Does AVS ( Azure VMware solution ) support same features when running NSX-T on prem

Question

Dear Experts,

I have below 2 queries :

1. Can AVS, currently operating NSX-T 3.2.2, support all the features available when running NSX-T on-premises?
2. Is there any limitation on number of rules on Distributed Firewall and how to check the performance of DFW in AVS environment.

Your assistance regarding this matter would be greatly appreciated.

Regards,

Prashant

Answer 1

Hello Prashant Chaudhary

Welcome to Microsoft Q&A Platform, thanks for posting your query here.

1.Can AVS do the same as NSX-T on-prem?
The answer is "No, not entirely". Because of the PaaS nature of AVS there are some limitations. Few differences are:

• There is NO access to customers to the T-0 gateways in AVS. The T-0 gateway in AVS is a fully managed service (Microsoft control). However, you as a customer can view configurations there but will be unable to make any changes at that level. This is done to ensure stability and availability of connectivity into AVS and the management components.
• The second main difference is the lack of support for service-insertion (insert 3rd party services like firewalls directly into the T-0/T-1 infrastructure. This capability is frequently used by VMware customers on-prem so there is no Support from AVS side for this capability at this moment.

2.DFW scaling:
For DFW you can use the same capabilities as on-prem and should adhere to the normal VMware published limits in your "configmax" portal. Adhering to the recommendations for implementing DFW based on VMware recommendations is important to ensure a properly performing implementation.

Hope this clarifies your queries.