VMware NSX decouples security functions from the underlying physical infrastructure and embeds them directly into the hypervisor, distributing them across the data center. This fundamental shift in how security is delivered overcomes the shortcomings of legacy architectures. It allows intelligent security policies to travel with virtual workloads, independent of the physical network topology.


NSX Security and Micro-Segmentation

Our Blog Got a Makeover

Check out the latest trending security topics in our new and improved blog site.

Visit the Network Virtualization Blog

The Security Advantages of Micro-segmentation

Take a closer look at how micro-segmentation empowers you to solve the security dilemma in your data center.

Get Informed

Use Cases for Security


NSX makes network micro-segmentation feasible for the first time. It enables granular firewalling and security policy enforcement for every workload in the data center, independent of the network topology and complexity. Most people are familiar with the concept of network segmentation; the act of splitting a network into smaller segments that can be secured individually. The concept of micro-segmentation takes this to a much more granular level; the individual workload. Micro-segmentation refers to the definition and enforcement of security policies on each individual workload in the environment. A micro-segmented network limits the connections a workload has to other workloads in order to promote a zero-trust architectural model. This limits the amount of east-west traffic (traffic between workloads) within the data center and therefore limits the avenues an attacker can take to explore the environment and sniff out information to steal.

DMZ Anywhere

NSX enables security and advanced services to be dynamically assigned to workloads independent of the underlying physical network. This dramatically improves time to response, overall security posture, and third-party integration.

Secure End User

Micro-segmentation allows NSX to give each desktop its own perimeter defense and per-App VPN access from mobile devices, eliminating unauthorized access between adjacent workloads.

Hands-on Lab: Distributed Firewall with Micro-segmentation

Look at solutions for collapsing segmented networks, intelligent grouping of servers, and user-based security.

See Lab Details

Micro-Segmentation Day 1 Guide

Our new guide helps you plan, design and implement a modern security architecture for the Software-Defined Data Center based on micro-segmentation.

Download the Guide

Success Stories



Armor Shields its Customers from Cyber Threats

NSX provided a virtualized network environment to underpin Armor’s security-as-a-service solution and to fortify its managed cloud.


“NSX and VMware give us that ability to orchestrate our customers in a cloud-like environment, but give them the security wrapper that allows them from day one to be born secure.”

— Jeff Schilling, Chief Security Officer, Armor