No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FusionCloud 6.3.0 Solution Description 05

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VMware NSX

VMware NSX

What Is WMware NSX?

VMware NSX is a software-defined network (SDN) implementation technology provided by VMware Service. WMware NSX can be used to implement network virtualization, improve the agility and cost-effectiveness of data center management, and greatly simplify the operation mode of underlying physical networks.

By interconnecting VMware Service with vCenter resource pools, VMware NSX can be centrally managed on ManageOne.

Related Concepts

NSX network services of VMware Service include services such as NSX logical switches, NSX DLRs, and NSX firewalls.

NSX Security Group

NSX security groups are configured to implement access control over VMware ECSs within and between NSX security groups, enhancing the security of the VMware ECSs and determine the objects to be protected. After an NSX security group is created, users can create different access rules for the NSX security group to protect the VMware ECSs that are added to this NSX security group. By default, a security group allows all data packets that are sent out from VMs in it, and VMs in the same security group can access each other.

NSX Elastic Load Balancer (ELB)

An NSX ELB distributes access traffic to multiple VMware ECSs to expand application service capabilities and eliminates single point of failure (SPOF) to improve application system availability.


An NSX distributed logical router (DLR) is a virtual device that consists of the control plane and data plane. The control plane is used to manage routes, and the data plane is distributed from internal modules to each VMware ECS management program host. The DLR control plane uses the NSX Controller cluster to push route updates to the kernel module.

NSX Logical Switch

Clouds or virtual data centers have multiple applications across multiple tenants. To ensure security, isolate faults, and avoid IP address overlapping, these applications and tenants need to be isolated from each other. WMware NSX allows you to create multiple logical switches. Each switch is a logical broadcast domain. Applications or tenant VMware ECSs can be logically connected to logical switches in wired mode. In this way, all features of the physical network broadcast domain (VLAN) are still provided and deployment flexibility and speed are ensured without encountering physical layer 2 disorder or spanning tree problems.

Logical switches are distributed and can span all VMware ECSs in the vCenter (or all VMware ECSs in the vCenter NSX environment). In this way, a VMware ECS can move in a data center (vMotion) without being restricted by a physical layer 2 (VLAN) boundary. The physical infrastructure is not restricted by the MAC or FIB table, because logical switches include broadcast domains in the form of software.

NSX Security Policy

An NSX security policy contains a group of security processing behaviors for VM protection.

NSX Distributed Firewall

An NSX distributed firewall can provide the firewall service for VMware ECSs and detect the incoming and outgoing data packets of VMware ECSs based on the firewall rules to implement secure access control for east-west traffic in the private cloud environment.


VMware NSX has the following advantages:

  • With network virtualization, VMware NSX reproduces functions equivalent to the network management program as a whole set of network services from layer 2 to layer 7 in software.
  • VMware NSX centrally manages NSX networks of different underlying resource pools, facilitating administrators' operations.
  • VMware NSX combines these services programmatically and generates a unique independent virtual network in just a few seconds.

Application Scenarios

Based on software-defined data center network virtualization, NSX distributed switches, DLRs, distributed firewalls, and security groups can be used to centrally allocate and manage heterogeneous physical networks, preventing horizontal expansion of network threats, as shown in Figure 37-18.

  • Software-defined network, which migrates network functions to software and can be flexibly changed.
  • Seamless mobile network load balancing
  • Automatic network O&M
  • Network isolation, which reduces the threat of horizontal network expansion
Figure 37-18 Application scenarios of VMware NSX

Implementation Principles

Logical Architecture

Figure 37-19 shows the VMware ECS architecture.

Figure 37-19 Logical architecture of VMware ECS
Table 37-7 Descriptions of the VMware ECS architecture

Component Type

Component Name


VMware Service console


Provides the UI for VMware ECS Console.

Services of VMware ECS


Processes the operation request of VMware ECS Console.


Sorts and filters VMware ECS operation requests.


Processes VMware ECS operation tasks.

Common component


Provides level-1 load balancing.


Provides level-2 load balancing.


Provides domain name parsing and time synchronization capabilities.

API Gateway

Allows a third-party application to call the VMware ECS API.

Resource pool


Provides a scalable platform that lays a foundation for virtualization management. VMware Service manages resources from the vCenter resource pool to ManageOne.

Management domain


Supports identity identification and access control for VMware ECS.


Provides the function of metering and charging resources.

Service OM



Figure 37-20 shows the VMware ECS workflow.

Figure 37-20 VMware ECS workflow

  1. VDC administrators or VDC operators apply for VMware ECSs from the ManageOne operation plane. VMware Service delivers the operation requests to Compute for processing.
  2. Scheduler filters and sorts the processed operation requests.
  3. Core Task processes tasks in sequence.
  4. API Gateway distributes the requests for vCenter systems.

Related Services

VMware ECS: VMware ECSs created on VMware Service use the scalable network constructed by VMware NSX. Figure 37-21 shows the details.

Figure 37-21 Services related to VMware NSX

Accessing and Using VMware NSX

FusionCloud allows you to access VMware NSX through the ManageOne operation plane.

A VDC administrator, a VDC operator, or a role that has required permissions to perform operations on VMware NSX can log in to the ManageOne operation plane and choose Product List > Storage > Elastic Volume Service or Console > Storage > VMware Elastic Volume Service > NSX Network from the main menu.

Updated: 2019-04-23

Document ID: EDOC1100026685

Views: 154189

Downloads: 262

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next