VMware NSX Reviews

Security. Our Trend platform runs off NSX.

We use the solution strictly for security.

Roughly six months.

We didn't have this issue, but I would recommend to others looking at this solution to make sure that their hardware is compatible.

It seems to be taking care of our whole environment. It seems to be pretty scalable.

I have not used it, but my coworker has. Every time he talks to them, they're easy to get a hold of; very knowledgeable and they solve his issues right away.

If you put in a trouble ticket, they contact you very quickly (in response). If there is a problem, it usually isn't around very long. They jump on it, fix it, and it's done.

We were on McAfee, and we switched to Trend. We switched to Trend because Trend supports virtual environment a lot better than McAfee does.

Trend migrated in a way that it will only work with NSX. The older version of Trend that we were on worked without NSX. The newer version does not. Now, we use NSX in conjunction with Trend.

We upgraded Trend to keep up-to-date and all the security loopholes closed.

Most important criteria when selecting a vendor:

• They have to be able to support the environment you're running.
• The service and support is a big must. We work at an Enterprise level, so sometimes you can't go with the little new guy. You need that 24 hour service and support, seven days a week. It is very important for us.

The ability to scale from different clouds. At the moment, the scalability of the product is the number one thing that I saw.

Right now, we're doing a private cloud, since we're government. In the future, we may want to look at public, but probably not. 

It has the potential to improve the way we function by having our different clouds be able to easily communicate back and forth. Right now, it takes a lot of work to do collaboration from our test lab, to our production, and to do anything in-between. It has the potential of giving us streamline migrations from the test lab to production.  

Pricing and licensing could be improved as we are a government entity. Lower pricing could always help.

We just got it.

About five to 10 people set new products up and we kick them down the road all the time. As soon as we see something real good we call in some users and it gets big. They call their managers and it grows; it's like a wildfire.

But it will start off as a spark, and I'm the spark.

It is pretty good. It cuts down on duplication. Right now, I have tools in the lab, have tools in pre-prod, and have tools in production. 

Right now and well in the future, if we implement it, we'll be able to have the same tool set be applied through all regions and transfer and not have duplication. It will outline and teach our users how to operate them. Therefore, we will have one set of tools, one set of instructions, and they can operate in all three environments. 

Scalability definitely looks awesome. Again the three environments we'll be able to use one set of tools. Everybody would be familiar with it. It won't operate this region and a different way in another region because it's from another vendor, where one set of tools would be able to pass throughout all of our regions. 

Our scale right now is about 60 users (the production and the customer).

We had multiple solutions.

We were making do with what we had, but again, going to different conferences and seeing what other people were using. We got curious and our vendor said, let's demo it. So, we made time for it, and after we made time for the demo, we realized we should have been doing this two years ago.

I was involved in the initial setup. It was straightforward. We did it with our government PFE.

We do have partners, who are knowledgeable, did offer to come in and set it up for us. We had access to our online lab from our vendor, so they had to set it up, connect it, demo it, and see how it runs. Though, we set ours up. 

Dell EMC and Symantec.

It's a solid product. Very easy to use out-of-the-box. It didn't have a steep learning curve, and we're still finding things that we can add-on. 

I would encourage anyone looking to buy the solution to demo it in a lab, or come to a conference and see it. They should see how it would fit in their environment, and don't be overwhelmed or overworked by adding another solution because the results pays off.

Most important criteria when selecting a vendor:

• Price
• Security
• Meeting the application requirements.
• Technical support.

The ease in which to install this product and make it work straight away without minimum changes in your physical network and is simply astonishing. The only thing you need to do when installing this product is change your MTU to 1600 (jumbo frames). It provides microsegmentation and good security features for north-south and east-west traffic across your SDDC. The performance you obtain at the virtual layer and traffic crossing for your VMs gets improved dramatically because the traffic doesn't leave the hypervisor. I'm not a network guy myself but NSX makes it really easy to understand how the virtual network pins together and how you can manage the traffic and security within your VMware deployment without the hassle of changing VLANs, adding unnecessary protocols for discovery, etc.

Encapsulating the traffic using VXLAN is a great addition. It extrapolates the number of VLANs that you can stretch to an almost infinite number of VXLAN (millions of VXLANs). In abstract, you are dealing with numerous VLANs every time you want to send traffic from one VM to another, basically VMs on different hosts within the same datacenter will be connected to the same logical switch and traffic is advertised via unicast traffic from the NSX controllers to let every body know in the environment "who is who" to minimize the amount of multicast traffic.

We haven't installed this in our environment yet. We have a major lab to provide our Ci-Dev team a sandpit to test apps and its security when deploying a three-tier application on our customers and test every single connection and performance before handing over the application to the customer.

The upgrade process is okay overall, but we have encountered issues every time when upgrading with the ESXi hosts VIB installation packages not being properly deployed, and after upgrading NSX manager, the ESXi hosts still uses the old version. This causes additional steps to manually remove those old VIBs from the ESXi, reinstall them, and try again. In some cases, we had to uninstall and install them from scratch NSX and restore from backup, which in a real world scenario won't be desirable to do. You would like to have an in-place a seamless upgrade from one version to another, especially if you are changing minor versions (e.g., 6.3.1 to 6.3.2).

Six months now.

The upgrade process is okay overall, but we have encountered issues every time when upgrading with the ESXi hosts VIB installation packages not being properly deployed, and after upgrading NSX manager, the ESXi hosts still uses the old version. This causes additional steps to manually remove those old VIBs from the ESXi, reinstall them, and try again. In some cases, we had to uninstall and install them from scratch NSX and restore from backup, which in a real world scenario won't be desirable to do. You would like to have an in-place a seamless upgrade from one version to another, especially if you are changing minor versions (e.g., 6.3.1 to 6.3.2).

A very stable product, it is more mature than it was four years ago when it first came out. The performance you get with this product is near-line rate.

If you have a large environment, the sprawl of Distributed Logical Routers or logical switches can be hard to manage, but you will have the same issues in a physical network.

We have a direct line with VMware support and with the specialized engineer who provides support on NSX. We haven't had to open a support call yet, but the engineer we've dealt with is very capable and knowledgeable on the product.

Excellent. VMware engineers are top of the line. I haven't met one engineer who doesn't know the product well that they support.

Nope, never used a network virtualisation product before.

It was straightforward. Just a couple of install media and .ovf files and you're done. The interesting part comes after installation when you need to define your virtual network architecture and how you're going to deploy rules and connectivity for your VMs.

In-house deployment. We're a large VMware shop and know VMware products well.

Not applicable for this product yet.

We got the licenses from VMware as part of the NFR agreement, but you will require a medium infrastructure to deploy this initially. Lot of memory and CPU are required to have the product run smoothly

No, there are no other products in the market that provide network virtualisation as far as I know.

Download the installer, try it, and you will love it. Some hardcore network administrators will say it is not the same, and of course is not the same, but it is a new way to do things in the network space. It is the way of the future when deploying large networks in Software Defined Data Centres.

I have worked on NSX for the last couple of months and I Liked Distributed Logical Switching, Distributed Logical Router and Distributed Firewall the most.

We have deployed it in a virtual environment and it saved a lot of time and effort for us to configure.

Speed of the NSX Controllers while deploying sometimes gets a bit slower which can be improved, overall its a great product

Last few months.

No issues.

No issues.

No issues.

Satisfied.

Satisfied.

No.

We are a Partner and we have deployed it for our customer.

Open APIs allow seamless integration with other products. Eventhough Lastline does not provide an end-to-end solution like their rivals, namely McAfee, TrendMicro and Symantec, Lastline excels by providing their APIs so that they could be integrated with other security products.

With Lastline, the effort to put in into the protecting the users against zero-day threats and malware can be subsequently reduced. It's accuracy and analysis reports on the objects are what all the other vendors should make an example of.

Lastline's reports can sometimes be very complicated and somehow leaves users with lots of technical information that cannot be easily digested. A more presentable reporting should be provided. However, this is not a weakness and their reporting is only suitable for people with certain technical knowledge.

Lastline itself is a complicated product to navigate through, although it provides a lot of details to the users. This was a feedback from one of our customer here during the POC stage. Users may be required to be technically sound to understand what Lastline has provided to them. What I mean by "a more presentable reporting" is that Lastline should provide a more user readable format of the report; perhaps more visual storyline of their process?

I have been using and performing POC on Lastline for my customers for around 1 year.

No issues.

No stability issues.

Lastline has no issue with scalability as it is by far the more scalable amongst APT solutions.

Lastline support has yet to fully penetrate into the SEA market. Their responses may come from their Sales and System engineers instead of their support team.

As mentioned, their system engineers are very well trained and experience enough to answer most of the technical and product inquiries thrown at them.

No.

Initial setup is very straightforward for cloud-based deployment. For on-premise deployment, it will require some UNIX-based commands knowledge.

Lastline is not a cheap product if compared with their competitors. I wish they could do something about the pricing as it is very hard to convince the customers on such a model.

The Internet is a nasty place, and getting nastier. Current breach detection products using traditional anti-malware sandbox technologies can’t keep up with advanced persistent and hyper-evasive threats that pummel enterprise networks on an hourly basis. Malware authors encode their exploits with a number of operational vectors, so in case one entry point doesn’t work they can still find a way into your network to do their dirty work. And as more businesses hire more outsourced consultants, part-time workers, and employ mobile devices, they open up additional mechanisms for malware to enter their corporate networks.

Some traditional AV and endpoint protection vendors have responded to these threats by adding features to their security products to do a better job of anticipating badly behaving packets coming through their detectors. They make use of limited virtual machines or operating system emulators to view how a piece of malware operates. That is great, but it isn’t enough. Many malware authors can detect when these simulated environments are active and can evade detection accordingly. For example, some exploits such as W32.DelfInj can literally go to sleep for several days to avoid any detector that will just scan an infected system for the first several minutes.

What is needed is a next-generation sandbox that can correlate a series of particular breach events add IP and object based reputation analysis and do this in near real-time. This is what the Lastline Breach Detection Platform does. What makes them unique is their range of discovery, the way they can effectively mimic actual PC or smartphone endpoints to examine malware behavior.

Download my full review of their system here.

Lastline has four major components:

• Network sensors. Lots of security tools have sensors, and certainly this is the cornerstone of any modern security tool. What makes Lastline more interesting is that it combines IP and domain reputation analysis with malware fingerprinting techniques. 

• Advanced sandbox screening tool. Suspicious objects that are suspected to be zero-day threats are collected from the sensors and analyzed with the Lastline next-generation sandbox, which emulates a complete endpoint system (OS, memory, and peripherals). Other sandboxing tools leave small in-guest code stubs that can reveal they aren’t “real” endpoints; Lastline doesn’t have these clues for malware to key into and looks just like regular computers. 

• Reporting and threat analysis tool. Low-level event data is then collected and correlated into a particular security incident, which then updates an online threat database. For example, just by clicking on a few different menu items, we can see how often the same infection was downloaded by a particular endpoint, or why a particular event led to other activities across our network, or how a piece of malware was attached to a series of different email messages.

• Rich threat intelligence of advanced threats.Known exploits and IP based systems associatedwith advanced malware are highly dynamic and traditional signature-based knowledge bases are ill equipped to keep up. Lastline threat intelligence draws on its global collection of next-generation sandboxes.

They just announced added Mac OS X support, which I didn't get to test. 

It is a bit tricky to install the various components and to get it set up properly. But once you do, you can take full advantage of its features. 

No.

No, indeed this is one of its main benefits. You can scale it up to handle very large networks with their modular and SaaS-based tools. 

To add flexibility to its system, both the next-generation sandbox and reporting tool can be either hosted or installed on-premises.

Their core idea is to run a piece of suspected malware in such a way as to provide the ultimate examination of its operations. Suspected code is extracted from the network traffic flow, analyzed andcorrelated with other network-level events to provide a full picture of what happened. It has one of the most throughout analysis sandbox engines. But what is more important is how they are able to provide actionable intelligence to a wide variety of leading security vendors’ intrusion prevention and unified threat management platforms from WatchGuard, Barracuda, TippingPoint, Juniper, Tripwire and others. Through a combination of application programming interfaces, Lastline can send and receive firewall blocking rules and breach event data to/from the appropriate systems that you have already purchased, so that these threats can be quickly stopped.

Yes, there are other sandboxing securing tools out there, but they aren't as thorough as what Lastline does.

Vendor team was first rate.

We use NSX in our data center. 

We use the NSX firewall which is great. 

I'd like to see more integration with other solutions. 

We've been using this solution for over two years. 

The solution is stable.

The solution is scalable.

I haven't used technical support. 

I recommend this solution and rate it seven out of 10.