In VMware Cloud Foundation, you use NSX for connecting management and customer virtual machines by using virtual network segments and routing. You also create constructs for solutions that are deployed for a single VMware Cloud Foundation instance or are available across multiple VMware Cloud Foundation instances. These constructs provide routing to the data center and load balancing.

Table 1. NSX Logical Concepts and Components

Component

Description

NSX Manager

  • Provides the user interface and the REST API for creating, configuring, and monitoring NSX components, such as segments, and Tier-0 and Tier-1 gateways.

  • In a deployment with NSX Federation, NSX Manager is called NSX Local Manager.

NSX Edge nodes

  • Is a special type of transport node which contains service router components.

  • Provides north-south traffic connectivity between the physical data center networks and the NSX SDN networks. Each NSX Edge node has multiple interfaces where traffic flows.

  • Can provide east-west traffic flow between virtualized workloads. They provide stateful services such as load balancers and DHCP. In a deployment with multiple VMware Cloud Foundation instances, east-west traffic between the VMware Cloud Foundation instances flows through the NSX Edge nodes too.

NSX Federation (optional design extension)

  • Propagates configurations that span multiple NSX instances in a single VMware Cloud Foundation instance or across multiple VMware Cloud Foundation instances. You can stretch overlay segments, activate failover of segment ingress and egress traffic between VMware Cloud Foundation instances, and implement a unified firewall configuration.

  • In a deployment with multiple VMware Cloud Foundation instances, you use NSX to provide cross-instance services to SDDC management components that do not have native support for availability at several locations, such as VMware Aria Automation and VMware Aria Operations.

  • Connect only workload domains of matching types (management domain to management domain or VI workload domain to VI workload domain).

NSX Global Manager (Federation only)

  • Is part of deployments with multiple VMware Cloud Foundation instances where NSX Federation is required. NSX Global Manager can connect multiple NSX Local Manager instances under a single global management plane.

  • Provides the user interface and the REST API for creating, configuring, and monitoring NSX global objects, such as global virtual network segments, and global Tier-0 and Tier-1 gateways.

  • Connected NSX Local Manager instances create the global objects on the underlying software-defined network that you define from NSX Global Manager. An NSX Local Manager instance directly communicates with other NSX Local Manager instances to synchronize configuration and state needed to implement a global policy.

  • NSX Global Manager is a deployment-time role that you assign to an NSX Manager appliance.

NSX Manager instance shared between VI workload domains

  • An NSX Manager instance can be shared between up to 14 VI workload domains that are part of the same vCenter Single Sign-On domain.

  • VI workload domains sharing an NSX Manager instance must use the same vSphere cluster life cycle method.

  • Using a shared NSX Manager instance reduces resource requirements for the management domain.

  • A single transport zone is shared across all clusters in all VI workload domains that share the NSX Manager instance.

  • The management domain NSX instance cannot be shared.

  • Isolated workload domain NSX instances cannot be shared.