When we talk about VMware NSX (formerly VMware NSX-T Data Center), most of us think about abstracting management of the network away from the physical fabric thanks to NSX’s magic sauce and overlay networking capability via Geneve encapsulation. However, overlay networking isn’t always the primary use case, with a high volume of customers only opting for micro-segmentation only.
Some customers, for example, are quite happy to allow management of the network, as well as their physical gateways, to remain within the physical stack. Perhaps their organisation already has an alternative software-defined networking product in play or they simply don’t make that many changes within their network. So, how then, can customers use micro-segmentation via the NSX Distributed Firewall (DFW)? Simply put, by utilising currently existing vSphere environments and VDSs in conjunction with the NSX DFW.