No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


FusionCloud Solution Description 04

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
VMware NSX

VMware NSX

What Is VMware NSX?

VMware NSX is a software-defined network (SDN) implementation technology provided by VMware Service. VMware NSX can be used to implement network virtualization, improve the agility and cost-effectiveness of data center management, and greatly simplify the operation mode of underlying physical networks.

By interconnecting VMware Service with vCenter resource pools, VMware NSX can be centrally managed on ManageOne.

Related Concepts

NSX network services of VMware Service include services such as NSX logical switches, NSX DLRs, and NSX firewalls.

NSX Security Group

NSX security groups are configured to implement access control over VMware ECSs within and between NSX security groups, enhancing the security of the VMware ECSs and determine the objects to be protected. After an NSX security group is created, users can create different access rules for the NSX security group to protect the VMware ECSs that are added to this NSX security group. By default, a security group allows all data packets that are sent out from VMs in it, and VMs in the same security group can access each other.

NSX Elastic Load Balancer (ELB)

An NSX ELB distributes access traffic to multiple VMware ECSs to expand application service capabilities and eliminates single point of failure (SPOF) to improve application system availability.


An NSX distributed logical router (DLR) is a virtual device that consists of the control plane and data plane. The control plane is used to manage routes, and the data plane is distributed from internal modules to each VMware ECS management program host. The DLR control plane uses the NSX Controller cluster to push route updates to the kernel module.

NSX Logical Switch

Clouds or virtual data centers have multiple applications across multiple tenants. To ensure security, isolate faults, and avoid IP address overlapping, these applications and tenants need to be isolated from each other. VMware NSX allows you to create multiple logical switches. Each switch is a logical broadcast domain. Applications or tenant VMware ECSs can be logically connected to logical switches in wired mode. In this way, all features of the physical network broadcast domain (VLAN) are still provided and deployment flexibility and speed are ensured without encountering physical layer 2 disorder or spanning tree problems.

Logical switches are distributed and can span all VMware ECSs in the vCenter (or all VMware ECSs in the vCenter NSX environment). In this way, a VMware ECS can move in a data center (vMotion) without being restricted by a physical layer 2 (VLAN) boundary. The physical infrastructure is not restricted by the MAC or FIB table, because logical switches include broadcast domains in the form of software.

NSX Security Policy

An NSX security policy contains a group of security processing behavior for VMware ECS protection.

NSX Distributed Firewall

An NSX distributed firewall can provide the firewall service for VMware ECSs and detect the incoming and outgoing data packets of VMware ECSs based on the firewall rules to implement secure access control for east-west traffic in the private cloud environment.


VMware NSX has the following advantages:

  • With network virtualization, VMware NSX reproduces functions equivalent to the network management program as a whole set of network services from layer 2 to layer 7 in software.
  • VMware NSX centrally manages NSX networks of different underlying resource pools, facilitating administrators' operations.
  • VMware NSX combines these services programmatically and generates a unique independent virtual network in just a few seconds.

Application Scenarios

Based on software-defined data center network virtualization, NSX distributed switches, DLRs, distributed firewalls, and security groups can be used to centrally allocate and manage heterogeneous physical networks, preventing horizontal expansion of network threats, as shown in Figure 40-18.


  • Software-defined network, which migrates network functions to software and can be flexibly changed.
  • Seamless mobile network load balancing
  • Automatic network O&M
  • Network isolation, which reduces the threat of horizontal network expansion
Figure 40-18 Application scenarios of VMware NSX

Implementation Principles

Logical Architecture

Figure 40-19 shows the VMware NSX architecture.

Figure 40-19 VMware NSX architecture

Table 40-7 Descriptions of VMware NSX principles

Component Type

Component Name


VMware Service console


Provides the UI for VMware NSX Console.

Services of VMware NSX


Receives VMware network service operation requests.


Processes VMware network service operation tasks.

Common component


Provides level-1 load balancing.


Provides level-2 load balancing.

Resource pool


Provides a scalable platform that lays a foundation for virtualization management. VMware Service manages resources from the vCenter resource pool to ManageOne.

Management domain


Supports identity identification and access control for VMware NSX.


Provides the function of metering and charging resources.

Service OM



Figure 40-20 shows the VMware NSX workflow.

Figure 40-20 VMware NSX workflow

Related Services

VMware Elastic Cloud Server (ECS): VMware NSX provides scalable network services for VMware ECSs to build a secure and isolated network environment, as shown in Figure 40-21.

Figure 40-21 Services related to VMware NSX

Accessing and Using VMware NSX

FusionCloud allows you to access VMware NSX through the ManageOne operation plane.

A VDC administrator, a VDC operator, or a role that has required permissions to perform operations on VMware NSX can log in to the ManageOne operation plane and choose Product List > Network > VMware Network or Console > Network > VMware Network from the main menu.

Updated: 2019-10-23

Document ID: EDOC1100063247

Views: 64101

Downloads: 182

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next