What is VMWare NSX?
VMware NSX is the functional equivalent to a networking “hypervisor” that occupies the OSI layer levels from Layer 2 to Layer 7, as well as all its functionalities. Sure you sound functionalities such as routing, switching, access control, firewalling, QoS, or load balancing, right? VMware NSX covers all of these functionalities from a virtual point of view.
Like a hypervisor of servers like vSphere or HyperV, it allows us to copy, clone, move, make snapshots, delete, restore VMs or program actions of almost any kind, VMware NSX allows us to do practically the same with virtual networks. Like VMs, we can create, delete, copy, move or provisioned automatically from a simple management environment and with just a few clicks.
And perhaps most importantly, just as VMs are independent of the hardware on which they work, VMware NSX is independent of hardware at the IP layer level, since it works by virtualizing the entire networking layer and managing it as resource pools that we consume according to our needs.
But the most important thing is a change of concept since the network goes from being an external element to the virtualization layer, to being another element within it. Beware, VMware NSX does not eliminate the need to use physical switches, since the interconnection with the physical world is still necessary, at least for the moment.
Currently, there are two versions; the specifies vSphere and the multi-hypervisor. In this post, we will focus on the vSphere since the multi-hypervisor will be treated in another later.
VMWARE NSX architecture: What architecture do you have?
Image Courtesy: VMware.com
We can structure the VMware NSX architecture in the following components:
Data Plane: includes the VMware NSX vSwitch for ESXi, which are no more than a Distributed Switch (DVS) or Open vSwitch in the case of other hypervisors with additional components to allow more powerful and advanced services. These components, added to the kernel, allow for capabilities such as advanced routing and firewall, or the capabilities of VXLAN bridging. If layer 2 or 3 capabilities to be desire, such as perimeter firewall, load balancing, SSL VPN, DHCP, etc., it is necessary to deploy the VMware NSX Edge Virtual Appliance, either in Logical Router or Services Gateway mode depending on the function you are going to play.
Plane Control: in this layer there are one or several VMware NSX Controllers, depending on the chosen architecture, it manages all the logic of the virtual switches and the traffic of the rest of the components. More or fewer Controller numbers are deployed, depending on the needs of high availability or performance.
Management Plane: within it is the VMware NSX Manager, which in the end is the single point of configuration and management of NSX. It is installed with a Virtual Appliance more, like other components of the solution.
Consumption: in this layer is the integration of external components of automation and management of the VMware NSX environment, such as vCAC, vCloud Director or OpenStack through the Neutron plugin. Note that the environment is also manageable from the VMware NSX Manager UI itself or the vSphere WebClient.
VMware NSX today does not offer control over physical switches, although in the future it is expected to do so. At the moment, Arista offers very high integration, through its Arista EOS operating system that allows a symbiosis with the VMware NSX Controller and shares information such as network topology, VXLAN tables, MAC addresses, and layer two routings.
VMWARE NSX Features: What does it give me?
Besides that it is very “modern” to say that we have VMware NSX because it seems that if you do not speak you live in the past :), there are a series of real indisputable advantages that having an infrastructure with networking virtualization gives us:
- Ability to provision network infrastructure together with VMs quickly and automatically.
- Ability to deploy IaaS in isolation without communication with the rest of the infrastructure, but with the possibility of being routed.
- Noticeable performance improvement, since a lot of network traffic, does not have to leave the virtualization layer.
- Flexibility to overcome disaster recovery
- Horizontal scalability of the DMZ.
- Consolidate security policies
- Reduction of operating costs
This graph clearly shows the improvement provided by the ability of VMware NSX routing at layer 3 level: And in this other, that gives us the strength of firewall of NSX, especially as far as jump level is concerned
VMware NSX Price: How much is it worth?
As VMware NSX license in two different ways, if it is for vSphere or Multi-Hypervisor and within the licensing for vSphere, we can opt for perpetual license or annual payment. For the multi-hypervisor licensing you can only choose for the yearly fee.
So that you have an approximate reference of prices, options of cost of the solution (you already know that this is very variable and it is only a reference):
- Price per processor for NSX, perpetual license: $ 6,000, annual maintenance of each processor is around $ 1,200.
- Annual subscription for VMware NSX in vSphere for 25 VMs: $ 2,300
- Annual subscription for VMware NSX in multi-hypervisor for 25 VMs: $ 2,500
The product is not economical, but if you spend your life managing VLANs and you need it because you have very high OPEX costs, it is “even cheap.”
VMware NSX: Who needs it?
As I suppose you have seen at this point of the post, VMware NSX is a product designed to reduce the costs of IT operations at the level of networking and logically, on this grounds its justification.
Although it is true that the performance improvement is very high, this may not entirely justify the investment except for particular environments and its most common entry point is the need to reduce management and increase scalability.
Who? Without a doubt, the biggest ISPs and the ones with the most money, because for the small ones, it is a very high disbursement according to the ROI that they will obtain. Also for large corporations or companies whose development/pre-production/production cycles are very high and very varied.
I hope this post has given you a purer vision of networking virtualization and specifically of VMware NSX. Any comment or contribution that you want to make will be very welcome 🙂
Developing an API-First Approach to Building Products
An API-first approach means developers put APIs at the top of the list of development before implementation or further code…