VMware NSX Reviews

The Internet is a nasty place, and getting nastier. Current breach detection products using traditional anti-malware sandbox technologies can’t keep up with advanced persistent and hyper-evasive threats that pummel enterprise networks on an hourly basis. Malware authors encode their exploits with a number of operational vectors, so in case one entry point doesn’t work they can still find a way into your network to do their dirty work. And as more businesses hire more outsourced consultants, part-time workers, and employ mobile devices, they open up additional mechanisms for malware to enter their corporate networks.

Some traditional AV and endpoint protection vendors have responded to these threats by adding features to their security products to do a better job of anticipating badly behaving packets coming through their detectors. They make use of limited virtual machines or operating system emulators to view how a piece of malware operates. That is great, but it isn’t enough. Many malware authors can detect when these simulated environments are active and can evade detection accordingly. For example, some exploits such as W32.DelfInj can literally go to sleep for several days to avoid any detector that will just scan an infected system for the first several minutes.

What is needed is a next-generation sandbox that can correlate a series of particular breach events add IP and object based reputation analysis and do this in near real-time. This is what the Lastline Breach Detection Platform does. What makes them unique is their range of discovery, the way they can effectively mimic actual PC or smartphone endpoints to examine malware behavior.

Download my full review of their system here.

Lastline has four major components:

• Network sensors. Lots of security tools have sensors, and certainly this is the cornerstone of any modern security tool. What makes Lastline more interesting is that it combines IP and domain reputation analysis with malware fingerprinting techniques. 

• Advanced sandbox screening tool. Suspicious objects that are suspected to be zero-day threats are collected from the sensors and analyzed with the Lastline next-generation sandbox, which emulates a complete endpoint system (OS, memory, and peripherals). Other sandboxing tools leave small in-guest code stubs that can reveal they aren’t “real” endpoints; Lastline doesn’t have these clues for malware to key into and looks just like regular computers. 

• Reporting and threat analysis tool. Low-level event data is then collected and correlated into a particular security incident, which then updates an online threat database. For example, just by clicking on a few different menu items, we can see how often the same infection was downloaded by a particular endpoint, or why a particular event led to other activities across our network, or how a piece of malware was attached to a series of different email messages.

• Rich threat intelligence of advanced threats.Known exploits and IP based systems associatedwith advanced malware are highly dynamic and traditional signature-based knowledge bases are ill equipped to keep up. Lastline threat intelligence draws on its global collection of next-generation sandboxes.

They just announced added Mac OS X support, which I didn't get to test. 

It is a bit tricky to install the various components and to get it set up properly. But once you do, you can take full advantage of its features. 

No.

No, indeed this is one of its main benefits. You can scale it up to handle very large networks with their modular and SaaS-based tools. 

To add flexibility to its system, both the next-generation sandbox and reporting tool can be either hosted or installed on-premises.

Their core idea is to run a piece of suspected malware in such a way as to provide the ultimate examination of its operations. Suspected code is extracted from the network traffic flow, analyzed andcorrelated with other network-level events to provide a full picture of what happened. It has one of the most throughout analysis sandbox engines. But what is more important is how they are able to provide actionable intelligence to a wide variety of leading security vendors’ intrusion prevention and unified threat management platforms from WatchGuard, Barracuda, TippingPoint, Juniper, Tripwire and others. Through a combination of application programming interfaces, Lastline can send and receive firewall blocking rules and breach event data to/from the appropriate systems that you have already purchased, so that these threats can be quickly stopped.

Yes, there are other sandboxing securing tools out there, but they aren't as thorough as what Lastline does.

Vendor team was first rate.

This product is a software-defined data center with a cloud-native approach. We mainly use it for application migration of some of the architecture to containerized solutions.

The management platform is great. I really like the management dashboard, the tailor-made assurance, the telemetry, and the ease of integration with all other solutions of VMware, such as vSphere. They also integrate well with other third-party security platforms. It's very easy to give an integration of the cloud tenant of NSX. It's very easy to build and migrate a cloud project.

It's very complex. However, I don't work directly with it typically.

We had started two projects for integration with OpenShift and OpenStack with NSX. It was declared by VMware that this is possible, however, the process is very tricky. The full integration was delayed to wait for a new official release. I don't know the actual stage, as this is something that happened more than a year or two ago. It was the beginning of the pandemic. In any case, the integration with OpenShift, the open-source cloud platform, at the time was in need of work and was (and remains) something required from our customers. 

They have to work more and more on the integration for public cloud services and have cyber security platform integration.

I've been using the solution for about five years. 

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze.

It seems to scale. However, we don't have enough data in order to say how much clients scale out or the performance when a company is trying to scale out an NSX-T environment. We are not a cloud provider. We don't have a cloud environment to test it.

In terms of who is using it on our side, we have about five to seven people who have the operational capability on NSX-T. 

In our organization, we use only a small NSX-T cluster. We have a bigger one for our lab. I can't speak to the usage of our customers where we deployed it.

We're pretty satisfied with technical support.

We previously used OpenShift together with OpenStack. It's a different platform. One is open-source and the other is a commercial platform with vendor support and established customers.

The initial setup is very simple. It's not overly complex.

All the VMware platforms are really easy to implement. They require knowledge, of course. However, if you follow the procedure, the output is good.

The deployment itself doesn't take more than two or three days. 

That said, we have knowledgeable workers that have done NSX and the previous release (not the NSX-T). They have done deployments several times. That's why, each time, it's really easy to do. If you have to do that in a customer production environment, it will take say no more than one week including both the deployment in production and the training for the customer.

We have three people that can handle deployment and maintenance tasks. 

I can handle the implementation myself. We also have trained people inside our organization. We don't need the assistance of integrators or consultants.

I can't speak to the exact licensing costs of the solution.

Most deployments are on-premises or via a private cloud in the case of enterprise clients.

We started several deployments with NSX-T version 3. I can't speak to which version we are on currently.

It works and it is powerful in terms of governance, telemetry, ease of use, and ease of deployment. The operation is very simple. Of course, you have to train someone in order to use it effectively. It's very easy to find training. For us, it's good to have a third party with enough experience in order to support other projects where we don't have enough people in order to do that.

I'd rate the solution at an eight out of ten.

We use this product for micro-segmentation and network function virtualization.

This is the most scalable product of its type.

It is very good for automation and software-defined networking.

I would like to see improvements made to the certification process. As it is now, you have to do the training with VMware itself, and you have to spend a lot of money doing it, which is very discouraging. 

If you compare other certifications especially from the cloud providers, you can get trained from your choice of training providers and not very expensive or learn on your own at your pace, prepare for exams and pass and your certificate will be issued. In contrast, you have to register under VMware to get training done at minimum of $3000 before your certificate is issued to you. The training costs a minimum of $3,000, which is expensive and should be reduced. 

I have been using this product for more than a year.

Outside of the cloud infrastructure, it is the most scalable network product that I have worked with. It is used in a server farm that contains about 2,000 servers.

We have not needed to contact technical support.

We did not use another network function virtualization product prior to this one.

The initial setup is very straightforward. Our deployment took three months, end to end.

We had a consultant to assist us with the deployment.

We have two or three in-house staff who manage and maintain the solution.

The licensing fees are expensive and we pay on a yearly basis. However, we were able to leverage some of the licenses that we had for an affiliated product, ESXi. There are no costs in addition to the standard licensing fees.

We chose VMware NSX-T because it was the most scalable.

This is a good product and one that I recommend for anybody who does not want to change their existing infrastructure. The problem is that they have to compete with the likes of AWS and cloud providers.

I would rate this solution an eight out of ten.

I primarily use NSX for micro-segmentation, security, and load-balancing.

NSX's stability could be improved.

I've been working with NSX for six years.

I would rate NSX's stability eight out of ten - there's room for improvement.

I would rate NSX's scalability eight out of ten.

The initial setup is easy and takes between one and five days.

I would give NSX a rating of seven out of ten.

I work with two different companies with different large cloud environments. 

This product is a software-defined network, and that allows you to create virtual access networks and managing security to allow for different workloads.

The solution offers a very good software-defined network that allows you to create virtual access networks. It's very helpful at allowing you to manage security to allow for different workloads. 

One of the big improvements between the NSX-V and NSX-T is that in NSX-T you are no longer dependent on V-Center anymore. That was a huge improvement due to the fact that it allows you to take into account new cases, and have better scalability, among other improvements.

There is always room for improvement, in any solution. 

In some cases, this product is very technical. 

Some configuration maximums are limiting to the user, especially when it comes to the deployment of very, very large environments. There are limits to the number of firewall rules, security groups, et cetera. With the number of security groups, you can nest all these limits, however, somehow limiting the use cases may be restrictive for the free design of different use cases.

I've been working with the solution for a while at this point. It's been at least a couple of years.

The scalability capabilities have improved in NSX-T. It is much better than when the NSX-V version was out.

I work with two different clients, both of which are quite sizeable. They have thousands of machines and thousands of security groups.

I didn't work with another solution per se, however, the previous triggered cloud tool that we had was by VMware. It was not really, at least at the very beginning, a tool for a software-defined network, however, there were some elements that allowed you to create customer networks practically on the fly. There were also some other network visualization techniques, which allowed you actually to encapsulate the traffic and to create networks on the fly. You had some security constructs, including tenents constructs, that you can find somehow in the VRA today. The tenant concept is also present in NSX.

Our customers can use the solution for free, however, this comes with restrictions.

We are consultants and integrators. We have a business relationship with VMware.

I am working with both NSX-V and NSX-T. The latest one is actually NSX-T.

On a scale from one to ten, I would rate it at an eight.

We use this solution for extended on-premise capabilities. We've been using it for five years.

I use the cloud now but in the past, we were able to create very specific segments for each part of the company. 

We like that we can split networks. Layers 4 and 7 are nice. We like that load balancing is easy for the person running it and certain features like the web bouncers F5. 

We like that the microsegmentation feature is easy to use. It is easy to segment the network.

At the moment it hasn't helped us prolong our hardware refresh.

You can easily integrate this with other VMware products. It is a robust solution.

The scalability is good. 

I never had to use their technical support. 

We were trying to save money and trying to use a more flexible solution so we decided to go with NSX as opposed to another hardware or solution.

I found that it was easy to install. In fact, I installed it myself.

We saw ROI within the first year and a half. 

It has helped us save CapEx but I'm not sure exactly how much. 

I rated this solution a nine because it's easy to use. It has a lot of capabilities, like microsegmentation, which is very good.

If you're worried that NSX is too complex, I would tell you to take another look. If you compare NSX to a similar solution you might find it to be a bit more complex. Usually, the guy that comes in to implement NSX isn't the network guy and will lack the knowledge for the program. He can lack the knowledge for this program and will therefore think it's complex. You need somebody with network experience. 

We are using VMware NSX primarily to enable address mechanisms in terms of having to provide the workloads publicly.

In India and similar regions, the CSP faces a significant challenge. The primary issue is related to network address cancellation, which requires private to public IT mapping and the use of the CSP's own IP address space. VMware NSX has been effective in addressing this problem, along with the virtual firewall's ability to function as a network firewall. This has helped to minimize the need for customers to take responsibility for their network security. In these regions, customers expect full-service solutions and do not typically embrace DIY approaches. An analogy for this situation is that if a customer buys a toothbrush from you, they might expect you to brush their teeth for them.

VMware NSX's overlay network is its most valuable feature, as it aligns with any network philosophy and allows for efficient addressing mechanisms. Additionally, the ability to extend the on-premise network into the provider space is beneficial. There are many features provided.

There is room for improvement in VMware NSX's workload management, particularly in the orchestration layer and in managing workloads across multiple clouds.

Additionally, where workload management could be improved is in the ability to federate workloads seamlessly between different control panels. For example, if I am using VMware vCenter as my control panel and have partnered with a non-VMware provider, I should be able to manage my workloads as a customer without having to worry about orchestration. This is an area where there is potential for improvement.

I have been using VMware NSX for approximately eight years.

The scalability of VMware NSX is similar to other solutions. It is scalable.

I rate the scalability of VMware NSX a seven out of ten.

We did not have local support to go to in India. There is no support center here.

I have used Qumulo but we needed to buy a switch for it which was not favorable.

The initial setup of VMware NSX is not complex. If someone has an understanding of how networks work it will be easy. It can take some time to be completed. For example, to configure the solution with the correct commands.

The implementation time can vary depending on the clarity and complexity of the requirements.

When comparing VMware NSX to OpenStack, VMware NSX is simpler to implement.

I rate the initial setup of VMware NSX a six out of ten.

The price of VMware NSX is optimal. Additionally, the price of the solution can be negotiated with the vendor. Many areas of the solution can impact the cost, such as features, time for onboarding, and support needed.

We evaluated other options before choosing VMware NSX.

VMware is a pioneer in virtualization, they are good at what they do. They score high overall in capability.

I rate VMware NSX an eight out of ten.

We use the solution to protect our VMware.

I have found some of the major features of this solution to be its ease of use, flexibility, and reliability.

Their licensing model should make it easier to purchase licenses.

I have been using the solution for a couple of weeks.

During our experience, the solution has been stable.

We have not had issues with the technical support. However, it could be a bit faster.

There is a license required for this solution, we pay annually.

I recommend this solution to others.

I rate VMware NSX an eight out of ten.