I am currently teaching a few VMware NSX ICM courses.
The challenge for me is the diversity of the IT professionals , normally being 50% VMware guys and 50% network guys.
A few people have asked for an Acronyms sheet while doing the course. I knocked one up for the classes but thought it might be useful as a download.
It can be found here
Just finished a session on VCP-NV Objective 6 with the vBrownbag team in EMEA.
I covered the NSX Edge concepts, use cases and some demos of installation, SSL VPN, and HA mode.
The recording has been posted by the team and can be viewed here
Thanks to Gregg for organising and Frank for helping me out today!
Happy New Year to all
I have had a few days off work and thought I would spend a few moments on another 15 NSX questions
The VCP-NV is sounding pretty popular in the community. Lots of New Year resolutions mentioned working towards passing this cert.
On a recent VMware NSX ICM course an attendee asked “With NSX being released, is there any point reviewing and learning vCNS?”. I have been asked this a few times , so thought it would make a good summary post :>
Similar to NSX vCNS is a toolkit that enables the vAdmin with the ability to incorporate extensive network and security features within the virtualisation stack. Its not available as a separate SKU (any more) but is part of vCloud Suite. The latest version is inline with vSphere being v5.5.
Personally I would regard the vCNS suite as a useful addition to satisfy requirements and give users / other IT professionals insight to the vNetwork. While it is a stepping stone to NSX. vCNS allows a vAdmin to take substantially more control of the network and security space compared to dVS alone and impact provisioning times while maintaining the consistency that comes with some automation (templates, vApps etc) without going fully into SDDC.
In a recent design I have been working on , I recommended vCloud suite for network zoning, data security and aiding cloud bursting requirements. The company at has no SDDC requirement at present, but when implemented correctly the vCNS can be a precursor with an upgrade path for internal IT road-mapping if SDDC was needed at a later date (licence wise add ons can be purchased).
The ability to use load balancing, high security zones and a variety of network tools within the vSphere platform while keeping the physical network static proves useful for overall operational management, and a potentially more flexible cluster design (ie larger heterogeneous workload cluster -DMZ , Test, and production workloads running logically separated) without going fully SDDC or NV route. vCloud suite can also prove quite cost effective when DR requirements justify the use of SRM alongside the networking and security aspects.
vCNS vs NSX High Level Functionality Compared
|Management Appliance – 1:1 with vCenterEasy UI||Management Appliance – 1:1 with vCenter, plus full Api|
|VXLAN Supported using a hypervisor kernal.Requires Multicast||VXLAN Supported using a hypervisor kernal.Does not require multicast to be enabled|
|Edge Service Gateway providingVPN – (site to site / SSL ), NAT, NLB, etcStatic Routing||Edge Service Gateway providingVPN – (site to site / SSL ), NAT, NLB, etcStatic and Dynamic routing|
|Virtual aware firewall (ie resource pool object)||Virtual aware Firewall (N/S) and kernal based granular to low level (ie domain users, VM tags – dynamic groups).|
|Routing via virtual guest machine device||hypervisor based router|
|Layer 2 bridging supported to physical|
|Data security file scanning for keyword formats (ie health numbers, and card numbers)||Data security file scanning for keyword formats (ie health numbers, and card numbers)|
|vSphere 5.5 dvs features supported||vSphere 5.5 dvs features supported|
Same but different
From an logical perspective, the vCNS and NSX toolkits have similarities with virtual appliance based managers which serve as a management / API endpoints and deployment platforms. Both management platforms have a 1:1 relationship with a vCenter deployment (whiteboards below are from a class rather than visio’d – sorry :> )
Both vCNS and NSX provide logical networks using hypervisor based VXLAN modules. Data compliance and A/V policies can be addressed with endpoint hypervisor modules / service 3rd party appliances , and data security functionality, while micro-segmentation is a distinct NSX advantage within the hypervisor – vShield app can satisfy a lot of enterprise requirements for internal project walls and potential vApp, resource pool, zones requirements (ie non persistent desktops using linked clones to a resource pool with a defined high security zone)
vCNS has a great track record and is proven technology being part of vCloud for quite some time. In the past I have been part of projects where the Edge device has undergone extensive penetration testing and the device has always powered through to production in a variety of application deployments.
In my opinion by understanding vCNS a VMware admin can start the network virtualisation journey and very quickly understand how the platform evolves into NSX. It has great ease of deployment and is a standalone management without the need for a cloud management platform (ie vCAC). The vCNS manager is used to deploy endpoint and solutions such as Trend deep security, the extra features of vCNS can be quickly learned from this GUI.
Also by understanding and studying for the VCP-NV certification , Skills for vCNS are very quickly transferred. NSX is the hot and fully functional platform for this area with vSphere, but for a lot of vAdmins vCNS can be a great starting block or answer to give businesses confidence in network virtualisation and highlight the benefits.
I taught another VMware NSX ICM course last week. It was a challenging week for many reasons, but I enjoyed some great discussions about vCNS and the pathway to NSX.
As part of my morning whiteboards and reviews I always ask loads of questions to the attendees.
While they are fresh in my head, I thought I would drop them into another VCP-NV practice test