What’s New in VCF 9 (with NSX)

GUI steps and automation for these features follow similar patterns as above.

This guide walks through a full-featured NSX deployment, from initial setup to advanced automation.

  • NSX 4.x Integration
    VCF 9 now fully supports NSX 4.x, providing access to the latest in networking and security. This version enables smoother upgrades, improved lifecycle management, and new features not available in previous releases.
  • Federation and Multi-Site Capabilities
    NSX Federation is more deeply integrated, enabling the management of distributed security policies, overlays, and segmentation across multiple sites with a unified control plane.
  • Enhanced Distributed Firewall (DFW) and L7 Policies
    The DFW now supports application-layer (L7) rules and expanded service insertion for north-south and east-west traffic, making microsegmentation and compliance strategies more effective.
  • Overlay Networking at Scale
    Improved support for VXLAN and Geneve overlays enables faster provisioning and increased throughput, crucial for modern virtual data centers.
  • VRF-Lite and Multi-Tenancy
    Native support for VRF-Lite provides better options for tenant isolation, overlapping IPs, and custom segmentation without complex workarounds.
  • NSX Intelligence and Distributed Analytics
    NSX Intelligence offers real-time flow analytics and security recommendations, making it easier to understand traffic and optimize policies.
  • Lifecycle Management and Automation
    SDDC Manager delivers streamlined deployment, patching, and rollback for all NSX components, with improved automation via GUI and API.
  • API-First, Automation-Ready
    Every aspect of NSX in VCF 9 is accessible by API, PowerCLI, Python SDK, and Ansible, supporting a true infrastructure-as-code approach.
  • Improved GUI and Usability
    The NSX and SDDC Manager interfaces have been redesigned for simpler workflows, faster onboarding, and more intuitive error reporting.

VMware Cloud Foundation (VCF) 9 introduces a series of impactful enhancements for network virtualization, with NSX taking center stage. This release brings higher scalability, smarter automation, and simplified operations that matter to network engineers, virtualization admins, and architects in on-premises environments.

VCF 9 + NSX Architecture Overview

Key advancements:

PowerCLI Example:

Step-by-Step NSX Deployment in VCF 9

Examples provided in each section above. Mix and match based on your organization’s automation strategy.

1. NSX Manager Deployment

Edge nodes handle north-south routing, NAT, load balancing, and other advanced networking functions.

  1. Log in to SDDC Manager.
  2. Navigate to the Workload Domain for NSX deployment.
  3. Click “Add NSX.”
  4. Specify the cluster, IP/FQDN, credentials, network pool, and license.
  5. Click Deploy. SDDC Manager automates the full NSX Manager deployment.

Before diving into detailed deployment, here’s how VCF 9 orchestrates NSX in a modern, on-premises SDDC.

Before diving into detailed deployment, here’s how VCF 9 orchestrates NSX in a modern, on-premises SDDC.

Before diving into detailed deployment, here’s how VCF 9 orchestrates NSX in a modern, on-premises SDDC.

Before diving into detailed deployment, here’s how VCF 9 orchestrates NSX in a modern, on-premises SDDC.

Before diving into detailed deployment, here’s how VCF 9 orchestrates NSX in a modern, on-premises SDDC.

- name: Deploy NSX Manager in VCF 9
hosts: localhost
tasks:
- name: Provision NSX Manager
vmware.vmware_rest.nsx_manager:
hostname: "{{ vcf_manager }}"
username: "{{ vcf_user }}"
password: "{{ vcf_pass }}"
nsx_manager_spec:
hostname: "nsx-mgr.lab.local"
ip_address: "10.10.10.50"
admin_password: "ComplexPassword123!"

Transport zones define which hosts participate in a given NSX overlay or VLAN-backed network.

7. Automation: Infrastructure as Code

GUI Steps:

  • PowerCLI for rapid scripting and integration with existing VMware tools.
  • Python SDK for advanced workflows, integrations, and reporting.
  • Ansible for declarative, repeatable, and idempotent infrastructure provisioning.

New-NsxTransportZone -Name "TZ-Overlay" -Type "OVERLAY"
Add-NsxHostToTransportZone -Host "esxi-01.lab.local" -TransportZone "TZ-Overlay"

PowerCLI Example:

Conclusion

The NSX Distributed Firewall allows for granular east-west security and compliance.

Disclaimer

Connect-SddcManager -Server "sddc-manager.lab.local" -User "admin" -Password "yourPassword"

New-NSXManagerDeployment -Domain "Workload-Domain-1" `
-NSXManagerIP "10.10.10.50" `
-SubnetMask "255.255.255.0" `
-Gateway "10.10.10.1" `
-LicenseKey "XXXXX-XXXXX-XXXXX-XXXXX"

Similar Posts