• Mike Ghazaleh

What is NSX-T?

You've heard of NSX, NSX-V, NSX-T - but what is NSX, and why would you use it? In this blog, I'm going to address this question in as simple terms as possible. Whether your organization is looking at purchasing NSX, or you're on the partner/OEM side and expected to talk about and sell NSX - it doesn't matter - by the end of this post, I hope you'll be able to intelligently speak about NSX.

Enough talking...let's jump right in!

What is NSX-T?

NSX-T is a software-defined networking and security product by VMware. Using it allows you to abstract your physical network, which ultimately just means that you can create networks in software! This does not mean you can throw your switches and routers'll still need those. What it does mean, though, is that you can have a simpler configuration on your physical network, since NSX will be creating/managing some of those networks in software. This functionality is called Network Virtualization.

So why would you want to do network virtualization? Well, here's a few reasons:

  • Allows you to stretch networks across locations/sites without major physical network changes- no re-IPing for Disaster Recovery or Active/Active DC use cases!

  • Super easy to create new networks/subnets in NSX, and doing this requires no physical network changes (after initial installation)

  • You can now automate all of your networking! Create networks with code.

In addition to this, NSX also offers a lot of really slick security features that help secure your environment. Some of those security features include:

  • Stateful, distributed firewall that runs completely native to vSphere (and requires no agents or network changes if you don't want to do network virtualization!)

  • Malware prevention and sandboxing for East-West traffic

  • Network Traffic Analysis which looks for anomalies (ie: this VM normally talks on port 80 only, but now it's talking to an endpoint across the world on port 65100. This is weird - and would trigger an alert in NSX)

  • Distributed IDS/IPS - so you can stop attacks mid-flight by looking at Layer 7 data


There's a LOT of confusion about NSX-V and NSX-T. Let me make this really simple! NSX-V is an older version of NSX that only supported vSphere (thus the name - NSX for vSphere). NSX-T was introduced which brought a lot of new capabilities to NSX, such as:

  • Support for multiple hypervisors (KVM, vSphere)

  • Support for public cloud (native AWS/Azure)

  • Support for multiple vCenters

  • The introduction of a feature called Federation, which stretches networks between sites better than NSX-V could do it

Want to learn more?

If you are thinking "wow! this doesn't sound too complicated!" - you're right. It's not too bad. The biggest challenge with NSX is the new terminology, it can get pretty complicated. To help people with this, I've created multiple NSX courses. I spend a LOT of time making these courses the best I can, and I'm pretty proud of them.

A few of my courses you might find helpful are:

Recent Posts

See All