VMware has changed their NSX licensing model from a one-fits-all license model to 3 license tiers. Starting May 3, 2016 VMware NSX is available as three offerings: Standard, Advanced, and Enterprise. All three tiers are licensed based on physical sockets. The existing NSX license scheme is no longer availale.
Special license models are available for Service Providers and Virtual Desktop environments. For EUC platforms, the advanced edition is also available one a per-user basis and Service Providers can license NSX on a per-VM basis. At least NSX 6.2.2 is required to work with NSX Standard, Advanced, and Enterprise license keys.
According to VMware, these offerings are aligned to the following requirements:
- Standard is targeted at organizations that needs agility and automation of the networks.
- Advanced is for organizations requiring a more secure data center with micro-segmentation.
- Enterprise is for organizations that needs networking and security across multiple domains.
Coming from the one-fits-all license model where everyone gets everything, the question is – which features are missing in Standard and Advanced?
What Features are missing in NSX Advanced?
- VPN (IPSec and SSL) – I think this will be the most impacting limitation. VPN, which today is standard for all companies, is only available in Enterprise.
- Cross vCenter NSX and all X-VC/Multi-site NSX based optimizations like Universal Distributed Logical Switching, Universal Distributed Logical Router and Egress Routing Optimization.
- Hardware VTEP Integration which extends the VXLAN logical configuration to a compatible hardware device with OVSDB (Open vSwitch Database Management Protocol).
What Features are missing in NSX Standard?
- All features missing in NSX Advanced (VPN, Cross vCenter NSX, Hardware VTEP)
- NSX edge load balancing, which means no load balancing at all
- Distributed firewalling and all DFW based features (L2/L3 Rules, Object Based Rules, identity based Rules, IPFix)
With all these features removed, what can you actually do with NSX Standard? You can still create your VXLAN based network and connect it to the real work with an NSX Edge. NSX edge firewalling and NAT is not affected by distributed firewalling not being available. The API itself is available, just as vRealize and OpenStack integration. Of course, you can also use basic features like distributed switching and routing.