VMware NSX is a network virtualization solution that provides network and security services embedded into the VMware ESXi™ hypervisor. NSX for vSphere implements routing, switching, load balancing and firewalling through software constructs that scale as you scale out your compute infrastructure. NSX also provides the ability to integrate with third party vendors to deliver rich guest and network introspection services via software constructs. By decoupling from the physical hardware, NSX allows greater security, workload mobility, and automation, which form the foundational tenants of an NSX deployment.
At the time of writing of this book, there are three VMware NSX offerings available, which are as follows:
- VMware NSX for vSphere
- VMware NSX-T
- VMware NSX Cloud (https://cloud.vmware.com/nsx-cloud)
This book will cover VMware NSX for vSphere and has been written using version 6.3, but has also incorporated new features from 6.4 in the relevant sections of the book.
The recipes covered throughout this book provide the foundational knowledge required to get started with NSX, but also covers the required content in depth, so that you can make informed design decisions for your VMware NSX implementation.
This book aims to be useful for both new and seasoned VMware NSX for vSphere administrators. It is intended to be used by those that have never deployed NSX and by those that have it deployed already but are looking to leverage new or advanced functionality.
NSX-v runs on vSphere and connects to your existing network. Therefore, intermediate networking and virtualization knowledge is assumed and is essential to understand the correct deployment of NSX in your environment.
Chapter1, Getting Started with VMware NSX for vSphere, explains how to choose the right VMware NSX for vSphere Edition, select compatible software and hardware, and deploy the foundational components of NSX.
Chapter 2, Configuring VMware NSX Logical Switch Networks, covers how to set up logical switch networks based on Virtual Extensible LAN (VXLAN) and how to connect virtual machines to the newly created logical switches.
Chapter3, Configuring VMware NSX Logical Routing, introduces the Distributed Logical Router for East-West routing in your datacenter and the Edge Services Gateway for North-South routing to your virtual networks.
Chapter4, Configuring VMware NSX Layer 2 Bridging, covers how layer 2 bridging works and its configuration for both software and hardware.
Chapter5, Configuring VMware NSX Edge Services Gateway, acts as the Swiss Army knife of NSX and provides all the rich network services. The topics covered in this chapter include DNS Relay, DHCP Server, firewall, load balancing, and virtual private networks.
Chapter6, Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard, covers how to configure the NSX Distributed Firewall. The topics include configuration of Security Policy, Grouping Constructs, Firewall Rules, and advanced Guest and Network Introspection services.
Chapter7, Configuring Cross-vCenter NSX, covers how to extend your NSX deployment across vCenter boundaries and how to deliver distributed services across geographical dispersed sites.
Chapter8, Backing up and Restoring VMware NSX Components, covers recipes to perform backup and restore of NSX components for disaster recovery and day-to-day operations.
Chapter9, Managing User Accounts in VMware NSX, explains how to manage and create user accounts in NSX Manager and vSphere Web Client based on roles for accessing VMware NSX.
Chapter10, Upgrading VMware NSX, gives you an understanding of how to plan and perform a VMware NSX for vSphere upgrade.
Chapter11, Managing and Monitoring VMware NSX Platform, focuses on monitoring NSX using built-in dashboards, working with logs, and using flow monitoring tools available natively within NSX. This chapter also covers how to use Application Rule Manager and Endpoint Monitoring.
Chapter12, Leveraging the VMware NSX REST API for Management and Automation, introduces you to working with the NSX REST API and demonstrates how to use a plethora of tools for accessing the NSX REST API, such as Postman, cURL, PowerShell, Python, and vRealize Orchestrator.
The book was written using vSphere version 6.5 and NSX-v version 6.3. vSphere 5.5 and later can be used, but you should independently validate all software components are compatible with the version of NSX you are deploying via the VMware Product Interoperability Matrices (https://www.vmware.com/resources/compatibility/sim/interop_matrix.php), and all hardware should be checked via the VMware Hardware Compatibility Guide (HCL) (http://www.vmware.com/go/hcl).
To install VMware for vSphere you will need to obtain the appropriate software; unfortunately, without a valid contract you will need contact the VMware sales team (http://www.vmware.com/company/contact_sales.html) to obtain it.
All recipes require a supported guest operating system, web browser, and Adobe Flash Player to access the vSphere Web Client. The minimum supported requirements are vSphere version-dependent; for example, the requirements for vSphere 6.5 are documented at the following URL: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-F6D456D7-C559-439D-8F34-4FCF533B7B42.html. Additionally, you will need an SSH client to access ESXi hosts and/or NSX components.
Two of the recipes in Chapter 4, Configuring VMware NSX Layer 2 Bridging, are based on hardware VTEP bridging, which requires compatible hardware. Unless you have a compatible piece of hardware, you may not be able to test this recipe. In this case, you can visit an online interactive simulation provided by VMware Hands-on Labs to walk through configuration steps in detail: http://docs.hol.vmware.com/hol-isim/HOL-2017/hol-1703-arista.htm.
The NSX Identity Firewall in Chapter 6, Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard, and Endpoint Monitoring in Chapter 11, Managing and Monitoring VMware NSX Platform, require a compatible desktop operating system. The specific list of compatible operating systems are covered in the respective chapters, and at the time of writing this book, was limited to Microsoft Windows operating systems only.
Chapter 7, Configuring Cross-vCenter NSX, is a multi-vCenter setup that requires additional compute infrastructure and virtual components for complete configuration. This includes a minimum of two vCenter servers, two NSX managers, and the relevant infrastructure components for each.
Chapter 8, Backing up and Restoring VMware NSX Components, covers backup and software of NSX components and requires deployment of either a File Transfer Protocol (FTP) or SSH File Transfer Protocol (SFTP) server.
VMware vRealize Log Insight (vRLI) is covered in Chapter 11, Managing and Monitoring VMware NSX Platform; deployment and configuration for vRLI is not within the scope of this book. However, VMware NSX customers are entitled for VMware vRealize Log Insight, see VMware KB 2145800 vRealize Log Insight for NSX FAQ https://kb.vmware.com/s/article/2145800.
Chapter 12, Leveraging the VMware NSX REST API for Management and Automation, covers the NSX REST API and requires the following software installed on your administrative machine for testing:
- Postman: https://www.getpostman.com/
- Windows PowerShell or PowerShell Core: https://microsoft.com/powershell
- Python 2.7 or Python 3: https://www.python.org/downloads/
- vRealize Orchestrator: https://www.vmware.com/products/vrealize-orchestrator.html
- NSX-vRO plugin
If you do not have an environment to work with NSX, you can still test-drive NSX on VMware Hands-on Lab (HOL): https://www.vmware.com/products/nsx/nsx-hol.html.
You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.
You can download the code files by following these steps:
- Log in or register at www.packtpub.com.
- Select the
SUPPORTtab. - Click on
Code Downloads & Errata. - Enter the name of the book in the
Searchbox and follow the onscreen instructions.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
- WinRAR/7-Zip for Windows
- Zipeg/iZip/UnRarX for Mac
- 7-Zip/PeaZip for Linux
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/VMware-NSX-Cookbook. In case there's an update to the code, it will be updated on the existing GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/VMwareNSXCookbook_ColorImages.pdf.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To check whether cURL is available in the operating system, use the curl ---version command."
A block of code is set as follows:
# NSX Variables $NSXUsername = "admin" $NSXPassword = "VMware1!" $NSXManager = "https://nsxmgr-01a.corp.local" $NSXURI = "/api/2.0/services/usermgmt/user/admin"
Any command-line input or output is written as follows:
curl -k -X GET -H "Accept: application/xml" -H "Content-Type: application/xml" -u admin:VMware1! 'https://nsxmgr-01a.corp.local/api/2.0/services/usermgmt/user/admin'Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select All Downloads, scroll down to the Networking & Security menu item, and click Drivers & Tools."
In this book, you will find several headings that appear frequently (Getting ready, How to do it..., How it works..., There's more..., and See also).
To give clear instructions on how to complete a recipe, use these sections as follows:
This section tells you what to expect in the recipe and describes how to set up any software or any preliminary settings required for the recipe.
This section usually consists of a detailed explanation of what happened in the previous section.
This section consists of additional information about the recipe in order to make you more knowledgeable about the recipe.
Feedback from our readers is always welcome.
General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packtpub.com.