Aggressive SDN packaging for VMware Customers

transformers-wallpapers-hd

Unleashing the NSX Transformers project, from May 3, 2015 the use of Software-Defined Networking for VMware customers has been amplified. According to VMware, it is expected that this price reduction, the number of customers reached during 2016 (there are currently 1400 clients NSX generating US $ 600 MM during this 2016) is increased of which 350 customers already use NSX in environments Production (data to March 2016). IDC predicts that the SDN market can generate more than US $ 12 billion by 2020, although other studies positioned a market volume even higher (Research and Markets predicts more than US $ 77 billion in market SDN 2020).

VMware NSX (versions 6.2.2 onwards) can be licensed under one of the following 3 editions:

  • NSX Standard Edition (US $ 1995 per CPU plus annual SnS) delivers the basic framework, allows integration with third party products. Switching includes L2, L3 routing, NAT and native integration with OpenStack (Neutron) and VMware vRealize Automation. Supports perpetual licensing per CPU level ESXi physical server.
  • NSX Advanced Edition (US $ 4495 per CPU plus annual SnS): Standard Edition plus includes the issue of micro-segmentation level Data Center. Firewall includes distributed, Integration with Microsoft Active Directory, VMware services Automation Automation vRealize, Using Data Security and Load Balancer. Supports perpetual licensing per CPU level ESXi physical server and per user (oriented VDI).
  • NSX Enterprise Edition (US $ 6995 per CPU plus annual SnS): Includes Advanced Edition, plus SDN between different domains vCenter. It Includes IPSec VPN, SSL VPN and advanced features NSX as communication between different Data Centers (multiple vCenters), remote gateways and scaling to VTEP Hardware level certificate. Supports perpetual licensing per CPU level ESXi physical server.
NSX for vSphere 6.2
Feature Standard

US$1995

per CPU

Advanced

US$4495

per CPU

Enterprise

US$6995

per CPU

Hypervisors Supported      
Platform      
ESXi 5.5 Yes Yes Yes
ESXi 6.0 Yes Yes Yes
vCenter 5.5 Yes Yes Yes
vCenter 6.0 Yes Yes Yes
Cross vCenter Networking & Security No No Yes
Controller Architecture      
NSX Controller Yes Yes Yes
Universal Controller for X-VC No No Yes
Optimized ARP Learning, BCAST supression Yes Yes Yes
Switching      
Encapsulation Format      
VXLAN Yes Yes Yes
Replication Mode for VXLAN      
Multicast Yes Yes Yes
Hybrid Yes Yes Yes
Unicast Yes Yes Yes
Overlay to VLAN bridging      
SW Bridge (ESXi-based) Yes Yes Yes
Hardware VTEP (OVSDB) with L2 Bridging No No Yes
Universal Distributed Logical Switching (X-VC) No No Yes
Multiple VTEP Support Yes Yes Yes
Routing      
Distributed Routing (IPv4 Only)      
Distributed Routing – Static Yes Yes Yes
Distributed Routing – Dynamic Routing with BGP Yes Yes Yes
Distributed Routing – Dynamic Routing with OSPF Yes Yes Yes
Equal Cost Multi-Pathing with Distributed Routing Yes Yes Yes
Universal Distributed Logical Router (X-VC) No No Yes
Dynamic Routing without Control VM (Static Only) Yes Yes Yes
Active-standby Router Control VM Yes Yes Yes
Edge Routing (N-S)      
Edge Routing Static – IPv4 Yes Yes Yes
Edge Routing Static – IPv6 Yes Yes Yes
Dynamic Routing with NSX Edge (BGP) IPv4 Yes Yes Yes
Dynamic Routing with NSX Edge (OSPFv2) IPv4 Yes Yes Yes
Equal Cost Multi-Pathing with NSX Edge Yes Yes Yes
Egress Routing Optimization in X-VC No No Yes
DHCP Relay Yes Yes Yes
Active-Standby NSX Edge Routing Yes Yes Yes
VLAN Trunk (sub-interface) support Yes Yes Yes
VXLAN Trunk (sub-interface) support Yes Yes Yes
Per Interface RPF check on NSX Edge Yes Yes Yes
Services      
NAT Support for NSX Edge      
NAT Support for NSX Edge Yes Yes Yes
Source NAT Yes Yes Yes
Destination NAT Yes Yes Yes
Stateless NAT
ALG Support for NAT Yes Yes Yes
DDI      
DHCP Server Yes Yes Yes
DHCP Relay Yes Yes Yes
DNS Relay Yes Yes Yes
VPN      
IPSEC VPN No No Yes
SSL VPN No No Yes
L2 VPN (L2 extension with SSL VPN) No No Yes
802.1Q Trunks over L2 VPN No No Yes
Security      
Firewall – General      
Single UI for Firewall Rule Enforcement – NS+ EW No Yes Yes
Spoofguard No Yes Yes
Firewall Logging Yes Yes Yes
Rule Export No Yes Yes
Auto-save & Rollback of Firewall rules No Yes Yes
Granular Sections of Firewall rule table No Yes Yes
Distributed Firewall      
DFW – L2, L3 Rules No Yes Yes
DFW – vCenter Object Based Rules No Yes Yes
Identity Firewall Rules (AD Integration) No Yes Yes
IPFix Support for DFW No Yes Yes
Context-based control of FW enforcement
(applied to objects)
No Yes Yes
Edge Firewall      
Edge Firewall Yes Yes Yes
Edge High-Availability Yes Yes Yes
Service Composer      
Security Policy Yes Yes Yes
Security Tags Yes Yes Yes
vCenter Object based security groups Yes Yes Yes
IPSet, MACset based security groups Yes Yes Yes
Data Security      
Scan Guest VMs for Sensitive Data No Yes Yes
Third Party Integration      
Endpoint Service Insertion – Guest Introspection Yes Yes Yes 
Network Service Insertion No Yes Yes
Public API based Integration Yes Yes  Yes
Load-Balancing      
Edge Load-Balancing      
Protocols
TCP (L4 – L7) No Yes Yes
UDP No Yes Yes
FTP No Yes Yes
HTTP No Yes Yes
HTTPS (Pass-through) No Yes Yes
HTTPS (SSL Termination) No Yes Yes
LB Methods No Yes Yes
Round Robin No Yes Yes
Src IP Hash No Yes Yes
Least Connection No Yes Yes
URI, URL, HTTP (L7 engine) No Yes Yes
vCenter Context-aware LB No Yes Yes
L7 Application Rules No Yes Yes
Health Checks
TCP No Yes Yes
ICMP No Yes Yes
UDP No Yes Yes
HTTP No Yes Yes
HTTPS No Yes Yes
Connection Throttling No Yes Yes
High-Availability No Yes Yes
Monitoring
View VIP/Pool/Server Objects No Yes Yes
View VIP/Pool/Server Stats No Yes Yes
Global Stats VIP Sessions No Yes Yes
Distributed Load-Balancing      
L4 Load-balancing No No Yes (tech-preview)
Health checks No No Yes (tech-preview)
Operations      
Tools      
Tunnel Health Monitoring No No No
TraceFlow Yes Yes Yes
Port-Connections Tool No No No
Server Activity Monitoring No Yes Yes
Flow Monitoring No Yes Yes
IPFix (VDS Feature) Yes Yes Yes
VMware Tools      
vR Operations Manager Yes Yes Yes
vR Log Insight Yes Yes Yes
Cloud Management Platform      
vRealize Automation      
Logical Switch Creation Yes Yes Yes
Distributed router creation Yes Yes Yes
Distributed firewall security consumption No Yes Yes
Load-balancing consumption No Yes Yes
App Isolation No Yes Yes
VMware Integrated OpenStack (Neutron Plugin)      
VLAN Provider Networks Yes Yes Yes
Overlay Provider Networks Yes Yes Yes
Overlay Tenant Networks Yes Yes Yes
Metadata Proxy Service Yes Yes Yes
DHCP Server Yes Yes Yes
Neutron Router – Centralized – Shared Yes Yes Yes
Neutron Router – Centralized – Exclusive Yes Yes Yes
Neutron Router – Distributed Yes Yes Yes
Static Routes on Neutron Router Yes Yes Yes
Floating IP Support Yes Yes Yes
No-NAT Neutron Routers Yes Yes Yes
Neutron Security Groups using Stateful Firewall No Yes Yes
Port Security Yes Yes Yes
Neutron L2 Gateway Yes Yes Yes
Load Balancing (LBaaS) Yes Yes Yes
Admin Utility ( Consistency Check, Cleanup) Yes Yes Yes
Cross VC Logical Networking and Security No No No

SOURCE: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2145269

REFERENCE: http://www.vmware.com/files/pdf/products/nsx/vmware-nsx-editions-faq.pdf

Post Author: Fernando Escobar

CTO Ambassador (VMware’s Office of the CTO), VMware vExpert Cloud, VMware vExpert core, SDDC Trusted Advisor, Cloud Architect

Leave a Reply