We are currently running NSX-V in our environment for Endpoint Protection only. We have been doing this since the vShield days with no issues, but as NSX-V is EOL/EOS we need to move on.
With the transition to NSX-T and now simply NSX, I'm a bit confused and even VMware's own sales engineers can't seem to help me understand. Hoping the kind folks here may be able to settle this.
1. Should we be using NSX-T 3.x or NSX 4?
2. Is vDS really required just for Endpoint Protection? We don't use any of the networking features and this isn't a requirement with NSX-V which works perfectly fine with standard switches. It is silly we need to buy Enterprise Plus all of a sudden when NSX-V never required it.
A few comments:
* VMware is still advising sticking with 3.2.x unless you need features from 4.x. ("NSX 4.1.0 is a new release providing a variety of new features. Customers who require these features should upgrade to adopt the new functionality. Customers who do not require this functionality at this time should upgrade to the latest available version of NSX 3.2 (currently 3.2.2), which continues to be VMware’s recommended release." - https://docs.vmware.com/en/VMware-NSX/4.1.0/rn/vmware-nsx-410-release-notes/index.html)
* Starting with NSX-T 3.1.1, NSX-T provides a vDS license if your hosts don't otherwise have one. See https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-065D6BE8-1E72-48EB-BD2C-... for details.
* I'm not 100% certain if NSX-T requires a vDS for endpoint only protection, but I think it does. Someone from VMware should be able to provide a more authoritative answer.