VMware NSX: Install, Configure, Manage [V6.4] - On-Demand Course

The VMware NSX: Install, Configure, Manage [V6.4] course is a 5-day course that is designed to teach students how to use logical switching in VMware NSX to virtualize your switching environment. The course also covers logical routing to enable students to dynamically route between different virtual environments. Students will also learn how to use gateway services, firewall configurations, and security services to help secure and optimize your VMware NSX environment.?

Access to a software-defined data center environment is provided through hands-on labs to reinforce the skills and concepts presented in the course.

• Configuring and deploying VMware NSX components for management and control
• Describing basic VMware NSX layer 2 networking
• Configuring, deploying, and using logical switch networks
• Configuring and deploying VMware NSX distributed router appliances to establish east-west connectivity
• Configuring and deploying VMware NSX Edge services gateway appliances to establish north-south connectivity
• Configuring VMware NSX L2 bridging
• Configuring and using all main features of the NSX Edge services gateway
• Configuring NSX Edge firewall rules to restrict network traffic
• Configuing VMware NSX distributed firewall rules to restrict network traffic
• Configuring Service Composer policies
• Configuring an identity-aware firewall
• Describing VMware NSX data security
• Using the cross-vCenter VMware NSX feature

Experienced system or network administrators.

• Understanding of enterprise switching and routing
• Knowledge of TCP/IP services
• Experience with firewalls and firewall rule sets
• Have completed the VMware Data Center Virtualization Fundamentals course

Course Introduction

• Introductions and course logistics
• Review course objectives

Introduction to vSphere Networking

• Describe VMware vSphere® networking components
• Describe vSphere standard switches
• Describe vSphere distributed switches
• Explain the function VMkernel ports provide
• Explain the services provided by VMkernel ports

Introduction to NSX

• Explain what is missing in data centers today
• Describe how network virtualization can help data centers
• Explain how the new complete SDDC model improves data center operations
• Describe the benefits of NSX
• Identify NSX key use cases

NSX Architecture

• Describe the NSX architecture
• Identify the planes of NSX operations
• Summarize the planes of NSX operations
• Identify the components of each plane
• Summarize the deployment of NSX Manager
• Describe the deployment of the control plane
• Identify and describe user world agents
• List the data plane components

NSX Infrastructure Preparation

• Describe the NSX installation overview
• Identify what is involved in planning an NSX deployment
• Verify the NSX Manager and vCenter Server registration
• Describe the deployment and verification of the NSX Controller cluster

NSX Logical Switch Networks

• Describe the switching challenges in current data centers
• Explain TZ, VTEP, and VXLAN
• Describe the procedure of preparing the infrastructure for virtual networking
• Summarize logical switching segment ID pools and address ranges
• Discuss the NSX replication modes
• *Configure VXLAN transport parameters
• Explain the VXLAN Network Identifier (VNI)
• Define VLANs for VXLAN
• Explain the special CDO logical switch and transport parameters
• Explain logical switch packet walks

NSX Logical Routing

• Describe the routing challenges in current data centers
• Explain Hairpinning
• Describe the East-West and North-South routing concepts
• Define the NSX Distributed Logical Router
• Define the NSX Edge services gateway
• Explain the work flows of a DLR
• Explain the logical router, interfaces, and interface addresses
• Describe the logical router traffic flow on the same hosts and Between different hosts
• Describe logical router deployment models
• Explain the packet flows of an NSX Edge services gateway
• Explain the common topologies of an NSX Edge services gateway

Advanced NSX Logical Routing

• Explain static and dynamic routing
• Describe DLR and NSX Edge static and dynamic routing configuration
• Explain OSPF and BGP routing protocols
• Explain ingress and egress traffic flows
• Describe and configure Equal-Cost Multipathing
• Describe high availability for DLR and NSX Edge service gateways

NSX L2 Bridging

• Explain L2 bridging use cases
• Describe software and hardware L2 bridging between VXLAN and VLANs
• Discuss L2 bridging packet flows

NSX Edge Services

• Describe the NSX Edge Services
• Explain how Network Address Translation (NAT) works
• Describe source and destination NAT
• Explain NAT64

NSX Edge VPN Services

• Describe the NSX Edge VPN Services
• Describe the VPN use cases
• Explain NSX IPsec VPN services
• Describe the IPsec security protocols: Encapsulating Security Payload
• Configure an NSX Edge for IPsec VPN services
• Explain NSX Edge L2 VPN services
• Configure a L2 VPN on an NSX Edge
• Explain NSX Edge SSL VPN-Plus services
• Explain the SSL VPN-Plus client and installation package
• Configure NSX Edge SSL VPN-Plus server settings

NSX Security Services

• Describe SDDC security challenges
• Explain the evolution of firewalls
• Describe the NSX logical firewalls
• Describe the Distributed Firewall architecture
• Explain how to work with firewall rule sections
• Differentiate L2 and L3 firewall rules
• Describe exclusion lists
• Explain L7 filtering in the DFW
• Define an IP address, MAC address, a security, and service group
• Describe the VMware Tools IP address discovery method
• Explain DHCP and ARP snooping

NSX Advanced Security Services

• Describe NSX SpoofGuard
• Explain how to enable NSX SpoofGuard
• Describe the NSX Identity Firewall
• Explain how Identity Firewall works with AD
• Discuss RDSH and its use in Identity Firewall
• Explain Application Rule Manager
• Describe the selection of virtual machines for Application Rule Manager
• Explain how to create a monitoring session
• Describe the publication of firewall rules from Application Rule Manager

NSX Introspection Services

• Describe the types of introspection services
• Describe the installation and configuration of Guest and Network Introspection
• Explain service chaining
• Define the available advanced services
• Describe Guest Introspection services
• Describe Network Introspection services
• Describe how to view the status of Guest and Network Introspection
• Summarize Guest and Network Introspection alarms, events, and audit messages

Cross-vCenter NSX

• Describe cross-vCenter features and use cases
• Describe the components involved in cross-vCenter NSX
• Identify NSX Manager roles and NSX Controller cluster placement
• Deploy universal logical networks
• Describe the deployment models available for cross-vCenter NSX
• Explain the design considerations for cross-vCenter NSX

• Understanding of enterprise switching and routing
• Knowledge of TCP/IP services
• Experience with firewalls and firewall rule sets
• Have completed the VMware Data Center Virtualization Fundamentals course