NSX on Public Cloud

Published on 31 May 2017

There is a great video from VMware about cross-cloud NSX.

You can't install hypervisors, so you take the NSX modules, so you take the data-plane and bring it into the VM, like VMtools, but for NSX. The Edge, can run as a AMI (for inside Amazon). So there will be one gateway per VPC. This means that any VM that goes into that VPC can be managed by NSX.

New components such as NSX Cloud Service Manager



The CSM will provide a view, and ensure that policies are pushed down to VMs in the cloud.

So in the demo, you can ensure that there is control over traffic between the Web and DB (for example).


The NSX Manager is where firewall rules can be defined (with the typical NSX firewall functionality, doesn't have to be IP based). The NSX Manager can be deployed anywhere where there is IP connectivity. VMware see this as being in a management VPC, or even deployed as a service.

The VMware Cloud Service Manager will show you the resources that are available in regions, including the number of VPCs, their attributes (which you drill into), and the number of VMs. From here, you can also deploy an NSX Gateway into VPCs that are currently unmanaged.

One really good question raised in the video, is why you would do this, rather than using the native APIs. VMware's view is that you can write this for one platform (NSX), and apply that to different clouds, and on premise. You don't need to know the constructs around local, and AWS, and Azure, etc. You can though still mix and match, so use the NSX DFW as well as the Amazon ELB for example. And once you have created your application/environment on NSX, you can move it between clouds without re-writing everything.

The other key thing here, is the plugging-in to Open Chef etc.

As the video mentions, this is early days for NSX in the cloud, but impressive so far!

