Book Image

VMware NSX Cookbook

By : Bayu Wibowo, Tony Sangha
Book Image

VMware NSX Cookbook

By: Bayu Wibowo, Tony Sangha

Overview of this book

This book begins with a brief introduction to VMware's NSX for vSphere Network Virtualization solutions and how to deploy and configure NSX components and features such as Logical Switching, Logical Routing, layer 2 bridging and the Edge Services Gateway. Moving on to security, the book shows you how to enable micro-segmentation through NSX Distributed Firewall and Identity Firewall and how to do service insertion via network and guest introspection. After covering all the feature configurations for single-site deployment, the focus then shifts to multi-site setups using Cross-vCenter NSX. Next, the book covers management, backing up and restoring, upgrading, and monitoring using built-in NSX features such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring. Towards the end, you will explore how to leverage VMware NSX REST API using various tools from Python to VMware vRealize Orchestrator.
Table of Contents (19 chapters)
Title Page
Packt Upsell
Foreword
Contributors
Preface
Index

Granting access to NSX


User account management in the vSphere web client is separate from CLI user account management in any NSX components. In this recipe, we will grant several users access to the NSX plugin in the vSphere web client with the following requirements:

  • Greg as an Enterprise Administrator in NSX
  • Susan as a Security Administrator in NSX
  • Carla as an NSX Administrator in NSX

These users should not be given access to perform administration tasks against vSphere objects; they should only have read-only access to vSphere constructs. These users are available in the Active Directory domain integrated with SSO; in this example, the domain name is CORP.LOCAL. They do not have any access to the vSphere web client or NSX at the moment.

Getting ready

The users that will be granted access to NSX will need to be given access to the vCenter vSphere web client by a vSphere admin first; the minimum required access is a read-only role. Once the users have access to the vSphere web client, they can...