VMware NSX Reviews

NSX is extremely invaluable from the standpoint of security.

It does have capabilities of micro-segmenting a network, being able to create smaller segments of various types of applications separated by various tiers.

However, what it's mostly important for is being able to actually set security policies right at the interfacing virtual machine, which we haven't had the ability to do in the past.

So the third-party marketplace is growing and growing for this product and being able to redirect traffic to them, to the third-party products in order to take advantage of those additional features, is wonderful.

I think that one of the more important things to see better integrated into the NSX product would be an IDS/IPS type solution, which right now we're handing off to a third-party, which sometimes doubles the cost of the product. However, there are new products that we're learning about over the course of this week like AppDefense, that may actually help provide some additional capabilities in terms of that IDS/IPS type structure.

There are elements that have been added to it over the years, but its history goes way back with vShield, and has been included in products like vCloud Director, etc. To be honest with you, I've deployed it over the past five to six years and I've had nothing but great success with it.

From a tech support standpoint, as with most VMware text support, the people that we get a hold of on the phone are generally very knowledgeable of the product and have the ability to actually help us through whatever issue we have. We try not to spin our wheels too much. We do try to dig in as much as we can, but as soon as we understand we've gone beyond our limitations we get them on the phone and we've never had an issue trying to get the support we need.

It's a complex product so setup is essentially as easy as the person whose knowledge is being used to install it. There are various elements to it. It can be installed in modules - in a modular fashion. You don't have to install everything right away. And, unfortunately, with this particular product, when you read through all the marketing materials it sounds like it has to be installed completely when, in fact, you can start out with only the pieces you need and add what you need - the other pieces - later as needed.

I always have a hard time giving a ten to anything. I think everything needs improvement. So that's why I would give it a solid eight out of 10.

We use this solution to build our VMware platform.

The most valuable features are security and dynamic routing.

The routing functionality needs to be improved, as there are lots of bugs in the system.

I would like to see automation capabilities in the deployment process.

I have been using VMware NSX since 2016.

I think that there is room to improve from a stability standpoint. There are lots of bugs in this product.

VMware NSX is highly scalable.

The technical support team is good.

I would not say that the initial setup was straightforward. In terms of how easy it was to complete the deployment, I would rate the process a seven out of ten. 

My advice for anybody who is researching VMware NSX is to first have an understanding of network engineering.

I would rate this solution an eight out of ten.

We use VMware NSX for box integration. If box integration is still a code, we use this technology to understand it.

When we have problems in the Kubernetes cluster inside the XDN or problems in the Container Network Interface (a container integrated with the NSX), we can join the Kubernetes cluster data source. If there is a problem in CNI, we can see the connection with the NSX manager and create alerts.

The alert features are the most valuable.

The integration with other brands is not the best and could be better.

We have been using this solution for almost two years. We are using version 3.1.

It is a stable solution.

It is scalable, and we have 20 users using this solution.

I rate the technical support a ten out of ten. Their support is excellent.

The initial setup was straightforward.

We have had a very good return on investment.

I rate this solution a ten out of ten. I recommend VMware NSX because it's a powerful tool. We can see the flows inside the SDN, which has a lot of power.

Load balancing is achieved using VMware NSX. The load balancing feature provided with VMware vSphere is called NSX.

While using the virtual server with your on-premises trusted internal network, you can set up rules to prevent them from doing specific activities.

VMware NSX is a very good product.

It's a beneficial tool.

VMware NSX needs improvement.

We have been using VMware NSX for a couple of years.

We are using the most recent version.

I have no issues with the stability of  VMware NSX.

VMware NSX is a scalable solution.

NSX is not a user, product. NSX is for securing your virtualization platform.

The support needs improvement.

The initial setup is straightforward.

I have not yet fully explored all that this solution provides. I am still analyzing it. From the knowledge and experience that I have today, I would recommend this solution.

I would rate VMware NSX a five out of ten.

Our main use case is the distributed firewall. NSX can segment every application and server based on the ports they need to communicate externally. Ports that aren't required are inactive, so we activate them for some specific applications. We can get the ports from the application guys, activate the ones we need, and then disable the rest of the ports. We've done other things with NSX, but it's just mostly about the distributed firewall.

We typically run a lot of vulnerability assessments — sometimes spam testing — and get a lot of bad results because some ports are open. I think NSX has significantly cut down on that. Right now, we have been able to fix almost all of our problems with unnecessary ports being opened and related issues. We are secure in this specific aspect, so we can log other options. 

NSX's stand-out function is the distributed firewall. The firewall system is just top-notch, and I haven't seen another solution like it. Aside from that, there are numerous other cases where NSX comes in handy. For example, we've done intrusion prevention and implemented some next-generation firewalls for service training. We deployed some next-generation firewalls inside certain servers. Then we could bring all the traffic down that was meant to lead each server to a specific firewall. The security guys put policies on the firewall for checking signatures and hash values to contain particular security breaches within the server and prevent them from affecting the network. So we could use the particular firewall that we usually use and use it within the server close-up at the data center instead of the VH. 

NSX could better integrate with open-source products. Of course, it integrates with some, but I know many people are uncomfortable deploying NSX with certain open-source solutions, such as Radar. They don't integrate so well, and the integration is usually so complex that many people would rather not use them.

I've been using VMware NSX personally for one year now, but I'm a consultant on this product, so I've deployed it for multiple customers.

We've experienced some bugs with NSX's user interface. For example, sometimes we click something, and it's not clicking. But they put out a lot of updates and patches. Also, they've added some particular boards on the applications. So with every update, they make the user interface more stable. 

You can scale NSX if you have the resources, but it's usually expensive and complex to scale up.

VMware support is great. I would rate their support eight out of 10.

The NSX setup is complex. That's one area where they could improve. Generally, it's too complicated to deploy. You can spend two or three days on it. And if you've never done it before, it might take a week. So it takes a relatively long time and lacks comprehensive end-to-end documentation. We had inadequate documentation when we implemented it, but I think it's better now. Total deployment for us took more than two weeks, but there were some breaks in that time where we stopped working on it. We weren't under any deadline. If we were pressed, we could have finished in four or five.

After the initial setup, NSX doesn't require a whole lot of maintenance. It's mostly troubleshooting, checking error codes, etc. There is no dedicated maintenance personnel specifically for NSX. Some guys in the IT department support this solution along with several other solutions. We have about four to five people handling that side of things, but there are six of us in the whole department responsible for infrastructure.

It's hard to judge with new deployments because you need some time to start seeing a return. But after someone has had one or two years to achieve a mature deployment on the product, they'll generally be happy that they spent the money. After a year, I'm beginning to see the return on investment, but everyone would argue that it's still expensive for the first two or three months.

VMware NSX is expensive.

I rate VMware NSX seven out of 10. If you are considering NSX, I suggest that you practice the deployment and know your use case. Know what you want to do with it and understand why you want to use the product. Identify the security features you want to use and consider what it's doing for your infrastructure. We're still exploring the features. I'm not sure we're using all the features that come with the application. There are so many that we have not used. For now, we're looking at more use cases and expanding on that knowledge.

We just introduced NSX in our headquarters. We have it running in some labs, but no real experiences. We've been using it for six months.

Our objective is to know each features component and how it works. Depending on the business requirements, we would adapt the solution as needed. This is the reason why we work a lot from the maps and then anticipate when we need a new feature for our company.

We like that NSX is integrated with everything. 

The load balancing is a real major opportunity for us. As a CIO, we have 99.9% network security. We would like to optimize this product.

The feedback we're getting from the labs is that the stability is rich and that we haven't had any trouble with it. The stability is really, really good.

We didn't use a service for implementation but we have a consultant to help us get a better understanding of NSX and to teach us the best practices. 

To those who say this solution is complex, I would say it is but not for the key user. You just need to learn the standards and mechanics for your specific product. That means that it's simple even if it's really complex beyond that.

The ease in which to install this product and make it work straight away without minimum changes in your physical network and is simply astonishing. The only thing you need to do when installing this product is change your MTU to 1600 (jumbo frames). It provides microsegmentation and good security features for north-south and east-west traffic across your SDDC. The performance you obtain at the virtual layer and traffic crossing for your VMs gets improved dramatically because the traffic doesn't leave the hypervisor. I'm not a network guy myself but NSX makes it really easy to understand how the virtual network pins together and how you can manage the traffic and security within your VMware deployment without the hassle of changing VLANs, adding unnecessary protocols for discovery, etc.

Encapsulating the traffic using VXLAN is a great addition. It extrapolates the number of VLANs that you can stretch to an almost infinite number of VXLAN (millions of VXLANs). In abstract, you are dealing with numerous VLANs every time you want to send traffic from one VM to another, basically VMs on different hosts within the same datacenter will be connected to the same logical switch and traffic is advertised via unicast traffic from the NSX controllers to let every body know in the environment "who is who" to minimize the amount of multicast traffic.

We haven't installed this in our environment yet. We have a major lab to provide our Ci-Dev team a sandpit to test apps and its security when deploying a three-tier application on our customers and test every single connection and performance before handing over the application to the customer.

The upgrade process is okay overall, but we have encountered issues every time when upgrading with the ESXi hosts VIB installation packages not being properly deployed, and after upgrading NSX manager, the ESXi hosts still uses the old version. This causes additional steps to manually remove those old VIBs from the ESXi, reinstall them, and try again. In some cases, we had to uninstall and install them from scratch NSX and restore from backup, which in a real world scenario won't be desirable to do. You would like to have an in-place a seamless upgrade from one version to another, especially if you are changing minor versions (e.g., 6.3.1 to 6.3.2).

Six months now.

The upgrade process is okay overall, but we have encountered issues every time when upgrading with the ESXi hosts VIB installation packages not being properly deployed, and after upgrading NSX manager, the ESXi hosts still uses the old version. This causes additional steps to manually remove those old VIBs from the ESXi, reinstall them, and try again. In some cases, we had to uninstall and install them from scratch NSX and restore from backup, which in a real world scenario won't be desirable to do. You would like to have an in-place a seamless upgrade from one version to another, especially if you are changing minor versions (e.g., 6.3.1 to 6.3.2).

A very stable product, it is more mature than it was four years ago when it first came out. The performance you get with this product is near-line rate.

If you have a large environment, the sprawl of Distributed Logical Routers or logical switches can be hard to manage, but you will have the same issues in a physical network.

We have a direct line with VMware support and with the specialized engineer who provides support on NSX. We haven't had to open a support call yet, but the engineer we've dealt with is very capable and knowledgeable on the product.

Excellent. VMware engineers are top of the line. I haven't met one engineer who doesn't know the product well that they support.

Nope, never used a network virtualisation product before.

It was straightforward. Just a couple of install media and .ovf files and you're done. The interesting part comes after installation when you need to define your virtual network architecture and how you're going to deploy rules and connectivity for your VMs.

In-house deployment. We're a large VMware shop and know VMware products well.

Not applicable for this product yet.

We got the licenses from VMware as part of the NFR agreement, but you will require a medium infrastructure to deploy this initially. Lot of memory and CPU are required to have the product run smoothly

No, there are no other products in the market that provide network virtualisation as far as I know.

Download the installer, try it, and you will love it. Some hardcore network administrators will say it is not the same, and of course is not the same, but it is a new way to do things in the network space. It is the way of the future when deploying large networks in Software Defined Data Centres.