Ontrak VMware-NSX (Network Virtualization)-VCP6-NV-25Hrs
Pre-Requisites
- - Network Virtualization (VMware)
Course Content
+ Section 1: Understand VMware NSX Technology and Architecture + Objective 1.1: Compare and Contrast the Benefits of a VMware NSX Implementation Knowledge
- Determine challenges with physical network implementations
- Understand common VMware NSX terms
- Differentiate NSX network and security functions and services
- Differentiate common use cases for VMware NSX
+ Objective 1.2: Understand VMware NSX Architecture Knowledge
- Differentiate component functionality of NSX stack infrastructure components
- Compare and contrast with advantages/disadvantages of topologies (star, ring, etc.) as well as scaling limitations
- Compare and contrast VMware NSX data center deployment models
- Prepare a vSphere implementation for NSX
+ Objective 1.3: Differentiate Physical and Virtual Network Technologies Knowledge
- Differentiate logical and physical topologies, components and services
- Differentiate logical and physical security constructs
- Endpoint Security
- Data Security
- Flow Monitoring
- Activity Monitoring
- Distributed Firewall
- Perimeter Firewall
+ Objective 1.4: Understand VMware NSX Integration with Third-Party Products and Services Knowledge
- Determine integration with third-party services
- Network services
- Security services
- Load Balancing
- Anti-malware
- IDS/IPS
- Determine integration with third-party hardware
- Network Interface Cards (NICs)
- Terminating overlay networks
- HW VTEP
- VXLAN offload
- RSS
- Install/register a third-party service with NSX
+ Section 2: Understand VMware NSX Physical Infrastructure Requirements +Objective 2.1: Compare and Contrast the Benefits of Running VMware NSX on Physical Network Fabrics Fabrics Knowledge
- Differentiate physical network topologies
- Differentiate physical network trends
- Understand the purpose of a Spine node
- Understand the purpose of a Leaf node
- Differentiate virtual network topologies
- Enterprise
- Service Provider Multi-Tenant
- Multi-Tenant Scalable
- Given a specific physical topology, determine what challenges could be addressed by a VMware NSX implementation.
- Differentiate physical/virtual QoS implementation
- Differentiate single/multiple vSphere Distributed Switch (vDS)/Distributed Logical Router implementations
- Differentiate NSX Edge High Availability (HA)/Scale-out implementations
- Differentiate Separate/Collapsed vSphere Cluster topologies
- Differentiate Layer 3 and Converged cluster infrastructures
+Objective 2.2: Determine Physical Infrastructure Requirements for a VMware NSX Implementation Knowledge
- Discern management and edge cluster requirements
- Differentiate minimum/optimal physical infrastructure requirements for a VMware NSX implementation
- Determine how traffic types are handled in a physical infrastructure
- Determine use cases for available virtual architectures
- Describe ESXi host vmnic requirements
- Differentiate virtual to physical switch connection methods
- Compare and contrast VMkernel networking scenarios
+ Section 3: Configure and Manage vSphere Networking + Objective 3.1:Configure and Manage vSphere Distributed Switches (vDS) Knowledge
- Compare and contrast vDS capabilities
- Create/Delete a vDS
- Add/Remove ESXi hosts from a vDS
- Edit general vSphere vDS settings
- Add/Configure/Remove dvPortgroups
- Configure dvPort settings
- Add/Remove uplink adapters to dvUplinkgroups
- Create/Configure/Remove virtual adapters
- Migrate virtual machines to/from a vDS
- Monitor dvPort state
- Determine use cases for a vDS
+ Objective 3.2:Configure and Manage vDS Policies Knowledge
- Compare and contrast common vDS policies
- Configure dvPortgroup blocking policies
- Explain benefits of Multi-Instance TCP/IP stack
- Configure load balancing and failover policies
- Configure VLAN settings
- Configure traffic shaping policies
- Enable TCP Segmentation Offload (TOE) support for a virtual machine
- Enable Jumbo Frame support on appropriate components
- Determine appropriate VLAN configuration for a vSphere implementation
- Understand how DSCP is handled in a VXLAN frame
+ Section 4: Install and Upgrade VMware NSX + Objective 4.1: Configure Environment for Network Virtualization Knowledge
- Comprehend physical infrastructure configuration for NSX Compute, Edge and Management clusters (MTU, Dynamic Routing for Edge, etc.)
- Prepare a Greenfield vSphere Infrastructure for NSX Deployment
- Configure Quality of Service (QoS)
- Configure Link Aggregation Control Protocol (LACP)
- Configure a Brownfield vSphere Infrastructure for NSX
- Determine how IP address assignments work in VMware NSX
- Determine minimum permissions required to perform an NSX deployment task in a vSphere implementation
+ Objective 4.2: Deploy VMware NSX Components Knowledge
- Install/Register NSX Manager
- Prepare ESXi hosts
- Deploy NSX Controllers
- Understand assignment of Segment ID Pool and appropriate need for Multicast addresses
- Install vShield Endpoint
- Create an IP pool
- Understand when to use IP Pools versus DHCP for NSX Controller Deployment
+ Objective 4.3: Expand Transport Zone to Include New Cluster(s) Knowledge
- Explain the function of a Transport Zone
- Understand proper addition of a Transport Zone
- Understand necessity to expand or contract a Transport Zone
- Edit a Transport Zone
- Understand appropriate use of Control Plane mode modification of a Transport zone
+ Section 5: Configure VMware NSX Virtual Networks + Objective 5.1: Create and Administer Logical Switches Knowledge
- Given a scenario, demonstrate the proper way to add/remove a logical switch
- Determine use case for and contrast the three Control Plane Modes
- Multi-cast
- Hybrid
- Unicast
- Determine use case for connecting a logical switch to an NSX Edge gateway
- Deploy services to a logical switch
- Demonstrate multiple ways of adding or removing virtual machines from a logical switch
- Test logical switch connectivity
+ Objective 5.2: Configure VXLAN Knowledge
- Describe and understand areas where VXLANs should be configured
- Understand physical network requirements for virtual topologies with VXLANs
- Understand how to prepare a vSphere cluster for VXLAN
- Determine the appropriate teaming policy for a given implementation
- Understand how to configure and modify the options of a Transport Zone
- Understand how prepare VXLAN Tunnel End Points (VTEPs) on vSphere clusterss
+ Objective 5.3: Configure and Manage Layer 2 Bridging Knowledge
- Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
- Understand how to add a Layer 2 Bridge to an NSX Edge device
- Determine when Layer 2 Bridging would be required for a given NSX implementation
- Determine use cases for multiple Layer 2 Bridges
- Compare and contrast software and hardware bridging
+ Objective 5.4: Configure and Manage Logical Routers Knowledge
- Install NSX Edge
- Understand how to connect/disconnect a logical switch from a logical router
- Understand and describe the different types of router interfaces
- Determine NSX components needed to build out topologies with logical routers
- Understand how to add and configure a new logical router
- Determine use case for and configure a management interface
- Determine use case for and configure High Availability for a logical router
- Configure routing protocols
- Static
- OSPF
- Configure default gateway
- Determine if cross-protocol route sharing is needed for a given NSX implementation
- Understand how to configure administrative distances for routing
- Understand and configure route redistribution
+ Section 6: Configure and Manage NSX Network Services + Objective 6.1: Configure and Manage Logical Load Balancing Knowledge
- Differentiate when to use the two topologies for load balancing
- Understand how to configure load balancing
- Configure and understand service monitors
- Understand how to Add/Edit/Delete a server pool
- Understand how to Add/Edit/Delete an application profile
- Understand how to Add/Edit/Delete virtual servers
- Determine appropriate NSX Edge instance size based on load balancing requirements
+ Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN) Knowledge
- Understand how to configure IPSec VPN
- Configure IPSec VPN parameters
- Enable logging
- Understand how to configure Layer 2 VPN
- Add Layer 2 VPN Client/Server
- View Layer 2 VPN Statistics
- Configure Network Access/Web Access SSL VPN-Plus
- Edit Client Configurations
- Edit General Settings
- Edit Web Portal Designs
- Add/Edit/Delete IP Pools
- Add/Edit/Delete Private Networks
- Add/Edit/Delete Installation Packages
- Add/Edit/Delete Users
- Add/Edit/Delete Login/Logoff script
- Determine appropriate VPN service type for a given NSX implementation
+ Objective 6.3: Configure and Manage DHCP/DNS/NAT Knowledge
- Understand proper use and addition of a DHCP IP Pool
- Enable a DHCP IP pool
- Describe use and proper implementation of DNS services
- Describe when and how to configure Source NAT
- Describe when and how to configure Destination NAT
- Given a scenario, compare and contrast proper DHCP uses
+ Objective 6.4: Configure and Manage Edge Services High Availability Knowledge
- Given a scenario, compare and contrast proper HA uses
- Determine service availability during an Edge High Availability failover
- Differentiate NSX Edge High Availability and vSphere High Availability
- Configure NSX Edge High Availability
- Configure heartbeat settings
- Configure management IP addresses
- Modify and existing Edge High Availability deployment
- Determine resource pool requirements for a given Edge High Availability configuration
- Configure Equal-Cost Multi-Path Routing (ECMP)
- Determine ECMP timers
- Understand process flows
- Combine ECMP with other stateful services
+ Section 7: Configure and Administer Network Security + Objective 7.1: Configure and Administer Logical Firewall Services Knowledge
- Add/Edit/Delete an Edge Firewall rule
- Configure Source/Destination/Service/Action rule components
- Compare and contrast between Edge Rule Types (Pre Rules/Internal/User Rules/Default Rules)
- Change the order of an Edge User Firewall rule
- Demonstrate how to configure an Edge Firewall Pre Rule
- Understand the limitations of ECMP and Edge Firewall Policy
+ Objective 7.2: Configure Distributed Firewall Services Knowledge
- Describe VM IP Address learning for the purposes of DFW vCenter attribute learning
- Differentiate between Layer 2 and Layer 3 rules
- Differentiate between entity-based and identity-based rules
- Identify firewall rule entities
- Explain rule processing order
- Explain rule segregation
- Demonstrate steps to Add/Delete a Distributed Firewall rule
- Demonstrate configuration of Source/Destination/Service/Action rule components
- Change the order of a Distributed Firewall rule
- Add/Merge/Delete a Distributed Firewall rule section
- Determine publishing requirements for rules in a given NSX implementation
- Demonstrate Import/Export Distributed Firewall Configuration
- Load Distributed Firewall configuration
- Determine need for excluding virtual machines from distributed firewall protection
- Describe SpoofGuard Operation and Default Policy and Actions
- Describe SpoofGuard IP Address Learning
- Identify requirements for a Spoofguard Policy
- Demonstrate how to Create and Edit a SpoofGuard Policy
- IP Local Addresses
- Approve IP addresses
- Edit/Clear IP addresses
+ Objective 7.3: – Configure and Manage Service Composer Knowledge
- Identify assets that can be used with a Security Group
- Describe and differentiate services contained in a Security Policy
- Explain common Service Composer use cases
- Describe third party integration and service redirection
- Differentiate Security Groups and Security Policies
- Demonstrate the ability to redirect specific flows (e.g. 80) to network introspection services
- Differentiate between vCenter attribute based Firewall rules (including IP Sets) vs Active Directory identity-based rule
- Create/Edit a Security Group in Service Composer
- Create/Edit/Delete a Security Policy in Service Composer
- Map a Security Policy to a Security Group
- Add/Edit/Delete a Security Tag
- Assign and view a Security Tag
+ Section 8: Perform Operations Tasks in a VMware NSX Environment + Objective 8.1: Configure Roles, Permissions, and Scope Knowledge
- Understand default roles
- Understand Single Sign-On (SSO) integration
- Configure SSO
- Assign a role to a vCenter Server user or group
- Compare and contrast the uses for the various NSX Security Roles
- Determine how roles can be applied to a subset of the vCenter infrastructure for multi Tenancy purposes
- Understand how to apply NSX Roles to an AD group
- Assign objects to a user
- Enable/Disable a user account
- Edit/Delete a user account
+ Objective 8.2: Monitor a VMware NSX Implementation Knowledge
- Compare and contrast available monitoring methods (UI, CLI, etc.)
- Monitor infrastructure components
- Control Cluster Health
- Manager Health
- Hypervisor Health
- Perform Inbound/Outbound activity monitoring
- Enable data collection for single/multiple virtual machines
- Perform virtual machine activity monitoring
- Monitor activity between inventory containers (security groups, AD groups)
- Monitor logical networks and services
- Identify available statistics/counters
- Network/service health
- Configure and collect data from network
+ Objective 8.3: Perform Auditing and Compliance Knowledge
- Given an auditing scenario, determine where applicable log information can be located
- Differentiate permissions for auditing
- Differentiate information available in audit logs
- Use flow monitoring to audit firewall rules
- Audit deleted users
- Audit infrastructure changes
- View NSX Manager audit logs and change data
- View and download compliance reports
- Create a regular expression
- Configure Guest Introspection (Install vShield Endpoint)
+ Objective 8.4: Administer Logging Knowledge
- Given a scenario, utilize information contained in technical support bundles/logs to assist in troubleshooting
- Explain usage of CLI for logging
- Configure Syslog(s)
- Configure logging for Dynamic Routing information
- Log Distributed Firewall rule processing information
- Log Edge Firewall rule processing information
- Log address translation information
- Log VPN traffic
- Configure basic/advanced Load Balancer logging
- Log DHCP assignments
- Log DNS resolutions
- Log security policy session information
- Download NSX Edge tech support logs
- Generate NSX Manager tech support logs
+ Objective 8.5: Backup and Recover Configurations Knowledge
- Understand how to backup and recover various components
- Schedule backups
- Export/Restore vSphere Distributed Switch configuration
- Import/Export Service Composer profiles
- Perform NSX Manager backup and restore operations
Duration : 20-25 hours Cost: Rs 30k