In much the same way that server virtualization programmatically creates, snapshots, deletes, and restores software-based virtual machines (VMs), NSX-T Data Center network virtualization programmatically creates, deletes, and restores software-based virtual networks.
With network virtualization, the functional equivalent of a network hypervisor reproduces the complete set of Layer 2 through Layer 7 networking services (for example, switching, routing, access control, firewalling, QoS) in software. As a result, these services can be programmatically assembled in any arbitrary combination, to produce unique, isolated virtual networks in a matter of seconds.
NSX-T Data Center works by implementing three separate but integrated planes: management, control, and data. These planes are implemented as a set of processes, modules, and agents residing on two types of nodes: NSX Manager and transport nodes.
Every node hosts a management plane agent.
NSX Manager nodes host API services and the management plane cluster daemons.
NSX Controller nodes host the central control plane cluster daemons.
Transport nodes host local control plane daemons and forwarding engines.
NSX Manager provides a three-node clustering support which merges policy manager, management, and central control services on a cluster of nodes. NSX Manager clustering provides high availability of the user interface and API. The convergence of management and control plane nodes, reduces the number of virtual appliances that must be deployed and managed by the NSX-T Data Center administrator.
The NSX Manager appliance is available in three different sizes for different deployment scenarios. A small appliance for lab or proof-of-concept deployments. A medium appliance for deployments up to 64 hosts and a large appliance for customers who deploy to a large-scale environment. See NSX Manager VM System Requirements and Configuration maximums tool.
NSX-T Data Center provides a declarative policy model and imperative-based model.
The declarative policy model provides an easier approach to configure networking and security for applications which is platform-agnostic. You can specify the networking and security requirements for the application environment, which limits errors.
The imperative-based model is available in the Advanced Networking and Security tab, which allows you to configure tasks step-by-step.