NSX

VMwareNSX
In this blog post I will cover section 5 objective 5.2 of the VCAP6-NV Deploy exam.

Objective 5.2 – Monitor a VMware NSX Implementation

Skills and Abilities

• Configure logging for NSX components according to a deployment plan
• Monitor health of networking services
• Monitor health and status of infrastructure components:

  • vSphere
  • NSX Manager
  • Control Cluster

• Enable data collection for single/multiple virtual machines

 

Configure logging for NSX components according to a deployment plan

To configure logging for our ESXi host, navigate to the host and click Configure > Advanced System Settings. You can click Edit and search for syslog. Edit the settings for Syslog.global.logHost and enter in your syslog server’s FQDN or IP and port number.

log01 Read Full Article

VMwareNSX
In this blog post I will cover section 5 objective 5.1 of the VCAP6-NV Deploy exam.

Objective 5.1 – Backup and Restore Network Configurations

Skills and Abilities

  • Schedule/Backup/Restore NSX Manager data
  • Export/Restore vSphere Distributed Switch configuration
  • Export/Import Service Composer profiles
  • Save/Export/Import/Load Distributed Firewall configurations

 

Schedule/Backup/Restore NSX Manager data

Having backups of your NSX environment is highly recommended in case you ever need to restore your config back to a working state in the event of a failure. A NSX backup will contain all of the NSX configuration, including controllers, logical switches, logical routers, firewall rules and other things that were configured within NSX. It is also good to have the vCenter database and distributed switch configs backed up so that you have a complete recovery point.

To begin setting up the backup, log in to the NSX Manager.

backup01

Read Full Article

VMwareNSX
In this blog post I will cover section 4 objective 4.2 of the VCAP6-NV Deploy exam.

Objective 4.2 – Configure and Manage Service Composer

Skills and Abilities

  • Create/configure Service Composer according to a deployment plan:
    • Configure Security Groups
    • Configure Security Policies
    • Configure Activity Monitoring for a Security Policy
  • Create/edit/delete Security Tags
  • Configure Network Introspection
  • Configure Guest Introspection

Read Full Article

VMwareNSX

Configure Security Groups

Security Groups are a way to define objects that you want to group together to protect. They can be statically defined or defined dynamically. Security Groups can be defined using some of the following objects:

  • Clusters, port groups, resource pools
  • Security tags, IP Sets, MAC Sets, other security groups
  • Active Directory groups – If the NSX Manager is registered with Active Directory
  • VMs, vNICs, Logical Switch

Grouping objects together can make the application of firewall rules that much easier and cut down on the amount of rules that need to be generated in NSX

To create a security group, navigate to Networking & Security > Service Composer > Security Groups. Click the “New Security Group” icon.

sg01 Read Full Article

VMwareNSX

Identity based firewall allows you to make distributed firewall rules based off Active Directory users and groups. A few things need to be in place for this to work. You must have a cluster that is prepared for NSX. You must setup AD synchronization so that NSX can see the users and groups and you must have Guest Introspection and/or AD Event Log Scraper in place. Guest Introspection must be deployed on the clusters where IDFW VMs are running. When network events are created, a guest agent installed on the VM (VMware Tools full installation) forward the information through guest introspection on to the NSX manager. With Active Directory event log scraper, you must point the NSX manager to a AD domain controller. The NSX manager then pulls the events from the AD security event log and filter through the firewall rules accordingly. IDFW monitors where AD users log in, maps the login to a IP address, and that is used by the DFW to apply rules. Read Full Article

VMwareNSX
In this blog post I will cover section 4 objective 4.1 of the VCAP6-NV Deploy exam.

Objective 4.1 – Configure and Manage Logical Firewall Services

  • Configure Edge and Distributed Firewall rules according to a deployment plan:
    • Create/configure Firewall rule sections for specific departments
    • Create/configure Identity-based firewall (IDFW) for specific users/groups
  • Configure SpoofGuard policies to enhance security
  • Filter firewall rules to narrow a scope

Read Full Article

VMwareNSX
In this blog post I will cover section 3 objective 3.3 of the VCAP6-NV Deploy exam.

Objective 3.3 – Configure and Manage Additional VMware NSX Edge Services

  • Configure DHCP services according to a deployment plan:
    • Create/edit a DHCP IP Pool
    • Create/edit DHCP Static Binding
    • Configure DHCP relay
  • Configure DNS services
  • Configure NAT services to provide access to services running on privately addressed virtual machines

Read Full Article