VMware Cloud Director provides advanced networking capabilities powered by the NSX Data Center for vSphere network virtualization software that offer enhanced security controls, routing, and network scaling capabilities in a cloud environment.
Using these networking capabilities, you can achieve unprecedented security and isolation in your organization virtual data center. These capabilities deliver the following benefits:
- Dynamic routing. The NSX Data Center for vSphere capabilities in your VMware Cloud Director environment support routing protocols such as Border Gateway Protocol (BGP) and Open Shortest Path First (OSPF) to simplify network integration between systems, to provide redundancy and continuity in a cloud-hosted application deployment.
- Fine-grained network security and isolation. The NSX Data Center for vSphere capabilities in your VMware Cloud Director environment support the use of object-based rule definitions to provide stateful network traffic isolation without requiring multiple virtual networks. This zero-trust security model prevents intruders from gaining full network access if an application or virtual machine is compromised. Network configuration is simplified by using the same network security policies to protect applications wherever they are physically located in the VMware Cloud Director environment and to extend your zero-trust security model for portable security no matter where an application is deployed.
- Additional capabilities provided by NSX Data Center for vSphere are enhanced VPN support for point-to-site (IPsec VPN) and user (SSL VPN-Plus) connectivity, enhanced load balancing for HTTPS, and expanded network scalability.
You can configure two types of firewalls: the edge gateway firewall and the distributed firewall. For more information about the differences between these firewalls, see Tenant Firewall Configuration with NSX Data Center for vSphere.
You access these advanced networking capabilities using the VMware Cloud Director Tenant Portal or the VMware Cloud Director Service Provider Admin Portal. The edge gateway must first be converted to an advanced edge gateway. See Convert an Edge Gateway to an Advanced Edge Gateway.