Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying VMware NSX Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
VMware NSX Cookbook

VMware NSX Cookbook

By : Bayu Wibowo, Tony Sangha
5 (4)
Buy this Book
close
close
VMware NSX Cookbook

VMware NSX Cookbook

5 (4)
By: Bayu Wibowo, Tony Sangha
Buy this Book

Overview of this book

This book begins with a brief introduction to VMware's NSX for vSphere Network Virtualization solutions and how to deploy and configure NSX components and features such as Logical Switching, Logical Routing, layer 2 bridging and the Edge Services Gateway. Moving on to security, the book shows you how to enable micro-segmentation through NSX Distributed Firewall and Identity Firewall and how to do service insertion via network and guest introspection. After covering all the feature configurations for single-site deployment, the focus then shifts to multi-site setups using Cross-vCenter NSX. Next, the book covers management, backing up and restoring, upgrading, and monitoring using built-in NSX features such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring. Towards the end, you will explore how to leverage VMware NSX REST API using various tools from Python to VMware vRealize Orchestrator.
Table of Contents (14 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Sections
Icon
Get in touch
Free Chapter
1
Getting Started with VMware NSX for vSphere
chevron up
Icon
Getting Started with VMware NSX for vSphere
Icon
Introduction
Icon
Choosing the right VMware NSX for vSphere edition
Icon
Selecting ESXi hosts and network adapters
Icon
Downloading NSX for vSphere
Icon
Deploying the NSX Manager virtual appliance
Icon
Replacing the NSX Manager certificate
Icon
Registering vCenter server with NSX Manager
Icon
Applying the NSX license
Icon
Deploying the NSX Controller Cluster
Icon
Preparing a vSphere cluster for NSX
Icon
Validating NSX VIB installation
2
Configuring VMware NSX Logical Switch Networks
Icon
Configuring VMware NSX Logical Switch Networks
Icon
Introduction
Icon
Configuring VXLAN Networking
Icon
Configuring a VXLAN Segment ID
Icon
Creating a NSX Transport Zone
Icon
Creating a NSX Logical Switch
Icon
Connecting a Virtual Machine to an NSX Logical Switch
Icon
Testing an NSX Logical Switch
Icon
Enabling the Controller Disconnected Operation Mode on a Transport Zone
3
Configuring VMware NSX Logical Routing
Icon
Configuring VMware NSX Logical Routing
Icon
Introduction
Icon
Configuring the Distributed Logical Router
Icon
Configuring the Distributed Logical Router for dynamic routing
Icon
Deploying and configuring the NSX ESG in HA mode
Icon
Understanding and configuring the NSX ESG for routing
4
Configuring VMware NSX Layer 2 Bridging
Icon
Configuring VMware NSX Layer 2 Bridging
Icon
Introduction
Icon
Configuring Software-Based Gateway Layer 2 Bridging
Icon
Selecting a hardware VTEP gateway
Icon
Integrating Hardware VTEP Gateway with VMware NSX
Icon
Extending VMware NSX Logical Switch to Hardware VTEP Gateway
5
Configuring VMware NSX Edge Services Gateway
Icon
Configuring VMware NSX Edge Services Gateway
Icon
Introduction
Icon
Configuring a DNS relay
Icon
Configuring a DHCP server
Icon
Configuring an Edge Firewall
Icon
Configuring Network Address Translation
Icon
Configuring Load Balancing
Icon
Configuring IPSEC VPN
Icon
Configuring SSL VPN
Icon
Configuring High Availability
6
Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard
Icon
Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard
Icon
Introduction
Icon
Verifying NSX DFW component status
Icon
Configuring IP Discovery for Virtual Machines
Icon
Working with SpoofGuard
Icon
Excluding Virtual Machines from DFW Protection
Icon
Configuring DFW Session Timeout
Icon
Creating Security Policy Rules from the Firewall Table Menu
Icon
Creating Security Policy Rules from the Service Composer menu
Icon
Verifying DFW rules
Icon
Leveraging the DFW Applied To field
Icon
Deploying Network or Guest Introspection Services
Icon
Configuring the Identity Firewall
7
Configuring Cross-vCenter NSX
Icon
Configuring Cross-vCenter NSX
Icon
Introduction
Icon
Configuring Primary and Secondary NSX Manager(s)
Icon
Creating a Universal Transport Zone and adding a vSphere cluster to the Universal Transport Zone
Icon
Creating a Universal Logical Switch
Icon
Creating a Universal Logical Router
Icon
Adding a VM to a Universal Logical Switch
Icon
Understanding and configuring the Universal Distributed Firewall
8
Backing up and Restoring VMware NSX Components
Icon
Backing up and Restoring VMware NSX Components
Icon
Introduction
Icon
Backing up NSX Manager
Icon
Restoring NSX Manager
Icon
Restoring NSX Controller Nodes
Icon
Restoring a Logical Switch Backing Port Group
Icon
Restoring NSX Edge
Icon
Exporting NSX DFW Rules configuration from the Firewall Menu
Icon
Restoring NSX DFW Rules configuration from the Firewall Menu
Icon
Exporting NSX Security Policy from the Service Composer Menu
Icon
Restoring NSX Security Policy from the Service Composer Menu
9
Managing User Accounts in VMware NSX
Icon
Managing User Accounts in VMware NSX
Icon
Introduction
Icon
Creating a service user account for vCenter server registration
Icon
Granting access to NSX
Icon
Creating and Managing CLI user accounts in NSX manager
10
Upgrading VMware NSX
Icon
Upgrading VMware NSX
Icon
Introduction
Icon
Preparing for VMware NSX upgrade
Icon
Verifying VMware NSX working state
Icon
Upgrading VMware NSX Manager
Icon
Upgrading NSX controller node
Icon
Upgrading VMware NSX Host Clusters
Icon
Upgrading VMware NSX Edge
Icon
Upgrading Network and Security Service Deployments
11
Managing and Monitoring VMware NSX Platform
Icon
Managing and Monitoring VMware NSX Platform
Icon
Introduction
Icon
Monitoring NSX using NSX Dashboard
Icon
Configuring the NSX Components Syslog
Icon
Configuring and viewing the NSX Distributed Firewall Log
Icon
Configuring vRealize Log Insight for NSX
Icon
Enabling NSX Flow Monitoring
Icon
Using Application Rule Manager
Icon
Using NSX Endpoint Monitoring
12
Leveraging the VMware NSX REST API for Management and Automation
Icon
Leveraging the VMware NSX REST API for Management and Automation
Icon
Introduction
Icon
Using the REST API with the Postman REST client
Icon
Using the REST API with cURL
Icon
Using the REST API with PowerShell
Icon
Using the REST API with Python
Icon
Using the vRealize Orchestrator plugin for NSX
13
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Replacing the NSX Manager certificate

When you first deploy the NSX Manager, it creates a self-signed certificate. Using a self-signed certificate is generally not a recommended security practice. It is recommended to deploy a signed certificate from your internal certificate authority. NSX Manager supports two ways of deploying a signed certificate, which are as follows:

  • Certificate signing request to a Certificate Authority (CA)
  • Importing a PKCS#12 certificate archive (bundle) onto the NSX Manager, which includes the private and public key for NSX Manager and certificate chain of any subordinate CAs in your environment

In the following recipes, we will explore how you can create a certificate signing request on NSX Manager and how to import a PKCS#12 certificate bundle onto the NSX Manager.

Certificate Signing Request

A Certificate Signing Request (CSR) is the first part in a three-step process; this process involves the following steps:

  1. The NSX Manager creating a CSR
  2. The CSR is sent as a request to the certificate authority, which then signs the certificate and sends back a signed certificate
  3. Importing the signed certificate into the NSX Manager

How to do it...

The procedure to complete a certificate signing request is as follows:

  1. Log into NSX Manager via your web browser
  2. Click on Manage Appliance Settings
  3. Click on SSL Certificates
  1. Click on Generate CSR and follow the prompts as per the following screenshot:
  1. Click on OK and select Download CSR
  2. Send the CSR file to your security administrator and get the certificate signed
  3. With the returned certificate, click on Import so you can import the correct certificate into the NSX Manager
  4. Reboot the NSX Manager to complete the process of importing a signed certificate into the NSX Manager

PKCS#12 certificate

Importing PKCS#12 into the NSX Manager is used when the certificate signing was not completed using the CSR method outlined in the previous recipe. The PKCS#12 format is typically used in scripted installations of NSX Manager and other components. If a CSR was not generated by the NSX Manager itself, it is required that the PKCS#12 archive is imported into NSX Manager.

The PKCS#12 archive generally consists of the following:

  • A signed server certificate
  • A private key for the signed certificate
  • Root and intermediate certificate authority public keys

The PKCS#12 is also password-protected, so it's important to have the password before attempting to import the PKCS#12 archive into NSX Manager.

In some cases, the received signed certificate may not be in the PCKS#12 format. In this event, you must convert the certificates into the PKCS#12 format for import into the NSX Manager. This can be achieved using openSSL (https://www.openssl.org/), and the command to achieve this is as follows:

openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile CACert.crt

How to do it...

The procedure to import the PCKS#12 archive is as follows:

  1. Log into the NSX Manager via your web browser
  2. Click on Manage Appliance Settings
  3. Click on SSL Certificates
  4. Click on Upload PCKS#12 Keystore and browse to the file
  5. Enter the password for archive and click on Import
  6. Reboot the NSX Manager to complete the process of importing the signed certificate
End of Section 7
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY