VMware NSX Fundamentals

VMware NSX Fundamentals

by Anthony Burke / Ron Fuller / Andreas la Quiante
Released February 2016
Publisher(s): VMware Press
ISBN: 0134467205

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

More Than 11 Hours of Video Instruction on NSX

More than 11 hours of training on key NSX basics.

Description

VMware NSX Fundamentals LiveLessons is a unique video product that provides a solid understanding of NSX product components for security and network virtualization. This video course provides the perspective for network administrators, security practitioners, and virtualization administrators to feel confident in their ability to deploy NSX.

VMware NSX Fundamentals LiveLessons contains 14 individual videos lessons, for a total of more than 14 hours of instruction. The videos consist of live teaching, screencasts, whiteboard instruction, animations, and more. Instruction throughout offers detailed explanations, tips, and configuration verifications.

The video lessons cover the following topics:

Lesson 1 Software-Defined Data Center

Lesson 2 Networking Fundamentals

Lesson 3 NSX Lab

Lesson 4 NSX Manager and NSX Control Cluster

Lesson 5 Logical Switch Networks

Lesson 6 Distributed Logical Routing

Lesson 7 Edge Routing and High Availability

Lesson 8 Virtual Private Networks

Lesson 9 NSX Edge Load Balancer

Lesson 10 Distributed Firewalls

Lesson 11 Automating the Security Architecture

Lesson 12 Additional Edge Services

Lesson 13 Multi-vCenter NSX

Lesson 14 Operations

About the Instructors

Ron Fuller is a staff engineer in the Network and Security Business Unit (NSBU) focused on NSX for VMware. He has 21 years of experience in the industry and has held certifications from VMware, Novell, HP, Microsoft, ISC2, SNIA, and Cisco, including two CCIEs No. 5851 (Routing and Switching/Storage Networking). His focus is working with customers to address their challenges with comprehensive end-to-end data center architectures and how they can best utilize VMware technology to their advantage. He is the co-author of both editions of the Cisco Press title NX-OS and Cisco Nexus Switching, as well as the Cisco Press NX-OS Configuration Fundamentals LiveLesson and Cisco IP Multicast Fundamentals video series. He has had the opportunity to speak at Cisco Live in Europe, Australia, and the United States on multiple topics. He lives in Ohio with his wife and four wonderful children and enjoys travel and auto racing. He can be found on Twitter @ccie5851.

Anthony Burke is a senior systems engineer in the Network and Security Business at VMware. He works with customers to see benefits of the software-defined data center and validates use cases in a technical presales fashion. Previously, he was data center enterprise architect for the emergency services sector at ESTA 000. Anthony provided oversight into the architecture, design, and day-to-day operation of a mission-critical emergency services network. His background includes numerous tours of duty working with Nexus 7000, 5000, ASA/SRX firewalls, and Catalyst switching. He now delivers scale-out data centers and network virtualization with a focus on modern security architectures within VMware’s Network and Security Business Unit. He lives in Melbourne with his wonderful wife, Katrina, and his son, Felix. Anthony writes at networkinferno.net and is on Twitter as @pandom_.

Andreas la Quiante covers major customers in EMEAR as a SDDC architect focusing on network virtualization and security. He started in the networking field while studying electrical engineering (Dipl.-Ing.) at the Technical University of Berlin more than 20 years ago and has enjoyed it ever since. He worked for a customer in the finance sector, as a trainer (Cisco CCSI No. 99941), a consultant in Europe and the USA and subject matter expert for an international consulting company. Before joining VMware, Andreas worked for Cisco Systems, first as a product manager for Nexus data center switches. He believes in passing on knowledge and skills (such as presenting at Cisco Live conferences in Europe, the United States, and the Middle East). In his spare time he spends time with his wife, Susanne, and his son, Carl, and fixes up their old house in Germany.

Skill Level

Beginning to Intermediate

What You Will Learn

Lesson 1 Software-Defined Data Center

Lesson 2 Networking Fundamentals

Lesson 3 NSX Lab

Lesson 4 NSX Manager and NSX Control Cluster

Lesson 5 Logical Switch Networks

Lesson 6 Distributed Logical Routing

Lesson 7 Edge Routing and High Availability

Lesson 8 Virtual Private Networks

Lesson 9 NSX Edge Load Balancer

Lesson 10 Distributed Firewalls

Lesson 11 Automating the Security Architecture

Lesson 12 Additional Edge Services

Lesson 13 Multi-vCenter NSX

Lesson 14 Operations

Who Should Take This Course

The target audience for this course consists of IT professionals who want to understand the VMware NSX platform, its security, and network virtualization capabilities.

The product focuses on theoretical and practical configuration. Users should have some background in IT, networking, and vSphere.

Lesson 1: The Software-Defined Data Center

This lesson covers the concepts of the software-defined data center (SDDC) and the transformation happening in this space. Focus then shifts to the role VMware vSphere has in providing the foundation for network virtualization.

Lesson 2: Networking Fundamentals

This lesson provides the networking foundation needed for viewers with a non-networking background to understand the fundamental capabilities of modern data center networking. Topics include Ethernet switching fundamentals and vSphere virtual networking, including distributed switching and network topologies.

Lesson 3: NSX Lab

This lesson focuses on the topology used throughout the rest of the lessons and describes the conceptual, physical, and logical networks. This lesson includes reference material for subsequent lesson units.

Lesson 4: NSX Manager and NSX Control Cluster

This lessons introduces the management and control plane components of NSX (NSX Manager and NSX controllers) and describes their purposes in the architecture. It also details various best practices for each.

Lesson 5: Logical Switch Networks

This lesson focuses on the first building blocks of virtualized networking, logical switching. Topics include VXLAN protocol fundamentals, VTEP functions, traffic flows for broadcast, unknown unicast and multicast traffic, and the ARP suppression capabilities within NSX. Additionally, this lesson examines controller replication modes along with Top of Rack integration via the OVSDB protocol.

Lesson 6: Distributed Logical Routing

This lesson provides information on the routing capabilities of NSX, including static and dynamic routing with OSPF and BGP. The lesson also explains the NSX Edge and DLR routing capabilities and shared best practices around the DLR route control virtual machine.

Lesson 7: Edge Routing and High Availability

This lesson covers NSX Edge Services Gateway routing features, including static and dynamic routing with OSPF and BGP. The lesson also compares and contrasts high availability modes and shares best practices on scale and placement of the NSX Edge appliances.

Lesson 8: Virtual Private Networks

This lesson describes the use cases for the VPN offerings available in NSX before focusing on each available option. The lesson covers site-to-site IPsec VPNs, SSL VPNs, and Layer 2 VPNs and provides best practices for each.

Lesson 9: NSX Edge Load Balancer

This lesson focuses on the NSX load balancing capability. Topics include one-armed load balancing, in-line load balancing, SSL offload, and service profiles.

Lesson 10: Distributed Firewalls

This lesson covers the concepts of micro segmentation and the zero-trust model. The lesson continues with a description of the architecture of the distributed firewall compared to traditional firewalls, and concludes with a look at the installation and configuration of the distributed firewall.

Lesson 11: Automating the Security Architecture

This lesson introduces the NSX Service Composer tool and illustrates how to configure security policies. It also explains and demonstrates third-party integration using Service Composer.

Lesson 12: Additional Edge Services

This lesson provides information on functions available in NSX including L2 bridging on the distributed logical router; NAT and DHCP configuration on the Edge; and data security and activity monitoring across the platform.

Lesson 13: Multi-vCenter and NSX

This lesson focuses on the new components and architecture added with NSX 6.2’s Multi-vCenter capability. The lesson explains and shares best practices for migration from a single vCenter deployment to Multi-vCenter.

Lesson 14: Operations

This lesson focuses on operational aspects of NSX, including roles-based access control, NSX flow monitoring, NSX activity monitoring, logging capabilities, and new path troubleshooting tools.

About LiveLessons Video Training

LiveLessons Video Training series publishes hundreds of hands-on, expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. This professional and personal technology video series features world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, IBM Press, Pearson IT Certification, Prentice Hall, Sams, and Que. Topics include IT Certification, Programming, Web Development, Mobile Development, Home and Office Technologies, Business and Management, and more.

View all LiveLessons on InformIT at http://www.pearsonitcertification.com/livelessons.

Table of contents

  1. Introduction
    1. VMware NSX Fundamentals: Introduction
  2. Lesson 1: Software-Defined Data Center
    1. Learning objectives
    2. 1.1 Software-Defined Data Center Concepts
    3. 1.2 Evolution of the Software-Defined Data Center
    4. 1.3 VMware vSphere Virtualization
    5. 1.4 Understanding Network Virtualization
  3. Lesson 2: Networking Fundamentals
    1. Learning objectives
    2. 2.1 Ethernet Switching Fundamentals
    3. 2.2 Data Center Network Topologies—Traditional
    4. 2.3 Data Center Network Topologies—Emerging
  4. Lesson 3: NSX Lab
    1. Learning objectives
    2. 3.1 Introducing the VMware Hands-on Labs (HOL)
    3. 3.2 Examining the Lab Physical Topology
    4. 3.3 Examining the Lab Logical Topology
    5. 3.4 Examining the Lab Application Topologies
    6. 3.5 VMware HOL NSX Tips and Tricks
  5. Lesson 4: NSX Manager and NSX Control Cluster
    1. Learning objectives
    2. 4.1 Introducing the Management, Control, and Data Plane
    3. 4.2 Adding Network Virtualization Components to Create a True SDDC
    4. 4.3 Exploring NSX 6.2 Basic Design
    5. 4.4 Examining NSX Components and Access Methods
    6. 4.5 Understanding and Deploying NSX 6.2 Manager
    7. 4.6 Installing NSX 6.2 Manager
    8. 4.7 Understanding NSX 6.2 Controller
    9. 4.8 Deploying NSX 6.2 Controller
  6. Lesson 5: Logical Switch Networks
    1. Learning objectives
    2. 5.1 Logical Switch Networks: Overview and Goals
    3. 5.2 Logical Switch Networks: Evolution
    4. 5.3 Understanding Encapsulation Fundamentals
    5. 5.4 Introducing VXLAN Tunnel Endpoints (VTEP), Segment IDs (SID), and the Transport Zone (TZ)
    6. 5.5 Understanding the Logical Switch and Packet Walk
    7. 5.6 Introducing Broadcast, Unknown Unicast, and Multicast (BUM)
    8. 5.7 Examining a BUM Packet Walk
    9. 5.8 Configuring a Logical Switch
    10. 5.9 Design Solutions Using Hardware VTEPs and OVSDB
    11. 5.10 Connecting the Physical Domain with the Virtual Domain (VLAN to VXLAN)
  7. Lesson 6: Distributed Logical Routing
    1. Learning objectives
    2. 6.1 Centralized vs. Distributed Routing
    3. 6.2 Distributed Logical Router Architecture
    4. 6.3 Deploying Distributed Logical Router
    5. 6.4 Routing Protocols
  8. Lesson 7: Edge Routing and High Availability
    1. Learning objectives
    2. 7.1 NSX Edge Services Gateway Routing Features
    3. 7.2 Static Routing on NSX Edge
    4. 7.3 Dynamic Routing on NSX Edge: Overview
    5. 7.4 Dynamic Routing on NSX Edge: OSPF Support
    6. 7.5 Dynamic Routing on NSX Edge: BGP Support
    7. 7.6 NSX High Availability Mode
    8. 7.7 Scale and Placement of NSX Edge Appliances
  9. Lesson 8: Virtual Private Networks
    1. Learning objectives
    2. 8.1 Securing Communication Paths with VPNs
    3. 8.2 Enabling Remote Users to Connect Securely (SSL VPN-Plus)
    4. 8.3 Introducing SSL VPN Gateway (Web and Network Access Mode)
    5. 8.4 Configuring SSL VPN-Plus
    6. 8.5 Understanding Site-to-Site Connectivity
    7. 8.6 Comparing Industry VPN Approaches
    8. 8.7 Layer 2 (SSL) VPN Use Case and Design
    9. 8.8 Configuring Layer 2 (SSL) VPN
    10. 8.9 Understanding the Unmanaged Edge
  10. Lesson 9: NSX Edge Load Balancer
    1. Learning objectives
    2. 9.1 Introducing the NSX Edge Load Balancer
    3. 9.2 Comparing Inline to One Arm Deployment
    4. 9.3 Protecting Your Application—Application Profiles and Virtual Servers
    5. 9.4 Protecting Your Application—Service Monitoring and Pools: Overview
    6. 9.5 Protecting Your Application—Service Monitoring and Pools: Demo
    7. 9.6 Protecting Your Application—Application Rules
    8. 9.7 Application Profiles—SSL Load Balancing
    9. 9.8 NSX Load Balancer Availability
  11. Lesson 10: Distributed Firewalls
    1. Learning objectives
    2. 10.1 Introducing Distributed Firewalls
    3. 10.2 Understanding Micro-segmentation, Zero-Trust, and the Goldilocks Zone
    4. 10.3 Designing DC Security Using Firewalls
    5. 10.4 Understanding the Technical Details of DFW Implementation
    6. 10.5 Creating Rules (MAC, IP, and Objects)
    7. 10.6 Scale and Performance Considerations
    8. 10.7 Configuring the DFW: Concepts and Mechanics
    9. 10.8 Configuring the DFW: Demo
    10. 10.9 Verifying the DFW
    11. 10.10 DFW Considerations and Additional Functionality
  12. Lesson 11: Automating the Security Architecture
    1. Learning objectives
    2. 11.1 Understanding Security Groups
    3. 11.2 Understanding Security Policies
    4. 11.3 Understanding Security Tags
    5. 11.4 Putting It All Together with Service Composer: Concepts and Overview
    6. 11.5 Putting It All Together with Service Composer: Demo
    7. 11.6 Integrating Third-Party Solutions
    8. 11.7 Using Third-Party Solutions with Service Composer
  13. Lesson 12: Additional Edge Services
    1. Learning objectives
    2. 12.1 Introducing Use Cases for Bridging, Address Translation, and IP Management
    3. 12.2 Connecting the Physical to the Virtual (P2V) Domain (Layer 2 Bridging)
    4. 12.3 Understanding the Details of P2V Bridging
    5. 12.4 Understanding NSX Dynamic Host Configuration Protocol (DHCP)
    6. 12.5 Understanding NSX Edge Network Address Translation (NAT)
    7. 12.6 Introducing NSX Data Security
  14. Lesson 13: Multi-vCenter NSX
    1. Learning objectives
    2. 13.1 Introducing the Multi-vCenter Architecture
    3. 13.2 Introducing the Multi-vCenter Components
    4. 13.3 Understanding Local and Universal Firewall Rules
    5. 13.4 Understanding Local and Universal Switching
    6. 13.5 Understanding Local and Universal Distributed Routing
    7. 13.6 Configuring Universal Distributed Logical Routing
    8. 13.7 Multi-vCenter Design Considerations
    9. 13.8 Migrating to a Multi-vCenter NSX Deployment
  15. Lesson 14: Operations
    1. Learning objectives
    2. 14.1 Implementing NSX RBAC
    3. 14.2 Configuring NSX RBAC
    4. 14.3 Analyzing NSX Flow Monitoring Data
    5. 14.4 Creating or Modifying Firewall Rules from NSX Flow Monitoring Data
    6. 14.5 Configuring and Analyzing NSX Activity Monitoring
    7. 14.6 Configuring and Analyzing Logging Data
    8. 14.7 Troubleshooting with NSX Traceflow
  16. Summary
    1. VMware NSX Fundamentals: Summary

Product information

  • Title: VMware NSX Fundamentals
  • Author(s): Anthony Burke / Ron Fuller / Andreas la Quiante
  • Release date: February 2016
  • Publisher(s): VMware Press
  • ISBN: 0134467205