In this design, you use NSX-T Data Center to provide network connectivity for tenant workloads by using virtual network segments and routing. You also create constructs for region-specific and cross-region solutions. These constructs isolate the solutions from the rest of the network, providing routing to the data center and load balancing.

NSX-T Data Center

NSX-T Data Center provides network virtualization capabilities in workload domains. With network virtualization, networking components that are usually part of the physical infrastructure, can be programmatically created and managed by using this software-defined network (SDN) platform. NSX-T Data Center provides both a declarative intent-based policy model, and an imperative based model to define and manage the SDN.

The deployment of NSX-T Data Center includes management, control plane, and services components.

NSX-T Federation

You use NSX-T Federation to propagate configurations that span multiple NSX-T instances. You can stretch overlay segments in NSX-T between regions, enable failover of segment ingress and egress traffic between regions, and implement a unified firewall configuration.

In the virtual infrastructure domain in a multi-region SDDC, you can use NSX-T to provide cross-region services to customer workloads which do not have native support for multi-region availability.


If you do not plan to use any workloads which require NSX-T Federation for multi-region availability, consider this design extension optional.

NSX-T Manager

NSX-T Manager provides the user interface and the RESTful API for creating, configuring, and monitoring NSX-T components, such as virtual network segments, and Tier-0 and Tier-1 gateways.

NSX-T Manager implements the management and control plane for the NSX-T infrastructure. NSX-T Manager is the centralized network management component of NSX-T, providing an aggregated view on all components in the NSX-T Data Center system.

In a deployment using NSX-T Federation, such as a multi-region SDDC, NSX-T Manager is called NSX-T Local Manager.

Table 1. Components of NSX-T Manager




  • Logical switching and routing

  • Networking and edge services

  • Security services and distributed firewall


You can automate all configuration and monitoring operations by using any cloud automation platform, security vendor platform, or automation framework.

Management Plane Agent (MPA)

Available on each ESXi host. The MPA is in charge of persisting the desired state of the system and for communicating non-flow-controlling (NFC) messages such as configuration, statistics, status, and real-time data between transport nodes and the management plane.

NSX-T Controller

NSX-T Controllers implement the central control plane (CCP). They control the virtual networks and overlay transport tunnels. The controllers are responsible for the programmatic deployment of virtual networks across the entire NSX-T architecture.

The CCP is logically separated from all data plane traffic, that is, a failure in the control plane does not affect existing data plane operations. The controller provides configuration to other NSX-T Data Center components, such as segment, gateway, and edge node configuration.

Integration with vCenter Server

NSX-T Data Center components are not assigned to a specific vCenter Server or vSphere construct. You can share them across different vSphere environments.

NSX-T Global Manager

NSX-T Global Manager is part of multi-region deployments where NSX-T Federation is required. NSX-T Global Manager can connect multiple NSX-T Manager instances under a single global management plane. NSX-T Global Manager provides the user interface and the RESTful API for creating, configuring, and monitoring NSX-T global objects, such as global virtual network segments, and global Tier-0 and Tier-1 gateways.

Connected NSX-T Local Manager instances create the global objects on the underlying software-defined network that you define from NSX-T Global Manager. An NSX-T Local Manager instance in an individual region directly communicates with NSX-T Local Manager instances in other regions to synchronize configuration and state needed to implement a global policy.

NSX-T Global Manager is a deployment-time role that is assigned to an NSX-T Manager appliance.

NSX-T Edge Nodes

An NSX-T Edge node is a special type of transport node which contains service router components.

NSX-T Edge nodes provide north-south traffic connectivity between the physical data center networks and the NSX-T SDN networks. Each NSX-T Edge node has multiple interfaces where traffic flows.

You also use the NSX-T Edge nodes in east-west traffic flow between virtualized workloads. They provide stateful services such as load balancers and DHCP. In a multi-region deployment, east-west traffic between the regions flows through the NSX-T Edge nodes, as well.