Overall Satisfaction with VMware NSX
We are using VMware NSX for network security and management across 3 vCenters, two of which are VDI. It has allowed for micro-segmentation, native load balancing, firewalling for our servers, and broadcast suppression for a highly scalable VDI environment. It has provided simplified management and security. It has also allowed us to deploy new load balancers faster than a purchase order could even be cut, and allowed for much more dynamic security design. It has also provided the ability for us to move towards a much greater software-defined data center environment, which has allowed for greater flexibility in the future.
- Broadcast Suppression: By suppressing broadcast traffic, we have been able to deploy a single VDI network in a /18 network space, allowing for rapid growth and proper DHCP lease timing for a VDI instant clone environment.
- Networking HA: Leveraging internal mechanisms for high availability, it provides disaster resiliency to a virtual networking environment.
- Cost Savings: All available features of NSX are licensed simultaneously. Load balancers, firewalls, and routers are all licensed as features, not per object, allowing for the deployment of as many of these objects as are needed.
- Firewall rules can break all communication. If a rule is improperly written, it can block all communication to the hosts, vCenter(s), and NSX components, requiring lengthy recovery times.
- If NSX components break, it can break the entire system if it is not properly designed. No components are required to manage NSX which should exist behind NSX networks, just like no vCenter components should exist behind vCenter objects (VVols, VSAN, DVS).
We use both Cisco ACI and VMware NSX, and while they have different strengths and capabilities, I would recommend VMware NSX, as it can be used in all VMware environments, without costly physical infrastructure changes. Cisco ACI provides some of the same capabilities, but not all. It's focus relies on physical networking changes.
With proper design, VMware NSX can and should be deployed to virtually any VMware virtualization environment, but the deployment should be tailored to the needs of that environment. There isn't really a one size fits all deployment design for all environments. That versatility is what provides its greatest strength to a business.