VMware NSX: Install Configure Manage [V6.4]

Course Introduction

• Introductions and course logistics
• Review course objectives

Introduction to vSphere Networking

• Describe VMware vSphere® networking components
• Describe vSphere standard switches
• Describe vSphere distributed switches
• Explain the function VMkernel ports provide
• Explain the services provided by VMkernel ports

Introduction to NSX

• Explain what is missing in data centers today
• Describe how network virtualization can help data centers
• Explain how the new complete SDDC model improves data center operations
• Describe the benefits of NSX
• Identify NSX key use cases

NSX Architecture

• Describe the NSX architecture
• Identify the planes of NSX operations
• Summarize the planes of NSX operations
• Identify the components of each plane
• Summarize the deployment of NSX Manager
• Describe the deployment of the control plane
• Identify and describe user world agents
• List the data plane components

NSX Infrastructure Preparation

• Describe the NSX installation overview
• Identify what is involved in planning an NSX deployment
• Verify the NSX Manager and vCenter Server registration
• Describe the deployment and verification of the NSX Controller cluster

NSX Logical Switch Networks

• Describe the switching challenges in current data centers
• Explain TZ, VTEP, and VXLAN
• Describe the procedure of preparing the infrastructure for virtual networking
• Summarize logical switching segment ID pools and address ranges
• Discuss the NSX replication modes
• Configure VXLAN transport parameters
• Explain the VXLAN Network Identifier (VNI)
• Define VLANs for VXLAN
• Explain the special CDO logical switch and transport parameters
• Explain logical switch packet walks

NSX Logical Routing

• Describe the routing challenges in current data centers
• Explain Hairpinning
• Describe the East-West and North-South routing concepts
• Define the NSX Distributed Logical Router
• Define the NSX Edge services gateway
• Explain the work flows of a DLR
• Explain the logical router, interfaces, and interface addresses
• Describe the logical router traffic flow on the same hosts and Between different hosts
• Describe logical router deployment models
• Explain the packet flows of an NSX Edge services gateway
• Explain the common topologies of an NSX Edge services gateway

Advanced NSX Logical Routing

• Explain static and dynamic routing
• Describe DLR and NSX Edge static and dynamic routing configuration
• Explain OSPF and BGP routing protocols
• Explain ingress and egress traffic flows
• Describe and configure Equal-Cost Multipathing
• Describe high availability for DLR and NSX Edge service gateways

NSX L2 Bridging

• Explain L2 bridging use cases
• Describe software and hardware L2 bridging between VXLAN and VLANs
• Discuss L2 bridging packet flows

NSX Edge Services

• Describe the NSX Edge Services
• Explain how Network Address Translation (NAT) works
• Describe source and destination NAT
• Explain NAT64

NSX Edge VPN Services

• Describe the NSX Edge VPN Services
• Describe the VPN use cases
• Explain NSX IPsec VPN services
• Describe the IPsec security protocols: Encapsulating Security Payload
• Configure an NSX Edge for IPsec VPN services
• Explain NSX Edge L2 VPN services
• Configure a L2 VPN on an NSX Edge
• Explain NSX Edge SSL VPN-Plus services
• Explain the SSL VP-Plus client and installation package
• Configure NSX Edge SSL VPN-Plus server settings

NSX Security Services

• Describe SDDC security challenges
• Explain the evolution of firewalls
• Describe the NSX logical firewalls
• Describe the Distributed Firewall architecture
• Explain how to work with firewall rule sections
• Differentiate L2 and L3 firewall rules
• Describe exclusion lists
• Explain L7 filtering in the DFW
• Define an IP address, MAC address, a security, and service group
• Describe the VMware Tools IP address discovery method
• Explain DHCP and ARP snooping

NSX Advanced Security Services

• Describe NSX SpoofGuard
• Explain how to enable NSX SpoofGuard
• Describe the NSX Identity Firewall
• Explain how Identity Firewall works with AD
• Discuss RDSH and its use in Identity Firewall
• Explain Application Rule Manager
• Describe the selection of virtual machines for Application Rule Manager
• Explain how to create a monitoring session
• Describe the publication of firewall rules from Application Rule Manager

NSX Introspection Services

• Describe the types of introspection services
• Describe the installation and configuration of Guest and Network Introspection
• Explain service chaining
• Define the available advanced services
• Describe Guest Introspection services
• Describe Network Introspection services
• Describe how to view the status of Guest and Network Introspection
• Summarize Guest and Network Introspection alarms, events, and audit messages

Cross-vCenter NSX

• Describe cross-vCenter features and use cases
• Describe the components involved in cross-vCenter NSX
• Identify NSX Manager roles and NSX Controller cluster placement
• Deploy universal logical networks
• Describe the deployment models available for cross-vCenter NSX
• Explain the design considerations for cross-vCenter NSX