You have options regarding segmenting the VxRail network traffic at the virtual distributed switch level. Prior to 7.0.130, all the required VxRail networks were confined to a single virtual distributed switch. Starting with version 7.0.130, you can decide whether you want to deploy a second virtual distributed switch to isolate the VxRail management network traffic and the VxRail non-management network traffic.

Figure 27.          VxRail network segmentation with two virtual distributed switches

If your company or organization has stringent security policies regarding network separation, splitting the VxRail networks between two virtual distributed switches will enables better compliance with those policies, and simplify redirecting the VxRail management network traffic and non-management network traffic down separate physical network paths.

You can choose from the following options to align with your company or organization networking policies:

• Place all the required VxRail network traffic and guest network traffic on a single virtual distributed switch.
• Use two virtual distributed switches to segment the VxRail management network traffic from the VxRail non-management traffic and guest virtual machine network traffic.
• Deploy a separate virtual distributed switch to support guest virtual machine network traffic.

Figure 28.          VxRail network segmentation with two virtual distributed switches

VxRail supports either a single virtual distributed switch or two virtual distributed switches as part of the initial implementation process. If your security posture changes after the VxRail cluster initial implementation has completed, a second virtual distributed switch can still be deployed and the VxRail network traffic can be redirected to that second virtual distributed switch. Any additional virtual distributed switches beyond two switches, such as those for user requirements outside of VxRail networking, can be deployed after initial implementation.