Course Overview
By the end of the course, you should be able to meet the following objectives:
- Describe the architecture and main components of NSX
- Explain the features and benefits of NSX
- Deploy the NSX Management cluster and VMware NSX® Edge™ nodes
- Prepare VMware ESXi™ hosts to participate in NSX networking
- Create and configure segments for layer 2 forwarding
- Create and configure Tier-0 and Tier-1 gateways for logical routing
- Use distributed and gateway firewall policies to filter east-west and north-south traffic in NSX
- Configure Advanced Threat Prevention features
- Configure network services on NSX Edge nodes
- Use VMware Identity Manager™ and LDAP to manage users and access
- Explain the use cases, importance, and architecture of Federation
Prerequisites
- Good understanding of TCP/IP services and protocols
- Knowledge and working experience of computer networking, including switching and routing technologies (L2 through L3) and L2 through L7 firewall
- Knowledge and working experience with VMware vSphere® environments
- Knowledge and working experience with Kubernetes or VMware vSphere® with VMware Tanzu® environments
Course Modules
1 Course Introduction
- Introductions and course logistics
- Course objectives
2 VMware Virtual Cloud Network and VMware NSX
- Introduce the VMware Virtual Cloud Network vision
- Describe the NSX product portfolio
- Discuss NSX features, use cases, and benefits
- Explain NSX architecture and components
- Explain the management, control, data, and consumption planes and their functions.
3 Preparing the NSX Infrastructure
- Deploy VMware NSX® ManagerTM nodes on ESXi hypervisors
- Navigate through the NSX UI
- Explain data plane components such as N-VDS/VDS, transport nodes, transport zones, profiles, and more
- Perform transport node preparation and configure the data plane infrastructure
- Verify transport node status and connectivity
- Explain DPU-based acceleration in NSX
- Install NSX using DPUs
4 NSX Logical Switching
- Introduce key components and terminology in logical switching
- Describe the function and types of L2 segments
- Explain tunneling and the Geneve encapsulation
- Configure logical segments and attach hosts using NSX UI
- Describe the function and types of segment profiles
- Create segment profiles and apply them to segments and ports
- Explain the function of MAC, ARP, and TEP tables used in packet forwarding
- Demonstrate L2 unicast packet flow
- Explain ARP suppression and BUM traffic handling
5 NSX Logical Routing
- Describe the logical routing function and use cases
- Introduce the two-tier routing architecture, topologies, and components
- Explain the Tier-0 and Tier-1 gateway functions
- Describe the logical router components: Service Router and Distributed Router
- Discuss the architecture and function of NSX Edge nodes
- Discuss deployment options of NSX Edge nodes
- Configure NSX Edge nodes and create NSX Edge clusters
- Configure Tier-0 and Tier-1 gateways
- Examine single-tier and multitier packet flows
- Configure static routing and dynamic routing, including BGP and OSPF
- Enable ECMP on a Tier-0 gateway
- Describe NSX Edge HA, failure detection, and failback modes
- Configure VRF Lite
6 NSX Bridging
- Describe the function of logical bridging
- Discuss the logical bridging use cases
- Compare routing and bridging solutions
- Explain the components of logical bridging
- Create bridge clusters and bridge profiles
7 NSX Firewalls
- Describe NSX segmentation
- Identify the steps to enforce Zero-Trust with NSX segmentation
- Describe the Distributed Firewall architecture, components, and function
- Configure Distributed Firewall sections and rules
- Configure the Distributed Firewall on VDS
- Describe the Gateway Firewall architecture, components, and function
- Configure Gateway Firewall sections and rules
8 NSX Advanced Threat Prevention
- Explain NSX IDS/IPS and its use cases
- Configure NSX IDS/IPS
- Deploy NSX Application Platform
- Identify the components and architecture of NSX Malware Prevention
- Configure NSX Malware Prevention for east-west and north-south traffic
- Describe the use cases and architecture of VMware NSX® Intelligence™
- Identify the components and architecture of VMware NSX® Network Detection and Response™
- Use NSX Network Detection and Response to analyze network traffic events.
9 NSX Services
- Explain and configure Network Address Translation (NAT)
- Explain and configure DNS and DHCP services
- Describe VMware NSX® Advanced Load Balancer™ architecture, components, topologies, and use cases.
- Configure NSX Advanced Load Balancer
- Discuss the IPSec VPN and L2 VPN function and use cases
- Configure IPSec VPN and L2 VPN using the NSX UI
10 NSX User and Role Management
- Describe the function and benefits of VMware Identity Manager™ in NSX
- Integrate VMware Identity Manager with NSX
- Integrate LDAP with NSX
- Identify the various types of users, authentication policies, and permissions
- Use role-based access control to restrict user access
- Explain object-based access control in NSX
11 NSX Federation
- Introduce the NSX Federation key concepts, terminology, and use cases.
- Explain the onboarding process of NSX Federation
- Describe the NSX Federation switching and routing functions.
- Describe the NSX Federation security concepts.