Deploy the NSX Manager virtual appliance
Integrate the NSX Manager with vCenter Server
  • Configure Single Sign On
  • Specify a Syslog Server
Implement and Configure NSX Controllers
Exclude virtual machines from firewall protection according to a deployment plan
Deploy the NSX Manager virtual appliance
Requirements:
  • Working vSphere 5.5 environment (vCenter appliance, ESXi, Management VM network).
  • NSX Manager Appliance.
Deploy the NSX Manager OVF:
  • In the vSphere Web client, right click your cluster and select “Deploy OVF Template”. Select the local file that you just downloaded.
  • The “Review details” gives you an overview of the VM requirements and requires you to tick “Accept extra configuration options”.
  • Accept the EULA (or not and continue to use legacy networking).
  • Select the destination VM name, vCenter folder, datastore, management network portgroup.
  • Customise the NSX Manager settings and enter a password, hostname, IP details, DNS servers and NTP servers.
  • Review configuration and click “Finish”.
Integrate the NSX Manager with vCenter Server
Requirements:
  • NSX Manager deployed and running.
Register NSX Manager to vCenter:
  • Connect to the NSX Manager web interface via https://your.nsxmanager
  • Click on “Manage vCenter Registration”.
  • Click on the “Edit” button of the Lookup Service.
  • Fill out your SSO server details. Accept the certificate when asked.
  • After registering with SSO, click the “Edit” button for the vCenter Server.
  • Enter your vCenter server details. The tick “Modify plugin download location” is only required when the NSX Manager is behind a firewall type of masking device (don’t do that though). Also accept the SSL certificate when proceeding.

When that’s done, the Lookup Service and vCenter Server status should say “Connected” and you should have the “Networking & Security” plugin registered in your vCenter (the last one might require logging out and back in again).

 

You want to configure a Syslog server so the NSX Manager can push its audit logs and events to a central logging repository.
I am utilising vRealize Log Insight.
  • Log into the NSX Manager appliance webpage with the Admin account.
  • Click the Manage Appliance Settings tab.
  • Under Syslog Server click the Edit button and enter the specific details for your Syslog Server, enter the 514 as the port and UDP as the protocol. 
  • Click OK.
Implement and Configure NSX Controllers
Requirements:
  • NSX Manager registered to vCenter server.
  • NSX IP Pool for NSX Controllers created.

Deploy the NSX Controllers always in an odd number to avoid split-brain situations. Deploy either 1 (only in a lab!), 3 (recommended), 5, etc., based on scale. Current scaling of NSX can be handled by 3 NSX Controllers. After deploying manually set up DRS anti-affinity rules to keep the controllers running on different ESXi nodes.

Deploy NSX Controller(s):
  • Navigate to Networking & Security and then the “Installation” menu.
  • Click on the “+” icon in the “NSX Controller Nodes” view to start the deployment procedure.
  • Fill out the required details; which vCenter datacenter, cluster, datastore you want to deploy on. Select the VM management network portgroup, the IP
  • Pool and the password of the controller.
  • Click “OK” when satisfied with your settings to start deployment.
  • Repeat step for the remaining NSX Controllers you would like to deploy.

The settings for deploying a NSX Controller might look like this:

When deployed successfully, your “NSX Controller nodes” view will look like this:

Exclude virtual machines from firewall protection according to a deployment plan
By default, the NSX Manager and NSX Controllers are automatically excluded from the Distributed Firewall (DFW). Any Edge Service Gateways (ESG) are also excluded when they are deployed.
To add the vCenter Server and the external PSC to the exclusions list:
  • Log into the vSphere Web Client.
  • Click the Networking and Security icon, then click NSX Managers
  • Select your NSX Manager and then click the Manage tab
  • Click the Exclusion List tab
  • Click the + sign to add a virtual machine to exclude, select your VMs and then click OK

Note: After excluding a VM should you add an additional vNIC to the VM it will automatically be protected by the DFW. To exclude the vNIC you need to remove the entire VM from the Exclusions list and re-add. (or you can reboot the VM).

Prepare vSphere Distributed Switching for NSX
Prepare a cluster for NSX
  • Add/Remove Hosts from cluster
Configure the appropriate teaming policy for a given implementation
Configure VXLAN Transport parameters according to a deployment plan

 

Prepare vSphere Distributed Switching for NSX

 

Prepare a cluster for NSX: add host to cluster
This task is pretty simple.
  • Add the host to vCenter but outside of the cluster.
  • Join it to the same vDS as other hosts in the cluster.
  • Put the host into maintenance mode.
  • Move the host into the cluster and it will auto install the VMkernel modules.
  • Once the install is complete take the host out of maintenance mode.
Prepare a cluster for NSX: remove host from cluster (require a reboot)
From CLI:
  • esxcli software vib remove –vibname=esx-vxlan
  • esxcli software vib remove –vibname=esx-vsip
 
From GUI:
  • Put the host in maintenance mode.
  • Move the host out of the cluster, the VMkernel modules will be removed.
  • Reboot the host.
  • Take the host out of maintenance mode.
Configure the appropriate teaming policy for a given implementation
 
Configure VXLAN Transport parameters according to a deployment plan

 

VMware Certified Advanced Professional 6 - Network Virtualization Deployment Exam

Section 1 - Prepare VMware NSX Infrastructure

Objective 1.1 - Deploy VMware NSX Infrastructure components

  • Deploy the NSX Manager virtual appliance
  • Integrate the NSX Manager with vCenter Server
    • Configure Single Sign On
    • Specify a Syslog Server
  • Implement and Configure NSX Controllers
  • Exclude virtual machines from firewall protection according to a deployment plan

Objective 1.2 - Prepare Host Clusters for Network Virtualization

  • Prepare vSphere Distributed Switching for NSX
  • Prepare a cluster for NSX
    • Add/Remove Hosts from cluster
  • Configure the appropriate teaming policy for a given implementation
  • Configure VXLAN Transport parameters according to a deployment plan

Objective 1.3 - Configure and Manage Transport Zones

  • Create Transport Zones according to a deployment plan
  • Configure the control plane mode for a Transport Zone
  • Add clusters to Transport Zones
  • Remove clusters from Transport Zones

Section 2 - Create and Manage VMware NSX Virtual Networks

Objective 2.1 - Create and Manage Logical Switches

  • Create/Delete Logical Switches
  • Assign and configure IP addresses
  • Connect a Logical Switch to an NSX Edge
  • Deploy services on a Logical Switch
  • Connect/Disconnect virtual machines to/from a Logical Switch
  • Test Logical Switch connectivity

Objective 2.2 - Configure and Manage Layer 2 Bridging

  • Add Layer 2 Bridging
  • Connect Layer 2 Bridging to the appropriate distributed virtual port group

Objective 2.3 - Configure and Manage Routing

  • Deploy the appropriate NSX Edge (ESG/LDR) device according to a deployment plan
  • Configure centralized and distributed routing
  • Configure default gateway parameters
  • Configure static routes
  • Select and configure appropriate dynamic routing protocol according to a deployment plan:
    • OSPF
    • BGP
    • IS-IS
  • Configure route redistribution to support a multi-protocol environment

Section 3 - Deploy and Manage VMware NSX Network Services

Objective 3.1 - Configure and Manage Logical Load Balancing

  • Configure the appropriate Load Balancer model for a given application topology
  • Configure SSL off-loading
  • Configure a service monitor to define health check parameters for a specific type of network traffic
  • Optimize a server pool to manage and share backend servers
  • Configure an application profile and rules
  • Configure virtual servers

Objective 3.2 - Configure and Manage Logical Virtual Private Networks (VPNs) 

  • Configure IPSec VPN service to enable site to site communication
  • Configure SSL VPN service to allow remote users to access private networks
  • Configure L2 VPN service to stretch multiple logical networks across geographical sites

Objective 3.3 - Configure and Manage Additional VMware NSX Edge Services

  • Configure DHCP services according to a deployment plan:
    • Create/edit a DHCP IP Pool
    • Create/edit DHCP Static Binding
    • Configure DHCP relay
  • Configure DNS services
  • Configure NAT services to provide access to services running on privately addressed virtual machines

Section 4 - Secure a vSphere Data Center with VMware NSX

Objective 4.1 - Configure and Manage Logical Firewall Services
  • Configure Edge and Distributed Firewall rules according to a deployment plan:
    • Create/configure Firewall rule sections for specific departments
    • Create/configure Identity-based firewall (IDFW) for specific users/groups
  • Configure SpoofGuard policies to enhance security
  • Filter firewall rules to narrow a scope

Objective 4.2 - Configure and Manage Service Composer

  • Create/configure Service Composer according to a deployment plan:
    • Configure Security Groups
    • Configure Security Policies
    • Configure Activity Monitoring for a Security Policy
  • Create/edit/delete Security Tags
  • Configure Network Introspection
  • Configure Guest Introspection

Section 5 - Perform Operational Management of a VMware NSX Implementation

Objective 5.1 - Backup and Restore Network Configurations
  • Schedule/Backup/Restore NSX Manager data
  • Export/Restore vSphere Distributed Switch configuration
  • Export/Import Service Composer profiles
  • Save/Export/Import/Load Distributed Firewall configurations

Objective 5.2 - Monitor a VMware NSX Implementation

  • Configure logging for NSX components according to a deployment plan
  • Monitor health of networking services
  • Monitor health and status of infrastructure components: 
    • vSphere
    • NSX Manager
    • Control Cluster
  • Enable data collection for single/multiple virtual machines

Objective 5.3 - Configure and Manage Role Based Access Control

  • Implement identity service support for Active Directory, NIS, and LDAP with Single Sign-On (SSO)
  • Manage User rights:
    • Assign roles to user accounts
    • Change a user role
    • Delete/disable/enable a user account

Section 6 - Configure Cross vCenter Networking and Security

Objective 6.1 - Configure Cross vCenter VMware NSX infrastructure components
  • Configure NSX manager roles (Primary, Secondary, Standalone, Transit) according to a deployment plan:
    • Assign Primary role to specified NSX Manager
    • Assign Secondary role to specified NSX Managers
  • Deploy/configure Universal Controller Cluster
  • Configure Universal segment ID pools 
  • Create/manage Universal transport zones

Objective 6.2 - Configure and Manage Universal Logical Network Objects

  • Create/configure Universal Logical Switches
  • Create/configure Universal Distributed Logical Routers
  • Configure local egress

Objective 6.3 - Configure and Manage Universal Logical Security Objects

  • Configure Universal MAC sets
  • Configure Universal IP sets
  • Configure Universal security groups
  • Configure Universal firewall rules
  • Configure Universal services and service groups

Section 7 - Perform Advanced VMware NSX Troubleshooting

Objective 7.1 - Troubleshoot Common VMware NSX Installation/Configuration Issues
  • Troubleshoot NSX Manager services
  • Download Technical Supports logs from NSX Manager
  • Troubleshoot host preparation issues
  • Troubleshoot NSX Controller cluster status, roles and connectivity
  • Troubleshoot Logical Switch transport zone and NSX Edge mappings
  • Troubleshoot Logical Router interface and route mappings
  • Troubleshoot distributed and edge firewall implementations

Objective 7.2 - Troubleshoot VMware NSX Connectivity Issues

  • Monitor and analyze virtual machine traffic with Flow Monitoring
  • Troubleshoot virtual machine connectivity 
  • Troubleshoot dynamic routing protocols

Objective 7.3 - Troubleshoot VMware NSX Edge Services Issues

  • Troubleshoot VPN service issues
  • Troubleshoot DHCP/DNS/NAT service issues
  • Troubleshoot Logical Load Balancer implementation issues
  • Download Technical Support logs from NSX Edge instances

Section 8 - Utilize API Commands to Manage a VMware NSX Deployment

Objective 8.1 - Administer and Execute calls using the VMware NSX vSphere API
  • Construct and execute an API call using correct syntax and formatting
  • Programmatically configure system parameters including:
    • NSX controller syslog
    • Modify DLR declared dead time
  • Analyze, modify, and successfully retrieve configuration data using an existing API call

untitled

Hackers have leaked hundreds of emails and passwords online after claiming to have stolen 7 million individual login credentials from popular cloud storage service Dropbox.

In a series of posts to the website Pastebin, an anonymous "guest" dropped three "teasers" each containing hundreds of emails and passwords from "Hacked Dropbox accounts".

AUST IT - Computer help out of hours, when you need it most.

Find out why we do it for less.

About

AUST IT will help you resolve any technical support issues you are facing onsite or remotely via remote desktop 24/7. More...

Contacts

Reservoir, Melbourne,
3073, VIC, Australia

Phone: 0422 348 882

This email address is being protected from spambots. You need JavaScript enabled to view it.

Sydney: 0481 837 077

Connect

Join us in social networks to be in touch.

Newsletter

Complete the form below, and we'll send you our emails with all the latest AUST IT news.