Hello all
I am unsure on how to configure and deploy NSX-T for a upcoming project. I have a customer who wants to deploy NSX-T to only
use the distributed firewall features in their production cluster. So my questions are:
Do I need to deploy N-VDS or any transport zone to use the security features?
Will I still need free nics for the host preparations?
Any documents or white paper detailing how I can NSX-T for DFW only?
Thanks in advance..
The answer to your question depends on the ESXi version. If you use vSphere 7 + VDS 7 you will not need additional NICs nor N-VDS, as NSX-T can leverage the vDS to create NSX segments.
If you use N-VDS then it needs NICs, either additional or migrated from the vDS.
Either way you need an NSX host switch (N-VDS or vDS 7+), configured using host preparation using only a VLAN Transport Zone. With this setup you can leverage NSX-T security features by simply creating segments that map to the same VLANs as the vDS port groups and migrate VMs to these segments.
In NSX-T 3.0 a wizard has been created exactly for this use case. Check this blog post that shows it: https://vdives.com/2020/05/20/nsx-t-3-0-lab-micro-seg-only-deployment-wizard/
The answer to your question depends on the ESXi version. If you use vSphere 7 + VDS 7 you will not need additional NICs nor N-VDS, as NSX-T can leverage the vDS to create NSX segments.
If you use N-VDS then it needs NICs, either additional or migrated from the vDS.
Either way you need an NSX host switch (N-VDS or vDS 7+), configured using host preparation using only a VLAN Transport Zone. With this setup you can leverage NSX-T security features by simply creating segments that map to the same VLANs as the vDS port groups and migrate VMs to these segments.
In NSX-T 3.0 a wizard has been created exactly for this use case. Check this blog post that shows it: https://vdives.com/2020/05/20/nsx-t-3-0-lab-micro-seg-only-deployment-wizard/
Perfect...thank you so much.