How does VMware NSX-T work?
Nicholas Farina
Senior Technical Consultant

An NSX-T network starts with a meshed network of dedicated appliance VMs, distributed in a redundant fashion across hypervisors in your data centre(s) and cloud-based VDCs (Virtual Data Centres). 

Think of them as a swarm of tiny VMs, all working together like a colony of bees, bringing the function of routers, firewalls, switches, load balancers, IDS/IPS, micro-segmentation and more to every corner of your hybrid cloud “hive”.
Each appliance receives a packet piped in directly from the NIC in its respective hypervisor and determines which of its partners that packet needs to go to (and is ALLOWED to go to), before encapsulating it – along with others - in a GENEVE IP packet and sending it on its way over whatever set of interconnected LANs, WANs and VPNs you have in place. This goes on until it reaches the appliance peered with the destination VM or Edge interface, where the packet is de-encapsulated and delivered.  

Far from the simple ARP tables of the virtual switches of yesteryear, each appliance has access to your company’s complete, full stack, wall-to-wall network configuration, which is configured using the NSX Manager, backed by a fully resilient management plane and configured via a web-based GUI, CLI and API. 
Any approved change is communicated to all appliances everywhere and applied automatically without the need to separately visit or configure each individual site or cloud.

The underlying IP network only needs to be able to route the GENEVE IP packets from place to place. It does not need to carry out any firewalling, VPN, access control our routing itself because the NSX appliances take care of all that.

This is, of course, a very simplified view of the product and those who wish to learn more about it may do so on VMware’s website.


…and why does it matter?
Imagine you have some industry-specific automation applications and your file, print and domain controller servers running on a VMware cluster in your data centre along with your Visual Studio, TFC, mail forwarders and a legacy HR application which needs to be retained for legal reasons. Then you have a second VMware cluster at a different site providing DR for the most critical of those applications. Then you have three cloud silos as well – one in Azure for your critical ERP application, a Microsoft Azure Virtual Desktop build set up in 2020 to handle the newly remote workforce and some bits and pieces in AWS being used by your developers. Then there are DR environments for these three as well. That’s eight different environments (if you’re counting!) all connected with nothing more than VPNs.

A new network threat emerges, and suddenly you as the network manager need to find the skill sets and the availability to make the appropriate change on all eight environments separately, and hope that no one makes an outage-triggering mistake in the process.
With properly architected NSX-T setup, you can make, prototype and test the change in a sandboxed environment and hit the “deploy” button once to make the change everywhere, closing the security risk almost immediately with a minimum of downtime risk and absolutely no fuss.
Meanwhile your network infrastructure specialists are freed up from the daily drudge of adding rules and updating policies every time an application changes and can instead focus on higher-value network administration, like maximising performance, minimising bottlenecks and building in resilience to the underlying network. Everyone wins.

For more information about how NSX-T can help your business, please contact us today to fix up a discussion with one of our experts.

Ultima's VMware Partnership
Ultima is regarded as one of the UK’s leading VMware partners, specialising in virtual network and security, cloud and DRaaS, NSX, server and desktop virtualisation, business continuity. We employ one of the highest numbers of VMware Technical Sales Professionals of any Partner within the UK.

VMworld Highlights Virtual Event
VMworld is designed to help you welcome change, to realise a world with more options and less complexity, more automation and less overhead, more choice and no compromise. Taking place on 6-7th October, register for your free pass to the industry's premier multi-cloud event.

Following the event, we'll be hosting a VMworld Highlights Virtual Event to cover the key takeaways and help you gain the knowledge you need to help your organisation evolve its technology strategy. As we can't be together, we'll be bringing the experience to you by sending you some drinks and nibbles to enjoy during the session. 


Full Name