But, i thought Cisco VSG takes care of deploying gateways, not vSM ?

globalhawk wrote:

But, i thought Cisco VSG takes care of deploying gateways, not vSM ?

Below is a clear explained on the related, the gateway is still using vshield edge when any routed network is occur.  The Cisco VSG is not doing the NAT/IP Gateway service for the organization network and it's provides port profile binding to the VMs.

• VMware vShield Manager and vCenter  communication: This communication occurs when an organization requires a  routed network. VMware vShield Manager instantiates a VMware vShield  edge appliance dynamically to provide Network Address Translation (NAT)  and IP gateway service for the organization network.

VMware  vCloud Director and VMware vShield Manager communication: VMware vCloud  Director provides network services to the cloud through VMware vShield  Manager. VMware vShield Manager interacts with the Cisco Nexus 1000V  Virtual Supervisor Module (VSM) to make the Cisco Nexus 1000V available  to VMware vCloud Director to build any type of network when you are  building a tenant cloud. Each VMware vCloud Director cell requires  access to a VMware vShield Manager host, which provides network services  to the cloud. You must have a unique instance of VMware vShield Manager  for each VMware vCenter server you add to VMware vCloud Director.

•  VMware vCenter and Cisco Nexus 1000V VSM communication: VMware vCenter  provides centralized control and visibility to VMware vSphere virtual  infrastructure. The Cisco Nexus 1000V is tightly integrated with VMware  vCenter. This integration enables the network administrator and the  server administrator to collaborate efficiently. The networking policies  can be enforced in the virtual access layer just as in the physical  network, but the Cisco Nexus 1000V helps maintain separation of duties  for the network and server teams. There is no change in this integration  for a VXLAN deployment.

•  Cisco Virtual Network Management Center (VNMC) and Cisco VSG  communication: Cisco VSG registers with Cisco VNMC through the policy  agent configuration performed on Cisco VSG. Cisco VNMC then pushes the  security and device polices to Cisco VSG. No policy configuration is  performed through the Cisco VSG command-line interface (CLI) after Cisco  VSG is registered with Cisco VNMC. The CLI is available to the  administrator for monitoring and troubleshooting purposes.

•  Cisco Nexus 1000V VSM and Cisco VNMC communication: VSM registers with  Cisco VNMC through the policy agent configuration performed on the VSM.  The steps for registration are similar to those for registering Cisco  VSG with Cisco VNMC. After registration, the VSM can send the  IP-to-virtual machine binding to Cisco VNMC. IP-to-virtual machine  mapping is required by Cisco VSG to evaluate policies that are based on  virtual machine attributes. The VSM also resolves the security profile  ID using Cisco VNMC. This security profile ID is sent in every vPath  packet to Cisco VSG and is used to identify the policy for evaluation.

•  Cisco VNMC-to-VMware vCenter communication: Cisco VNMC registers with  VMware vCenter for visibility into the VMware environment. This  visibility allows the security administrator to define policies based on  the VMware virtual machine attributes. Cisco VNMC integrates through an  XML plug-in. The process is similar to the process for integration of  the Cisco Nexus 1000V VSM with VMware vCenter.

Hope this will be clear for you more understanding of the Cisco VSG and Cisco VNMC doing, It's was not doing such as the vShield Edge, There are only protected port profile from the Nexus 1000V (which visible for it to secured the organization with the policy). You may no need the vShield Edge on the deployment when all the network you done is using External Network, without any organization network/internal network required. Then you may secured via the Cisco VSG/VNMC.

Just my one cents over here