Product offerings for VMware NSX-T Data Center 3.0.0
Article ID: 315188
Updated On:
Products
VMware NSX Networking
Issue/Introduction
This article provides information on licensing editions of VMware NSX-T and list of features associated with the various licensing editions in VMware NSX-T Data Center 3.0.0.
Environment
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center
VMware NSX-T Data Center
Resolution
The new VMware NSX Data Center editions became available to order on June 5th, 2018. The tiers of NSX Data Center licenses are as follows:
Notes:
1 Please refer to the VMware Product Interoperability Matrices for specific versions supported with NSX-T Data Center.
2 Please refer to the NSX-T Data Center release notes for specific versions.
3 Please refer to the NSX Data Center partner web site for specific versions.
4 VMware vRealize Log Insight for NSX provides intelligent log analytics for NSX Data Center. Log Insight provides monitoring and troubleshooting capabilities and customizable dashboards for network virtualization, flow analysis, and alerts. VMware vRealize Log Insight version 3.3.2 and later accepts NSX Data Center Standard/ProfessionalAdvanced/Enterprise Plus/ROBO edition license keys issued for NSX-T 1.0.0 and later. This means you will have an enterprise level Log Insight license for every license of NSX Data Center.
5 VMware Identity Manager - A license to use VMware NSX Data Center includes an entitlement to use the VMware Identity Manager feature, but only for the following functionalities:
7 NSX Distributed Thread Prevention requires an additional subscription based purchase.
8 Both IPv4 and IPv6 are supported for all Load Balancing features except for IPv6-VIP-toIPv4-member and IPv4-VIP-to-IPv6-member translations.
- NSX Data Center Standard Edition: For organizations needing agility and automation of the network.
- NSX Data Center Professional Edition: For organizations needing Standard, plus micro-segmentation, and may have public cloud endpoints.
- NSX Data Center Advanced Edition: For organizations needing Professional, plus advanced networking and security services, and may have multiple sites.
- NSX Data Center Enterprise Plus Edition: For organizations needing the most advanced capabilities NSX Data Center has to offer, plus network visibility and security operations with vRealize Network Insight™, and hybrid cloud mobility with VMware HCX.
- NSX Data Center for Remote Office Branch Office: For organizations that need to virtualize networking and security for applications in the remote office or branch office.
| Feature | Standard | Professional | Advanced | Enterprise Plus | Remote Branch Office | |
|---|---|---|---|---|---|---|
| Platform Features | ||||||
| ESXi Support1 | Yes | Yes | Yes | Yes | Yes | |
| KVM Support2 | Yes | Yes | Yes | Yes | No | |
| Controller Clustering | Yes | Yes | Yes | Yes | Yes | |
| vCenter Integration1 | Yes | Yes | Yes | Yes | Yes | |
| Multi-vCenter® Networking and Security | No | No | Yes | Yes | No | |
| Federation | No | No | No | Yes | No | |
| Edge Platform Features | ||||||
| Edge in VM Form Factor | Yes | Yes | Yes | Yes | Yes | |
| Edge in Bare-Metal Form Factor | Yes | Yes | Yes | Yes | No | |
| DPDK Optimized Forwarding | Yes | Yes | Yes | Yes | Yes | |
| Switching | ||||||
| Distributed Switching | Yes | Yes | Yes | Yes | No | |
| VLAN Backed Logical Switching | Yes | Yes | Yes | Yes | Yes | |
| Overlay Backed Logical Switching | Yes | Yes | Yes | Yes | No | |
| Multiple TEP Support | Yes | Yes | Yes | Yes | No | |
| Optimized ARP Learning and Broadcast Suppression | Yes | Yes | Yes | Yes | No | |
| GENEVE Encapsulation | Yes | Yes | Yes | Yes | No | |
| Unicast Replication | Yes | Yes | Yes | Yes | No | |
| Headend Replication | Yes | Yes | Yes | Yes | No | |
| Spoofguard | Yes | Yes | Yes | Yes | No | |
| LACP (Edge and Host) | Yes | Yes | Yes | Yes | Yes | |
| Quality of Service (QoS) | ||||||
| QoS Marking | Yes | Yes | Yes | Yes | No | |
| QoS DSCP Trust Boundary | Yes | Yes | Yes | Yes | No | |
| L2 Bridging to Physical Environment | ||||||
| Software Based L2 Bridge to Physical Environments | Yes | Yes | Yes | Yes | No | |
| Routing | ||||||
| Distributed Routing | Yes | Yes | Yes | Yes | No | |
| Multi-Tier Routing | Yes | Yes | Yes | Yes | No | |
| Dynamic Routing with ECMP | Yes | Yes | Yes | Yes | No | |
| Virtual Routing and Forwarding (Tier-0 Gateway VRFs) | No | No | Yes | Yes | No | |
| E-VPN | No | No | No | Yes | No | |
| Static Routing - IPv4 | ||||||
| Static Routing | Yes | Yes | Yes | Yes | Yes | |
| BFD | Yes | Yes | Yes | Yes | Yes | |
| Null Routes | Yes | Yes | Yes | Yes | Yes | |
| Device Routes | Yes | Yes | Yes | Yes | Yes | |
| Static Routing - IPv6 | ||||||
| Static Routing | Yes | Yes | Yes | Yes | No | |
| Null Routes | Yes | Yes | Yes | Yes | No | |
| Device Routes | Yes | Yes | Yes | Yes | No | |
| BGP - IPv4 Unicast | ||||||
| eBGP | Yes | Yes | Yes | Yes | No | |
| eBGP Multihop | Yes | Yes | Yes | Yes | No | |
| iBGP | Yes | Yes | Yes | Yes | No | |
| Graceful Restart | Yes | Yes | Yes | Yes | No | |
| BFD | Yes | Yes | Yes | Yes | No | |
| 4-byte ASN | Yes | Yes | Yes | Yes | No | |
| BGP - IPv6 Unicast | ||||||
| eBGP | No | No | Yes | Yes | No | |
| eBGP Multihop | No | No | Yes | Yes | No | |
| iBGP | No | No | Yes | Yes | No | |
| Graceful Restart | No | No | Yes | Yes | No | |
| 4-byte ASN | No | No | Yes | Yes | No | |
| BFD - IPv4 | ||||||
| Sub-Second Keepalive Timer | Yes | Yes | Yes | Yes | No | |
| Route Maps | ||||||
| Match on Prefix-List and Community-List | Yes | Yes | Yes | Yes | No | |
| Set Weight, MED, AS Path, Prepending, Local Preference, and Community | Yes | Yes | Yes | Yes | No | |
| Other | ||||||
| High Availability Virtual IP (HA VIP) | Yes | Yes | Yes | Yes | No | |
| Route Redistribution | Yes | Yes | Yes | Yes | No | |
| IP Prefix-Lists | Yes | Yes | Yes | Yes | No | |
| Active / Active Redundancy | Yes | Yes | Yes | Yes | No | |
| Active / Standby Redundancy | Yes | Yes | Yes | Yes | No | |
| Per Interface RPF Check | Yes | Yes | Yes | Yes | No | |
| NAT | ||||||
| NAT on North/South and East/West Logical Routers | Yes | Yes | Yes | Yes | Yes | |
| Source NAT | Yes | Yes | Yes | Yes | Yes | |
| Destination NAT | Yes | Yes | Yes | Yes | Yes | |
| NAT N:N | Yes | Yes | Yes | Yes | Yes | |
| Stateless NAT | Yes | Yes | Yes | Yes | Yes | |
| NAT Logging | Yes | Yes | Yes | Yes | Yes | |
| NAT64 | No | No | Yes | Yes | No | |
| Firewall | ||||||
| Edge Firewall | Yes | Yes | Yes | Yes | Yes | |
| Distributed Firewalling | No | Yes | Yes | Yes | Yes | |
| Common Firewall User Interface | Yes | Yes | Yes | Yes | Yes | |
| Firewall Sections | Yes | Yes | Yes | Yes | Yes | |
| Firewall Logging | Yes | Yes | Yes | Yes | Yes | |
| Stateful L2 and L3 Rules | Yes | Yes | Yes | Yes | Yes | |
| Stateless L2 and L3 Rules | Yes | Yes | Yes | Yes | Yes | |
| Tag Based Rules | Yes | Yes | Yes | Yes | Yes | |
| Distributed Firewall based IPFIX | No | Yes | Yes | Yes | Yes | |
| URL Allowlists | No | No | Yes | Yes | No | |
| Identity Firewall | ||||||
| Identity based Groups using Active Directory | No | No | Yes | Yes | No | |
| NSX Distributed Threat Prevention7 | ||||||
| Distributed IDS | No | No | Yes | Yes | No | |
| Policy, Tagging and Grouping | ||||||
| Object Tagging / Security Tags | Yes | Yes | Yes | Yes | Yes | |
| Network Centric Grouping | Yes | Yes | Yes | Yes | Yes | |
| Workload Centric Grouping | Yes | Yes | Yes | Yes | Yes | |
| IP Based Groups | Yes | Yes | Yes | Yes | Yes | |
| MAC Based Groups | Yes | Yes | Yes | Yes | Yes | |
| Intent based Networking and Security Policy | Yes | Yes | Yes | Yes | Yes | |
| DNS, DHCP and IPAM (DDI) | ||||||
| IPAM | Yes | Yes | Yes | Yes | Yes | |
| IP Blocks | Yes | Yes | Yes | Yes | Yes | |
| IP Subnets | Yes | Yes | Yes | Yes | Yes | |
| IP Pools | Yes | Yes | Yes | Yes | Yes | |
| IPv4 DHCP Server | Yes | Yes | Yes | Yes | Yes | |
| IPv6 DHCP Server | No | No | Yes | Yes | No | |
| IPv4 DHCP Relay | Yes | Yes | Yes | Yes | Yes | |
| IPv6 DHCP Relay | No | No | Yes | Yes | No | |
| IPv4 DHCP Static Bindings / Fixed Addresses | Yes | Yes | Yes | Yes | Yes | |
| IPv6 DHCP Static Bindings / Fixed Addresses | No | No | Yes | Yes | No | |
| IPv4 DNS Relay / DNS Proxy | Yes | Yes | Yes | Yes | Yes | |
| IPv4 Meta-Data Proxy | Yes | Yes | Yes | Yes | No | |
| Load Balancing8 | ||||||
| Protocols | ||||||
| TCP (L4-L7) | No | No | Yes | Yes | Yes | |
| UDP | No | No | Yes | Yes | Yes | |
| HTTP | No | No | Yes | Yes | Yes | |
| Load Balancing Methods | ||||||
| Round Robin | No | No | Yes | Yes | Yes | |
| Source IP Hash | No | No | Yes | Yes | Yes | |
| Least Connections | No | No | Yes | Yes | Yes | |
| L7 Application Rules with RegEx Support | No | No | Yes | Yes | Yes | |
| Health Checks | ||||||
| TCP | No | No | Yes | Yes | Yes | |
| ICMP | No | No | Yes | Yes | Yes | |
| UDP | No | No | Yes | Yes | Yes | |
| HTTP | No | No | Yes | Yes | Yes | |
| HTTPS | No | No | Yes | Yes | Yes | |
| Monitoring | ||||||
| View VIP / Pool / Server Objects | No | No | Yes | Yes | Yes | |
| View VIP / Pool / Server Statistics | No | No | Yes | Yes | Yes | |
| View Global Statistics VIP Sessions | No | No | Yes | Yes | Yes | |
| Load Balancing Automation | ||||||
| Pool Members Based on vCenter Context or IP Addresses | No | No | Yes | Yes | Yes | |
| Other | ||||||
| Connection Throttling | No | No | Yes | Yes | Yes | |
| High-Availability | No | No | Yes | Yes | Yes | |
| API Driven Automation | ||||||
| REST API | Yes | Yes | Yes | Yes | Yes | |
| Hierarchical Policy API | Yes | Yes | Yes | Yes | Yes | |
| JSON Support | Yes | Yes | Yes | Yes | Yes | |
| OpenAPI / Swagger Spec | Yes | Yes | Yes | Yes | Yes | |
| Java SDK | Yes | Yes | Yes | Yes | Yes | |
| Python SDK | Yes | Yes | Yes | Yes | Yes | |
| Auto-generated API Documentation | Yes | Yes | Yes | Yes | Yes | |
| Terraform Provider6 | Yes | Yes | Yes | Yes | Yes | |
| Ansible Modules6 | Yes | Yes | Yes | Yes | Yes | |
| Cloud Native and Integration with Cloud Management Platforms | ||||||
| Container Networking and Security | No | No | Yes | Yes | No | |
| Integration with vRealize Automation6 | Yes | Yes | Yes | Yes | No | |
| Integration with vCloud Director6 | Yes | Yes | Yes | Yes | No | |
| Integration with VMware Integrated OpenStack1, 6 | Yes | Yes | Yes | Yes | No | |
| Integration with RedHat OpenStack Platform3, 6 | Yes | Yes | Yes | Yes | No | |
| Service Insertion Integrations | ||||||
| Endpoint Protection | Yes | Yes | Yes | Yes | Yes | |
| Network Introspection | No | No | Yes | Yes | Yes | |
| NSX Intelligence | ||||||
| Layer 4 VM-to-VM Traffic Flow Analysis | No | No | No | Yes | No | |
| Layer 4 Firewall Visibility | No | No | No | Yes | No | |
| Layer 4 Automated Security Policy | No | No | No | Yes | No | |
| Layer 4 Rule and Group Recommended Analytics | No | No | No | Yes | No | |
| Integration with NSX Cloud for AWS and Azure Support | ||||||
| NSX on-prem license portability for Public Cloud workloads | No | No | Yes | Yes | Yes | |
| NSX Enforced Mode (Agent-Based Cloud Security) | No | Yes | Yes | Yes | Yes | |
| Cloud Enforced Mode (Agentless Based Cloud Security) | No | Yes | Yes | Yes | Yes | |
| L7 Security Features (AppID, URL Filtering) | No | Yes | Yes | Yes | Yes | |
| Service Insertion | No | Yes | Yes | Yes | Yes | |
| NSX Security for VDI workloads on Azure Horizon | No | Yes | Yes | Yes | Yes | |
| VPN (on-prem to public cloud; public cloud - public cloud; intra public cloud) | No | Yes | Yes | Yes | Yes | |
| Support for AWS Gov Cloud and Azure Government Cloud Workloads | No | Yes | Yes | Yes | Yes | |
| Authentication and Authorization | ||||||
| Authentication using vIDM1, 5 | Yes | Yes | Yes | Yes | Yes | |
| Direct Active Directory Integration via LDAP | Yes | Yes | Yes | Yes | Yes | |
| Authentication via OpenLDAP | Yes | Yes | Yes | Yes | Yes | |
| Session Based Authentication | Yes | Yes | Yes | Yes | Yes | |
| Certificate Based Authentication (Principle Identity) | Yes | Yes | Yes | Yes | Yes | |
| Log Management | ||||||
| vRealize Log Insight Integration1, 4 | Yes | Yes | Yes | Yes | Yes | |
| Splunk Integration2 | Yes | Yes | Yes | Yes | Yes | |
| Installation | ||||||
| Automated Controller Deployment | Yes | Yes | Yes | Yes | Yes | |
| Manual Controller Deployment | Yes | Yes | Yes | Yes | Yes | |
| Automated Edge Deployment | Yes | Yes | Yes | Yes | Yes | |
| Manual Edge Deployment | Yes | Yes | Yes | Yes | Yes | |
| Automated Host Preparation by Cluster | Yes | Yes | Yes | Yes | Yes | |
| Operations | ||||||
| Port Mirroring | Yes | Yes | Yes | Yes | Yes | |
| Traceflow | Yes | Yes | Yes | Yes | Yes | |
| Tunnel Health Monitoring | Yes | Yes | Yes | Yes | No | |
| Port Connectivity Tool | Yes | Yes | Yes | Yes | Yes | |
| Switch Based IPFIX | Yes | Yes | Yes | Yes | Yes | |
| LLDP | Yes | Yes | Yes | Yes | Yes | |
| Automated Technical Support Bundles | Yes | Yes | Yes | Yes | Yes | |
| Packet Capture | Yes | Yes | Yes | Yes | Yes | |
| Backup and Restore | Yes | Yes | Yes | Yes | Yes | |
| SNMP v1/v2/v3 with Polling and Traps | Yes | Yes | Yes | Yes | Yes | |
| Upgrades and Migrations | ||||||
| Upgrade Coordinator | Yes | Yes | Yes | Yes | Yes | |
| NSX for vSphere to NSX-T Migration Coordinator | Yes | Yes | Yes | Yes | Yes | |
Notes:
1 Please refer to the VMware Product Interoperability Matrices for specific versions supported with NSX-T Data Center.
2 Please refer to the NSX-T Data Center release notes for specific versions.
3 Please refer to the NSX Data Center partner web site for specific versions.
4 VMware vRealize Log Insight for NSX provides intelligent log analytics for NSX Data Center. Log Insight provides monitoring and troubleshooting capabilities and customizable dashboards for network virtualization, flow analysis, and alerts. VMware vRealize Log Insight version 3.3.2 and later accepts NSX Data Center Standard/ProfessionalAdvanced/Enterprise Plus/ROBO edition license keys issued for NSX-T 1.0.0 and later. This means you will have an enterprise level Log Insight license for every license of NSX Data Center.
5 VMware Identity Manager - A license to use VMware NSX Data Center includes an entitlement to use the VMware Identity Manager feature, but only for the following functionalities:
- Directory integration functionality of VMware Identity Manager to authenticate users in a user directory such as Microsoft Active Directory or LDAP.
- Conditional access policy.
- Single-sign-on integration functionality with third party Identity providers to allow third party identity providers’ users to single-sign-on into NSX Data Center.
- Two-factor authentication solution through integration with third party systems. VMware Verify, VMware’s multi-factor authentication solution, received as part of VMware Identity Manager, may not be used as part of NSX Data Center.
- Single-sign-on functionality to access VMware products that support single-sign-on capabilities.
7 NSX Distributed Thread Prevention requires an additional subscription based purchase.
8 Both IPv4 and IPv6 are supported for all Load Balancing features except for IPv6-VIP-toIPv4-member and IPv4-VIP-to-IPv6-member translations.
Feedback
Yes
No
Powered by
