VMware NSX: Install, Configure, Manage plus Troubleshooting and Operations [V6.4] - On-Demand Course

The VMware NSX: Install, Configure, Manage plus Troubleshooting and Operations [V6.4] course is a 5-day course that is designed to help students focus on configuring and troubleshooting a VMware NSX deployment. The course presents NSX as a part of the software-defined data center. Students will learn how to use logical switching in NSX to virtualize their switching environment and how to use gateway services, firewall configurations, and security services to help secure and optimize their NSX environment. Additionally, students will be presented with various types of technical problems that they will learn how to identify and solve through a systematic process. Students will also be introduced to several operational, management, and troubleshooting tools.

A software-defined data center environment with hands-on labs is provided to reinforce the skills and concepts presented in the course.

• Describing the evolution of the software-defined data center
• Configuring and deploying NSX components for management and control
• Describing basic NSX layer 2 networking
• Configuring, deploying, and using logical switch networks
• Configuring and deploying NSX distributed router appliances to establish east-west connectivity
• Configuring and using all main features of the VMware NSX Edge services gateway
• Configuring NSX Edge firewall rules to restrict network traffic
• Configuring NSX distributed firewall rules to restrict network traffic
• Configuring Service Composer policies
• Configuring an identity-aware firewall
• Describing NSX data security
• Using the cross-vCenter NSX feature
• Establishing and applying a structured approach and methodology for troubleshooting
• Identifying, analyzing, and troubleshooting problems related to NSX logical switching, logical routing, and NSX Edge services
• Identifying, analyzing, and troubleshooting network security problems related to the NSX distributed firewall and the NSX Edge firewall

Experienced system or network administrators

• Have completed the VMware Data Center Virtualization Fundamentals course,?or
• Possesses a VCA-DCV certification,?or
• Have the following skills and knowledge:?
  • An understanding of enterprise switching and routing
  • Knowledge of TCP/IP services
  • Experience with firewalls and firewall rule sets

1. Course Introduction

• Introductions and course logistics
• Course objectives
• Identify additional resources

2. Introduction to vSphere Networking

• Describe vSphere networking components
• Describe vSphere standard switches
• Describe vSphere distributed switches

3. Introduction to NSX

• Describe the benefits of NSX
• Identify NSX key use cases

4. NSX Architecture

• Describe the NSX architecture
• Describe the cloud management, management, control, and data planes of NSX
• Identify the component interactions
• Describe the NSX Controller cluster and its functions
• Explain the NSX Controller workload distribution

5. NSX Infrastructure Preparation

• Explain the steps required for an NSX installation
• Describe what is involved in planning an NSX deployment
• Describe the NSX Controller cluster and deployment
• Describe NSX Controller cluster high availability and load distribution
• Explain how to deploy and configure the NSX Controller cluster
• Explain the workflow involved in host preparation

6. NSX Logical Switch Networks

• Explain transport zones, VXLANs, and VXLAN tunnel endpoints (VTEPs)
• Describe the procedure of preparing the infrastructure for virtual networking
• Describe the configuration of vSphere distributed switches for VXLAN
• Identify the components involved in NSX logical switching
• Define VLANs for VXLAN

7. NSX Logical Routing

• Explain the east-west and north-south routing concepts
• Define the NSX distributed logical router
• Explain the logical router, interfaces, and interface addresses
• Describe the management plane and control plane interaction
• Describe logical router deployment models and two-tier routing for east-west traffic
• Explain the common topologies of an NSX Edge services gateway

8. Advanced NSX Logical Routing 

• Describe how routers connect remote networks
• Explain route redistribution methods
• Describe less-than-or-equal (LE) and greater than-or-equal (GE) configurations
• Describe routing event notification enhancements
• Configure equal-cost multipath (ECMP) routing
• Describe high availability for NSX Edge service gateways

9. NSX L2 Bridging

• Explain L2 bridging use cases
• Describe software and hardware L2 bridging between VXLAN and VLANs
• Discuss L2 bridging packet flows

10. NSX Edge Services 

• Describe the NSX Edge services
• Explain how network address translation (NAT) works
• Describe source NAT and destination NAT
• Explain NAT64
• Explain the function of load balancing
• Explain the one-armed and inline load-balancing architectures
• Explain the DHCP and DNS services of NSX Edge

11. NSX Edge VPN Services

• Describe the NSX Edge VPN services
• Describe the VPN use cases
• Configure an L2 VPN on an NSX Edge device
• Configure an NSX Edge device for IPsec VPN services
• Explain NSX Edge SSL VPN-Plus services
• Configure NSX Edge SSL VPN-Plus server settings

12. NSX Security Services

• Describe the policy enforcement of the distributed firewall
• Describe virtualization context-awareness
• Explain custom network and security containers
• Describe the architecture of an NSX Edge firewall
• Explain DHCP snooping
• Explain ARP snooping

13. NSX Advanced Security Services

• Describe NSX SpoofGuard
• Identify how tags enable dynamic security service chains
• Explain Service Composer groups, policies, tags
• Describe the Identity Firewall architecture
• Explain Application Rule Manager
• Explain how to create a monitoring session

14. NSX Introspection Services

• Describe the types of introspection services
• Describe the installation and configuration of Guest Introspection and Network Introspection
• Summarize Guest Introspection and Network Introspection alarms, events, and audit messages

15. Cross-vCenter NSX

• Describe cross-vCenter NSX features and use cases
• Identify NSX Manager roles and NSX Controller cluster placement
• Deploy universal logical networks
• Explain the design considerations for crossvCenter NSX

16. Troubleshooting Methodology

• Develop a structured troubleshooting approach
• Differentiate between symptoms and root causes
• Identify and isolate problems residing in various areas
• Apply an appropriate methodology and procedure to troubleshooting

17. NSX Troubleshooting and Operational Tools 

• Discuss NSX operational requirements
• Use the native NSX tools (such as the central CLI, the NSX dashboard, and Application Rule Manager) to solve various types of problems
• Use vRealize Network Insight to identify and analyze problems
• Use vRealize Log Insight Content Pack for NSX in troubleshooting and operations

18. Troubleshooting and Operating NSX Infrastructure

• Explain the NSX infrastructure and component communications
• Troubleshoot NSX Manager and the management plane
• Troubleshoot NSX Controller and the control plane
• Troubleshoot problems in host preparation

19. Troubleshooting and Operating NSX Logical Switches

• Explain VXLAN and logical switching components
• Verify the VXLAN and logical switch configuration and status
• Identify and troubleshoot common L2 configuration errors
• Use the GUI, the CLI, packet capture, traceflow, and other tools to troubleshoot logical switching problems

20. Troubleshooting and Operating NSX Logical Routers 

• Describe the NSX logical routing architecture
• Explain routing components, functions, and communications
• Verify logical router configuration settings
• Use packet capture on routers and perform packet walk
• Use the GUI, the CLI, traceflow, and other tools to troubleshoot various logical routing problems

21. Troubleshooting and Operating NSX Edge Services

• Verify edge services (such as DHCP and DNS) configuration settings and operational status
• Troubleshoot various types of VPN services (SSL VPN-Plus, L2 VPN, and IPsec VPN)
• Verify the configuration and status of logical load balancers
• Troubleshoot common load-balancing and high availability scenarios

22. Troubleshooting and Operating NSX Security Services

• Discuss the NSX distributed firewall architecture, components, communication channels, and features
• Use the CLI and other tools to troubleshoot the configuration and operations of the NSX distributed firewall and the NSX Edge firewall
• Explain and troubleshoot the Service Composer components and architecture
• Troubleshoot common problems related to Identity Firewall
• Verify Guest Introspection deployment configuration and functions, and troubleshoot common problems

Please check the course description to find prerequisite information.