Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • VMware NSX Cookbook
  • Toc
  • feedback
VMware NSX Cookbook

VMware NSX Cookbook

By : Bayu Wibowo, Tony Sangha
5 (4)
close
VMware NSX Cookbook

VMware NSX Cookbook

5 (4)
By: Bayu Wibowo, Tony Sangha

Overview of this book

This book begins with a brief introduction to VMware's NSX for vSphere Network Virtualization solutions and how to deploy and configure NSX components and features such as Logical Switching, Logical Routing, layer 2 bridging and the Edge Services Gateway. Moving on to security, the book shows you how to enable micro-segmentation through NSX Distributed Firewall and Identity Firewall and how to do service insertion via network and guest introspection. After covering all the feature configurations for single-site deployment, the focus then shifts to multi-site setups using Cross-vCenter NSX. Next, the book covers management, backing up and restoring, upgrading, and monitoring using built-in NSX features such as Flow Monitoring, Traceflow, Application Rule Manager, and Endpoint Monitoring. Towards the end, you will explore how to leverage VMware NSX REST API using various tools from Python to VMware vRealize Orchestrator.
Table of Contents (14 chapters)
close
close
Preface
chevron up
Preface
Who this book is for
What this book covers
To get the most out of this book
Sections
Get in touch
Free Chapter
1
Getting Started with VMware NSX for vSphere
Getting Started with VMware NSX for vSphere
Introduction
Choosing the right VMware NSX for vSphere edition
Selecting ESXi hosts and network adapters
Downloading NSX for vSphere
Deploying the NSX Manager virtual appliance
Replacing the NSX Manager certificate
Registering vCenter server with NSX Manager
Applying the NSX license
Deploying the NSX Controller Cluster
Preparing a vSphere cluster for NSX
Validating NSX VIB installation
2
Configuring VMware NSX Logical Switch Networks
Configuring VMware NSX Logical Switch Networks
Introduction
Configuring VXLAN Networking
Configuring a VXLAN Segment ID
Creating a NSX Transport Zone
Creating a NSX Logical Switch
Connecting a Virtual Machine to an NSX Logical Switch
Testing an NSX Logical Switch
Enabling the Controller Disconnected Operation Mode on a Transport Zone
3
Configuring VMware NSX Logical Routing
Configuring VMware NSX Logical Routing
Introduction
Configuring the Distributed Logical Router
Configuring the Distributed Logical Router for dynamic routing
Deploying and configuring the NSX ESG in HA mode
Understanding and configuring the NSX ESG for routing
4
Configuring VMware NSX Layer 2 Bridging
Configuring VMware NSX Layer 2 Bridging
Introduction
Configuring Software-Based Gateway Layer 2 Bridging
Selecting a hardware VTEP gateway
Integrating Hardware VTEP Gateway with VMware NSX
Extending VMware NSX Logical Switch to Hardware VTEP Gateway
5
Configuring VMware NSX Edge Services Gateway
Configuring VMware NSX Edge Services Gateway
Introduction
Configuring a DNS relay
Configuring a DHCP server
Configuring an Edge Firewall
Configuring Network Address Translation
Configuring Load Balancing
Configuring IPSEC VPN
Configuring SSL VPN
Configuring High Availability
6
Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard
Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard
Introduction
Verifying NSX DFW component status
Configuring IP Discovery for Virtual Machines
Working with SpoofGuard
Excluding Virtual Machines from DFW Protection
Configuring DFW Session Timeout
Creating Security Policy Rules from the Firewall Table Menu
Creating Security Policy Rules from the Service Composer menu
Verifying DFW rules
Leveraging the DFW Applied To field
Deploying Network or Guest Introspection Services
Configuring the Identity Firewall
7
Configuring Cross-vCenter NSX
Configuring Cross-vCenter NSX
Introduction
Configuring Primary and Secondary NSX Manager(s)
Creating a Universal Transport Zone and adding a vSphere cluster to the Universal Transport Zone
Creating a Universal Logical Switch
Creating a Universal Logical Router
Adding a VM to a Universal Logical Switch
Understanding and configuring the Universal Distributed Firewall
8
Backing up and Restoring VMware NSX Components
Backing up and Restoring VMware NSX Components
Introduction
Backing up NSX Manager
Restoring NSX Manager
Restoring NSX Controller Nodes
Restoring a Logical Switch Backing Port Group
Restoring NSX Edge
Exporting NSX DFW Rules configuration from the Firewall Menu
Restoring NSX DFW Rules configuration from the Firewall Menu
Exporting NSX Security Policy from the Service Composer Menu
Restoring NSX Security Policy from the Service Composer Menu
9
Managing User Accounts in VMware NSX
Managing User Accounts in VMware NSX
Introduction
Creating a service user account for vCenter server registration
Granting access to NSX
Creating and Managing CLI user accounts in NSX manager
10
Upgrading VMware NSX
Upgrading VMware NSX
Introduction
Preparing for VMware NSX upgrade
Verifying VMware NSX working state
Upgrading VMware NSX Manager
Upgrading NSX controller node
Upgrading VMware NSX Host Clusters
Upgrading VMware NSX Edge
Upgrading Network and Security Service Deployments
11
Managing and Monitoring VMware NSX Platform
Managing and Monitoring VMware NSX Platform
Introduction
Monitoring NSX using NSX Dashboard
Configuring the NSX Components Syslog
Configuring and viewing the NSX Distributed Firewall Log
Configuring vRealize Log Insight for NSX
Enabling NSX Flow Monitoring
Using Application Rule Manager
Using NSX Endpoint Monitoring
12
Leveraging the VMware NSX REST API for Management and Automation
Leveraging the VMware NSX REST API for Management and Automation
Introduction
Using the REST API with the Postman REST client
Using the REST API with cURL
Using the REST API with PowerShell
Using the REST API with Python
Using the vRealize Orchestrator plugin for NSX
13
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

To get the most out of this book

The book was written using vSphere version 6.5 and NSX-v version 6.3. vSphere 5.5 and later can be used, but you should independently validate all software components are compatible with the version of NSX you are deploying via the VMware Product Interoperability Matrices (https://www.vmware.com/resources/compatibility/sim/interop_matrix.php), and all hardware should be checked via the VMware Hardware Compatibility Guide (HCL) (http://www.vmware.com/go/hcl).

To install VMware for vSphere you will need to obtain the appropriate software; unfortunately, without a valid contract you will need contact the VMware sales team (http://www.vmware.com/company/contact_sales.html) to obtain it.

All recipes require a supported guest operating system, web browser, and Adobe Flash Player to access the vSphere Web Client. The minimum supported requirements are vSphere version-dependent; for example, the requirements for vSphere 6.5 are documented at the following URL: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-F6D456D7-C559-439D-8F34-4FCF533B7B42.html. Additionally, you will need an SSH client to access ESXi hosts and/or NSX components.

Two of the recipes in Chapter 4, Configuring VMware NSX Layer 2 Bridging, are based on hardware VTEP bridging, which requires compatible hardware. Unless you have a compatible piece of hardware, you may not be able to test this recipe. In this case, you can visit an online interactive simulation provided by VMware Hands-on Labs to walk through configuration steps in detail: http://docs.hol.vmware.com/hol-isim/HOL-2017/hol-1703-arista.htm.

The NSX Identity Firewall in Chapter 6, Configuring VMware NSX Distributed Firewall (DFW) and SpoofGuard, and Endpoint Monitoring in Chapter 11, Managing and Monitoring VMware NSX Platform, require a compatible desktop operating system. The specific list of compatible operating systems are covered in the respective chapters, and at the time of writing this book, was limited to Microsoft Windows operating systems only.

Chapter 7, Configuring Cross-vCenter NSX, is a multi-vCenter setup that requires additional compute infrastructure and virtual components for complete configuration. This includes a minimum of two vCenter servers, two NSX managers, and the relevant infrastructure components for each.

Chapter 8, Backing up and Restoring VMware NSX Components, covers backup and software of NSX components and requires deployment of either a File Transfer Protocol (FTP) or SSH File Transfer Protocol (SFTP) server.

VMware vRealize Log Insight (vRLI) is covered in Chapter 11, Managing and Monitoring VMware NSX Platform; deployment and configuration for vRLI is not within the scope of this book. However, VMware NSX customers are entitled for VMware vRealize Log Insight, see VMware KB 2145800 vRealize Log Insight for NSX FAQ https://kb.vmware.com/s/article/2145800.

Chapter 12, Leveraging the VMware NSX REST API for Management and Automation, covers the NSX REST API and requires the following software installed on your administrative machine for testing:

If you do not have an environment to work with NSX, you can still test-drive NSX on VMware Hands-on Lab (HOL): https://www.vmware.com/products/nsx/nsx-hol.html.

Download the example code files

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

  1. Log in or register at www.packtpub.com.
  2. Select the SUPPORT tab.
  3. Click on Code Downloads & Errata.
  4. Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR/7-Zip for Windows
  • Zipeg/iZip/UnRarX for Mac
  • 7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/VMware-NSX-Cookbook. In case there's an update to the code, it will be updated on the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "To check whether cURL is available in the operating system, use the curl ---version command."

A block of code is set as follows:

# NSX Variables 
$NSXUsername = "admin" 
$NSXPassword = "VMware1!" 
$NSXManager = "https://nsxmgr-01a.corp.local" 
$NSXURI = "/api/2.0/services/usermgmt/user/admin"

Any command-line input or output is written as follows:

curl -k -X GET -H "Accept: application/xml" -H "Content-Type: application/xml" -u admin:VMware1! 'https://nsxmgr-01a.corp.local/api/2.0/services/usermgmt/user/admin'

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Select All Downloads, scroll down to the Networking & Security menu item, and click Drivers & Tools."

Warnings or important notes appear like this.
Tips and tricks appear like this.

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete