Network Virtual Appliances – Difference between Performance Cloud Hyper-V and Performance Cloud VMware

Summary

This article aims to explain some key differences between the implementation of Network Virtual Appliances (NVA), which are often firewalls but could be other type of network devices as well. The implementation of network virtualization between Hyper-V (NVGRE) and VMware (NSX) have some impacts on how traffic is handled.

Impacts

NVA are no longer set up free of charge by Sherweb.

Reason: In Performance Cloud Hyper-V, Sherweb’s infrastructure team had to do some configurations in the backend while in Performance Cloud VMware, the client has all the autonomy to complete the required implementation tasks.

Public IP addresses are no longer configured on the NVA.

Reason: The NSX Edge Gateway is responsible to handle network virtualization and isolation within the infrastructure. This impose a restriction that public IP address must be owned by the NSX Edge Gateway and the NVA configure behind it. Since the NSX Edge Gateway also acts as a firewall, you must allow all traffic to go through it and manage network flows on your NVA.

If you had a pfSense in Performance Cloud Hyper-V, you may no longer need it in Performance Cloud VMware.

Reason: The NSX Edge Gateway act as a firewall, basic load balancer and VPN gateway. You may want to review the features used and consider leveraging the native NSX Edge Gateway features instead.

If migrating from Performance Cloud Hyper-V to Performance Cloud VMware, you need to rebuild your NVA.

Reason: Appliances provided by vendors are not using the same images depending on the Hypervisor used and there maybe some reconfigurations required, due to the network topology changes (due to the NVA being behind the NSX Edge Gateway).