Microsegmentation allows IT to run a smarter and more adaptable firewall at the virtual switch side on the virtualization host rather than backhaul all firewalling to a top-of-rack switch or to a firewall somewhere else on the network.
For VDI, microsegmentation prevents one desktop from communicating with another, even though they are on the same virtual LAN (vLAN). This process is commonly referred to as east-west protection. VDI admins can also ensure that their vLANs can only access the Active Directory, DNS, brokers, application back ends and file shares, or any other services that will make an image work as expected. This is called north-south protection.
VMware is the only one in this comparison with its own microsegmentation product, NSX-T, which adds depth to any security strategy. A community has developed around the product since its 2013 release, which means there are certified experts, free and paid classes, and services to help admins with deployment.
VMware has added other features to NSX microsegmentation that enables IT to limit east-west communication with one click and have contextual network access with desktops in the same pool and vLAN based on the users group memberships. NSX microsegmentation is a significant advantage over Citrix in this area.