Ontrak Network Virtualization (VMware) Advance-25Hrs

...

Pre-Requisites

  • - Network Virtualization (VMware)

+ Section 1: Understand VMware NSX Technology and Architecture + Objective 1.1: Compare and Contrast the Benefits of a VMware NSX Implementation Knowledge

  • Determine challenges with physical network implementations
  • Understand common VMware NSX terms
  • Differentiate NSX network and security functions and services
  • Differentiate common use cases for VMware NSX

+ Objective 1.2: Understand VMware NSX Architecture Knowledge

  • Differentiate component functionality of NSX stack infrastructure components
  • Compare and contrast with advantages/disadvantages of topologies (star, ring, etc.) as well as scaling limitations
  • Compare and contrast VMware NSX data center deployment models
  • Prepare a vSphere implementation for NSX

+ Objective 1.3: Differentiate Physical and Virtual Network Technologies Knowledge

  • Differentiate logical and physical topologies, components and services
  • Differentiate logical and physical security constructs
    • Endpoint Security
    • Data Security
    • Flow Monitoring
    • Activity Monitoring
    • Distributed Firewall
    • Perimeter Firewall

+ Objective 1.4: Understand VMware NSX Integration with Third-Party Products and Services Knowledge

  • Determine integration with third-party services
    • Network services
    • Security services
    • Load Balancing
    • Anti-malware
    • IDS/IPS
  • Determine integration with third-party hardware
    • Network Interface Cards (NICs)
    • Terminating overlay networks
    • HW VTEP
    • VXLAN offload
    • RSS
  • Install/register a third-party service with NSX

+ Section 2: Understand VMware NSX Physical Infrastructure Requirements +Objective 2.1: Compare and Contrast the Benefits of Running VMware NSX on Physical Network Fabrics Fabrics Knowledge

  • Differentiate physical network topologies
    • Differentiate physical network trends
    • Understand the purpose of a Spine node
    • Understand the purpose of a Leaf node
  • Differentiate virtual network topologies
    • Enterprise
    • Service Provider Multi-Tenant
    • Multi-Tenant Scalable
  • Given a specific physical topology, determine what challenges could be addressed by a VMware NSX implementation.
  • Differentiate physical/virtual QoS implementation
  • Differentiate single/multiple vSphere Distributed Switch (vDS)/Distributed Logical Router implementations
  • Differentiate NSX Edge High Availability (HA)/Scale-out implementations
  • Differentiate Separate/Collapsed vSphere Cluster topologies
  • Differentiate Layer 3 and Converged cluster infrastructures

+Objective 2.2: Determine Physical Infrastructure Requirements for a VMware NSX Implementation Knowledge

  • Discern management and edge cluster requirements
  • Differentiate minimum/optimal physical infrastructure requirements for a VMware NSX implementation
  • Determine how traffic types are handled in a physical infrastructure
  • Determine use cases for available virtual architectures
  • Describe ESXi host vmnic requirements
  • Differentiate virtual to physical switch connection methods
  • Compare and contrast VMkernel networking scenarios

+ Section 3: Configure and Manage vSphere Networking + Objective 3.1:Configure and Manage vSphere Distributed Switches (vDS) Knowledge

  • Compare and contrast vDS capabilities
  • Create/Delete a vDS
  • Add/Remove ESXi hosts from a vDS
  • Edit general vSphere vDS settings
  • Add/Configure/Remove dvPortgroups
  • Configure dvPort settings
  • Add/Remove uplink adapters to dvUplinkgroups
  • Create/Configure/Remove virtual adapters
  • Migrate virtual machines to/from a vDS
  • Monitor dvPort state
  • Determine use cases for a vDS

+ Objective 3.2:Configure and Manage vDS Policies Knowledge

  • Compare and contrast common vDS policies
  • Configure dvPortgroup blocking policies
  • Explain benefits of Multi-Instance TCP/IP stack
  • Configure load balancing and failover policies
  • Configure VLAN settings
  • Configure traffic shaping policies
  • Enable TCP Segmentation Offload (TOE) support for a virtual machine
  • Enable Jumbo Frame support on appropriate components
  • Determine appropriate VLAN configuration for a vSphere implementation
  • Understand how DSCP is handled in a VXLAN frame

+ Section 4: Install and Upgrade VMware NSX + Objective 4.1: Configure Environment for Network Virtualization Knowledge

  • Comprehend physical infrastructure configuration for NSX Compute, Edge and Management clusters (MTU, Dynamic Routing for Edge, etc.)
  • Prepare a Greenfield vSphere Infrastructure for NSX Deployment
  • Configure Quality of Service (QoS)
  • Configure Link Aggregation Control Protocol (LACP)
  • Configure a Brownfield vSphere Infrastructure for NSX
  • Determine how IP address assignments work in VMware NSX
  • Determine minimum permissions required to perform an NSX deployment task in a vSphere implementation

+ Objective 4.2: Deploy VMware NSX Components Knowledge

  • Install/Register NSX Manager
  • Prepare ESXi hosts
  • Deploy NSX Controllers
  • Understand assignment of Segment ID Pool and appropriate need for Multicast addresses
  • Install vShield Endpoint
  • Create an IP pool
  • Understand when to use IP Pools versus DHCP for NSX Controller Deployment

+ Objective 4.3: Expand Transport Zone to Include New Cluster(s) Knowledge

  • Explain the function of a Transport Zone
  • Understand proper addition of a Transport Zone
  • Understand necessity to expand or contract a Transport Zone
  • Edit a Transport Zone
  • Understand appropriate use of Control Plane mode modification of a Transport zone

+ Section 5: Configure VMware NSX Virtual Networks + Objective 5.1: Create and Administer Logical Switches Knowledge

  • Given a scenario, demonstrate the proper way to add/remove a logical switch
  • Determine use case for and contrast the three Control Plane Modes
    • Multi-cast
    • Hybrid
    • Unicast
  • Determine use case for connecting a logical switch to an NSX Edge gateway
  • Deploy services to a logical switch
  • Demonstrate multiple ways of adding or removing virtual machines from a logical switch
  • Test logical switch connectivity

+ Objective 5.2: Configure VXLAN Knowledge

  • Describe and understand areas where VXLANs should be configured
  • Understand physical network requirements for virtual topologies with VXLANs
  • Understand how to prepare a vSphere cluster for VXLAN
  • Determine the appropriate teaming policy for a given implementation
  • Understand how to configure and modify the options of a Transport Zone
  • Understand how prepare VXLAN Tunnel End Points (VTEPs) on vSphere clusterss

+ Objective 5.3: Configure and Manage Layer 2 Bridging Knowledge

  • Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
  • Understand how to add a Layer 2 Bridge to an NSX Edge device
  • Determine when Layer 2 Bridging would be required for a given NSX implementation
  • Determine use cases for multiple Layer 2 Bridges
  • Compare and contrast software and hardware bridging

+ Objective 5.4: Configure and Manage Logical Routers Knowledge

  • Install NSX Edge
  • Understand how to connect/disconnect a logical switch from a logical router
  • Understand and describe the different types of router interfaces
  • Determine NSX components needed to build out topologies with logical routers
  • Understand how to add and configure a new logical router
  • Determine use case for and configure a management interface
  • Determine use case for and configure High Availability for a logical router
  • Configure routing protocols
    • Static
    • OSPF
  • Configure default gateway
  • Determine if cross-protocol route sharing is needed for a given NSX implementation
  • Understand how to configure administrative distances for routing
  • Understand and configure route redistribution

+ Section 6: Configure and Manage NSX Network Services + Objective 6.1: Configure and Manage Logical Load Balancing Knowledge

  • Differentiate when to use the two topologies for load balancing
  • Understand how to configure load balancing
  • Configure and understand service monitors
  • Understand how to Add/Edit/Delete a server pool
  • Understand how to Add/Edit/Delete an application profile
  • Understand how to Add/Edit/Delete virtual servers
  • Determine appropriate NSX Edge instance size based on load balancing requirements

+ Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN) Knowledge

  • Understand how to configure IPSec VPN
    • Configure IPSec VPN parameters
    • Enable logging
  • Understand how to configure Layer 2 VPN
    • Add Layer 2 VPN Client/Server
    • View Layer 2 VPN Statistics
  • Configure Network Access/Web Access SSL VPN-Plus
    • Edit Client Configurations
    • Edit General Settings
    • Edit Web Portal Designs
    • Add/Edit/Delete IP Pools
    • Add/Edit/Delete Private Networks
    • Add/Edit/Delete Installation Packages
    • Add/Edit/Delete Users
    • Add/Edit/Delete Login/Logoff script
  • Determine appropriate VPN service type for a given NSX implementation

+ Objective 6.3: Configure and Manage DHCP/DNS/NAT Knowledge

  • Understand proper use and addition of a DHCP IP Pool
  • Enable a DHCP IP pool
  • Describe use and proper implementation of DNS services
  • Describe when and how to configure Source NAT
  • Describe when and how to configure Destination NAT
  • Given a scenario, compare and contrast proper DHCP uses

+ Objective 6.4: Configure and Manage Edge Services High Availability Knowledge

  • Given a scenario, compare and contrast proper HA uses
  • Determine service availability during an Edge High Availability failover
  • Differentiate NSX Edge High Availability and vSphere High Availability
  • Configure NSX Edge High Availability
    • Configure heartbeat settings
    • Configure management IP addresses
  • Modify and existing Edge High Availability deployment
  • Determine resource pool requirements for a given Edge High Availability configuration
  • Configure Equal-Cost Multi-Path Routing (ECMP)
    • Determine ECMP timers
    • Understand process flows
  • Combine ECMP with other stateful services

+ Section 7: Configure and Administer Network Security + Objective 7.1: Configure and Administer Logical Firewall Services Knowledge

  • Add/Edit/Delete an Edge Firewall rule
  • Configure Source/Destination/Service/Action rule components
  • Compare and contrast between Edge Rule Types (Pre Rules/Internal/User Rules/Default Rules)
  • Change the order of an Edge User Firewall rule
  • Demonstrate how to configure an Edge Firewall Pre Rule
  • Understand the limitations of ECMP and Edge Firewall Policy

+ Objective 7.2: Configure Distributed Firewall Services Knowledge

  • Describe VM IP Address learning for the purposes of DFW vCenter attribute learning
  • Differentiate between Layer 2 and Layer 3 rules
  • Differentiate between entity-based and identity-based rules
  • Identify firewall rule entities
  • Explain rule processing order
  • Explain rule segregation
  • Demonstrate steps to Add/Delete a Distributed Firewall rule
  • Demonstrate configuration of Source/Destination/Service/Action rule components
  • Change the order of a Distributed Firewall rule
  • Add/Merge/Delete a Distributed Firewall rule section
  • Determine publishing requirements for rules in a given NSX implementation
  • Demonstrate Import/Export Distributed Firewall Configuration
  • Load Distributed Firewall configuration
  • Determine need for excluding virtual machines from distributed firewall protection
  • Describe SpoofGuard Operation and Default Policy and Actions
  • Describe SpoofGuard IP Address Learning
  • Identify requirements for a Spoofguard Policy
  • Demonstrate how to Create and Edit a SpoofGuard Policy
    • IP Local Addresses
    • Approve IP addresses
    • Edit/Clear IP addresses

+ Objective 7.3: – Configure and Manage Service Composer Knowledge

  • Identify assets that can be used with a Security Group
  • Describe and differentiate services contained in a Security Policy
  • Explain common Service Composer use cases
  • Describe third party integration and service redirection
  • Differentiate Security Groups and Security Policies
  • Demonstrate the ability to redirect specific flows (e.g. 80) to network introspection services
  • Differentiate between vCenter attribute based Firewall rules (including IP Sets) vs Active Directory identity-based rule
  • Create/Edit a Security Group in Service Composer
  • Create/Edit/Delete a Security Policy in Service Composer
  • Map a Security Policy to a Security Group
  • Add/Edit/Delete a Security Tag
  • Assign and view a Security Tag

+ Section 8: Perform Operations Tasks in a VMware NSX Environment + Objective 8.1: Configure Roles, Permissions, and Scope Knowledge

  • Understand default roles
  • Understand Single Sign-On (SSO) integration
  • Configure SSO
  • Assign a role to a vCenter Server user or group
  • Compare and contrast the uses for the various NSX Security Roles
  • Determine how roles can be applied to a subset of the vCenter infrastructure for multi Tenancy purposes
  • Understand how to apply NSX Roles to an AD group
  • Assign objects to a user
  • Enable/Disable a user account
  • Edit/Delete a user account

+ Objective 8.2: Monitor a VMware NSX Implementation Knowledge

  • Compare and contrast available monitoring methods (UI, CLI, etc.)
  • Monitor infrastructure components
    • Control Cluster Health
    • Manager Health
    • Hypervisor Health
  • Perform Inbound/Outbound activity monitoring
  • Enable data collection for single/multiple virtual machines
  • Perform virtual machine activity monitoring
  • Monitor activity between inventory containers (security groups, AD groups)
  • Monitor logical networks and services
    • Identify available statistics/counters
    • Network/service health
    • Configure and collect data from network

+ Objective 8.3: Perform Auditing and Compliance Knowledge

  • Given an auditing scenario, determine where applicable log information can be located
  • Differentiate permissions for auditing
  • Differentiate information available in audit logs
  • Use flow monitoring to audit firewall rules
  • Audit deleted users
  • Audit infrastructure changes
  • View NSX Manager audit logs and change data
  • View and download compliance reports
  • Create a regular expression
  • Configure Guest Introspection (Install vShield Endpoint)

+ Objective 8.4: Administer Logging Knowledge

  • Given a scenario, utilize information contained in technical support bundles/logs to assist in troubleshooting
  • Explain usage of CLI for logging
  • Configure Syslog(s)
  • Configure logging for Dynamic Routing information
  • Log Distributed Firewall rule processing information
  • Log Edge Firewall rule processing information
  • Log address translation information
  • Log VPN traffic
  • Configure basic/advanced Load Balancer logging
  • Log DHCP assignments
  • Log DNS resolutions
  • Log security policy session information
  • Download NSX Edge tech support logs
  • Generate NSX Manager tech support logs

+ Objective 8.5: Backup and Recover Configurations Knowledge

  • Understand how to backup and recover various components
  • Schedule backups
  • Export/Restore vSphere Distributed Switch configuration
  • Import/Export Service Composer profiles
  • Perform NSX Manager backup and restore operations

Duration : 20-25 hours Cost: Rs 30k

Get Registered Download PDF