Network virtualization allows you to programmatically create, operate and manage communication networks using software tools that utilize the physical infrastructure. Network and security services in the software are distributed to hypervisors and "attached" to individual virtual machines (VMs) in accordance with the network and security policies defined for each attached application. When a VM moves to another host, its network and security services move with it. If new VMs are created for the purpose of scaling applications, the necessary policies are then dynamically applied to these VMs as well.

Just as a virtual machine is a software container that provides logical computing services to an application, a virtual network is a software container that presents logical network services - logical switching, logical routing, logical firewall, logical load balancing, logical VPN, and others for data traffic. These network and security services are software-mediated and only require the IP packet forwarding from the underlying physical network. The logical network elements themselves are connected via a software representation of the physical network " wire". This therefore allows the entire network to be software-based as well.

Network virtualization orchestrates the virtual switches in server hypervisors and the network services that are delivered through them to the attached virtual machines to effectively provide a platform - or the "network hypervisor" - for virtual networking.

One way how to virtual networks can be set up is by using a Cloud Management Platform (CMP) to request virtual network and security services for the corresponding tasks. The controller then distributes the necessary services to the appropriate virtual switches and logically connects them to the appropriate requests.