Product offerings for VMware NSX for vSphere 6.2.x, 6.3.x and 6.4.x
Article ID: 341853
Updated On:
Products
VMware HCX
VMware NSX
Issue/Introduction
This article provides information on:
- Licensing editions of VMware NSX for vSphere 6.x and list of features associated with the various licensing editions in VMware NSX for vSphere 6.2.x, 6.3.x and 6.4.x.
- Licensing editions of VMware NSX Data Center for vSphere 6.4.1+ and list of features associated with the various licensing editions in VMware NSX Data Center for vSphere 6.4.1+.
Environment
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.2.x
VMware NSX for vSphere 6.3.x
Resolution
NSX for vSphere 6.2.x, 6.3.x, 6.4.x
VMware NSX has been available as a platform with multiple license tiers since May 3, 2016. The tiers of NSX licenses are as follows:
- NSX Standard Edition – For organizations needing agility and automation of the network.
- NSX Advanced Edition – For organizations needing Standard, plus a fundamentally more secure data center with micro-segmentation.
- NSX Enterprise Edition – For organizations needing Advanced, plus networking and security across multiple domains.
The following table outlines specific functions available by edition. NSX is available as a single download image with license keys required to enable specific functionality.
Note: NSX Standard, Advanced, and Enterprise license keys are effective starting from NSX 6.2.2 onwards.
Note: NSX Standard, Advanced, and Enterprise license keys are effective starting from NSX 6.2.2 onwards.
NSX Data Center for vSphere 6.4.1+
VMware NSX Data Center is available as a platform with multiple license tiers effective June 5, 2018. The tiers of NSX licenses are as follows:
- NSX Data Center Standard: For organizations that need agility and automation of the network.
- NSX Data Center Professional: For organizations that need Standard, plus micro-segmentation. They may have public cloud endpoints.
- NSX Data Center Advanced: For organizations that need Professional, plus advanced networking and security services and integration with a broad ecosystem. They may have multiple sites.
- NSX Data Center Enterprise Plus: For organizations that need the most advanced capabilities of NSX Data Center, plus vRealize Network Insight for network visibility and security operations, and VMware HCX for hybrid cloud mobility.
- NSX Data Center for Remote Office Branch Office: For organizations that need to virtualize networking and security for applications in the remote office or branch office.
The following table outlines specific functions available by edition. NSX Data Center for vSphere is available as a single download image with license keys required to enable specific functionality.
Note: NSX Data Center Standard, Professional, Advanced, Enterprise Plus, and Remote Office Branch Office license keys are effective starting from NSX 6.4.1 onwards.
| NSX for vSphere 6.2.x, 6.3.x and 6.4.x** | NSX for vSphere 6.4.1+ | |||||||
| Feature | Standard | Advanced | Enterprise | NSX Data Center Standard | NSX Data Center Professional | NSX Data Center Advanced | NSX Data Center Enterprise Plus | NSX Data Center for Remote Office Branch Office |
| Hypervisors Supported | ||||||||
| Platform | ||||||||
| ESXi* | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| vCenter* | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Cross vCenter Networking & Security | No | No | Yes | No | No | Yes | Yes | Yes |
| Controller Architecture | ||||||||
| NSX Controller | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Universal Controller for X-VC | No | No | Yes | No | No | Yes | Yes | Yes |
| Optimized ARP Learning, BCAST suppression | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Switching | ||||||||
| Encapsulation Format | ||||||||
| VXLAN | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Replication Mode for VXLAN | ||||||||
| Multicast | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Hybrid | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Unicast | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Overlay to VLAN bridging | ||||||||
| SW Bridge (ESXi-based) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Hardware VTEP (OVSDB) with L2 Bridging | No | No | Yes | No | No | Yes | Yes | No |
| Universal Distributed Logical Switching (X-VC) | No | No | Yes | No | No | Yes | Yes | Yes |
| Multiple VTEP Support | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Routing | ||||||||
| Distributed Routing (IPv4 Only) | ||||||||
| Distributed Routing - Static | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Distributed Routing - Dynamic Routing with BGP | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Distributed Routing - Dynamic Routing with OSPF | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Equal Cost Multi-Pathing with Distributed Routing | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Universal Distributed Logical Router (X-VC) | No | No | Yes | No | No | Yes | Yes | Yes |
| Dynamic Routing without Control VM (Static Only) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Active-standby Router Control VM | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Edge Routing (N-S) | ||||||||
| Edge Routing Static - IPv4 | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Edge Routing Static - IPv6 | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Dynamic Routing with NSX Edge (BGP) IPv4 | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Dynamic Routing with NSX Edge (OSPFv2) IPv4 | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Equal Cost Multi-Pathing with NSX Edge | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Egress Routing Optimization in X-VC | No | No | Yes | No | No | Yes | Yes | No |
| DHCP Relay | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Active-Standby NSX Edge Routing | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| VLAN Trunk (sub-interface) support | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| VXLAN Trunk (sub-interface) support | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Per Interface RPF check on NSX Edge | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Services | ||||||||
| NAT Support for NSX Edge | ||||||||
| NAT Support for NSX Edge | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Source NAT | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Destination NAT | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Stateless NAT | ||||||||
| ALG Support for NAT | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| NAT64 | No | No | Yes | No | No | Yes | Yes | No |
| DDI | ||||||||
| DHCP Server | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| DHCP Relay | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| DNS Relay | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| VPN | ||||||||
| IPSEC VPN | No | No | Yes | No | Yes | Yes | Yes | Yes |
| SSL VPN | No | No | Yes | No | Yes | Yes | Yes | No |
| L2 VPN (L2 extension with SSL VPN) | No | No | Yes | No | Yes | Yes | Yes | No |
| 802.1Q Trunks over L2 VPN | No | No | Yes | No | Yes | Yes | Yes | No |
| GRE Tunnels | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Security | ||||||||
| Firewall - General | ||||||||
| Single UI for Firewall Rule Enforcement - NS+ EW | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Spoofguard | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Firewall Logging | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Rule Export | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Auto-save & Rollback of Firewall rules | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Granular Sections of Firewall rule table | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Distributed Firewall | ||||||||
| DFW - L2, L3 Rules | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| DFW - vCenter Object Based Rules | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Identity Firewall Rules for VDI (AD Integration) | No | Yes | Yes | No | No | Yes | Yes | Yes |
| IPFix Support for DFW | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Context-based control of FW enforcement (applied to objects) | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Application and Protocol Identification (Context-Aware Micro-Segmentation) | No | No | Yes | No | No | No | Yes | No |
| Identity Firewall Rules for RDSH (Context-Aware Micro-Segmentation) | No | No | Yes | No | No | No | Yes | No |
| Edge Firewall | ||||||||
| Edge Firewall | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Edge High-Availability | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Service Composer | ||||||||
| Security Policy | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Security Tags | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| vCenter Object based security groups | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| IPSet, MACset based security groups | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Data Security | ||||||||
| Scan Guest VMs for Sensitive Data | No | Yes | Yes | n/a | n/a | n/a | n/a | n/a |
| Third Party Integration | ||||||||
| Endpoint Service Insertion - Guest Introspection | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Network Service Insertion | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Public API based Integration | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Load-Balancing | ||||||||
| Edge Load-Balancing | ||||||||
| Protocols | ||||||||
| TCP (L4 - L7) | No | Yes | Yes | No | No | Yes | Yes | Yes |
| UDP | No | Yes | Yes | No | No | Yes | Yes | Yes |
| FTP | No | Yes | Yes | No | No | Yes | Yes | Yes |
| HTTP | No | Yes | Yes | No | No | Yes | Yes | Yes |
| HTTPS (Pass-through) | No | Yes | Yes | No | No | Yes | Yes | Yes |
| HTTPS (SSL Termination) | No | Yes | Yes | No | No | Yes | Yes | Yes |
| LB Methods | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Round Robin | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Src IP Hash | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Least Connection | No | Yes | Yes | No | No | Yes | Yes | Yes |
| URI, URL, HTTP (L7 engine) | No | Yes | Yes | No | No | Yes | Yes | Yes |
| vCenter Context-aware LB | No | Yes | Yes | No | No | Yes | Yes | Yes |
| L7 Application Rules | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Health Checks | ||||||||
| TCP | No | Yes | Yes | No | No | Yes | Yes | Yes |
| ICMP | No | Yes | Yes | No | No | Yes | Yes | Yes |
| UDP | No | Yes | Yes | No | No | Yes | Yes | Yes |
| HTTP | No | Yes | Yes | No | No | Yes | Yes | Yes |
| HTTPS | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Connection Throttling | No | Yes | Yes | No | No | Yes | Yes | Yes |
| High-Availability | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Monitoring | ||||||||
| View VIP/Pool/Server Objects | No | Yes | Yes | No | No | Yes | Yes | Yes |
| View VIP/Pool/Server Stats | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Global Stats VIP Sessions | No | Yes | Yes | No | No | Yes | Yes | Yes |
| Operations | ||||||||
| Tools | ||||||||
| Tunnel Health Monitoring | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| TraceFlow | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Port-Connections Tool | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Server Activity Monitoring | No | Yes | Yes | n/a | n/a | n/a | n/a | n/a |
| Flow Monitoring | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| IPFix (VDS Feature) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Endpoint Monitoring | No | No | Yes | No | No | No | Yes | No |
| Application Rule Manager | No | Yes | Yes | No | No | Yes | Yes | Yes |
| VMware Tools | ||||||||
| vR Operations Manager | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| vR Log Insight | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Cloud Management Platform | ||||||||
| vRealize Automation | ||||||||
| Logical Switch Creation | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Distributed router creation | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Distributed firewall security consumption | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| Load-balancing consumption | No | Yes | Yes | No | No | Yes | Yes | Yes |
| App Isolation | No | Yes | Yes | No | Yes | Yes | Yes | Yes |
| VMware Integrated OpenStack (Neutron Plugin) | ||||||||
| VLAN Provider Networks | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Overlay Provider Networks | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Overlay Tenant Networks | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Metadata Proxy Service | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| DHCP Server | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Neutron Router - Centralized - Shared | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Neutron Router - Centralized - Exclusive | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Neutron Router - Distributed | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Static Routes on Neutron Router | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Floating IP Support | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| No-NAT Neutron Routers | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Neutron Security Groups using Stateful Firewall | No | Yes | Yes | No | Yes | Yes | Yes | No |
| Port Security | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Neutron L2 Gateway | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Load Balancing (LBaaS) | No | Yes | Yes | No | Yes | Yes | Yes | No |
| Admin Utility (Consistency Check, Cleanup) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | No |
| Cross VC Logical Networking and Security | No | No | No | No | No | No | No | No |
| vRealize Network Insight | ||||||||
| Traffic (IPFIX) Visibility and Network Monitoring | No | No | No | No | No | No | Yes | No |
| Firewall Planning & Management | No | No | No | No | No | No | Yes | No |
| NSX Operations and Troubleshooting | No | No | No | No | No | No | Yes | No |
| VMware HCX | ||||||||
| Large Scale Workload Migration | No | No | No | No | No | No | Yes | No |
| WAN Optimization for Workload Migration | No | No | No | No | No | No | Yes | No |
| Traffic and Load Management Across Multiple Links | No | No | No | No | No | No | Yes | No |
* For more information on specific version support and other details, see the VMware Product Interoperability Matrices.
** Distributed Firewall with L7 added in NSX for vSphere 6.4.x.
** Distributed Firewall with L7 added in NSX for vSphere 6.4.x.
Additional License Notes
NSX for vShield Endpoint
vShield Endpoint is a feature which allows you to offload antivirus and anti-malware agent processing to a dedicated secure virtual appliance. With the release of NSX 6.2.4, the default license is NSX for vShield Endpoint, allowing you to manage your vShield Endpoint environment with NSX. Customers who purchased vSphere with vShield Endpoint (Essential Plus and later) will be able to download NSX. This means that NSX will appear on the vSphere download site like vCNS. To ensure customers do not use any other unlicensed NSX features (eg. VXLAN, DFW, Edge services), the license key will have hard enforcement to prevent NSX host preparation and block Edge creation.
Log Insight for NSX
VMware vRealize Log Insight for NSX provides intelligent log analytics for NSX. Log Insight provides monitoring and troubleshooting capabilities and customizable dashboards for network virtualization, flow analysis, and alerts. The 3.3.2 version of Log Insight accepts NSX Standard/Advanced/Enterprise edition license keys issued for NSX 6.2.2 and later. The 4.6.1 version of Log Insight introduces support for NSX Data Center editions (Standard, Professional, Advanced, Enterprise Plus, Remote Office Branch Office).
NSX for vShield Endpoint
vShield Endpoint is a feature which allows you to offload antivirus and anti-malware agent processing to a dedicated secure virtual appliance. With the release of NSX 6.2.4, the default license is NSX for vShield Endpoint, allowing you to manage your vShield Endpoint environment with NSX. Customers who purchased vSphere with vShield Endpoint (Essential Plus and later) will be able to download NSX. This means that NSX will appear on the vSphere download site like vCNS. To ensure customers do not use any other unlicensed NSX features (eg. VXLAN, DFW, Edge services), the license key will have hard enforcement to prevent NSX host preparation and block Edge creation.
Log Insight for NSX
VMware vRealize Log Insight for NSX provides intelligent log analytics for NSX. Log Insight provides monitoring and troubleshooting capabilities and customizable dashboards for network virtualization, flow analysis, and alerts. The 3.3.2 version of Log Insight accepts NSX Standard/Advanced/Enterprise edition license keys issued for NSX 6.2.2 and later. The 4.6.1 version of Log Insight introduces support for NSX Data Center editions (Standard, Professional, Advanced, Enterprise Plus, Remote Office Branch Office).
Feedback
Yes
No
Powered by
