VMware NSX Cookbook

VMware NSX Cookbook

By : Bayu Wibowo, Tony Sangha

Buy this Book

VMware NSX Cookbook

By: Bayu Wibowo, Tony Sangha

Buy this Book

Overview of this book

This book begins with a brief introduction to VMware's NSX for vSphere Network Virtualization solutions and how to deploy and configure NSX components and features such as Logical Switching, Logical Routing, layer 2 bridging and the Edge Services Gateway. Moving on to security, the book shows you how to enable micro-segmentation through NSX Distributed Firewall and Identity Firewall and how to do service insertion via network and guest introspection. After covering all the feature configurations for single-site deployment, the focus then shifts to multi-site setups using Cross-vCenter NSX. Next, the book covers management, backing up and restoring, upgrading, and monitoring using built-in NSX features such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring. Towards the end, you will explore how to leverage VMware NSX REST API using various tools from Python to VMware vRealize Orchestrator.

Title Page

Packt Upsell

Foreword

Contributors

Preface

Free Chapter

Getting Started with VMware NSX for vSphere

Introduction

Choosing the right VMware NSX for vSphere edition

Selecting ESXi hosts and network adapters

Downloading NSX for vSphere

Deploying the NSX Manager virtual appliance

Replacing the NSX Manager certificate

Registering vCenter server with NSX Manager

Applying the NSX license

Deploying the NSX Controller Cluster

Preparing a vSphere cluster for NSX

Validating NSX VIB installation

Configuring VMware NSX Logical Switch Networks

Introduction

Configuring VXLAN Networking

Configuring a VXLAN Segment ID

Creating a NSX Transport Zone

Creating a NSX Logical Switch

Connecting a Virtual Machine to an NSX Logical Switch

Testing an NSX Logical Switch

Enabling the Controller Disconnected Operation Mode on a Transport Zone

Configuring VMware NSX Logical Routing

Introduction

Configuring the Distributed Logical Router

Configuring the Distributed Logical Router for dynamic routing

Deploying and configuring the NSX ESG in HA mode

Understanding and configuring the NSX ESG for routing

Configuring VMware NSX Layer 2 Bridging

Introduction

Configuring Software-Based Gateway Layer 2 Bridging

Selecting a hardware VTEP gateway

Integrating Hardware VTEP Gateway with VMware NSX

Extending VMware NSX Logical Switch to Hardware VTEP Gateway

Configuring VMware NSX Edge Services Gateway

Introduction

Configuring a DNS relay

Configuring a DHCP server

Configuring an Edge Firewall

Configuring Network Address Translation

Configuring Load Balancing

Configuring IPSEC VPN

Configuring SSL VPN

Configuring High Availability

Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard

Introduction

Verifying NSX DFW component status

Configuring IP Discovery for Virtual Machines

Working with SpoofGuard

Excluding Virtual Machines from DFW Protection

Configuring DFW Session Timeout

Creating Security Policy Rules from the Firewall Table Menu

Creating Security Policy Rules from the Service Composer menu

Verifying DFW rules

Leveraging the DFW Applied To field

Deploying Network or Guest Introspection Services

Configuring the Identity Firewall

Configuring Cross-vCenter NSX

Introduction

Configuring Primary and Secondary NSX Manager(s)

Creating a Universal Transport Zone and adding a vSphere cluster to the Universal Transport Zone

Creating a Universal Logical Switch

Creating a Universal Logical Router

Adding a VM to a Universal Logical Switch

Understanding and configuring the Universal Distributed Firewall

Backing up and Restoring VMware NSX Components

Introduction

Backing up NSX Manager

Restoring NSX Manager

Restoring NSX Controller Nodes

Restoring a Logical Switch Backing Port Group

Restoring NSX Edge

Exporting NSX DFW Rules configuration from the Firewall Menu

Restoring NSX DFW Rules configuration from the Firewall Menu

Exporting NSX Security Policy from the Service Composer Menu

Restoring NSX Security Policy from the Service Composer Menu

Managing User Accounts in VMware NSX

Introduction

Creating a service user account for vCenter server registration

Granting access to NSX

Creating and Managing CLI user accounts in NSX manager

Upgrading VMware NSX

Introduction

Preparing for VMware NSX upgrade

Verifying VMware NSX working state

Upgrading VMware NSX Manager

Upgrading NSX controller node

Upgrading VMware NSX Host Clusters

Upgrading VMware NSX Edge

Upgrading Network and Security Service Deployments

Managing and Monitoring VMware NSX Platform

Introduction

Monitoring NSX using NSX Dashboard

Configuring the NSX Components Syslog

Configuring and viewing the NSX Distributed Firewall Log

Configuring vRealize Log Insight for NSX

Enabling NSX Flow Monitoring

Using Application Rule Manager

Using NSX Endpoint Monitoring

Leveraging the VMware NSX REST API for Management and Automation

Introduction

Using the REST API with the Postman REST client

Using the REST API with cURL

Using the REST API with PowerShell

Using the REST API with Python

Using the vRealize Orchestrator plugin for NSX

Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Deploying the NSX Manager virtual appliance

Deploying the NSX Manager virtual appliance is the first step to enabling network virtualization in your vSphere environment. In this recipe, you will go through the steps to enable your environment for NSX.

The following diagram depicts the logical process of enabling your environment for network virtualization, and the first four steps will be covered in this chapter:

Getting ready

Before deploying NSX Manager, the following prerequisites need to be satisfied:

Static IP address and portgroup for NSX Manager
Firewall ports open between NSX Manager, vCenter server, and ESXi VMKernel 0 Interface on each host (refer to Appendix for a complete list of ports)
Forward and reverse DNS entries for NSX Manager
NTP server is accessible; minimum of four is recommended for accurate time
Shared datastore for the appliance to be deployed onto
Satisfy minimum requirements for NSX Manager
Fill in the following table before deployment (removing prefilled data to reflect your environment):

Component	Value
NSX appliance name	`nsxmgr-01a`
NSX Manager hostname	`nsxmgr-01a`
vSphere cluster	`RegionA01`
Datastore	`vsanDatastore`
vSphere network (Portgroup)	`VM Network`
IPv4 address	`192.168.1.111`
Subnet mask	`255.255.255.0`
Default gateway	`192.168.1.254`
Domain name	`corp.local`
DNS server(s)	`192.168.1.100`
NTP servers(s)	`192.168.1.100` (Use four in production)
Enable SSH	`yes`
CLI password	`VMware1!`
CLI privilege password	`VMware1!`

How to do it...

The following steps will detail how to deploy the NSX Manager appliance:

Log into the vSphere Web Client
Select Hosts and Clusters, right-click on the target cluster and select Deploy OVF Template

Select Local File and locate the NSX Manager OVA downloaded earlier; click on Next
Type in the Name of the virtual appliance and click on Next
Select the vSphere cluster and resource where you want to deploy NSX Manager and select Next
Review details, Accept license agreements and click on Next
Select the shared datastore of where you want the virtual appliance to be deployment onto
Select the VLAN-backed portgroup as defined earlier and click on Next
Fill in the template details as highlighted in the preceding table and click on Next
Ensure all details are correct and click on Finish:

VMware NSX Cookbook

By : Bayu Wibowo, Tony Sangha

VMware NSX Cookbook

By: Bayu Wibowo, Tony Sangha

Overview of this book

Related Content you might be interested in

Current Title:

VMware NSX Cookbook

Learning VMware NSX

VMware Cross-Cloud Architecture

Mastering VMware vSphere 6.5

Deploying the NSX Manager virtual appliance

Getting ready

How to do it...