Highlighted
Enthusiast
Enthusiast

Deploy NSX-T only for DFW

Jump to solution

Hello all

I am unsure on how to configure and deploy NSX-T for a upcoming project. I have a customer who wants to deploy NSX-T to only
use the distributed firewall features in their production cluster.  So my questions are:

Do I need to deploy N-VDS or any transport zone to use the security features?

Will I still need free nics for the host preparations?

Any documents or white paper detailing how I can NSX-T for DFW only?

Thanks in advance..

0 Kudos
1 Solution

Accepted Solutions
Highlighted
VMware Employee
VMware Employee

The answer to your question depends on the ESXi version. If you use vSphere 7 + VDS 7 you will not need additional NICs nor N-VDS, as NSX-T can leverage the vDS to create NSX segments.

If you use N-VDS then it needs NICs, either additional or migrated from the vDS.

Either way you need an NSX host switch (N-VDS or vDS 7+), configured using host preparation using only a VLAN Transport Zone. With this setup you can leverage NSX-T security features by simply creating segments that map to the same VLANs as the vDS port groups and migrate VMs to these segments.

In NSX-T 3.0 a wizard has been created exactly for this use case. Check this blog post that shows it: https://vdives.com/2020/05/20/nsx-t-3-0-lab-micro-seg-only-deployment-wizard/

View solution in original post

0 Kudos
2 Replies
Highlighted
VMware Employee
VMware Employee

The answer to your question depends on the ESXi version. If you use vSphere 7 + VDS 7 you will not need additional NICs nor N-VDS, as NSX-T can leverage the vDS to create NSX segments.

If you use N-VDS then it needs NICs, either additional or migrated from the vDS.

Either way you need an NSX host switch (N-VDS or vDS 7+), configured using host preparation using only a VLAN Transport Zone. With this setup you can leverage NSX-T security features by simply creating segments that map to the same VLANs as the vDS port groups and migrate VMs to these segments.

In NSX-T 3.0 a wizard has been created exactly for this use case. Check this blog post that shows it: https://vdives.com/2020/05/20/nsx-t-3-0-lab-micro-seg-only-deployment-wizard/

View solution in original post

0 Kudos
Highlighted
Enthusiast
Enthusiast

Perfect...thank you so much.

0 Kudos