimeter protection. Some companies took this a step further by adding additional internal firewalls for a layered approach, but this came at a cost due to the hardware footprint. This network model continued to be the standard platform even as virtualization came into the data center, but, over time, perimeter security didn't simply break with virtualization, it became outdated.
As more and more workloads moved into the virtualized environment, the physical separation aspect in the data center simply began to fall away due to virtualization, virtual LANs and other software-based separation technologies. So, as the data center embraced this new environment and these concepts, the practice of abstracting the hardware started to migrate into other technologies in the data center.
When it comes to networking, routers and firewalls aren't defined by hardware, but, rather, the software running on them. Storage was the first to be abstracted using these new concepts, but networking wasn't far behind; VMware introduced NSX in 2013, which is based on technology acquired in the company's 2012 Nicira purchase.
The importance of security and portability
Although NSX was touted as a game changer, its significance was not immediately apparent. As with most new and revolutionary technologies, it needed a bit of time to find its market and purpose. However, once it did, and once users had better VMware NSX training, it exploded. While NSX covers many areas, two of the most important are security and portability. NSX introduced microsegmentation to the world of information technology, revolutionizing security and portability in the process.
Another key piece of VMware NSX training is traditional server security, which always involved perimeter security protection, offering little in the way of actual protection if an intruder made it past the initial firewall. Microsegmentation allows for each deployed VM to have its own, custom–configured, software-based firewall in front of it.
While dedicated firewalls for specialized servers have always existed, it's now possible to do this at a scale once only dreamed of. You can still use perimeter security for the outside of your system, but once that is breached, the intruder is faced with a firewall for each and every server they attempt to access. This is not a multilayer security approach, but rather a concrete approach with density all of the way through the environment. An attacker is not facing one, two or even a dozen security layers -- every VM in the environment is secure.
This level of security would not be possible in a nonvirtualized environment due to the cost of hardware alone. However, since NSX is a software-only resource, it can provide the complete density of security barriers without the requirements of a hardware footprint or cost.
Portability is just as important as security. When it comes to disaster recovery, it's now required that cloud bursting and migrations have the ability to be portable. Ideally, you should be able to achieve transparent portability without administrative intervention. This automates DR or cloud bursting, allowing each process to occur as quickly as possible without manual intervention.
Unfortunately, it's unlikely that your DR site or cloud provider will have the same IP scheme as you, so you may be required to change the IP address for each server to establish network connectivity. Although this change isn't usually a drastic one, it can have an unexpected impact on the server or the application. One of the easiest ways to account for this is to use a router between your server and the network it's connecting to, allowing you to preserve your server IP and make the adjustments on the router.
NSX is a wide-reaching product with a number of features that can enable a host of networking capabilities. It may be a little confusing at times, but the same was initially said about VMware's ESX platform. NSX is similar to the ESXi platform in that it presents numerous possibilities to users. If you have a high level of VMware NSX education, you can use NSX to help your data center reach the next level of security and portability -- all you have to do is take the first step.
VMware ramps up NSX security at RSA 2016
What should you know before investing in NSX?
What can microsegmentation do for server admins?