Month: November 2017

Objective 7.3: – Configure and Manage Service Composer

Service Composer provides holistic approach to security that associates dynamic groups with policies to achieve desired security outcomes Security groups may be defined static or dynamic Membership defined with vcenter containers (clusters, port groups) security tags tags: AntiVirus.virusFound Directory Groups Expressions such as VM name “-test” Design Guide p79 Canvas Rectangle means security group and …

Objective 7.3: – Configure and Manage Service Composer Read More »

Objective 7.1: Configure and Administer Logical Firewall Services

Edge Firewall provides N/S and E/W NSX Admin Guide p131 Supported Objects for rules cluster datacenter distributed port group IP set legacy port group logical switch resource pool security group vApp virtual machine vNIC IP address (IPv4 or IPv6) rules can be managed centrally on Firewall tab Rule Order User defined pre rules have highest …

Objective 7.1: Configure and Administer Logical Firewall Services Read More »

Objective 6.4: Configure and Manage Edge Services High Availability

Edge Services HA Admin Guide p77 See p86 as well for HA specific Think about HA with vSphere HA Combination with DRS Statefulness firewall sessions LB and VPN connection Impact Edge > Manage > Settings > HA Configuration Edge > Manage > Settings > HA Configuration > Change Minimum of 1 edge interface required before HA …

Objective 6.4: Configure and Manage Edge Services High Availability Read More »

Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN)

  IPSec Tunnels Admin Guide p196 1 Log in to the vSphere Web Client. 2 Click Networking & Security and then click NSX Edges. 3 Double-click an NSX Edge. 4 Click the Manage tab and then click the VPN tab. 5 Click IPSec VPN. 6 Click Enable.   L2 VPN NSX edge can provide L2 …

Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN) Read More »

Objective 6.1: Configure and Manage Logical Load Balancing

Load Balancing Usually considered a tech luxury due to need for expensive hardware appliances, F5s etc NSX Edge load balancer enables network traffic to follow multiple paths to destination optimal resoruce use maximize availabel throughput NSX Edge provides LB up to L7 NSX Design Guide Ch4.5 – Logical Load Balancing Understand SNAT and DNAT Which …

Objective 6.1: Configure and Manage Logical Load Balancing Read More »

Objective 5.4: Configure and Manage Logical Routers

NSX Edge logical router does routing and bridging functions only VMs on dissimilar subnets can communicate with one another without having to go across a traditional route interface like NSX Edge services gw If you dont name the Edge Appliance, the Edge ID is displayed in CLI must specify mgmt interface for router interface for …

Objective 5.4: Configure and Manage Logical Routers Read More »