Deploying Virtual or Bare-Metal NSX-T Edge Nodes

An NSX-T Edge node can be deployed as a virtual appliance, or installed on bare-metal hardware. The edge node on bare-metal hardware can have better performance capabilities at the expense of more difficult deployment and fewer deployment topology use cases.

In an SDDC, you usually deploy the NSX-T Edge transport nodes in an NSX-T workload domain as virtual appliances for flexibility in design. You deploy these NSX-T Edge appliances on the first ESXi cluster. You can also use the same ESXi cluster for running tenant virtual machines, that is, as a shared edge and compute cluster.

Usually, NSX-T Edge transport nodes deployed as virtual appliances in a shared edge and compute cluster is the preferred architectural design. However, in some cases, for example, low latency for the tenant workload networks, running NSX-T Edge transport nodes on bare-metal servers meets the requirements of your environment better.

Table 1. Form Factors of NSX-T Edge Nodes
Design Component	Edge Virtual Appliance	Bare-Metal Edge Appliance	Considerations
Ease of deployment and ease of expansion	↑↑	↓	You can deploy NSX-T Edge virtual appliances from NSX-T Manager or directly from OVA Because the edge nodes are running on ESXi hosts, many options for selecting compatible hardware are available. You can deploy NSX-T Edge virtual appliances from NSX-T Manager, SDDC Manager, or directly from OVA Because the edge nodes are running on ESXi hosts, many options for selecting compatible hardware are available. Deployment of bare metal appliances have certain hardware compatibility requirements, and must be manually deployed and connected to the environment. However, deploying an NSX-T Edge node on an ESXi cluster requires several VLANs for system traffic, such as ESXi management, vSAN, vSphere vMotion, and ESXi TEP. These VLANs are not required for a bare-metal NSX-T Edge node.
Ease of upgrade and life cycle management	o	↓	NSX-T Manager manages the life cycle of the associated virtual and bare-metal NSX-T Edge appliances. NSX-T Edge nodes on bare-metal hardware require individual hardware life cycle management of firmware, drivers, and so on.
Manageability	↑↑	o	NSX-T Edge nodes on bare-metal hardware require individual monitoring and management of the hardware, such as failures, firmware, and so on. The shared edge and compute cluster contains all NSX-T Edge virtual appliances that connect to the corporate network for secure and centralized network administration. SDDC Manager can rotate the passwords only of the NSX-T Edge virtual appliances. Because SDDC Manager is not aware of the bare-metal NSX-T Edge appliances, it is unable to rotate their passwords.
Availability and recoverability	↑↑	↓	If a failure of the hardware hosting the NSX-T Edge virtual appliance occurs, vSphere HA automatically recovers the edge appliance on another host. You can use vSphere DRS for migrating the edge appliance if resource contention on the original host occurs. If a failure of a bare-metal NSX-T Edge node occurs, you must redeploy it on new hardware.
Capability	o	o	NSX-T Edge virtual appliances and bare-metal NSX-T Edge provide the same network services.
Design agility	↑	↓	You can use bare-metal NSX-T Edge nodes only in an SDDC with a single availability zone in the management domain. The architecture with multiple availability zones is supported only with NSX-T Edge virtual appliances.
Performance	↑	↑↑	In certain use cases, a bare-metal NSX-T Edge node can provide better raw performance and lower latency. The performance of an NSX-T Edge virtual appliance depends on the underlying ESXi host. To improve performance, migrate the appliance to a host that has higher performance.
Capacity	o	↑	In rare use cases, a bare-metal NSX-T Edge node can support more raw capacity. NSX-T Edge virtual appliance can easily be scaled up and out as needed. You can add more ESXi hosts to the shared edge and compute cluster to run more NSX-T Edge virtual appliances.