VMware NSX Cloud provides single-pane-of-glass visibility, rich networking capabilities, consistent security policy, granular and operationally scalable micro-segmentation across the hybrid cloud network. NSX Cloud currently supports Microsoft Azure and Amazon AWS public clouds.
Define a security policy once and apply to workloads anywhere – across virtual networks, regions, availability zones, and multiple private data centers and public clouds.
Control cloud networking topologies, traffic flows, IP addressing, and protocols used within and across multiple public clouds.
NSX Cloud provides standard interfaces and APIs to plug into your existing operations tools to enable deep, end-to-end visibility for monitoring, troubleshooting and auditing across data centers and clouds.
NSX Cloud provides a complete inventory view across all accounts, regions, subscriptions, VPCs, and VNets and operational status of every VM to enable quicker troubleshooting.
NSX Cloud brings networking and security capabilities to endpoints across multiple clouds. By integrating with NSX Data Center, it enables networking and security management across clouds and data center sites.
NSX Cloud provides granular control over East-West traffic between application workloads running natively in public clouds and on-premises Data Center. NSX Cloud also enables micro-segmentation of virtual desktops that are deployed by VMware Horizon Cloud.
Security groups and rules can be defined based on rich policy constructs, such as instance name, OS type, AMI ID, and user-defined tags.
Security policy is automatically applied and enforced based on instance attributes and user-defined tags. Policies automatically follow instances when they are moved within and across clouds.
With the default quarantine feature turned on, rogue and compromised workloads will be moved to the public cloud’s quarantine group, thus preventing it from communicating with the rest of the network.
Selectively route North-South traffic using policy-based routing to third-party NGFW partner appliance.
Built-in VPN support to encrypt traffic between on-premises and public cloud.
A distributed firewalling architecture eliminates additional network hops and traffic because policies are enforced at the virtual network interface of each instance, rather than routed through an external firewall.
Gateway consolidation in transit VPCs / VNets results in simpler administration, faster onboarding of compute VPCs/VNets, and enables selective routing of traffic for service insertion via third-party appliances.
Stateful firewalling filters North-South traffic flowing between instances in virtual networks and the public Internet.
RESTful API and automation tools help to programmatically provision and configure networking and security infrastructure on-demand.
Use existing automation and orchestration tools to create standardized application templates, and simplify provisioning and management of networking and security services across public clouds.
Use any existing Day 2 operations tool to gain real-time visibility into traffic flows and firewall logs within and across virtual private clouds.