We are excited to announce an updated version of the NSX Reference Design and the NSX Easy Adoption Design guide based on the generally available NSX-T release 3.2. NSX-T 3.2 is part of the recently released VCF 4.5 software bundle, making it a very popular release among our customers.

To support you in your network and security virtualization journey, we introduced the NSX-T reference architecture design guide on the NSX-T 2.0 release, showing how you should design your data centers with NSX-T. Over time we introduced additional design guides such as the NSX-T Multi-Location Design Guide (Federation + Multisite), the Easy Adoption Design guide, and the NSX-T Data Center and EUC Design Guide for more specific use cases.

These latest updates cover the new features included in the 3.2 versions and the design and implementation guidelines we developed working tightly with our customers on their NSX projects.

The NSX Reference Design guide version 3.2

This document is the most essential document for any NSX practitioner. Whether you are just starting with NSX or have already successfully implemented NSX in your environment, the NSX Reference Design guide provides a clear and detailed description of how the NSX platform works and how to best adopt it in various scenarios.

What readers will find in the NSX Reference Design Guide:

  • Packet walks
  • A detailed explanation of several key features: switching, routing, bridging, distributed firewall, etc.
  • Clear recommendations on NSX design for your data center based on your use cases, applications needs, throughput, performance, convergence, etc.
  • Performance considerations

What’s new in the 3.2 version of the NSX Reference Design guide?

We describe and provide guidance for the following new features:

  • OSPF
  • Multicast routing
  • Inline EVPN
  • Bridging topologies
  • More in-depth coverage of Edge HA topologies

We drastically overhauled chapter 7, where we provide best practices and design guidelines. The updates include the following:

  • Comparison of the NSX deployment models, VLAN-only security vs. network virtualization with overlay
  • The role and benefits of network overlay in a modern data center and private cloud
  • Specific design considerations for different types of physical fabrics (Layer2 vs. Layer3, EVPN, etc.)
  • Platform design considerations include how to map NSX logical constructs to different use cases and applications and the different options to implement multi-tenancy
  • Recommendations about how to gather requirements for the NSX edge node sizing and configuration
  • Design considerations for the placement of the NSX components in a vSphere deployment and the configuration of vSphere functionalities such as DRS and vSphere HA.
  • Updated VSAN recommendations for the management and edge vSphere clusters

Sample Network Overlay Deployment with Physical Fabric VLAN Schema from Chapter 7

Chapter 8 provides the latest updates about NSX performance. It includes information about what we learned from our internal tests and real-world customer deployments and offers actionable recommendations to design the NSX environment for optimal performance. We expect that readers will find especially valuable the discussion about edge performance and the factors that influence it. Those concepts are crucial to better design the hardware and the oversubscription level of the server hosting the NSX edge node VMs.

The NSX Easy Adoption Design Guide version 3.2

This NSX Easy Adoption Design Guide aims to build a simplified consumption model based on two prescriptive use cases suitable for small footprint, single rack deployments, and satellite data centers.

We named the two use cases presented in this document Simple Security for Applications and DC in a Box:

  • The Simple security for Applications use case is a simplified security solution designed for existing workloads where the physical network retains many networking functionalities
  • The DC in a Box use case is a full-stack design that primarily targets new deployments minimizing interaction with the external network while providing extensive flexibility and Network and Security services inside the solution.

 

Simple Security for Applications use case – high-level diagram

DC in a Box use case – high-level diagram

The solutions presented focus on the following goals and parameters:

  • Physical network-friendly configuration – minimum configuration
  • Leverage existing knowledge base from vSphere and Security Admin
  • Exploit the features and capabilities from NSX to build a flexible yet consolidated solution for a variety of application needs, services (NAT, VPN, FW, LB), and security
  • Scope of deployment meeting most common footprint for small workload, satellite DC, and hosted solutions
  • Self-contained guidance and step-by-step design rational

This document incorporates two main sections. Each of them addresses the two use cases at a different level.

Section 2 covers a high-level overview of the two solutions and their value proposition in the context of well-defined requirements and constraints. We also include a brief overview of the relevant NSX components.

Section 3 provides a detailed design and engineering specification for both use cases. It includes a comprehensive list of assumptions on the supporting infrastructure. Design decisions have accompanying justifications and implications for making the designs actionable and the rationale behind the choices clear and transparent.

What’s new in the 3.2 version of the NSX Easy Adoption Design guide?

This updated version of the document aligns with NSX version 3.2. It includes the following updates:

  • NSX vCenter server plug-in for the simple security for applications use case
  • Distributed Firewall on vCenter distributed virtual port-groups for VLAN-only micro-segmentation
  • NSX Application platform as an optional component to support NSX intelligence and Advanced Threat Prevention features for both the simple security for applications and the data center in a box use cases
  • NSX Next-Generation gateway firewall as an optional component for the data center in a box use case
  • NSX Advanced Load Balancer as an optional component for the data center in a box use case

Resources

Thanks for your patience as we’ve revamped and built these new guides.  We’re happy to receive feedback on the VMware Communities page for further enhancing it.  There will be continuing updates to these documents as we continue to expand and innovate the NSX platform.