The usage of NSX features directly by the provider outside of vCloud Director can be shown in an example combining Distributed Firewall (DFW) for segmentation of L2 networks with Distributed Logical Routing (DLR).

A use case example is where shared services, such as monitoring, patching, or backup, are available on the service network for tenant workloads. The tenant connects workloads with a secondary network interface to a dedicated service network with routable access to shared services network. Because there is no need for NAT, this approach works with any monitoring or backup solutions.

The distributed logical router provides scalable routing, while distributed firewall combined with VMware NSX SpoofGuard provides the necessary multitenant security enforcement at the tenant VM vNIC level.