You can secure workloads running on a physical server. Preparing a physical server involves a modest preparation for either a Linux or Windows physical system.

You can provide connectivity and security to applications or workloads between:

  • Physical workloads (bare metal server) and virtual workloads
  • Physical workloads (bare metal server) and physical workloads (bare metal server)


You have deployed the NSX Manager and configured the relevant license.


A Windows physical system requires the Windows Remote Management (WinRM) feature. A Linux physical system requires a handful of dependency modules. Install prerequisite features for either a Windows or Linux physical system using Ansible and a prepared playbook available on GitHub.

To add physical servers to the NSX data plane, perform the following steps:

  1. Review the bare metal requirements. See Bare Metal Server System Requirements.
  2. Configure the necessary ports and protocols. See Ports and Protocols.
  3. Create an Application Interface for the physical server workloads. See Create Application Interface for Physical Server Workloads.
  4. Configure a physical server as a transport node through the UI. See Configure a Physical Server as Transport Node Through UI.
  5. After adding all your physical servers, configure the DFW rules to secure the physical systems. After configuration is complete, the physical servers contain the DFW rules that are pushed from the NSX Manager. Here is an example of how to secure workloads on Windows Server 2016/2019. See Secure Workloads on Windows Server 2016/2019 Bare Metal Servers.