You have options regarding segmenting the VxRail network traffic at the virtual-distributed switch level. You can configure all the required VxRail networks to a single virtual-distributed switch. Or you can deploy a second virtual-distributed switch to isolate the VxRail management network traffic and the VxRail nonmanagement network traffic.

Figure 42.    VxRail network segmentation with two virtual-two-port distributed switches

If your company or organization has stringent security policies regarding network separation, splitting the VxRail networks between two virtual-distributed switches enables better compliance with those policies. It also simplifies redirecting the VxRail management network traffic and nonmanagement network traffic down separate physical network paths.

You can choose from the following options to align with your company or organization networking policies:

• Place all the required VxRail network traffic and guest network traffic on a single virtual-distributed switch.
• Use two virtual-distributed switches to segment the VxRail management network traffic from the VxRail nonmanagement traffic and guest virtual machine network traffic.
• Deploy a separate virtual-distributed switch to support guest virtual machine network traffic.

Figure 43.    VxRail network segmentation with two virtual-four-port distributed switches

VxRail supports either a single virtual-distributed switch or two virtual-distributed switches as part of the initial implementation process. If your security posture changes after the VxRail cluster initial implementation is complete, a second virtual-distributed switch can still be deployed. The VxRail network traffic can be redirected to that second virtual-distributed switch. Any additional virtual-distributed switches beyond two switches, such as those for user requirements outside of VxRail networking can be deployed after initial implementation.