NSX-T Data Center allows you to install Distributed Security for vSphere Distributed Switch (VDS) without the need to deploy an NSX Virtual Distributed Switch (N-VDS). This ensures that DFW capabilities work on a VM whether it is managed by an NSX host switch or not.
Distributed Security provides security-related functionality to your VDS such as:
- Distributed Firewall (DFW)
- Distributed IDS/IPS
- Identity Firewall
- L7 App ID
- Fully Qualified Domain Name (FQDN) Filtering
- NSX Intelligence
- NSX Malware Prevention
- NSX Guest Introspection
Prerequisites
The following are the requirements for installing Distributed Security for VDS:
- vSphere 6.7 or later.
- The vSphere cluster should have at least one VDS with distributed switch version 6.6 or later configured.
- The vSphere cluster should not have N-VDS deployed.
- A compute manager must be registered in NSX-T. See Add a Compute Manager.
Procedure
Results
Distributed Security is installed and you can begin using security capabilities such as creating DFW policies and rules for the VDS.