These links could be helpful on the the Design and Architecture related documents focusing on Design Quality aspects such as Redundancy, Availability, Redundancy and Reliability
VMware® NSX for vSphere Network Virtualization Design Guide ver 3.0
VMware® NSX-v Brownfield Design and Deployment Guide - ver 1.2
https://docs.vmware.com/en/VMware-Validated-Design/index.html
Has anyone done some benchmark tests in order to determine the performance of a virtual NSX infrastructure, compared to a traditional 3-tier architecture?
I would like to know the troughput and latency within a VMware vSphere platform which is configured with VMware NSX.
Does the NSX infrastructure provide in benefits of network performance compared to a distributed network infrastructure with physical routing, firewalling and switching?
Aswell, I have additional questions, so I can see how well VMware NSX fits the needs of my company.
- Has anyone faced compatibility issues while building VPN tunnels with VMware NSX Edge?
VPN Tunnels can be established with standards based IPSEC devices. The configuration depends on the device on the other side, so some configuration may change.
These links may help for different examples of howto configure with different devices as Cisco, Checkpoint, strongswan, Checkpoint, Microtik and Amazon
https://tonysangha.com/2015/09/14/nsx-edge-site-to-site-ipsec-vpn/
http://www.routereflector.com/2015/03/site-to-site-ipsec-vpn-between-nsx-edge-and-linux-strongswan/
https://vmknowledge.wordpress.com/2012/11/09/vpn-config-vshield-edge-to-checkpoint/
https://www.vmguru.com/2016/11/connecting-a-vpn-between-aws-and-vmware-nsx/
http://donnyachmadi.blogspot.com.tr/2014/09/configuring-vpn-ipsec-vshield-edge-to.html
And how about the reliability of a VMware NSX cluster:
- Does the infrastructure, based on your experience, meets the needs of a production environment for reliability in normal use?
NSX has 1000s of production installations, the design is very flexible and allows use cases as Hybrid Cloud, Business Continuity and Disaster recovery,
- How well does VMware NSX perform when a hardware or software failure occurs?
NSX Components are by design redundant and HA availability by architecture.
NSX Manager, although installed as a single Virtual Appliance depends on Vshpere HA components, and if it is down for some reason the VM traffic is not affected as it is mainly the configuration phase.
NSX Controllers by architecture has 3 VMs in a Controller Cluster, and different roles are shared between these 3 Controllers. If any one of them is down, remaining two takes the role ol the 3rd Controller and the system continues to function. Even all 3 Controllers is down, the traffic between VMs flow, the exception is new VMs or VMs that vMotion. Antiaffinity rules need to be manually entered.
NSX Edge and DLR has HA Architecture, these components are redundant. Antiaffinity rules enabled by default.
- Is a VMware NSX environment more reliable then a traditional 3-tier architecture and why?
NSX is an Overlay Technology, but still needs a Reliable and Stable, Redundant Physical Infrastructure. If the Underlying physical infrastructure is reliable, NSX technology using Vxlan tunnels and redundant components is reliable. In general traditional 3-Tier architecture as well as new L3 Fabric architectures are supported, but 2 Tier CLOS architecture is recommended as most current Data Center designs are based on CLOS architecture, and it increases the reliability. NSX Network Virtualization Design guide gives detailed examples of how the Physical Network is recommended to be designed.
Does VMware NSX provide enough tools to secure itself, so the NSX Edge can be connected directly to the WAN network?
Microsegmentation is one main use case of NSX, it allows each Workload Vnic to attach a firewall, thus providing enhanced firewall capabilities. NSX Edge connects to the Physical world, it connects to the Wan through a L3 switch or Physical Router.
And my last questions regarding to maintainablity.
-Does the NSX Infrastructure provide in enough tools to diagnose issues?
-Does maintenance of NSX components influence the quality of the IT-services being delivered?
What covers maintenance? If Upgrades is in the Maintenance Cycle, Upgrade of some components does not affect the traffic, but some components upgrade needs a maintenance window.
Besides, during normal operation, NSX main use Cases is about the Agility of IT-Services, as it has vast amount of integrations with different products in the Ecosystem, and reduces the time needed to deploy new Applications. One of the main use cases is Automation capability, which allows many Automation tools to be used. NSX allows
