Details

Mastering VMware NSX for vSphere


Mastering VMware NSX for vSphere


1. Aufl.

von: Elver Sena Sosa

38,99 €

Verlag: Wiley
Format: EPUB
Veröffentl.: 06.04.2020
ISBN/EAN: 9781119513537
Sprache: englisch
Anzahl Seiten: 320

DRM-geschütztes eBook, Sie benötigen z.B. Adobe Digital Editions und eine Adobe ID zum Lesen.

Beschreibungen

<p><b>A clear, comprehensive guide to VMware</b><b>’</b><b>s latest virtualization solution</b></p> <p><i>Mastering VMware NSX for vSphere</i> is the ultimate guide to VMware’s network security virtualization platform. Written by a rock star in the VMware community, this book offers invaluable guidance and crucial reference for every facet of NSX, with clear explanations that go far beyond the public documentation. Coverage includes NSX architecture, controllers, and edges; preparation and deployment; logical switches; VLANS and VXLANS; logical routers; virtualization; edge network services; firewall security; and much more to help you take full advantage of the platform’s many features.</p> <p>More and more organizations are recognizing both the need for stronger network security and the powerful solution that is NSX; usage has doubled in the past year alone, and that trend is projected to grow—and these organizations need qualified professionals who know how to work effectively with the NSX platform. This book covers everything you need to know to exploit the platform’s full functionality so you can:</p> <ul> <li>Step up security at the application level</li> <li>Automate security and networking services</li> <li>Streamline infrastructure for better continuity</li> <li>Improve compliance by isolating systems that handle sensitive data</li> </ul> <p>VMware’s NSX provides advanced security tools at a lower cost than traditional networking. As server virtualization has already become a de facto standard in many circles, network virtualization will follow quickly—and NSX positions VMware in the lead the way vSphere won the servers. NSX allows you to boost security at a granular level, streamline compliance, and build a more robust defense against the sort of problems that make headlines. <i>Mastering VMware NSX for vSphere</i> helps you get up to speed quickly and put this powerful platform to work for your organization.</p>
<p>Introduction xvii</p> <p><b>Chapter 1 Abstracting Network and Security 1</b></p> <p>Networks: 1990s 1</p> <p>Colocation 2</p> <p>Workload-to-Server Ratio 3</p> <p>Inefficient Resource Allocation 3</p> <p>The Long Road to Provisioning 3</p> <p>Data Centers Come of Age 4</p> <p>Data Center Workloads 4</p> <p>Workloads Won’t Stay Put 5</p> <p><b>VMware 6</b></p> <p>Virtualization 6</p> <p>What is Happening in There? 6</p> <p>Portability 8</p> <p>Virtualize Away 8</p> <p>Extending Virtualization to Storage 9</p> <p>Virtual Networking and Security 9</p> <p>NSX to the Rescue 10</p> <p>The Bottom Line 13</p> <p><b>Chapter 2 NSX Architecture and Requirements 15</b></p> <p>NSX Network Virtualization 16</p> <p>Planes of Operation 16</p> <p>NSX Manager Role and Function 18</p> <p>ESXi Hosts 19</p> <p>vCenter Server 20</p> <p>vSphere Distributed Switch 21</p> <p>NSX VIBs 23</p> <p>Competitive Advantage: IOChain 24</p> <p>IOChain Security Features 24</p> <p>NSX Controllers 25</p> <p>NSX Controller Clustering 26</p> <p>NSX Controller Roles 26</p> <p>NSX Edge 28</p> <p>ESG Sizing 30</p> <p>NSX Role-Based Access Control 30</p> <p>Overlay and Underlay Networks 32</p> <p>Replication Modes for Traffic Going to Multiple Destinations 34</p> <p>The Bottom Line 36</p> <p><b>Chapter 3 Preparing NSX 39</b></p> <p>NSX Manager Prerequisites 39</p> <p>Open Ports and Name Resolution 40</p> <p>Minimum Resource Requirements for NSX Data Center Appliances 40</p> <p>vSphere HA and DRS 41</p> <p>IP Addressing and Port Groups 43</p> <p>Installing the Client Integration Plug-in 44</p> <p>Installing NSX Manager 44</p> <p>Associating NSX Manager to vCenter 46</p> <p>Adding AD/LDAP to NSX 47</p> <p>Linking Multiple NSX Managers Together (Cross- vCenter NSX) 51</p> <p>Multi-site Consistency with Universal Components 51</p> <p>Primary and Secondary NSX Managers 53</p> <p>Preparing ESXi Clusters for NSX 54</p> <p>Creating a Universal Transport Zone on the Primary NSX Manager 56</p> <p>vSphere Distributed Switches Membership 57</p> <p>Adding Secondary NSX Managers 58</p> <p>The Bottom Line 59</p> <p><b>Chapter 4 Distributed Logical Switch 61</b></p> <p>vSphere Standard Switch (vSS) 62</p> <p>Traffic Shaping 63</p> <p>Understanding Port Groups 64</p> <p>NIC Teaming 65</p> <p>Ensuring Security 66</p> <p>Virtual Distributed Switch (vDS) 67</p> <p>Virtual eXtensible LANs (VXLANs) 68</p> <p>Employing Logical Switches 71</p> <p>Three Tables That Store VNI Information 73</p> <p>Collecting VNI Information 74</p> <p>Centralized MAC Table 75</p> <p>VTEP Table 76</p> <p>We Might as Well Talk about ARP Now 79</p> <p>Filling In the L2 and L3 Headers 79</p> <p>Switch Security Module 81</p> <p>Understanding Broadcast, Unknown Unicast, and Multicast 83</p> <p>Layer 2 Flooding 83</p> <p>Replication Modes 83</p> <p>Deploying Logical Switches 84</p> <p>Creating a Logical Switch 85</p> <p>The Bottom Line 85</p> <p><b>Chapter 5 Marrying VLANs and VXLANs 87</b></p> <p>Shotgun Wedding: Layer 2 Bridge 87</p> <p>Architecture 88</p> <p>Challenges 89</p> <p>Deployment 90</p> <p>Under the Hood 102</p> <p>Layer 2 VPN 102</p> <p>NSX Native L2 Bridging 103</p> <p>Hardware Switches to the Rescue 103</p> <p>Hardware VTEPs 103</p> <p>Deployment 104</p> <p>Under the Hood 104</p> <p>The Bottom Line 105</p> <p><b>Chapter 6 Distributed Logical Router 107</b></p> <p>Distributed Logical Router (DLR) 107</p> <p>Control Plane Smarts 108</p> <p>Logical Router Control Virtual Machine 108</p> <p>Understanding DLR Efficiency 111</p> <p>Another Concept to Consider 115</p> <p>Let’s Get Smart about Routing 117</p> <p>OSPF 119</p> <p>Border Gateway Protocol (BGP) 120</p> <p>Oh Yeah, Statics Too 123</p> <p>Deploying Distributed Logical Routers 125</p> <p>The Bottom Line 134</p> <p><b>Chapter 7 NFV: Routing with NSX Edges 137</b></p> <p>Network Function Virtualization: NSX Has It Too 137</p> <p>This is Nice: Edge HA A 138</p> <p>Adding HA 139</p> <p>Let’s Do Routing Like We Always Do 140</p> <p>Deploying the Edge Services Gateway 144</p> <p>Configuring BGP 151</p> <p>Configuring OSPF 154</p> <p>Configuring Static Routes 155</p> <p>Routing with the DLR and ESG 156</p> <p>Using CLI Commands 156</p> <p>Default Behaviors to Be Aware Of 157</p> <p>Equal Cost Multi-Path Routing157</p> <p>The Bottom Line 160</p> <p><b>Chapter 8 More NVF: NSX Edge Services Gateway 163</b></p> <p>ESG Network Placement 163</p> <p>Network Address Translation 164</p> <p>Configuring Source NAT 166</p> <p>Configuring Destination NAT 166</p> <p>Configuring SNAT on the ESG 167</p> <p>Configuring DNAT on the ESG 169</p> <p>ESG Load Balancer 171</p> <p>Configuring an ESG Load Balancer 173</p> <p>Layer 2 VPN (If You Must) 178</p> <p>Secure Sockets Layer Virtual Private Network 179</p> <p>Split Tunneling 180</p> <p>Configuring SSL VPN 180</p> <p>Internet Protocol Security VPN 187</p> <p>Understanding NAT Traversal 188</p> <p>Configuring IPsec Site-to-Site VPN with the ESG 188</p> <p>Round Up of Other Services 190</p> <p>DHCP Service 191</p> <p>Configuring the ESG as a DHCP Server 192</p> <p>DHCP Relay 194</p> <p>Configuring the DLR for DHCP Relay 196</p> <p>DNS Relay 198</p> <p>Configuring DNS Relay on the ESG 199</p> <p>The Bottom Line 200</p> <p><b>Chapter 9 NSX Security, the Money Maker 203</b></p> <p>Traditional Router ACL Firewall 203</p> <p>I Told You about the IOChain 204</p> <p>Slot 2: Distributed Firewall 206</p> <p>Under the Hood 207</p> <p>Adding DFW Rules 210</p> <p>Segregating Firewall Rules 214</p> <p>IP Discovery 215</p> <p>Gratuitous ARP Used in ARP Poisoning Attacks 216</p> <p>Why is My Traffic Getting Blocked? 218</p> <p>Great, Now It’s Being Allowed 219</p> <p>Identity Firewall: Rules Based on Who Logs In 220</p> <p>Distributing Firewall Rules to Each ESXi Host: What’s Happening? 220</p> <p>The Bottom Line 222</p> <p><b>Chapter 10 Service Composer and Third-Party Appliances 223</b></p> <p>Security Groups 224</p> <p>Dynamic Inclusion 225</p> <p>Static Inclusion 226</p> <p>Static Exclusion 226</p> <p>Defining a Security Group through Static Inclusion 227</p> <p>Defining a Security Group through Dynamic Inclusion 229</p> <p>Customizing a Security Group with Static Exclusion 231</p> <p>Defining a Security Group Using Security Tags 231</p> <p>Adding to DFW Rules 233</p> <p>Service Insertion 236</p> <p>IOChain, the Gift that Keeps on Giving 236</p> <p>Layer 7 Stuff: Network Introspection 236</p> <p>Guest Introspection 237</p> <p>Service Insertion Providers 238</p> <p>Security Policies 239</p> <p>Creating Policies 239</p> <p>Enforcing Policies 243</p> <p>The Bottom Line 245</p> <p><b>Chapter 11 vRealize Automation and REST APIs 247</b></p> <p>vRealize Automation Features 247</p> <p>vRA Editions 249</p> <p>Integrating vRA and NSX 250</p> <p>vRealize Automation Endpoints 250</p> <p>Associating NSX Manager with vRealize Automation 252</p> <p>Network Profiles 253</p> <p>vRA External, Routed, and NAT Network Profiles 255</p> <p>Reservations 258</p> <p>vRealize Orchestrator Workflows 261</p> <p>Creating a Blueprint for One Machine261</p> <p>Adding NSX Workflow to a Blueprint 264</p> <p>Creating a Request Service in the vRA Catalog 265</p> <p>Configuring an Entitlement 268</p> <p>Deploying a Blueprint that Consumes NSX Services 271</p> <p>REST APIs 273</p> <p>NSX REST API GET Request 275</p> <p>NSX REST API POST Request 275</p> <p>NSX REST API DELETE Request 276</p> <p>The Bottom Line 277</p> <p><b>Appendix The Bottom Line 279</b></p> <p>Chapter 1: Abstracting Network and Security 279</p> <p>Chapter 2: NSX Architecture and Requirements 280</p> <p>Chapter 3: Preparing NSX 280</p> <p>Chapter 4: Distributed Logical Switch 281</p> <p>Chapter 5: Marrying VLANs and VXLANs 283</p> <p>Chapter 6: Distributed Logical Router 284</p> <p>Chapter 7: NFV: Routing with NSX Edges 286</p> <p>Chapter 8: More NVF: NSX Edge Services Gateway 287</p> <p>Chapter 9: NSX Security, the Money Maker 289</p> <p>Chapter 10: Service Composer and Third-Party Appliances 290</p> <p>Chapter 11: vRealize Automation and REST APIs 291</p> <p>Index 293</p>
<p><b>Elver Sena Sosa</b> is a data center solutions architect with 20 years' networking experience. He is the author of two VMWare Press VCP certification books, holds VCDX-NV and VCI certifications from VMWare, and he is a frequent speaker and blogger well known in the VMware community.
<p><b>Master the critical new NSX networking and security virtualization platform from VMWare</b> <p>VMware's NSX is a revolutionary advancement in Network Function Virtualization (NFV). NSX enables virtualized networks to extend beyond servers: routers, switches, firewalls, load balancers, and other networking components can all be virtualized—providing improved manageability, increased security, and dramatic cost savings over traditional networking. <p><i>Mastering VMware NSX for vSphere—</i> part of the <i>Mastering</i> series of books trusted by IT professionals worldwide—examines all the critical components of VMware's new network and security virtualization platform. This comprehensive Sybex guide provides detailed and accurate coverage on deploying, configuring, securing, managing, monitoring, automating, backing up, and restoring virtual networks, firewalls, load balancers, and more. <p><b>Coverage includes:</b> <ul> <li><b>Preparing and deploying NSX</b></li> <li><b>Setting up VXLAN logical switch networks</b></li> <li><b>Configuring VMware NSX logical routers</b></li> <li><b>Using NSX Edge Services Gateway</b></li> <li><b>Appl ying NSX Distributed Firewall rules</b></li> <li><b>Extending NSX deployment across vCenters</b></li> <li><b>Backing up and Restoring NSX components</b></li> <li><b>Managing users with Role-Based Access Control</b></li> <li><b>Monitoring NSX using dashboards</b></li> <li><b>Automating with NSX REST API</b></li> </ul> <p> <li><b>Master NSX Architecture, Controllers, and Edges</b></li> <li><b>Optimize VMware Virtual Networks</b></li> <li><b>Manage Users, Groups, and Components</b></li> <li><b>Configure Firewall and Security Features</b></li> <li><b>Deploy and Manage Edge Network Services</b></li>

Diese Produkte könnten Sie auch interessieren:

Symbian OS Explained
Symbian OS Explained
von: Jo Stichbury
PDF ebook
32,99 €
Symbian OS Internals
Symbian OS Internals
von: Jane Sales
PDF ebook
56,99 €
Parallel Combinatorial Optimization
Parallel Combinatorial Optimization
von: El-Ghazali Talbi
PDF ebook
109,99 €