Pardon my rudimentary drawing attached.

I put this together based on the research and comments provided here.

We have not decided on the hardware, however; hardware selected will
need to allow for growth and expansion.

The drawing shows no NSX Controllers at  this time.

Follow up:

• Does it matter where the VMs are placed in the design?
• I will assume HA / DRS are enabled and allow for VMs to fail over and
  ESXi Update vi Update Mgr?
• Cost of NSX in this design – 3 Dual Core Servers?
• Give that this will use DFW and Micro-Segmentation at this point in
  time, will we be able to Expand to full NSX down the road?

You will note a Physical Tap in the drawing.

This was based on the need to save and analyze data coming into the datacenter.

If NSX is used with Flow Monitoring, along with Endpoint Monitoring, is a Physical Tap needed or is it overkill?

Any other requirements for using Flow Monitoring / Endpoint Monitoring?

thanks

Does it matter where the VMs are placed in the design?

No, it doesn't matter. You need following VMs

1. NSX Manager

2. vCenter (vCenter Appliance embedded with PSC + VUM)

NB: NSX Manager is automatically configured for 16 GB RAM Reservation

I will assume HA / DRS are enabled and allow for VMs to fail over and
ESXi Update vi Update Mgr?

Yes, ensure AD, vCenter and NSX Manager restart priority is high.

Cost of NSX in this design – 3 Dual Core Servers?

Try to go with 12 cores minimum

Give that this will use DFW and Micro-Segmentation at this point in
time, will we be able to Expand to full NSX down the road?

Yes, it is possible. Needs some changes but they are not disruptive

If NSX is used with Flow Monitoring, along with Endpoint Monitoring, is a Physical Tap needed or is it overkill?
Any other requirements for using Flow Monitoring / Endpoint Monitoring?

In my opinion, it is overkill as the solution is fully virtualized. Are you using IDS/IPS services then these should come through the vendor?

Starting NSX 6.3, you are entitlement for vRealize LogInsight which might address your requirements

Try to go with 12 cores minimum -

Do you mean sockets?

I have a Dell r430 with 2 Sockets (CPUs) with 6 cores per socket for 12 logical processors.

The ESXi Enterprise + license is based on the 2 CPU sockets.

How is NSX priced for using DFW / Micro-seg?

Are you using IDS/IPS services then these should come through the vendor?

We may use IDS like FireEye, but it has not been determined.

We also are looking at HyTrust and TrendMicro on the virtual side.

Log Insight is for looking into the ESXi logs and can be used to alert if there is some issue (perf, network, hardware)

I do know content packs can be used in conjunction with it.

We would like to somehow filter events that are outside of hardware/network/perf and push them to a logging process so an alert can be raised to notify an operator.

Like if something is out of the ordinary is occurring (intrusion attempt, etc.)

Try to go with 12 cores minimum -

Do you mean sockets?

I have a Dell r430 with 2 Sockets (CPUs) with 6 cores per socket for 12 logical processors.

The ESXi Enterprise + license is based on the 2 CPU sockets.

How is NSX priced for using DFW / Micro-seg?

I meant cores. More core better as DFW is CPU intensive.

NSX -Advance is the minimum you have to go as Microsegmentation is included starting from advanced edition

Are you using IDS/IPS services then these should come through the vendor?

We may use IDS like FireEye, but it has not been determined.

We also are looking at HyTrust and TrendMicro on the virtual side.

Just check these are compatible with NSX Edition you are planning to deploy.

We would like to somehow filter events that are outside of hardware/network/perf and push them to a logging process so an alert can be raised to notify an operator.

Like if something is out of the ordinary is occurring (intrusion attempt, etc.)

I'm unsure what use cases you are looking for. I'm not expert on it.

Hope this help

thanks for the great details

For the cores, in the example I gave (Dell r430 with 2 Sockets (CPUs) with 6 cores per socket), then the r430 has a total of 12 cores.

Comparing to a (Dell r930 2 Socket Server with 8 cores per socket), has a total of 16 cores.

Are you saying three of the above (either r430 or r930) would work for our NSX setup - since the total cores are 12 or16 depending on the server selected ?

Would you happen to have an estimate for NSX -Advanced for a 2 CPU server (like the above servers)?

For the event filtering, the use case is to monitor incoming traffic to the data center and act upon it if there is some malice event and also log the traffic

Thanks for the information and guide.

It appears we are looking at the section labeled as "Security Focused Deployment Mode with Micro-Segmentation (DFW) showing Figure 7.

We are still determining the hardware for the Datacenter.

The first diagram I posted is shows 3 host.  We are still leaning that way.

Cost may be an issue.  We are considering an EqualLogic SAN and Dell Servers.

For instance, the PE r730 with 2 Intel Xeon E5-2697 each with 12 cores looks promising.

We also may look at a converged architecture as there is a requirement to allow for growth in compute, storage, networking.

Using NSX will provide the secure Datacenter we are looking for.

I am getting a price for the Advanced version as this appears to have what we need.

I also see there was a release of a new product called VMware AppDefense that also look promising to have in Datacenter

Glad to help,

Just a couple of things,  take this guide as a reference,  so for example, if you have a budget constraint it is possible to have at least two ESXi hosts in management cluster, in this way you have a minimum for HA, it is not ideal but it works, other can be having three ESXi hosts and use resource pools for specific management NSX VM's so for the use case of Microsegmentation you are not required to have controllers, but you will have enough room to host vCenter itself or two vCenters schemas used in security deployments (one to control the management suite of VMware and the other for the ESXi and the compute resources), so again may be this kind of desitions are not in the frame of a good practices but the background of justification should be good enough to take it and always taking in account what you what to achieve, I have seen many collapsed deployments of NSX working fine and been a seed for next advance complex designs.

regards

For NSX Adv, I got a price quote of 3k per CPU.

I assume this would then be 6k for a dual CPU and would then be 18k total to install NSX across the three ESXi Server?

Kind of, check this link on what you can get for that X price

NSXv License Versions - Support Insider - VMware Blogs

regards