Ontrak VMware-NSX (Network Virtualization)-VCP6-NV-25Hrs

Overview

Pre-Requisites

- Network Virtualization (VMware)

Course Content

+ Section 1: Understand VMware NSX Technology and Architecture + Objective 1.1: Compare and Contrast the Benefits of a VMware NSX Implementation Knowledge

Determine challenges with physical network implementations
Understand common VMware NSX terms
Differentiate NSX network and security functions and services
Differentiate common use cases for VMware NSX

+ Objective 1.2: Understand VMware NSX Architecture Knowledge

Differentiate component functionality of NSX stack infrastructure components
Compare and contrast with advantages/disadvantages of topologies (star, ring, etc.) as well as scaling limitations
Compare and contrast VMware NSX data center deployment models
Prepare a vSphere implementation for NSX

+ Objective 1.3: Differentiate Physical and Virtual Network Technologies Knowledge

Differentiate logical and physical topologies, components and services
Differentiate logical and physical security constructs
- Endpoint Security
- Data Security
- Flow Monitoring
- Activity Monitoring
- Distributed Firewall
- Perimeter Firewall

+ Objective 1.4: Understand VMware NSX Integration with Third-Party Products and Services Knowledge

Determine integration with third-party services
- Network services
- Security services
- Load Balancing
- Anti-malware
- IDS/IPS
Determine integration with third-party hardware
- Network Interface Cards (NICs)
- Terminating overlay networks
- HW VTEP
- VXLAN offload
- RSS
Install/register a third-party service with NSX

+ Section 2: Understand VMware NSX Physical Infrastructure Requirements +Objective 2.1: Compare and Contrast the Benefits of Running VMware NSX on Physical Network Fabrics Fabrics Knowledge

Differentiate physical network topologies
- Differentiate physical network trends
- Understand the purpose of a Spine node
- Understand the purpose of a Leaf node
Differentiate virtual network topologies
- Enterprise
- Service Provider Multi-Tenant
- Multi-Tenant Scalable
Given a specific physical topology, determine what challenges could be addressed by a VMware NSX implementation.
Differentiate physical/virtual QoS implementation
Differentiate single/multiple vSphere Distributed Switch (vDS)/Distributed Logical Router implementations
Differentiate NSX Edge High Availability (HA)/Scale-out implementations
Differentiate Separate/Collapsed vSphere Cluster topologies
Differentiate Layer 3 and Converged cluster infrastructures

+Objective 2.2: Determine Physical Infrastructure Requirements for a VMware NSX Implementation Knowledge

Discern management and edge cluster requirements
Differentiate minimum/optimal physical infrastructure requirements for a VMware NSX implementation
Determine how traffic types are handled in a physical infrastructure
Determine use cases for available virtual architectures
Describe ESXi host vmnic requirements
Differentiate virtual to physical switch connection methods
Compare and contrast VMkernel networking scenarios

+ Section 3: Configure and Manage vSphere Networking + Objective 3.1:Configure and Manage vSphere Distributed Switches (vDS) Knowledge

Compare and contrast vDS capabilities
Create/Delete a vDS
Add/Remove ESXi hosts from a vDS
Edit general vSphere vDS settings
Add/Configure/Remove dvPortgroups
Configure dvPort settings
Add/Remove uplink adapters to dvUplinkgroups
Create/Configure/Remove virtual adapters
Migrate virtual machines to/from a vDS
Monitor dvPort state
Determine use cases for a vDS

+ Objective 3.2:Configure and Manage vDS Policies Knowledge

Compare and contrast common vDS policies
Configure dvPortgroup blocking policies
Explain benefits of Multi-Instance TCP/IP stack
Configure load balancing and failover policies
Configure VLAN settings
Configure traffic shaping policies
Enable TCP Segmentation Offload (TOE) support for a virtual machine
Enable Jumbo Frame support on appropriate components
Determine appropriate VLAN configuration for a vSphere implementation
Understand how DSCP is handled in a VXLAN frame

+ Section 4: Install and Upgrade VMware NSX + Objective 4.1: Configure Environment for Network Virtualization Knowledge

Comprehend physical infrastructure configuration for NSX Compute, Edge and Management clusters (MTU, Dynamic Routing for Edge, etc.)
Prepare a Greenfield vSphere Infrastructure for NSX Deployment
Configure Quality of Service (QoS)
Configure Link Aggregation Control Protocol (LACP)
Configure a Brownfield vSphere Infrastructure for NSX
Determine how IP address assignments work in VMware NSX
Determine minimum permissions required to perform an NSX deployment task in a vSphere implementation

+ Objective 4.2: Deploy VMware NSX Components Knowledge

Install/Register NSX Manager
Prepare ESXi hosts
Deploy NSX Controllers
Understand assignment of Segment ID Pool and appropriate need for Multicast addresses
Install vShield Endpoint
Create an IP pool
Understand when to use IP Pools versus DHCP for NSX Controller Deployment

+ Objective 4.3: Expand Transport Zone to Include New Cluster(s) Knowledge

Explain the function of a Transport Zone
Understand proper addition of a Transport Zone
Understand necessity to expand or contract a Transport Zone
Edit a Transport Zone
Understand appropriate use of Control Plane mode modification of a Transport zone

+ Section 5: Configure VMware NSX Virtual Networks + Objective 5.1: Create and Administer Logical Switches Knowledge

Given a scenario, demonstrate the proper way to add/remove a logical switch
Determine use case for and contrast the three Control Plane Modes
- Multi-cast
- Hybrid
- Unicast
Determine use case for connecting a logical switch to an NSX Edge gateway
Deploy services to a logical switch
Demonstrate multiple ways of adding or removing virtual machines from a logical switch
Test logical switch connectivity

+ Objective 5.2: Configure VXLAN Knowledge

Describe and understand areas where VXLANs should be configured
Understand physical network requirements for virtual topologies with VXLANs
Understand how to prepare a vSphere cluster for VXLAN
Determine the appropriate teaming policy for a given implementation
Understand how to configure and modify the options of a Transport Zone
Understand how prepare VXLAN Tunnel End Points (VTEPs) on vSphere clusterss

+ Objective 5.3: Configure and Manage Layer 2 Bridging Knowledge

Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
Understand how to add a Layer 2 Bridge to an NSX Edge device
Determine when Layer 2 Bridging would be required for a given NSX implementation
Determine use cases for multiple Layer 2 Bridges
Compare and contrast software and hardware bridging

+ Objective 5.4: Configure and Manage Logical Routers Knowledge

Install NSX Edge
Understand how to connect/disconnect a logical switch from a logical router
Understand and describe the different types of router interfaces
Determine NSX components needed to build out topologies with logical routers
Understand how to add and configure a new logical router
Determine use case for and configure a management interface
Determine use case for and configure High Availability for a logical router
Configure routing protocols
- Static
- OSPF
Configure default gateway
Determine if cross-protocol route sharing is needed for a given NSX implementation
Understand how to configure administrative distances for routing
Understand and configure route redistribution

+ Section 6: Configure and Manage NSX Network Services + Objective 6.1: Configure and Manage Logical Load Balancing Knowledge

Differentiate when to use the two topologies for load balancing
Understand how to configure load balancing
Configure and understand service monitors
Understand how to Add/Edit/Delete a server pool
Understand how to Add/Edit/Delete an application profile
Understand how to Add/Edit/Delete virtual servers
Determine appropriate NSX Edge instance size based on load balancing requirements

+ Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN) Knowledge

Understand how to configure IPSec VPN
- Configure IPSec VPN parameters
- Enable logging
Understand how to configure Layer 2 VPN
- Add Layer 2 VPN Client/Server
- View Layer 2 VPN Statistics
Configure Network Access/Web Access SSL VPN-Plus
- Edit Client Configurations
- Edit General Settings
- Edit Web Portal Designs
- Add/Edit/Delete IP Pools
- Add/Edit/Delete Private Networks
- Add/Edit/Delete Installation Packages
- Add/Edit/Delete Users
- Add/Edit/Delete Login/Logoff script
Determine appropriate VPN service type for a given NSX implementation

+ Objective 6.3: Configure and Manage DHCP/DNS/NAT Knowledge

Understand proper use and addition of a DHCP IP Pool
Enable a DHCP IP pool
Describe use and proper implementation of DNS services
Describe when and how to configure Source NAT
Describe when and how to configure Destination NAT
Given a scenario, compare and contrast proper DHCP uses

+ Objective 6.4: Configure and Manage Edge Services High Availability Knowledge

Given a scenario, compare and contrast proper HA uses
Determine service availability during an Edge High Availability failover
Differentiate NSX Edge High Availability and vSphere High Availability
Configure NSX Edge High Availability
- Configure heartbeat settings
- Configure management IP addresses
Modify and existing Edge High Availability deployment
Determine resource pool requirements for a given Edge High Availability configuration
Configure Equal-Cost Multi-Path Routing (ECMP)
- Determine ECMP timers
- Understand process flows
Combine ECMP with other stateful services

+ Section 7: Configure and Administer Network Security + Objective 7.1: Configure and Administer Logical Firewall Services Knowledge

Add/Edit/Delete an Edge Firewall rule
Configure Source/Destination/Service/Action rule components
Compare and contrast between Edge Rule Types (Pre Rules/Internal/User Rules/Default Rules)
Change the order of an Edge User Firewall rule
Demonstrate how to configure an Edge Firewall Pre Rule
Understand the limitations of ECMP and Edge Firewall Policy

+ Objective 7.2: Configure Distributed Firewall Services Knowledge

Describe VM IP Address learning for the purposes of DFW vCenter attribute learning
Differentiate between Layer 2 and Layer 3 rules
Differentiate between entity-based and identity-based rules
Identify firewall rule entities
Explain rule processing order
Explain rule segregation
Demonstrate steps to Add/Delete a Distributed Firewall rule
Demonstrate configuration of Source/Destination/Service/Action rule components
Change the order of a Distributed Firewall rule
Add/Merge/Delete a Distributed Firewall rule section
Determine publishing requirements for rules in a given NSX implementation
Demonstrate Import/Export Distributed Firewall Configuration
Load Distributed Firewall configuration
Determine need for excluding virtual machines from distributed firewall protection
Describe SpoofGuard Operation and Default Policy and Actions
Describe SpoofGuard IP Address Learning
Identify requirements for a Spoofguard Policy
Demonstrate how to Create and Edit a SpoofGuard Policy
- IP Local Addresses
- Approve IP addresses
- Edit/Clear IP addresses

+ Objective 7.3: – Configure and Manage Service Composer Knowledge

Identify assets that can be used with a Security Group
Describe and differentiate services contained in a Security Policy
Explain common Service Composer use cases
Describe third party integration and service redirection
Differentiate Security Groups and Security Policies
Demonstrate the ability to redirect specific flows (e.g. 80) to network introspection services
Differentiate between vCenter attribute based Firewall rules (including IP Sets) vs Active Directory identity-based rule
Create/Edit a Security Group in Service Composer
Create/Edit/Delete a Security Policy in Service Composer
Map a Security Policy to a Security Group
Add/Edit/Delete a Security Tag
Assign and view a Security Tag

+ Section 8: Perform Operations Tasks in a VMware NSX Environment + Objective 8.1: Configure Roles, Permissions, and Scope Knowledge

Understand default roles
Understand Single Sign-On (SSO) integration
Configure SSO
Assign a role to a vCenter Server user or group
Compare and contrast the uses for the various NSX Security Roles
Determine how roles can be applied to a subset of the vCenter infrastructure for multi Tenancy purposes
Understand how to apply NSX Roles to an AD group
Assign objects to a user
Enable/Disable a user account
Edit/Delete a user account

+ Objective 8.2: Monitor a VMware NSX Implementation Knowledge

Compare and contrast available monitoring methods (UI, CLI, etc.)
Monitor infrastructure components
- Control Cluster Health
- Manager Health
- Hypervisor Health
Perform Inbound/Outbound activity monitoring
Enable data collection for single/multiple virtual machines
Perform virtual machine activity monitoring
Monitor activity between inventory containers (security groups, AD groups)
Monitor logical networks and services
- Identify available statistics/counters
- Network/service health
- Configure and collect data from network

+ Objective 8.3: Perform Auditing and Compliance Knowledge

Given an auditing scenario, determine where applicable log information can be located
Differentiate permissions for auditing
Differentiate information available in audit logs
Use flow monitoring to audit firewall rules
Audit deleted users
Audit infrastructure changes
View NSX Manager audit logs and change data
View and download compliance reports
Create a regular expression
Configure Guest Introspection (Install vShield Endpoint)

+ Objective 8.4: Administer Logging Knowledge

Given a scenario, utilize information contained in technical support bundles/logs to assist in troubleshooting
Explain usage of CLI for logging
Configure Syslog(s)
Configure logging for Dynamic Routing information
Log Distributed Firewall rule processing information
Log Edge Firewall rule processing information
Log address translation information
Log VPN traffic
Configure basic/advanced Load Balancer logging
Log DHCP assignments
Log DNS resolutions
Log security policy session information
Download NSX Edge tech support logs
Generate NSX Manager tech support logs

+ Objective 8.5: Backup and Recover Configurations Knowledge

Understand how to backup and recover various components
Schedule backups
Export/Restore vSphere Distributed Switch configuration
Import/Export Service Composer profiles
Perform NSX Manager backup and restore operations

Duration : 20-25 hours Cost: Rs 30k

Get Registered Download PDF