Micro-segmentation with VMware NSX can enable VMware Cloud Providers to implement zero-trust security and protection of sensitive virtual machine workloads in the cloud environment. By using VMware NSX distributed firewalls, VMware NSX micro-segmentation can provide cloud workloads that reside on the same Layer 2 segment a similar level of isolation and segmentation to workloads on separate Layer 2 segments. This allows for more granular and efficient security for cloud workloads.

VMware Cloud Providers can provide micro-segmentation in the vSphere Web Client for the Hosted Cloud Service model or through the consumption of multi-machine blueprints for the Private Hosted Cloud Service model. An example of using micro-segmentation with the distributed firewall platform might be in the case where the service provider wants to protect the back end infrastructure, which offers billing, patch, and monitoring services. This would allow for the protection of East/West traffic while the edge services gateway firewall provides the North/South protection.