VMware Networking Community
jamiestarr66
Enthusiast
Enthusiast
‎10-26-2020 07:30 AM
Jump to solution

Deploy NSX-T only for DFW

Hello all

I am unsure on how to configure and deploy NSX-T for a upcoming project. I have a customer who wants to deploy NSX-T to only
use the distributed firewall features in their production cluster.  So my questions are:

Do I need to deploy N-VDS or any transport zone to use the security features?

Will I still need free nics for the host preparations?

Any documents or white paper detailing how I can NSX-T for DFW only?

Thanks in advance..

0 Kudos
1 Solution

Accepted Solutions
mauricioamorim
VMware Employee
VMware Employee
‎10-26-2020 08:32 AM
Jump to solution

The answer to your question depends on the ESXi version. If you use vSphere 7 + VDS 7 you will not need additional NICs nor N-VDS, as NSX-T can leverage the vDS to create NSX segments.

If you use N-VDS then it needs NICs, either additional or migrated from the vDS.

Either way you need an NSX host switch (N-VDS or vDS 7+), configured using host preparation using only a VLAN Transport Zone. With this setup you can leverage NSX-T security features by simply creating segments that map to the same VLANs as the vDS port groups and migrate VMs to these segments.

In NSX-T 3.0 a wizard has been created exactly for this use case. Check this blog post that shows it: https://vdives.com/2020/05/20/nsx-t-3-0-lab-micro-seg-only-deployment-wizard/

View solution in original post

2 Replies
mauricioamorim
VMware Employee
VMware Employee
‎10-26-2020 08:32 AM
Jump to solution

The answer to your question depends on the ESXi version. If you use vSphere 7 + VDS 7 you will not need additional NICs nor N-VDS, as NSX-T can leverage the vDS to create NSX segments.

If you use N-VDS then it needs NICs, either additional or migrated from the vDS.

Either way you need an NSX host switch (N-VDS or vDS 7+), configured using host preparation using only a VLAN Transport Zone. With this setup you can leverage NSX-T security features by simply creating segments that map to the same VLANs as the vDS port groups and migrate VMs to these segments.

In NSX-T 3.0 a wizard has been created exactly for this use case. Check this blog post that shows it: https://vdives.com/2020/05/20/nsx-t-3-0-lab-micro-seg-only-deployment-wizard/

jamiestarr66
Enthusiast
Enthusiast
‎10-26-2020 09:56 AM
Jump to solution

Perfect...thank you so much.

0 Kudos