vSphere

In this blog post I will go through the steps that are needed in order to create an IP pool that will be used by our Virtual Tunnel Endpoints (VTEP). VTEPs are the source and destination IP addresses that are used in the external IP header in order to identify the hypervisor hosts that are originating and terminating the NSX-T encapsulation of overlay frames. An IP Pool isn’t necessary in order to assign an IP address to a VTEP. You may also do so using DHCP or manually assign a static IP address.

Create an IP Pool

From a browser, log in to the NSX Manager with admin privileges.

mig01 Read Full Article

In this blog post, I will go through the steps that it takes to create transport zones within NSX-T. Before we get started with the creation of the transports zone, let’s explain what transport zones are

Transport Zone Overview

Transport zones control which hosts and, essentially, which VMs can participate in a particular network by limiting what logical switches that a host can see. A transport zone can span multiple host clusters and a NSX-T environment can contain one or more transport zones but a logical switch can only belong to one transport zone. Since logical switches are limited to a transport zone, VMs in different transport zones cannot be on the same L2 network. NSX-T introduces the concept of the NSX Managed Virtual Distributed Switch (N-VDS, previously called the hostswitch). The N-VDS is what allows physical to virtual packet flow and it does this by binding logical router uplinks and downlinks to physical NICs. Each time you create a transport zone, you must provide a name for the N-VDS that will be associated with it as well as the traffic type that will take place.

Types of Transport Zones

There are two different types of Transport zones, Overlay and VLAN:

  • Overlay Transport Zones
    • Used by both the host transport nodes and NSX Edges
    • A N-VDS will be installed on the host or NSX Edge after it has been added to the overlay transport zone
  • VLAN Transport Zones
    • Used by the NSX Edge and host transport nodes for its VLAN uplinks
    • A N-VDS will be installed on the NSX Edge when it is added to the VLAN transport zone

Read Full Article

VMwareNSX

Configure Security Groups

Security Groups are a way to define objects that you want to group together to protect. They can be statically defined or defined dynamically. Security Groups can be defined using some of the following objects:

  • Clusters, port groups, resource pools
  • Security tags, IP Sets, MAC Sets, other security groups
  • Active Directory groups – If the NSX Manager is registered with Active Directory
  • VMs, vNICs, Logical Switch

Grouping objects together can make the application of firewall rules that much easier and cut down on the amount of rules that need to be generated in NSX

To create a security group, navigate to Networking & Security > Service Composer > Security Groups. Click the “New Security Group” icon.

sg01 Read Full Article

Oh my, how fast a year has flown by and my how much has changed! Last year, in February, I came to the realization that if I really wanted to increase my knowledge and advance my career, then I needed to invest in a homelab. So, I made an investment and purchased a SuperMicro 5028D-TN4T system bundle from WiredZone. It has been a year since I did my initial review of this system and since then I have made good use out of it and decided to come back with my thoughts. Read Full Article

Veeam_logo_2017_green-500

There are few things in IT that are worse than needing to recover some data and realizing that you don’t have a proper backup of it. Well, good thing for me, this only happened in my home lab and not at my day job. I suffered a power outage during some recent bad weather and one of my management VMs, the VM that had everything that I use to manage my home lab, decided it wasn’t going to come back up. Oh how I wish I had a backup of that VM so that I didn’t have to spend hours getting it back to where it was before the crash. So, I decided I needed to get something in place so that this wouldn’t happen again. Veeam…to the rescue! I’ve used Veeam before at my previous job as our primary backup tool but it never hit me to try it in my lab because I also remember the cost! And for a small home lab it just wasn’t feasible. But then I realized that Veeam gives a NFR license to vExperts…..say no more! In this blog I will go through the install for Veeam Backup & Replication 9.5. Read Full Article

VMwareNSX

Recently, VMware released its latest version of NSX, 6.3.3. With it came a number of bug fixes and some new features. One of the main new features to come along has to do with the NSX controllers. Starting with 6.3.3, the OS for the NSX controllers will be powered by Photon OS. Because a new OS is used, that means that your current NSX controllers will not be upgraded, but rather they will be deleted and recreated as part of the install process. There are also some other new features, that I will not dive too deep into, but just list:

Guest Introspection supports Windows Server 2016

New NSX API to retrieve a list of all unresolved alarms on NSX Manager

Crypto Module Changes Affecting FIPS Compliance

  • NSS and OpenSwan: The NSX Edge IPsec VPN uses the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • NSS and Password Entry: The NSX Edge password hashing use the Mozilla NSS crypto module. Due to critical security issues, NSX 6.3.3 moved to a newer version of NSS that has not been FIPS certified. VMware affirms that the module works correctly, but it is no longer formally validated.
  • Controller and Clustering VPN: The NSX Controller uses IPsec VPN to connect Controller clusters. The IPsec VPN uses the VMware Linux kernel crypto module (Photon 1 environment), which is in the process of being CMVP validated.

 

Upgrade Process

In this blog post, I will take your through the steps to upgrade your current NSX environment to 6.3.3

First check compatibility with your current NSX environment. That can easily be done here.

The NSX components have to be upgraded in a certain order:

  1. NSX Manager
  2. NSX Controller Cluster
  3. VIBs on the host clusters
  4. NSX edges
  5. Guest Introspection (If enabled)

To begin our upgrade process, navigate to your NSX Manager and log in as the admin.

nsx01

Read Full Article