Most network data traffic in the tenant desktop environment is “east-west”, meaning that data flows between desktops and server components in the datacenter. For some tenants this is important to understand as it directly impacts compliance and security risk mitigation. Some of the risks associated with east-west traffic include:

Traditional networking can make this challenging, since it adds complexity with managing multiple VLANs, firewall rule-sets and access control lists.

VMware NSX targets east-west traffic, in addition to north-south, and Tenant Administrators can easily create policies (see the following figure) that dynamically follow desktops.

 

NSX abstracts the network infrastructure into a logical representation that is made up of a library of network services, that can be interconnected to create a virtual network overlay. This enables the tenant to place each virtual desktop in its own individual network container. Using the NSX DFW (Distributed Firewall) it is possible to deliver micro-segmentation, eliminating unauthorized cross-talk between virtual desktop or server workloads.

Tenant administrators can define policy rule-sets that automatically attach to a virtual desktop, or virtual machine groups so the policy is enforced at the time the virtual machine is created.

NSX also exposes a RESTful API, allowing cloud management platforms to automate the delivery of network services.