February 07, 2023

VMware NSX is Part of Every Google Cloud VMware Engine Private Cloud

VMware NSX is part of every Google Cloud VMware Engine (GCVE) private cloud, bringing huge benefits for network management and security.

VMware NSX: Network and Security Virtualization

Even if you’re an experienced VMware vSphere administrator, you may not have had exposure to VMware NSX, but you most likely know that it offers powerful network virtualization for your software defined data center.

There are many benefits to NSX networking, and especially appealing to VI admins is the fact that all configuration is in software: no more managing VLAN IDs, trunks, or waiting for the networking engineering team to configure physical resources for new virtual networks. Plus, the distributed firewall makes it easy to control connections between VMs without setting up multiple tiers of virtual networks separated by security appliances that add complexity and expense to your infrastructure.

Google Cloud VMware Engine is Built on NSX

When you deploy a new private cloud on Google Cloud VMware Engine (GCVE), production-ready VMware NSX infrastructure is also provisioned – all in under an hour. It’s like having a team of expert network and security engineers on staff, and it’s included with the service. Much of the learning curve and challenging aspects of NSX have been taken care of, including design, architecture, installation, configuration, as well as the ongoing patching, updating, and other maintenance. This frees you to focus on running the applications for your business and lets you abstract infrastructure management to the experts at Google Cloud.

Virtual Machines Connected in Minutes

Once your private cloud is deployed, it takes just a few clicks to set up VMware NSX. You can quickly set up a new network segment using the IP network of your choice, including optional DNS services according to your use case. The randomly generated admin password for NSX Manager can be retrieved from the GCVE portal, and you can change it as needed to comply with your policies and procedures. After creating the NSX network segment, it is available immediately in VMware vCenter so you can start deploying new VMs on your private cloud.

Check out this short demo video that goes through the whole process:

Distributed Firewall Brings Microsegmentation to Applications

One your applications are running on GCVE with NSX as the underlying networking, it’s very easy to configure policies in the distributed firewall to add comprehensive protection to workloads. The distributed firewall makes it possible to prevent or allow connections between VMs on the same network, without relying on any in-guest security software or configurations. This can reduce the number of network segments required for your application while also limiting the attack radius in the event of a compromise.

To see how the distributed firewall can protect a traditional 3-tier application, watch this quick demo:

Optional GCVE Networking Without VMware NSX

For most workloads and use cases, NSX is the recommended networking for workloads on GCVE. However, for certain scenarios where high packet throughput is required there is another option. Introduced recently, architects can now choose to use Service Subnets. These are VLAN-backed networks that use native vSphere networking separate from NSX, which means that benefits of NSX like DHCP, firewalling, and microsegmentation cannot be leveraged. But keep these in mind for certain use cases, especially for disaster recovery data replication.


There are many benefits to migrating applications to Google Cloud VMware Engine, away from aging infrastructure in on-premises data centers. You can reduce your infrastructure management burden while at the same time take advantage of the latest data center technologies, such as VMware NSX. This combination makes your team nimbler and brings new security capabilities that would be prohibitive with traditional architectures.

Filter Tags

Google Services Networking Google Cloud VMware Engine Blog