Datasheet

VMware NSX
Key benefits VMware NSX® is the network virtualization and security platform that enables
VMware’s cloud networking solution with a software-defined approach
• Reduce network provisioning
to networking that extends across data centers, clouds and application
time from days to seconds and
frameworks. With NSX, networking and security are brought closer to the
improve operational efficiency
application wherever it’s running, from virtual machines (VMs) to containers
through automation.
to physical servers. Like the operational model of VMs, networks can be
• Protect applications with micro- provisioned and managed independent of underlying hardware. NSX
segmentation and advanced threat reproduces the entire network model in software, enabling any network
prevention at the workload level topology—from simple to complex multitier networks—to be created and
and granular security. provisioned in seconds. Users can create multiple virtual networks with
diverse requirements, leveraging a combination of the services offered via
• Gain consistent management of
NSX or from a broad ecosystem of third-party integrations—ranging from
networking and security policies
next-generation firewalls to performance management solutions—to build
independent of physical network
inherently more agile and secure environments. These services can then
topology within and across data
be extended to a variety of endpoints within and across clouds.
centers and native public clouds.

• Obtain detailed application topology

visualization, automated security policy Cloud

recommendations and continuous

flow monitoring.

• Enable advanced, lateral threat

Partner Connect
prevention on east-west traffic using Program

the built-in, fully distributed threat On Premises

prevention engine. Native
Cloud

vSwitch

Figure 1: The NSX network virtualization and security platform.

1
VMware NSX

Networking in software
VMware NSX delivers a completely new operational model for networking
defined in software, forming the foundation of the software-defined data center
(SDDC) and extending to a cloud network. Data center operators can now
achieve levels of agility, security and economics that were previously unreachable
when the data center network was tied solely to physical hardware components.
NSX provides a complete set of logical networking and security capabilities and
services, including logical switching, routing, firewalling, load balancing, virtual
private network (VPN), quality of service (QoS), and monitoring. These services
are provisioned in virtual networks through any cloud management platform
leveraging NSX APIs. Virtual networks are deployed non-disruptively over any
existing networking hardware and can extend across data centers, public and
private clouds, container platforms, and physical servers.

Key features

Switching Enable logical Layer 2 overlay extensions across a routed (Layer 3)

fabric within and across data center boundaries.

Routing Dynamic routing between virtual networks that is performed

in a distributed manner in the hypervisor kernel, and scale-out
routing with active-active failover with physical routers. Static
routing and dynamic routing protocols are supported, including
support for IPv6.

Load VMware NSX Advanced Load Balancer™ provides enterprise-

balancing1 grade multi-cloud load balancing, global server load balancing
(GSLB), application security and web application firewall,
application analytics and container ingress services from the
data center to the cloud.

Virtual Complete data plane isolation among tenants with a separate

routing and routing table, network address translation (NAT), and edge firewall
forwarding support in each VRF on the NSX Tier-0 gateway.
(VRF)

Distributed Stateful firewalling of Layer 2 up to Layer 7 (including app

firewall identification, user identification, and distributed FQDN
allowlisting) is embedded in the hypervisor kernel, and
distributed across the entire environment with centralized policy
and management. In addition, the NSX Distributed Firewall™
integrates directly into cloud native platforms such as Kubernetes
and Pivotal Cloud Foundry, native public clouds such as
AWS and Azure, as well as physical servers.

Datasheet | 2
VMware NSX

Key features

Context- Security groups and policies can be dynamically created and

aware micro- automatically updated based on attributes—beyond just IP
segmentation addresses, ports and protocols—to include elements such as
machine name and tags, operating system type and Layer 7
application information to enable adaptive micro-segmentation
policy. Policies based on identity information from Active Directory
and other sources enable user-level security down to the individual
user session level in remote desktop services and virtual desktop
infrastructure (VDI) environments.

VMware NSX Get automated security policy recommendations and continuous

Intelligence™ monitoring and visualization of every network traffic flow for
enhanced visibility, enabling a highly and easily auditable security
posture. As part of the same UI as VMware NSX, NSX Intelligence
provides a single pane of glass for network and security teams.

NSX gateway Support for bridging between VLANs configured on the physical
network and NSX overlay networks, for seamless connectivity
between virtual and physical workloads.

Gateway A full-featured, enterprise-grade network firewall provides

firewall protection using a full stateful L4–L7 firewall. This includes L7
application identification, user identification, NAT, and the like.

VPN Site-to-site and unmanaged VPN for cloud gateway services.

NSX Several advanced security capabilities are available for NSX with
distributed security add-ons. These include:
and gateway • Distributed security:
advanced
security – Distributed intrusion detection and prevention systems (IDPS)
capabilities2 – Distributed malware prevention

– Distributed network traffic analysis (NTA)

– Network detection and response

• Gateway security – URL filtering based on web categories

and reputation

• Malware detection

DPU-based Delivers high performance networking and security services

acceleration implemented on DPUs3 connected to the application hosts.
for NSX Offloading NSX services from the hypervisor to DPU frees up host
computing resources, enabling accelerated switching and routing,
high performance security, and enhanced observability while
preserving your existing NSX user experience.

Datasheet | 3
VMware NSX

Key features

Federation Centralized policy configuration and enforcement across multiple

locations from a single pane of glass, enabling network-wide
consistent policy, operational simplicity, and simplified disaster
recovery architecture.

Multi-cloud Enable consistent networking and security across data center

networking sites, and across private and public cloud boundaries, irrespective
and security of underlying physical topology or cloud platform.

Container VMware NSX Container Plugin provides container networking

networking for VMware Tanzu® Kubernetes Grid™, VMware Tanzu Application
and security Service™, VMware vSphere® with Tanzu, Red Hat OpenShift,
and upstream Kubernetes.
VMware Container Networking™ with Antrea™ provides in-cluster
networking and Kubernetes network policy with commercial
support and signed binaries. Integration with NSX provides
multi-cluster network policy management and centralized
connectivity troubleshooting via traceflow through the
NSX management plane.

NSX API RESTful API based on JSON for integration with cloud
management platforms, DevOps automation tools and
custom automation.

Operations Native operations capabilities such as central CLI, traceflow,

overlay logical SPAN and IPFIX to troubleshoot and proactively
monitor the virtual network infrastructure. Integration with tools
such as VMware Aria Operations™ for Logs (formerly VMware
vRealize® Log Insight™) for highly scalable log management,
and VMware Aria Operations for Networks (formerly VMware
vRealize Network Insight™) for advanced analytics
and troubleshooting.

Automation Native integration with VMware Aria Automation™ (formerly

and cloud VMware vRealize Automation™/vRealize Automation Cloud™)
management and more. Fully supported Ansible modules, fully supported
Terraform provider and PowerShell integration.

Third-party Support for management, control plane, and data plane integration
partner with third-party partners in a wide variety of categories such
integration as next-generation firewall, intrusion detection system/intrusion
prevention system (IDS/IPS), agentless antivirus, switching,
operations and visibility, advanced security, and more.

Datasheet | 4
VMware NSX

Use cases
Security
NSX makes operationalizing Zero Trust security for applications attainable and
efficient in private and public cloud environments. Whether the goal is to lock
down critical applications, create a logical demilitarized zone (DMZ) in software
or reduce the attack surface of a virtual desktop environment, NSX enables
micro-segmentation to define and enforce network security policy at the
individual workload level.

Multi-cloud networking
NSX delivers a network virtualization solution that brings networking and security
consistently across heterogeneous sites to streamline multi-cloud operations.
As a result, NSX enables multi-cloud use cases ranging from seamless data
center extension to multi–data center pooling to rapid workload mobility.

Automation
By virtualizing networking and security services, NSX enables faster provisioning
and deployment of full-stack applications by removing the bottleneck of manually
managed networking and security services and policies. NSX natively integrates
with cloud management platforms and other automation tools, such as VMware
Aria Automation, Terraform, Ansible and more, to empower developers and IT
teams to provision, deploy and manage apps at the speed business demands.

Networking and security for cloud native apps

NSX provides integrated, full-stack networking and security for containerized
applications and microservices, delivering granular policy on a per-container
basis as new applications are developed. This enables native container-to-
container L3 networking, micro-segmentation for microservices, and end-to-end
visibility of networking and security policy across traditional and new applications.

VMware NSX editions

Professional
For organizations that need agile and automated networking plus micro-
segmentation, and may have public cloud endpoints.

Advanced
For organizations that need Professional edition capabilities plus advanced
networking and security services and integration with a broad ecosystem,
and may have multiple sites.

Enterprise Plus
For organizations that need the most advanced capabilities NSX has to offer
plus network operations with VMware Aria Operations for Networks, hybrid cloud
mobility with VMware HCX®, and traffic flow visibility and security operations
with NSX Intelligence.

Datasheet | 5
VMware NSX

Remote Office Branch Office (ROBO)

For organizations that need to virtualize networking and security for applications
in the remote office or branch office.

Enterprise
Professional Advanced Plus ROBO
Networking 4

Distributed switching
• • • •5
and routing
Software L2 bridging to
• • •
physical environments
Dynamic routing with
• • • •
ECMP (active-active)
IPv6 with static routing
• • •
and static IPv6 allocation
IPv6 with dynamic routing,
dynamic IPv6 allocation • •
and services
Dual stack (IPv4/IPv6)
• •
external management
VRF (Tier-0 gateway
• •
VRFs)
Ethernet VPN (EVPN) •

Distributed security
Distributed firewalling
for VMs and workloads • • • •
running on physical servers
Context-aware micro-
segmentation (L7
• •
application identification,
RDSH, protocol analyzer)
Distributed FQDN
• •
allowlisting
Additional distributed security capabilities are available
Distributed advanced
with NSX security add-on licenses. Please refer to the
security capabilities
NSX Distributed Firewall datasheet.

Gateway security
NSX Gateway Firewall™
• • • •
(stateful)
NSX gateway NAT • • • •

VPN (L2 and L3) • • • •

Additional gateway security capabilities are available

Gateway advanced
with NSX security add-on licenses. Please refer to the
security capabilities
NSX security datasheet.

Datasheet | 6
VMware NSX

Additional resources
Enterprise
VMware NSX Distributed Professional Advanced Plus ROBO
Firewall datasheet
Modern apps
VMware NSX Gateway
Container networking
Firewall datasheet • •
and security
VMware Container Networking Multisite
with Antrea datasheet
Multi-vCenter®
• •
networking and security
Federation •

Operations
Policy API, central CLI,
traceflow, overlay logical • • • •
SPAN and IPFIX
Integrations
DPU-based acceleration
• •
for NSX 6
Integration with cloud
• • • •
management platforms7
Integration with
distributed firewall (Active
Directory, VMware
• • •
AirWatch®, endpoint
protection and third-party
service insertion)

Datasheet | 7
VMware NSX

Enterprise
Professional Advanced Plus ROBO
Associated products
VMware Aria Operations
• • • •
for Logs for NSX8
VMware Aria Operations
•
for Networks Advanced9
VMware HCX Advanced9 •

VMware NSX Advanced

Load Balancer – Basic
Edition1 (L4–L7 load
balancing with SSL offload
and pass-through, server • • •
health checks, application
rules for programmability
and traffic manipulation
via GUI or API)
VMware NSX Intelligence
(VM-to-VM traffic flow
analysis, firewall visibility,
•
automated security
policy, rule and group
recommendation analytics)

1. VMware recommends customers use NSX Advanced Load Balancer for load balancing. NSX Advanced
Load Balancer – Basic Edition is included with the NSX Advanced and Enterprise Plus editions. Advanced
features of NSX Advanced Load Balancer are available as an add-on license. For more information, please
visit the NSX Advanced Load Balancer product page.
2. For advanced security capabilities, please refer to the NSX Distributed Firewall datasheet.
3. Supports several leading DPU/NIC vendors and server OEMs. Please contact your VMware
representative for more details.
4. A license to use VMware NSX includes an entitlement to use the VMware Workspace ONE® Access™
feature, but only for certain functionalities. For detailed feature capabilities, please refer to the knowledge
base articles on NSX Data Center for vSphere features and NSX features, including the article, Product
Offerings for NSX 4.0.x for the latest information.
5. Switching only, VLAN backed.
6. For more information, please refer to the knowledge base article, Product Offerings for NSX 4.0.x.
7. L2, L3 and NSX gateway integration only. No consumption of security groups.
8. For more information, please read the VMware Aria Operations for Logs datasheet.
9. NSX Enterprise Plus includes full versions of VMware Aria Operations for Networks Advanced and
VMware HCX Advanced. For more information, please see the VMware Aria Operations for Networks
datasheet and the VMware HCX datasheet.

Copyright © 2022 VMware, Inc. All rights reserved. VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001
VMware and the VMware logo are registered trademarks or trademarks of VMware, Inc. and its subsidiaries in the United States and other jurisdictions. All other marks and names
mentioned herein may be trademarks of their respective companies. VMware products are covered by one or more patents listed at vmware.com/go/patents.
Item No: 1696551aq-ds-nsx-uslet 10/22