- Helping to provide the networking for the Horizon components
- Identity and firewalling security for VDI and RDSH desktops
- Endpoint protection
- Load balancing
Earlier this year, NSX-T Data Center 2.4 was released which brought identity firewalling, endpoint protection, and other necessary features for customers to consume equivalent to NSX Data Center for vSphere. The release of NSX-T Data Center 2.5 takes those features and provides even further scale enhancements to support small, medium, and the largest Horizon deployments.
NSX-T Data Center and EUC Design Guide
The NSX-T and EUC Design Guide takes information provided in the VMware Horizon Reference Architecture and the VMware NSX-T Reference Design Guide, and brings the two platforms together into a single solution.
Use Cases and What’s Covered
Let’s take a look at what all is covered and the use cases that NSX-T Data Center has for Horizon deployments:
Horizon Pod Alignment
NSX-T Data Center 2.5 supports massive scale that can cover an entire Horizon Pod scale, and more in some cases. This design guide aligns an NSX-T Data Center deployment at the Horizon Pod boundary to simplify deployments. Everything from Group Configuration, Segment Configuration, and more is covered to provide best practices around integrated alignment for both products for customers to consider. You can find more information on the NSX-T Data Center and Horizon supported integrations using the VMware Product Interoperability Matrix.
With NSX Data Center for vSphere, there was a 1-to-1 relationship between vCenter and the NSX Manager. This created operational inefficiencies with Horizon as each block within a Horizon Pod required its own vCenter Server. NSX-T Data Center 2.5 supports 16 vCenter Server compute managers configured, which dramatically reduces the operational overhead of managing NSX policies across all types of Horizon deployments.
NSX-T Data Center provides the necessary logical segments for the VDI desktops, RDSH Servers, and even the Horizon Management infrastructure to reside on. Examples of how to configure these logical segments regardless of the underlying physical infrastructure are inside including IP addressing guidance, DHCP Relay usage, and segment to desktop pool alignment best practices.
Security is typically a primary driver for NSX and Horizon to be coupled together. Now that NSX-T Data Center can connect up to 16 vCenter Servers, security policies that would typically have to be configured in two or more NSX Managers, can be done from one interface using objects from multiple vCenter Servers. Identity Firewalling and Layer 7 application IDs such as BLAST Extreme and PCoIP protocols are supported for user-base context support and increased and more granular security needs.
The NSX-T Data Center Load balancer supports massive scale and can natively provide all the necessary load balancing needs for Horizon Unified Access Gateways and Connection Servers. The guide goes into how to configure and deploy the NSX-T Load balancer and such constructs like server pools, health monitors, and persistence profiles so customers can leverage their existing cost spend using native features of the NSX-T product versus 3rd party services which can incur additional costs.
Endpoint Protection (Guest Introspection) is available starting with NSX-T Data Center 2.4. Since NSX-T Data Center can support multiple vCenter Server compute managers, partners with multi-vCenter Server support can provide a single endpoint protection policy for all of their desktops, regardless of how many vCenters are necessary. Take a look at the VMware Compatibility Guide for information on supported partner integrations.
Thanks for your patience as we’ve revamped and built this new guide. We’re happy to receive feedback on the VMware Communities page for how to enhance it even further. There will be continuing updates to this guide as we continue to expand and innovate the NSX-T Data Center platform.
- NSX-T 2.5 Announcement
- NSX-T and EUC Design Guide direct download page
- NSX-T 2.5 direct download page
- NSX Tech Zone