nsxv4746
Contributor
Contributor

NSX - T : Micro Segmentation

I have query regarding NSX-T Micro Segmenation.

1. Does NSX - T supports Micro Segmenation - I believe yes.

If so what are the hypervisors it supports Micro Segmentation.

2. If it so what is the difference between the Micro Segmentation offers in NSX-v & NSX-T

0 Kudos
5 Replies
sjason
Enthusiast
Enthusiast

1. NSX-T does support microsegmentation. Supported platforms in the current release are vSphere, KVM, containers w/Kubernetes, AWS native and Azure native. NSX-T 2.3 will add support for bare metal linux workloads as well.

2. NSX-V is tightly coupled with vSphere and allows you to use vCenter objects in firewall rules, L7, identity firewall as well as service insertion with partners. NSX-T is multi-platform and enables you to have a consistent security policy across multiple platforms.

0 Kudos
MahmoudZRaboe
Contributor
Contributor

Sjason,

Do i have to configure all the NSX-t Items like N-VDS, Tier-0 transport zones and so on to be able to use the micro-segmentation with NSX-T?

Thanks,

0 Kudos
vLingle
VMware Employee
VMware Employee

MahmoudZRaboe,

Overlay is not required, but the workload will need to be connected to a N-VDS.  So, after NSX-T is installed (i.e. Mgmt. and Control Plane up, hosts added as Fabric Nodes, etc) you will...

-Create VLAN transport zone

-Add VLAN Transport Zone to the transport nodes

-Create VLAN based Logical Switch

-Move/create VM’s vnic to VLAN based Logical Switch created on N-VDS

-Create grouping and DFW policy on NSX-T

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Regards, Jeffrey Lingle
0 Kudos
Langar
Contributor
Contributor

Hi,

I have another question: The controller are mandatory for distributed firewall in NSX-T?

Thanks,

Akram

0 Kudos
mauricioamorim
VMware Employee
VMware Employee

In NSX-T you need the N-VDS for micro segmentation. Controllers are necessary for that and, in NSX-T 2.4, controllers are merged in the same appliance as the managers, so there is no way to deploy a manager without a controller.

0 Kudos