Objective 1.1 – Describe the Benefits of a VMware NSX Implementation

Posted by

3

Benefits:

  • Increased efficiency and agility through automation
  • Independent of hardware
  • Easy 3rd party integration through APIs
  • Non-disruptive deployment (using L2 bridging)

Knowledge

  • Identify challenges within a physical network interface
    • complex and vendor specific
    • provision is slow
    • workload placement and mobility limited by physical topology
    • inflexible dedicated hardware creates artificial barriers
    • efficiency is reduced by fragmentation
    • VLAN/Firewall rule sprawl
  • Explain common VMware NSX terms
    • NSX Edge – Services Router, load balancing, N-S routing
    • NSX vSwitch – An extended Distributed vSwitch, with VXLAN, Distributed Logical Router and Distributed Firewall hypervisor extension modules.
    • Consumption layer – Where the workload resides
    • Management Plane – NSX Manager
    • Control Plane – NSX Controller
    • Data Plane – Services layer, logical switch (open vswitch or NSX switch), distributed logical router, distributed firewall
    • MTU – Maximum Transmission Unit (limit on packet size)
    • VTEP – VXLAN Tunnel End Point(s). Used to transport the encapsulated traffic between hosts/edges.
    • Overlay network – flexible logical L2 overlay over existing IP networks on existing physical infrastructure without the need to re-architect any of the data center networks. Provides E-W and N-S communication while maintaining isolation between tenants.
    • Describe and differentiate functions and services performed by VMware NSX
      • Logical Firewall – The Distributed Firewall component of Logical Firewall allows you to segment virtual datacenter entities like virtual machines based on VM names and attributes, user identity, vCenter objects like datacenters, and hosts as well as traditional networking attributes like IP addresses, VLANs, etc. The Edge Firewall component helps you achieve key perimeter security needs such as building DMZs based on IP/VLAN constructs, tenant to tenant isolation in multi-tenant virtual data centers, Network Address Translation (NAT), partner (extranet) VPNs, and User based SSL VPNs. The Flow Monitoring feature displays network activity between virtual machines at the application protocol level. You can use this information to audit network traffic, define and refine firewall policies, and identify threats to your network.
      • Logical Load Balancer – The NSX Edge load balancer enables network traffic to follow multiple paths to a specific destination. It distributes incoming service requests evenly among multiple servers in such a way that the load distribution is transparent to users. Load balancing thus helps in achieving optimal resource utilization, maximizing throughput, minimizing response time, and avoiding overload. NSX Edge provides load balancing up to Layer 7.
      • Logical VPN – SSL VPN-Plus allows remote users to access private corporate applications. IPSec VPN offers site-to-site connectivity between an NSX Edge instance and remote sites. L2 VPN allows you to extend your datacenter by allowing virtual machines to retain network connectivity across geographical boundaries.
      • Logical L2 Switch – creates logical broadcast domains or segments to which an application or tenant virtual machine can be logically wired. This allows for flexibility and speed of deployment while still providing all the characteristics of a physical network’s broadcast domains (VLANs) without physical Layer 2 sprawl or spanning tree issues.
      • Logical L3 Router – NSX extends dynamic routing intelligence, to where the workloads reside, for doing East-West routing. This allows more direct virtual machine to virtual machine communication without the costly or timely need to extend hops. At the same time, NSX also provides North-South connectivity, thereby enabling tenants to access public networks.
      • Service Composer – helps you provision and assign network and security services to applications in a virtual infrastructure. You map these services to a security group, and the services are applied to the virtual machines in the security group. Data Security provides visibility into sensitive data stored within your organization’s virtualized and cloud environments. Based on the violations reported by NSX Data Security, you can ensure that sensitive data is adequately protected and assess compliance with regulations around the world.
    • Describe common use cases for VMware NSX
      • DataCenter Automation
      • Automate network provisioning via API
      • Streamline DMZ changes
      • Self Service Enterprise IT
      • Rapid application deployment with automated network and service provisioning for private clouds and test/dev environments
      • Isolated dev, test and prod environments on same physical infrastructure
      • Multi-tenant clouds
      • Automate network provisioning for tenants with customisation and complete isolation
      • Maximise hardware sharing across tenants
      • DataCenter Simplification
      • Network isolation
      • Freedom of VLAN/Firewall rule sprawl

Tools

      • VMware NSX Datasheet
      • VMware NSX Network Virtualization Platform white paper
      • VMware NSX Network Virtualization Design Guide

3 thoughts on “Objective 1.1 – Describe the Benefits of a VMware NSX Implementation

  1. Pingback: VMware VCP-NV NSX Study Resources | darrylcauldwell.com

  2. Hi Rich. Thank you for your effort. I have couple of questions, so if you happen to see this comment, and find some time to answer it, it’d be greatly appreciated.
    1. Do you think your Study Guide, topped with official Vmware study material – exam blueprint etc would be sufficient to prepare for VCP6-NV?
    2. Is passing it doable without a full lab (only Vmware HOL)? I have only 16 GB of ram. But in a lot of blogs people say it’s not enough and I can’t afford a memory upgrade now.
    3. I know all people are different, but can you give a rough estimated time for a CCNA certified person (who already went through CBT Nuggets for DCV and labbed VCP6-DCV in a home lab environment) to prepare for this course, with around 14 hours of study per week? This question requires a bit of math :).
    Anyway, thanks for you effort a lot. If you don’t find time to answer this, I completely understand.

    Best regards

    Reply

    • Hi Filip, I’m glad it has been helpful to you.
      1. I think so, although it would be advisable to work through the HOL’s that are available for NSX
      2. Yes, absolutely, I did my prep for it without any real experience of NSX, and while I did get to run through the online training, I don’t feel it added anything above what I’d already learned through self study
      3. I’ve no idea, sorry, I’m not CCNA and I don’t know what it entails. I didn’t really keep track of my time, and it will have been affected by the time taken to write up each section.

      Reply

Leave a comment