Skip to content
18 Feb 2015

Useful NSX / VCP-NV Acronym sheet

by Paul McSharry

I am currently teaching a few VMware NSX ICM courses.

The challenge for me is the diversity of the IT professionals , normally being 50% VMware guys and 50% network guys.

A few people have asked for an Acronyms sheet while doing the course.  I knocked one up for the classes but thought it might be useful as a download.

It can be found here

13 Jan 2015

Another NSX vBrownbag Presented

by Paul McSharry

Just finished a session on VCP-NV Objective 6  with the vBrownbag team in EMEA.Brownbag_objective6

I covered the NSX Edge concepts, use cases and some demos of installation, SSL VPN, and HA mode.

The recording has been posted by the team and can be viewed here

Thanks to Gregg for organising and Frank for helping me out today!



2 Jan 2015

Another NSX quiz to start the year

by Paul McSharry

Happy New Year  to all

I have had a few days off work and thought I would spend a few moments  on  another 15 NSX questions 

The VCP-NV is sounding pretty popular in the community.  Lots of New Year resolutions mentioned working towards passing this cert.

24 Dec 2014

Is there any point – vCNS vs NSX-v

by Paul McSharry

On a recent VMware NSX ICM course   an attendee asked “With NSX being released, is there any point reviewing and learning vCNS?”.  I  have been asked this a few times , so thought it would make a good summary post :>

Similar to NSX vCNS is a toolkit that enables the vAdmin  with the ability to incorporate extensive network and security features within the virtualisation stack.   Its not available as a separate SKU (any more)  but is part of vCloud Suite.  The latest version is inline with vSphere being v5.5.

Personally I would regard the vCNS suite as a useful addition to satisfy requirements and  give users / other IT professionals insight to the vNetwork.      While it  is a stepping stone to NSX.  vCNS allows  a vAdmin to take  substantially more control of the network and security space  compared to dVS alone and impact provisioning times while maintaining the consistency that comes with some automation  (templates, vApps etc) without going fully into SDDC.

In a recent design I have been working on , I recommended  vCloud suite for network zoning,  data security and aiding cloud bursting requirements.  The company at has no SDDC requirement at present,  but when implemented correctly the vCNS can be a precursor with an upgrade path for internal IT road-mapping if SDDC was needed at a later date (licence wise add ons can be purchased).

The ability to use load balancing, high security zones and a variety of network tools within the vSphere platform while keeping the physical network  static proves useful for overall operational management, and a potentially more flexible cluster design (ie larger heterogeneous workload cluster -DMZ , Test, and production workloads running  logically separated) without going fully SDDC or NV route.   vCloud suite  can also prove quite cost effective when DR requirements justify the use of SRM alongside the networking and security aspects.

vCNS vs NSX High Level Functionality Compared 

Management Appliance – 1:1 with vCenterEasy UI Management Appliance – 1:1 with vCenter, plus full Api
VXLAN Supported using a hypervisor kernal.Requires Multicast VXLAN Supported using a hypervisor kernal.Does not require multicast to be enabled
Edge Service Gateway providingVPN – (site to site / SSL ), NAT, NLB, etcStatic Routing Edge Service Gateway providingVPN – (site to site / SSL ), NAT, NLB, etcStatic and Dynamic routing
Virtual aware firewall (ie resource pool object) Virtual aware Firewall (N/S) and kernal based granular to low level (ie domain users, VM tags – dynamic groups).
 Routing via virtual guest machine device  hypervisor based router
Layer 2 bridging supported to physical
Data security file scanning for keyword formats (ie health numbers, and card numbers)  Data security file scanning for keyword formats (ie health numbers, and card numbers)
vSphere  5.5 dvs features supported vSphere  5.5 dvs features supported


Same but different

From an logical perspective, the vCNS and NSX toolkits  have similarities with virtual appliance based managers which serve as a management / API endpoints and deployment platforms.   Both management platforms have a 1:1 relationship with a vCenter deployment (whiteboards below are from a class rather than visio’d – sorry :> )

vcns_logical NSX_logical

Both vCNS and NSX provide logical networks using hypervisor based VXLAN modules.  Data compliance and A/V policies can be addressed with endpoint hypervisor modules / service 3rd party appliances , and data security functionality,  while micro-segmentation is a distinct NSX advantage within the hypervisor – vShield app can satisfy  a lot of enterprise requirements for internal project walls and potential  vApp, resource pool,  zones requirements (ie non persistent desktops using linked clones to a resource pool with a defined high security  zone)

vCNS has a great track record and is proven technology being part of vCloud for quite some time.  In the past  I have  been part of projects where the Edge device has undergone extensive  penetration  testing and the device has always powered through to production in  a variety of application deployments.

In my opinion by understanding vCNS a VMware admin can start the network virtualisation journey and very quickly understand how the platform evolves into NSX.  It has great ease of deployment and is a standalone management without the need for a cloud management platform (ie vCAC).   The vCNS manager is used to deploy endpoint and solutions such as Trend deep security,  the extra features of vCNS can be quickly learned from this GUI.

Also by understanding and studying for the VCP-NV certification  ,  Skills for vCNS are very quickly transferred.  NSX is the hot and fully functional  platform for this area with vSphere, but for a lot of vAdmins vCNS can be a great starting block or answer  to give businesses confidence in network virtualisation and highlight the benefits.

23 Dec 2014

Another great week of NSX-V training and more VCP-NV Questions

by Paul McSharry

I taught another VMware NSX ICM course last week.   It was a challenging week  for many reasons,  but I enjoyed some great discussions  about vCNS and the pathway to NSX.

As part of my morning whiteboards and reviews I always ask loads of questions to the attendees.

While they are fresh in my head, I thought I would drop them into another VCP-NV practice test