Overview

VMware NSX is a comprehensive network virtualization and security platform that enables organizations to build, manage, and secure virtual networks across data centers, private and public clouds, and application frameworks. By abstracting networking functions from physical hardware, NSX allows for rapid provisioning, enhanced security, and seamless integration with various environments.

Features and Capabilities

• Network Virtualization: Reproduces the entire network model in software, enabling the creation and provisioning of any network topology—from simple to complex multi-tier networks—in seconds.
• Distributed Firewalling: Provides stateful firewalling up to Layer 7, including application identification and distributed Fully Qualified Domain Name (FQDN) allowlisting, distributed across the entire environment with centralized policy and management.
• Routing: Offers dynamic routing between virtual networks performed in a distributed manner in the hypervisor kernel, supporting static routing and dynamic routing protocols, including IPv6.
• Load Balancing: Delivers distributed load balancing services to ensure high availability and optimal performance of applications.
• VPN Services: Enables Virtual Private Network (VPN) services, including Layer 2 and Layer 3 VPNs, to securely connect remote sites and users.
• Micro-Segmentation: Allows for granular security policies at the individual workload level, reducing the attack surface and enhancing security posture.
• Multi-Cloud Networking: Provides consistent networking and security across data center sites and across private and public cloud boundaries, irrespective of underlying physical topology or cloud platform.
• Container Networking and Security: Supports Kubernetes/Cloud Foundry Pod/application instance networking and Kubernetes network policy, integrated with VMware Tanzu Kubernetes Grid™, VMware Tanzu Application Service™, OpenShift, and upstream Kubernetes.
• Automation: Integrates with cloud management platforms and other automation tools, such as vRealize Automation/vRealize Automation Cloud, Terraform, and Ansible, to empower developers and IT teams to provision, deploy, and manage applications at the speed business demands.
• Third-Party Integrations: Supports management, control plane, and data plane integration with third-party partners in various categories, including next-generation firewalls, intrusion detection systems (IDS)/intrusion prevention systems (IPS), agentless antivirus, switching, operations and visibility, advanced security, and more.
• Distributed IDS/IPS: Provides advanced threat detection and prevention with a distributed architecture, enabling security teams to replace discrete appliances while easily achieving comprehensive threat prevention.
• Network Introspection: Offers distributed network introspection for deep packet inspection and traffic analysis, enhancing visibility and security operations.
• Identity Firewall: Enables distributed identity firewalling using guest introspection or Active Directory event server, enhancing security by enforcing policies based on user identity.
• Threat Prevention: Includes advanced threat prevention capabilities, such as IDS/IPS, malware prevention, sandboxing, network detection and response (NDR), and network traffic analysis (NTA), to protect against sophisticated threats.
• Federation: Supports federation across multiple NSX instances, enabling consistent policy and management across large-scale environments.
• Ethernet VPN (EVPN): Provides support for Ethernet VPN, enabling seamless connectivity across data centers and clouds.