Microsegmentation is the process by which a traditional layer-2 subnet is further subdivided into micro segments through the use of the NSX distributed firewall. This is made possible because the firewall filter layer is built into software modules (VIBs) in the hypervisor kernel which inspect traffic at the ingress and egress of virtual network interfaces on virtual machines within the environment.
NSX comes complete with a REST API that can be easily consumed from command line and scripting tools in addition to full-scale custom coding solutions. This makes it accessible from other VMware technologies, such as vRealize Automation, and vRealize Orchestrator, as well as to PowerShell scripting and shell scripting (via curl, for example). It is also possible to write custom code solutions that integrate NSX configuration modifications via the REST API into consistent workflows that accomplish work on behalf of system administrators and end users for the purposes of automatically, consistently, and securely configuring the network.
NSX can run in a multi-site fashion, with highly available a universal controller cluster (runs at a single site) and an NSX manager running at each location. The NSX manager runs a universal synchronization service that is responsible for replicating changes between sites and making all sites compatible with each other.
From time to time for various reasons, NSX controller nodes may stop working or become corrupted. The reasons for this are varied and perhaps not always clear. Because of the architecture of NSX, it is often the easiest strategy to redeploy controller nodes in the case of a failure or corruption because it’s much faster to redeploy nodes than it might otherwise be to troubleshoot them.
NSX is a software-defined, network virtualization technology that enables the decoupling of networks from hardware in much the same manner that server virtualization did for operating systems and hardware.
Integrating NSX with vRealize Automation quickly adds network automation capabilities to the self-service porta, giving administrators and designers access to build network blueprints into standard service offerings. This has the effect not only of decreasing the time to deliver services that require network components, but also increasing the security and availability of services provided by ensuring that network changes conform to a consistent set of rules when deployed.