NSX Cloud uses the NSX-T core components -- NSX Manager and Controllers -- and integrates them with your public cloud to provide network and security across your implementations.

NSX Cloud is agnostic of provider-specific networking that does not require Hypervisor access in a public cloud. Integration with CSP provides AWS Identity and Access Management (IAM), billing, logging, and security support for a public cloud environment.

The VMware SRE team deploys, monitors, and troubleshoots any errors that might occur in the public cloud.

The core NSX Cloud components are:

  • NSX Manager for the management plane with role-based access control (RBAC) defined.

  • NSX Controller for the control plane and run-time state.

  • Cloud Service Manager (CSM) for integration with NSX Manager to provide public cloud-specific information to the management plane.

  • NSX Public Cloud Gateway (CGW or PCG) for connectivity to the NSX management and control planes, NSX Edge gateway services, and for API-based communications with the public cloud entities in the compute VPC (such as VPCs, EC2 Instances, and Security Groups). The CGW is deployed in a compute VPC via CSM.

  • NSX Agent functionality that provides NSX-managed datapath for workload VMs.

Management VPC and Compute VPC

NSX Cloud components, namely, NSX Manager, Controller Cluster, and Cloud Service Manager, are hosted inside VMware’s AWS account in, what we call, a management VPC.

The VPC that you want to manage with NSX via NSX Cloud is, what we call, a compute VPC.

You need to set up three subnets in this compute VPC that separate out the management, uplink, and downlink traffic. The management traffic is for NSX Manager and this subnet needs one IP address per PCG. The uplink subnet is for Internet traffic, and the downlink subnet is for data traffic in and out of your compute VPC.

As part of configuring your compute VPC, you deploy a single (or HA pair) of CGW and select these subnets to configure the gateway. This forms the basis of allowing NSX to manage your workload VMs.

Your application instances will be launched in this compute VPC.

Figure 1. NSX Cloud Architecture