VMware NSX has four licensing editions: standard, advanced, enterprise, and remote office/branch offices (ROBO). Each licensing tier provides distinctive functionality, available per CPU socket on a perpetual basis at the vSphere cluster level.
The standard and advanced editions are also available as per 100 users in a pack basis to align with virtual desktop deployments (vSphere for desktop). The enterprise edition is also available on per-VM term basis. You can upgrade from standard to advanced/enterprise and from advanced to enterprise.
Note
Prior to NSX 6.2.2, VMware NSX for vSphere did not have multiple licensing tiers. If you purchased NSX prior to May 3, 2016, you are entitled to VMware NSX Enterprise edition as long as you have active support and subscription contracts. You can upgrade your VMware NSX license key from the My VMware portal (http://my.vmware.com).
Like vSphere licensing, VMware NSX is licensed per CPU socket. If you have a separate Management vSphere Cluster that is used for Infrastructure VMs and are not planning to protect it with the NSX Distributed Firewall or place NSX Edge Service Gateways onto it, you are not required to license the CPUs on that Management vSphere Cluster. The Compute vSphere cluster and Edge vSphere cluster need to be licensed.
Note
VMware NSX is licensed at the vSphere Cluster level. If you need to exclude a specific ESXi host from NSX, you will need to remove the ESXi host from the cluster. For vSphere environments with VMware vCenter Site Recovery Manager, you will normally have active sites (Protected site) and passive/disaster recovery sites (Recovery site). Only the active ESXi hosts on the protected site requires a VMware NSX license. For more about licensing NSX for vSphere see VMware KB 2078615 (https://kb.vmware.com/kb/2078615).
From your vSphere inventory you will need to do the following:
- Determine how many CPU sockets you need
- Determine the NSX features required
- If you are planning to integrate third-party partner solutions with NSX (http://www.vmware.com/products/nsx/technology-partners.html), check whether a specific NSX feature is required
Note
Some security services partner solutions require NSX distributed firewalling features and physical-to-virtual data center services requires integration with a Hardware VTEP (HW VTEP).
- Choose the NSX edition based on the features required
Note
I would like to use VMware vShield Endpoint for anti-virus/anti-malware capability only. Which NSX edition should I use? VMware vShield endpoint is included as a vSphere feature in the vSphere Essential Plus Edition or later, so you do not need to purchase VMware a NSX license. VMware NSX for vShield endpoint will appear on the vSphere download site if you have vSphere Essential Plus Edition or later. For more information, see VMware KB 2110078 (https://kb.vmware.com/kb/2110078).
The following sub-sections will detail the different tiers of NSX licensing and the features available in each. From there, how to evaluate and purchase VMware NSX will also be detailed.
The four tiers of licenses are as follows:
- Standard edition
- Advanced edition
- Enterprise edition
- ROBO
The features available in each edition are as follows:
Product feature | Standard | Advanced | Enterprise | ROBO |
Distributed Switching | ● | ● | ● | ● |
Distributed Routing | ● | ● | ||
NSX Edge Firewall | ● | ● | ● | ● |
Network Address Translation (NAT) | ● | ● | ● | ● |
SW L2 Bridging to physical environment | ● | ● | ● | |
Dynamic routing with ECMP (Active-Active) | ● | ● | ● | ● |
API-driven | ● | ● | ● | ● |
Integration with vRealize and OpenStack | ● | ● | ● | ● |
Automation of security policies with vRealize | ● | ● | ● | |
NSX Edge Load Balancing | ● | ● | ● | |
Distributed Firewalling | ● | ● | ● | |
Integration with Active Directory | ● | ● | ● | |
Service Insertion (third-party integration) | ● | ● | ● | |
Cross vCenter NSX | ● | |||
Multisite NSX optimizations | ● | |||
VPN (IPSec and SSL) | ● | ● | ||
Remote gateway | ● | |||
Integration with HW VTEPs | ● |
There are two ways to evaluate VMware products:
Note
VMware NSX license is not available publicly. Contact your VMware sales representative to get an NSX evaluation license.
- Use VMware Hands-on Labs (http://labs.hol.vmware.com/) to experience VMware NSX in a virtual lab environment:
- VMware NSX Hands-on Lab Intro (http://www.vmware.com/go/try-nsx-en)
- VMware NSX Hands-on Lab Advanced (http://www.vmware.com/go/try-nsx-adv-hol)
There are support and subscription plan options that you can purchase in addition to the product:
- Basic support: 12 hours a day technical support during business hours
- Production support: 24 hours (Severity 1), seven days a week support
The production support plan is recommended for production and critical environments. If you need higher-level support above production grade, additional support options such as Business Critical Support (BCS) or Mission Critical Support (MCS) can be purchased on top of production support. For more information on VMware support offerings, see https://www.vmware.com/support/services.html.
VMware vRealize Log Insight is a log management engine that collects logs from a number of different sources and provides rich dashboards and search functionality.
Log Insight is available for NSX at no additional charge, you are entitled to one Log Insight CPU per NSX CPU license. The support and subscription is included with the NSX purchase. It is a fully functioning version of Log Insight but limited to vSphere and NSX data sources and content packs only. If you need more data sources and content packs, additional Log Insight licenses are required.
For more information about the VMware NSX Neutron plugin license editions for VMware integrated OpenStack, see VMware KB 2145269 (https://kb.vmware.com/kb/2145269).