Objective 1.3 – Differentiate VMware Network and Security Technologies

Knowledge

  • Identify upgrade requirements for ESXi hosts
    • vCenter 5.5 or later
    • ESXi 5.0 or later (unicast mode only available with ESXi 5.5)
    • vHW 7+ and VMware tools 8.6+ reqd for vshield endpoint and data security.
    • Specific upgrade procedure for vCNS
    • vShield App needs to be on 5.5+
  • Identify steps required to upgrade a vSphere implementation
    • Upgrade to NSX Manager (can load vib into vCNS upgrade page)
    • Upgrade Logical Switches
    • Upgrade to NSX Firewall
    • Upgrade NSX Edge
    • Upgrade vShield Endpoint
    • “Upgrade” NSX Data Security (actually an uninstall before NSX Manager upgrade/reinstall)
    • Upgrade Partner Solutions
  • Describe core vSphere networking technologies
    • Already covered by VCP-DCV study guides – Networking for VMware Administrators book
    • Ensure you know about Port mirroring and Netflow
  • Describe vCloud Networking and Security technologies
    • Firewall – Stateful inspection firewall that can be applied either at the perimeter of the virtual data center or at the virtual network interface card (vNIC) level directly in front of specific workloads. The firewall-rule table is designed for ease of use and automation with VMware vCenter™ objects for simple, reliable policy creation. Stateful failover enables high availability for business-critical applications.
    • VPN – Industry-standard IPsec and SSL VPN capabilities that securely extend the virtual data center. Site-to-site VPN support links virtual data centers and enables hybrid cloud computing at low cost. The SSL VPN capability delivers remote administration into the virtual data center through a bastion host, the method favoured by auditors and compliance regulators.
    • Load balancer – A virtual-appliance–based load balancer to scale application delivery without the need for dedicated hardware. Placed at the edge of the virtual data center, the load balancer supports Web-, SSL- and TCP-based scale-out for high-volume applications.
    • VXLAN – Technology that, along with VMware vSphere Distributed Switch, creates Layer 2 logical networks across non-contiguous clusters or pods without the need for VLANs (multicast required). This enables you to scale your applications across clusters and pods and improve compute utilization.
    • Instrumentation – Granular network traffic telemetry that enables rapid troubleshooting and incident response. Traffic counters for sessions, packets and bytes provide visibility into the virtual network and streamline firewall-rule creation.
    • Management – Integrates with vCenter Server and vCloud Director to provide separation of duties with role- based access control (RBAC) while providing a central point of configuration and control for network and security services.
    • vCloud Ecosystem Framework – Integrates partner services at either the vNIC or the virtual edge using REST APIs.
  • Describe and differentiate VMware NSX for vSphere and VMware NSX for third-party hypervisors
    • vSphere NSX
      • dvSwitch
      • VXLAN encapsulation
      • NSX Edge
      • East-West firewalling in-kernel distributed firewall
      • Load balancing, VPN capabilities
    • Multi-hypervisor NSX (NSX-MH)
      • Open vSwitch
      • GRE, STT, VXLAN encapsulation
      • Physical NSX gateway appliances
      • East-West firewalling by ACL and security groups
      • Open vSwitch provides routing capabilities

Tools

  • vSphere Installation and Setup Guide
  • vSphere Upgrade Guide
  • vSphere Networking Guide
  • VMware vCloud Networking and Security Overview white paper
  • NSX Administration Guide
  • NSX User’s Guide
Advertisements

One thought on “Objective 1.3 – Differentiate VMware Network and Security Technologies

  1. Pingback: VMware VCP-NV NSX Study Resources | darrylcauldwell.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s