#NSX #Concept Usually used in a greenfield environment, vSphere environment is not implemented. Network and compute resources are designed from the ground up and need major configurations on the physical layer. ## Use cases smaller greenfield environments where access to external network is also needed. - small to medium sized deployments - 2-50 hosts - maximum of 1000 VMs - single vCenter - Primary routing and switching is owned by [[SDDC]] solution ## Deployment ### Components - [[NSX - Manager.md]] Cluster - [[../../NSX.md#ESXi Host]] Deployment - [[NSX - Edge Node.md]] Cluster - [[NSX - Application platform]] (Optional) - [[NSX - Intelligence]] - [[NSX - Malware Prevention]] - [[NSX - Network Traffic analysis]] - [[NSX - Network Detection and Response]] - [[../../../Concepts/NSX - Load Balancer]] (optional) - [[NSX - Service Engine]] ## Features - Network Virtualization - Layer 2 and 3 via [[NSX - Edge Node.md#Gateway]] and [[NSX - Geneve]] with [[NSX- Overlay Network]] - L4 Gateway Firewall - Edge security and protects the DC in the Box from external networks - NAT - Hides internal IP schema, minimizes physical network dependencies. - L4 Zone Based Segmentation - Zones can be implemented: - DMZ - internal - Site to Site VPNs (optional) - L2 and L3 VPNs can be implemented on the [[[NSX - Edge Node \> Gateway](NSX - Edge Node.md#Gateway]] - L4 Application Micro-Segmentation (optional) - zero-trust security approach for critical applications - L7 Distributed Next Generation Firewall (optional) - Distributed IDS/IPS(optional) - NSX Ateway URL Filtering(optional) - NSX Gateway Network Sandboxing(optional) - NSX Gateway TLS Decryption (optional) - Load Balancing + WAF + Analytics (optional)