Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

5-tuple, 210

A
ACL (Access Control List), firewall, 203, 204
AD (Active Directory), 47–51
addressing, effective address, 66
Administrative Distance, 157
APIs (Application Program Interfaces), 273
ARP (Address Resolution Protocol), 24, 85, 281
- gratuitous, poisoning and, 216–218
- L2 headers, 79–81
- L3 headers, 79–81
- tables, VNI and, 74–75

ARP suppression, 24

B
bandwidth, ECMP, troubleshooting, 159–160
BDR (Backup Designated Router), 133
BGP (Border Gateway Protocol), 118, 120–123, 138
- eBGP, 29, 120, 151, 161, 287
- iBGP, 29, 120, 151, 161, 287

blocked traffic, 218–220
blueprints, 249
- deploying, NSX services, consuming, 271–273
- NSX services, consuming, 271–273

bridges, 284
- transparent bridging, 102

Broadcast
- Layer 2 flooding, 83
- Logical Switches, 84–85
- replication modes, 83–84

browser, as REST client, 274

C
centralized routing, versus distributed, 140–141
CLI (Command Line Interface)
- DLR, 156–157
- ESG, 156–157
- planes of operation, 17

Client Integration Plug-ins, 44
clusters, NSX Controller, 26
CMP (Cloud Management Platform), 247
colocation, 2–3
control plane, DLR, 108
Cross-vCenter NSX, 51

D
data centers, 4
- company built, 4
- workloads, 4

Dead Timer, 139
deployment
- DLR (Distributed Logical Router), 125–134
- ESG (Edge Services Gateway), 144–151
- Layer 2 Bridge, 90–101
- Logical Switch, 84
- NSX Controller, 49
  - deploying, 53–54

DevOps, vRA and, 248–249
DFW (Distributed Firewall), 29, 203, 206
- ESXi hosts, 220–221
- IDFW (Identity Distributed Firewall), 220
- IP addresses, 215–216
- maintenance, 207–209
- native rules, 206
- rules, 210–214
  - enabling by default, 218
  - security groups, 233–236
  - segregating, 214–215
- VIBs (vSphere Installation Bundles), 206
- VMs, excluding from inspection, 207

DHCP relay, 194–196
- DLR configuration, 196–197

DHCP service, ESG and, 191–192
- configuration as, 192–194

distributed routing, versus centralized, 140–141
Distributed Virtual Port Group, 94
- Layer 2 Bridge, 100

DLR (Distributed Logical Router), 28, 107–108, 138, 286
- Administrative Distance, 157
- CLI commands, 156–157
- control planes, 108
- default behaviors, 157
- deploying, 125–134
- ECMP and, 157–159
- efficiency, 111–115
- ESXi hosts and, 107–115
- forwarding address, 284–285
- Layer 2 Bridge and, 91
  - Deployment Configuration, 96
  - deployment status, 96
- LIF (Logical Interfaces), IP addresses, 115
- LIFs (logical interfaces), 29
- LR Control VM and, 285–286
- MAC addresses, 115–116
- overview, 140
- physical router comparison, 117
- protocol address, 284–285

DNAT (destination NAT), ESG (Edge Services Gateway), configuring, 169–171
DNS (Domain Name System), 138
DNS Relay, 198–199
- ESG, configuration, 199–200

DNS Server, open ports and, 40
DoS (Denial of Service) attacks, 237
DR (Designated Router), 133
DRS (Distributed Resource Scheduler), 8, 19
DVFilter (Distributed Virtual Filter), 24
dynamic security groups, 224

E
East-West traffic, 37, 110, 285
- DLR routing, 29, 111–112, 132, 140
- VM-to-VM traffic, 204

eBGP (external BGP), 151, 161, 287
- NSX Edge and, 29

ECMP (Equal Cost Multi-Path) mode, 30, 157–159
- bandwidth, troubleshooting, 159–160
- enabling, 287
- North-South traffic, 157

Edge Appliance VM, Layer 2 Bridge and, 93
Edge Firewall, 203
Edge HA, 138–139
effective addresses, 66
encapsulation, GRE (Generic Routing Encapsulation), 187
entitlements, configuring, 268–270
ESG (Edge Services Gateway), 19, 28, 29, 87–88, 110, 138, 287
- Administrative Distance, 157
- CLI commands, 156–157
- Cross-vCenter NSX, 51
- default behaviors, 157
- deploying, 144–151
- DHCP relay, 194–196
  - DLR configuration, 196–197
- DHCP service, 191–192
  - configuration as server, 192–194
- DNAT, configuring, 169–171
- DNS Relay, 198–199
  - configuration, 199–200
- ECMP and, 157–159
- firewall, 29
- Layer 2 VPN, 178–179
- load balancer, 171–173
  - configuring, 173–178
- load balancing, 29
- LR Control VM, 117
- naming, 145
- NAT, 29
- NAT (Network Address Translation), 164–165
  - DNAT, configuring, 166–167
  - SNAT, configuring, 166
- NAT Traversal, 188
- network placement, 163–164
- routing, 29
- sizing, 30
- SNAT, configuring, 167–169
- SSL VPN, 179
  - configuring, 180–186
  - split tunneling, 180
- traffic, forwarding, 118

ESP (Encapsulation Security Payload), 188
ESXi, 6
- clusters
  - NSX Manager as primary, 55–56
  - preparing, 54
  - segment ID pool, 55
  - universal segment ID, range, 56
  - VXLAN configuration, 55
- hosts, 19–20

ESXi hosts
- IDFW (Identity Distributed Firewall), 220–221
- learning routes, 108–109
- open ports and, 40

F
fault tolerance, 141
FCS (Frame Check Sequence), 80
Fibre Channel, 3
firewall, 12, 279
- ACL (Access Control List), 203, 204
- DFW (Distributed Firewall), 29, 206
- IDFW (Identity Distributed Firewall), 220
- maintenance, 207–209
- three-tier application, 208–209
- VM-to-VM traffic, 204

firewalls, 4
floating static route, 157
Forwarding Address, 118, 134–135
FQDN (Fully Qualified Domain Name), 198
full-duplex communication, 1–2

G
gratuitous ARP, poisoning and, 216–218
GRE (Generic Routing Encapsulation), 187
guest introspection, 237–238
GUI (Graphical User Interface), planes of operation, 17

H
HA (high availability), 138–140
- adding, 139–140
- fault tolerance and, 141
- NSX Manager, 41–43

HA (High Availability), 9, 19
hairpinning, 208
half-duplex communication, 1–2
hardware switches, VTEPS, 103–104
HTTP GET commands, 273
hybrid mode, 35–36
hypervisor, 6
- NSX as, 11

I
IaaS (Infrastructure as a Service), vRA, 249
iBGP (internal BGP), 151, 161, 287
- NSX Edge and, 29

identity services, vRA and, 249
IDFW (Identity Distributed Firewall), 220
IDS/IP (Intrusion Detection and Prevention Systems), 224
- DoS (Denial of Service) attacks, 237

IOChain, 24, 204–206, 289
- DVFilter (Distributed Virtual Filter), 24
- security, 24
- service insertion and, 236

IP, discovery, 290
IP addressing
- DFW (Distributed Firewall), 215–216
- DLR LIFs, 115
- NSX Manager, 43–44

IPS (Intrusion Prevention Systems), 223, 237
IPsec VPN, 187–188
- NAT Traversal, 188
- Route-Based, 187–188
- Site-to-Site VPN configuration, 188–190

IS-IS (Intermediate System to Intermediate System) routing protocol, 142
ISAKMP (Internet Security Association and Key Management), 188
iSCSI, 3

K
Kaspersky Security for Visualization, 224
kernel, versus VM (virtual machine), 140

L
LACP (Link Aggregation Control Protocol), 24
latency, hairpinning, 208
Layer 2 Bridge, 87–88, 102, 283
- architecture, 88–89
- challenges, 89
- deployment, 90–101
- Distributed Virtual Port Group, 100
- DLR (Distributed Logical Router), 91
- Edge Appliance VM and, 93
- LR Control VM, 88
- native bridging, 103
- transparent bridging, 102

Layer 2 VPN, 102
- ESG (Edge Services Gateway), 178–179

LBT (Load Balanced Teaming), 24
LDAP (Lightweight Directory Access Protocol), 47–51
LIF (Logical Interface), DLR, IP addresses, 115
LIFs (logical interfaces), 29
- routing and, 143

load balancing, ESG load balancer, 171–173
- configuring, 173–178

Logical Switch, 62
- creating, 85, 90
- deploying, 84
- hardware
  - deployment, 104
  - VTEPs, 103
- Overlay Switch, 72–73
- Switch Security module, 81–82
- Transport Zone, 73
- vDS (virtual Distributed Switch), 72

Logical Switches, 71
Lookup Service URL, 49
LR (Logical Router), 88
LR Control VM, 285–286
- BGP and, 118
- ESG (Edge Services Gateway), 117
- Layer 2 Bridge and, 88
- OSPF and, 117, 118
- VM (virtual machine), 108–111

LSAs (Link State Advertisements), 119

M
MAC Address
- DLR, 115–116
- FCS (Frame Check Sequence), 80
- security, 66

MAC table
- centralized, 75–76
- VNI and, 74–75

McAfee MOVE, 224
microsegmentation, 12, 208
migration, physical to virtual environment, 89
MTU (Maximum Transmission Unit), 69
- size, 70

Multicast
- Layer 2 flooding, 83
- Logical Switches, 84–85
- replication modes, 83–84

multicast mode, 34

N
NAT (Network Address Translation), 138, 164–165
- DNAT, configuring, 166–167
- SNAT, configuring, 166

NAT Traversal, 188
NDP (Neighbor Discovery Protocol), 210
network introspection
- DoS (Denial of Service) attacks, 237
- IDS (intrusion detection and), 236–237
- IPS (Intrusion Prevention Systems), 236–237
- Layer 7 and, 236–237

networks
- colocation, 2–3
- history, 1–2
- provisioning, 3–4
- resources, inefficient allocation, 3
- workload-to-server ratio, 3

NFS, 3
NFV (Network Function Virtualization), 137–138
- BGP, configuring, 151–154
- centralized routing, versus distributed, 140–141
- distributed routing, versus centralized, 140–141
- ESG (Edge Services Gateway), deploying, 144–151
- HA (high availability), adding, 139–140
- OSPF, configuring, 154–155
- routing
  - LIFs (logical interfaces), 143
  - protocols, 142–143
  - static routes, 155–156
  - transport zones, 142

NIC teaming, virtual switches, 65–66
NIOC (Network I/O Control), 24
North-South traffic, 28, 110, 115, 135, 140, 285
- DFW (Distributed Firewall), 29
- ECMP and, 157–160
- ESG router, 173

NSSA (not-so-stubby area), 133
NSX, 10–12
- components, 18
- controllers, 25–26
- design routing, 132–134
- firewall, 12, 279
  - kernel-embedded, 13, 279
- prerequisites, 13, 279

NSX Controller, 24, 280–281
- adding, 50
- clustering, 26
- deploying, 49
  - primary NSX Manager, 53–54
- open ports, 40
- password rules, 50–51
- placement, 49–50
- roles, 26–28

NSX Edge, 286–287
- appliance size, 147
- Cluster and Datastore selection, 147
- Configure Deployment, 146
- Configure Interfaces, 148
- Default Gateway Settings, 149
- DLR (Distributed Logical Router), 28
- eBGP and, 29
- ESG (Edge Services Gateway), 28
- Firewall and High Availability, 150
- iBGP and, 29
- interfaces, adding, 149
- Load Balancing service, 30
- NFV (Network Function Virtualization), 137–138
- resource requirements, 41
- settings, 146

NSX Edge Services Gateway. See ESG (Edge Services Gateway)
NSX Manager, 18, 280
- installation, 44–46
  - AD/LDAP, adding, 47–51
  - storage, 45
  - vCenter association, 46–47
- linking multiple
  - primary, 53–54
  - secondary, 53–54
  - universal components, 51–52
- memory requirements, 41
- NSX-V (NSX Data Center for vSphere), 39–40
  - Client Interaction Plug-in, 44
  - DRS, 41–43
  - HA (high availability), 41–43
  - IP addresses, 43–44
  - name resolution, 40
  - port groups, 43–44
  - ports, open, 40
  - resource requirements, 40–41
- OVA (Open Virtual Appliance) files, 41
- OVA files, 19
- prerequisites, 39–44
- primary
  - controller deployment, 53–54
  - Enhanced Link Mode, 53
- REST APIs, 274
- secondary
  - controller deployment, 53–54
  - Enhanced Link Mode, 53
- universal transport zone, 56–57
  - secondary manager, 58–59
  - vSphere distributed switches, 57–58
- vCenter Server, 20

NSX Virtual Switch, 22
NSX-V (NSX Data Center for vSphere), 39–40
- Client Interaction Plug-in, 44
- DRS, 41–43
- HA (high availability), 41–43
- IP addresses, 43–44
- name resolution, 40
- ports
  - open, 40
  - port groups, 43–44
- resource requirements, 40–41

NTP (Network Time Protocol) server, 47
NTP Time Server, open ports and, 40

O
OSPF (Open Shortest Path First), 119–120, 138
- configuring, 154–155
- design rules, 285
- planes of operation, 17

OVA (Open Virtual Appliance) files, 19
- NSX Manager, 41

overlay networks, 32–34
Overlay Switch, 72–73
OVSDB (Open vSwitch Database management protocol), 104

P
passwords, NSX Controller, 50–51
planes of operation, 16, 280
- CLI (Command Line Interface), 17
- control, 17
- data, 17
- GUI (Graphical User Interface), 17
- management, 17
- OSPF (Open Shortest Path First), 17

portability, 8
ports, groups, 43–44
- virtual switches, 64

Protocol Address, 118, 134–135
protocols, routing protocols
- BGP, 142
- IS-IS, 142
- OSPF, 142
- OSPF (Open Shortest Path First), 154–155

provisioning, 3–4

R
RARP (Reverse ARP), 57
RBAC (Role-Based Access Control), 30–32
- overlay networks, 32–34
- underlay networks, 32–34

replication mode
- hybrid mode, 35–36
- multicast mode, 34
- unicast mode, 35

resource allocation, 3
REST APIs (Representational State Transfer Application Program Interfaces), 18, 247, 273, 291
- browser as client, 274
- HTTP DELETE, 273, 276
- HTTP GET, 273, 275
- HTTP POST, 273, 275–276
- HTTP PUT, 273
- HTTP requests, 273–274
- NSX Manager, 274

Route-Based IPsec VPN, 187–188
routers
- static routes, configuring, 155–156
- VXLANs, 69

routing, 123–125
- BGP (Border Gateway Protocol), 120–123
- centralized versus distributed, 140–141
- distributed versus centralized, 140–141
- DLR, 140
- DLR and
  - CLI commands, 156–167
  - default behaviors, 157
- ECMP, 157–159
- ESG and
  - CLI commands, 156–167
  - default behaviors, 157
- fault tolerance, 141
- host failure, 141
- kernel, versus VM (virtual machine), 140–141
- LIFs (logical interfaces), 143
- OSPF (Open Shortest Path First), 119–120
- protocols
  - BGP, 142–143
  - IS-IS, 142
  - OSPF, 142–143, 154–155
- subnets, 26
- transport zones, 142

routing tables, 118
rules, DFW (Distributed Firewall), 210–214
- segregating, 214–215

S
SDDC (Software Defined Data Center), 9, 279, 280
- East-West traffic, 110
- North-South, 110

SDDC (Software Defined Data Centers), virtualization, 13
SDN (Software-Defined Networking), 137–138
security
- Kaspersky Security for Visualization, 224
- McAfee MOVE, 224
- virtualization, 9–10
- vSS, 66–67

Security Composer
- security groups, 224
  - defining, 227–228, 229–230
  - DFW rules and, 233–236
  - dynamic, 224
  - dynamic inclusion, 225–226, 229–230, 245
  - security tags, 231–232, 232–233
  - static, 224
  - static exclusion, 226–227, 231
  - static inclusion, 226, 227–228
- security policies
  - creating, 239–243
  - enforcing, 243–244

security groups, 224
- defining
  - dynamic inclusion, 229–230, 245
  - static inclusion, 227–228
- DFW rules and, 233–236
- dynamic, 224
- dynamic inclusion, 225–226, 229–230, 245, 290
- security tags
  - assign to VM, 232–233
  - creating, 232
  - group creation, 231–232
- static, 224
- static exclusion, 226–227, 231
- static inclusion, 226, 227–228

security policies, Security Composer
- creating, 239–243
- enforcing, 243–244

servers, workload-to-server ratio, 3
Service Composer, 223, 224
- dynamic membership, 224
- QUARANTINE.GROUP, 225
- QUARANTINE.POLICY, 225
- WEB.GROUP, 224
- WEB.POLICY, 225

service insertion, 236
- guest introspection, 237–238
- IOChain, 236
- network introspection, 236–237
- providers, 238
- SVM (Service VM), 238

service integration, 88
services
- blueprints, consuming, 271–273
- catalogs, adding items, 267–268
- defining, 266–267

sharding, 26–28
SLAs (Service-Level Agreements), vRA and, 272–273
slicing, 26–28
SNAT (source NAT), ESG (Edge Services Gateway), configuring, 167–169
split-brain, 139
SSL VPN (Secure Sockets Layer VPN), 179
- configuring, 180–186
- split tunneling, 180

SSO (single sign-on), 47
static routes, configuring, 155–156
static security groups, 224
storage
- allocating, 9
- virtualization and, 9

subnets, routing between, 26
SVM (Service VMs), 238
Switch Security module, 81–82
switches, 61
- Logical Switch, 62
- vDS (virtual Distributed Switch), 62
- virtual switches
  - NIC teaming, 65–66
  - port groups, 64
- vSS (vSphere Standard Switch (vSS) Standard Switch (vSS)), 62

swsec (switch security), 24
Syslog Server, open ports and, 40

T
tables, VNI (Virtual Network Information), 73
- collecting, 74–75

Thick Provision Eager Zeroed virtual disk format, 45
Thick Provision Lazy Zeroed virtual disk format, 45
Thin Provision virtual disk format, 45
three-tier application, 208–209
traffic
- 5-tuple, 210
- blocked, 218–220
- hairpinning, 208
- microsegmentation, 208
- three-tier application, 208–209

transparent bridging, 102
Transport Zone, Logical Switches, 73
transport zones, routing, 142
Trend Micro Intrusion Detection and Prevention Systems, 224
troubleshooting, bandwidth, ECMP, 159–160

U
underlay networks, 32–34
unicast mode, 35
Unknown unicast
- Layer 2 flooding, 83
- Logical Switches, 84–85
- replication modes, 83–84

URLs (Uniform Resource Locators), 273
UUID (Universally Unique Identifier), 41–42

V
vCenter Server, 20
- NSX Manager association, 46–47
- open ports, 40

vDS (virtual Distributed Switch), 62, 67
- acquiring, 68
- features, 68
- Logical Switch, 72

VDSs (vSphere Distributed Switches), 21, 54
VIBs (vSphere Installation Bundles), 23–24
- DFW (Distributed Firewall), 206

virtual disks
- Thick Provision Eager Zeroed, 45
- Thick Provision Lazy Zeroed, 45
- Thin Provision, 45

virtual environment, migrating from physical, 89
virtual machines, 6
- LR Control VM, 89

virtual switches
- NIC teaming, 65–66
- port groups, 64

virtualization, 6–7, 286
- planes of operation, 16
  - CLI (Command Line Interface), 17
  - control, 17
  - data, 17
  - GUI (Graphical User Interface), 17
  - management, 17
  - OSPF (Open Shortest Path First), 17
- security and, 9–10
- storage and, 9

virtualwire, 72
VM (virtual machine)
- DFW, excluding from inspection, 207
- firewalls, 204
- versus kernel, 140
- SVM (Service VM), 238

VM-to-VM traffic, East-West traffic, 204
vMotion, 8
- DRS (Distributed Resource Scheduler), 8

VMware, 6
- DRS (Distributed Resource Scheduler), 19
- HA (High Availability), 9, 19
- hypervisor, 6
- virtual machines, 6
- vMotion, 8

VMware Identity Manager, 248
VMware vSphere Enterprise Plus, VDS (vSphere Distributed Switch), 21
VNI (Virtual Network Information)
- collecting, 74–75
- MAC table, 74–76
- VTEP table, 76–78

VPNs (virtual private networks)
- IPsec VPN, 187–188
  - NAT Traversal, 188
  - Site-to-Site VPN configuration, 188–190
- Layer 2 VPN, 102
  - ESG, 178–179
- SSL VPN, 179
  - configuring, 180–186
  - split tunneling, 180

vRA (vRealize Automation), 247, 248
- Advanced edition, 249–250
- blueprints, 249
- DevOps, 249
- Enterprise edition, 249–250
- environments, 248–249
- identity services, 249
- iterative development, 249
- multi-cloud environments, 248
- NSX integration
  - automation endpoints, 250–252
  - external networks, 255–258
  - NAT network profile, 255–258
  - network profiles, 253–254
  - NSX Manager, 252–253
  - reservations, 258–260
  - routed networks, 255–258
- portal of services, 248–249
- setup, 248
- SLAs and, 272–273

vRealize Automation, 18
vRealize Easy Installer, 248
vRealize Suite Lifecycle Manager, 248
vRO (vRealize Orchestrator)
- blueprints
  - adding workflow, 264–265
  - one machine, 261–264
- entitlements, 268–270
- vRA catalog, request service, 265–268

vSphere Web Client, 18
- firewall creation, 210

vSS (vSphere Standard Switch (vSS) Standard Switch (vSS)), 62
- ESXi host, 63
- NIC teaming, 65–66
- port groups, 64
- security, 66–67
- traffic shaping, 63

VTEP (VXLAN Tunnel Endpoint), 33–34, 85–86, 103–104, 281–282
- hardware, 283
- open ports and, 40
- table, VNI, 76–78

VVD (VMware Validated Designs), 248
VXLANs (Virtual eXtensible LANs), 22, 26, 68–69, 87–88, 282
- encapsulation, 86
- Layer 2 Bridge, 87–88, 102
  - architecture, 88–89
  - challenges, 89
  - deployment, 90–101
  - Distributed Virtual Port Group, 100
  - DLR (Distributed Logical Router), 91
  - Edge Appliance VM and, 93
  - LR Control VM, 88
- routers, 69
- tunneling protocol, 32–33

W–Z
web computing, 3
workload-to-server ratio, 3
workloads, data centers, 4

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Index

Create new playlist

Sign In

Sign Up

Table of Contents for
Index