Book Image

VMware NSX Cookbook

By : Bayu Wibowo, Tony Sangha
Book Image

VMware NSX Cookbook

By: Bayu Wibowo, Tony Sangha

Overview of this book

This book begins with a brief introduction to VMware's NSX for vSphere Network Virtualization solutions and how to deploy and configure NSX components and features such as Logical Switching, Logical Routing, layer 2 bridging and the Edge Services Gateway. Moving on to security, the book shows you how to enable micro-segmentation through NSX Distributed Firewall and Identity Firewall and how to do service insertion via network and guest introspection. After covering all the feature configurations for single-site deployment, the focus then shifts to multi-site setups using Cross-vCenter NSX. Next, the book covers management, backing up and restoring, upgrading, and monitoring using built-in NSX features such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring. Towards the end, you will explore how to leverage VMware NSX REST API using various tools from Python to VMware vRealize Orchestrator.
Table of Contents (19 chapters)
Title Page
Packt Upsell
Foreword
Contributors
Preface
Index

Understanding and configuring the Universal Distributed Firewall


The Universal Distributed Firewall allows centralized management of firewall rules that apply to all DFW-prepared ESXi hosts in your environment. Cross-vCenter vMotion is also supported, which enables you to move workloads or virtual machines from one vCenter server to another with a security policy that follows the VM as it migrates between data centers.

The Universal Distributed Firewall supports both layer 2 (L2) and layer 3 (L3) rules to span across vCenter domains; universal rules take precedence over local distributed firewall rules and are contained in universal firewall sections. The universal rules are populated into their corresponding L2 or L3 universal sections, which are then synchronized to the Secondary NSX Manager(s) using the universal synchronization service.

Note

It is important to note that universal and local distributed firewall rules are not mutually exclusive, and both can be used in any NSX domain.

The...