VMware NSX virtualizes the entire network stack in VMware Cloud Foundation, decoupling networking from physical hardware. Organizations use it to provision networks in minutes, enable self-service for application teams, and simplify disaster recovery across sites.
Best for
Software-Defined Networking for VMware Cloud Foundation
What is VMware NSX?
VMware NSX is the private cloud networking solution in VMware Cloud Foundation (VCF). It virtualizes the entire network stack — switching, routing, VPN, and load balancing — so organizations can provision and manage networks in software, independent of the underlying physical switches and routers. NSX is included as a core component of the VCF per-core subscription.
In most enterprise data centers, network provisioning is manual, slow, and tightly coupled to physical hardware. When application teams need a new network segment, VLAN, or firewall rule, they submit a ticket and wait days or weeks. NSX changes this by making networking software-defined and self-service.
Traditional network changes require CLI access to physical switches, VLAN configuration, firewall rule updates, and cross-team coordination. A new network segment can take days or weeks to deploy.
NSX enables application teams to provision networks through self-service Virtual Private Clouds (VPCs) in minutes — no tickets, no waiting on the network team.
When networking is tied to physical hardware, workload mobility is constrained. Moving a VM across hosts or sites means reconfiguring the underlying network.
NSX creates overlay networks that work across any physical switch fabric. Workloads move freely between hosts, clusters, and sites without changing IP addresses or reconfiguring hardware.
In traditional environments, disaster recovery requires duplicating network configurations across sites. Differences between primary and recovery site networks create complexity and risk during failover.
NSX Federation synchronizes network policies across multiple sites from a single management plane, enabling consistent DR architecture and simplified failover.
Based on IDC's analysis of the business value of NSX networking in VMware Cloud Foundation deployments.
Network resource scaling
Infrastructure and direct cost savings
Unplanned outages
NSX is the right solution when your organization needs to move beyond hardware-dependent networking. These are the most common scenarios where NSX delivers measurable operational improvements.
Create secure, isolated networking environments for different teams, projects, or tenants. Cloud admins set resource quotas and security policies. Application teams consume networking resources through self-service — no manual tickets required.
Typical scenario: A development team needs an isolated test environment with its own subnets, firewall rules, and load balancing. Instead of a multi-week network provisioning cycle, they spin up a VPC in minutes through VCF Automation.
NSX overlay networks decouple workloads from the physical network. Move VMs and containers across hosts, clusters, and data centers without changing IP addresses or reconfiguring switches.
Typical scenario: An organization consolidating from three data centers to one can migrate workloads without re-IP addressing or rebuilding application connectivity.
NSX Federation synchronizes network and security policies across multiple sites from a single pane of glass. When a failover event occurs, recovery sites already have the correct network configuration in place.
Typical scenario: A financial services organization maintains active-active data centers with NSX Federation ensuring consistent firewall rules, routing, and network segmentation at both sites.
NSX provides enterprise-grade networking for Kubernetes workloads running on vSphere Kubernetes Service. Container networking, micro-segmentation, and observability for Kubernetes clusters — managed alongside your VM networks.
Typical scenario: A platform team running both legacy VMs and new containerized applications needs a single networking layer that supports both workload types with consistent security policies.
NSX is the networking layer in VMware Cloud Foundation. It works alongside vSphere (compute), vSAN (storage), and SDDC Manager (lifecycle management) to deliver a complete private cloud platform.
A typical NSX deployment within VCF includes:
NSX provides a complete set of networking services that are provisioned alongside the rest of the VCF stack. These capabilities replace hardware-dependent networking with software-defined alternatives.
Secure, isolated networking environments with resource quotas, policy enforcement, and RBAC-based self-service access. Deploy VPCs from VCF Automation or vCenter.
Central hub for routing traffic between VPCs and external networks. Available in distributed mode (host-to-fabric) or centralized mode with BGP support.
High-performance fast path for network flow processing. Delivers superior throughput, packet rate, and latency with reduced CPU utilization.
Offload NSX networking and security services to DPUs (data processing units), freeing host CPU resources for application workloads.
Centralized policy configuration and enforcement across multiple sites. Consistent security policies, operational simplicity, and simplified disaster recovery.
Enterprise-grade Kubernetes networking integrated with vSphere Kubernetes Service. Includes container networking, micro-segmentation, and Traceflow observability.
NSX is a core component of VMware Cloud Foundation. It is not sold as a standalone product. When you purchase a VCF per-core subscription, NSX networking capabilities are included.
This means you get software-defined networking, VPCs, distributed routing, and Federation as part of your base VCF license.
Advanced security capabilities beyond base NSX networking are available as add-ons:
Broadcom does not publish NSX or VCF list pricing publicly. Pricing is based on your core count, support tier, and add-on requirements.
Contact our team with your environment details — number of hosts, cores per host, and networking requirements — for a sizing estimate.
REQUEST A QUOTEVMware NSX is the private cloud networking solution in VMware Cloud Foundation. It virtualizes the entire network stack — switching, routing, load balancing, and VPN — creating a software-defined network layer that operates independently of physical hardware.
NSX enables organizations to provision networks in minutes instead of weeks and run self-service Virtual Private Clouds for different teams and applications.
No. NSX is a core component of VMware Cloud Foundation and is included in the VCF per-core subscription. It is not available as a standalone SKU.
Security add-ons like vDefend Firewall and Avi Load Balancer are purchased separately on top of the base VCF subscription.
Traditional networking ties configurations to physical switches and routers. Changes require CLI access, VLAN configuration, and cross-team coordination. Workload mobility is constrained by the physical topology.
NSX creates overlay networks that run on top of any physical fabric. Network provisioning is API-driven and policy-based. Workloads move freely without reconfiguring the underlying hardware. Network and security policies follow the workload automatically.
An NSX VPC is a secure, isolated networking environment within your private cloud. Cloud administrators create VPCs with resource quotas, security policies, and access controls.
Application teams then consume networking resources through self-service — deploying subnets, configuring security groups, and running workloads without submitting tickets. VPCs bring public cloud-like agility to on-premises infrastructure.
Yes. NSX provides enterprise-grade container networking for vSphere Kubernetes Service (VKS). This includes container networking, micro-segmentation, and Traceflow observability for Kubernetes clusters.
VMware Container Networking with Antrea provides in-cluster networking with integration into the NSX management plane for multi-cluster policy management and centralized troubleshooting.
Expert Help
Talk to a Network Architecture Specialist Request NSX / VCF PricingRelated Products
VMware Cloud Foundation VMware vSphere VMware vSANVirtualizationWorks is an authorized VMware reseller. Our team helps organizations assess NSX networking requirements, size VCF deployments, and plan migrations from traditional networking infrastructure.
