Copyright © 2020 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-51354-4
ISBN: 978-1-119-51351-3 (ebk)
ISBN: 978-1-119-51353-7 (ebk)
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at https://www.wiley.com/go/permissions
.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at https://booksupport.wiley.com
. For more information about Wiley products, visit www.wiley.com
.
Library of Congress Control Number: 2019956689
Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. VMware NSX and vSphere are registered trademarks of VMware, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
Elver Sena Sosa is a Data Center Solutions Architect who specializes in Software Defined Data Center technologies. Over the past 20 years, Elver has driven the presales, design, and deployment of projects throughout APAC, EMEA, and APAC. Elver has been the go-to partner for helping VMware evangelize NSX, vSAN, and VCF, VMware's Software Defined products and solutions. Elver is a skilled communicator who enjoys sharing his experience on the interdependencies of technology to audiences around the world. Elver has continued working in SDDC with his company, Hydra 1303, Inc, where he published his first book, the NSX exam study guide, VCP6-NV Official Cert Guide, and the YouTube vSAN Architecture 100 series.
Trey McMahon is based out of Richmond, Virginia, and is a Cloud Data Engineer on the Hydra 1303 team. Trey has been in networking since 1997, writing authorized courses and exams for Cisco, developing instructor readiness programs and labs for EMC and Cisco, teaching network engineering in over 30 countries, and supporting VMware customer enablement. These days at Hydra 1303, he specializes in cloudy things.
Zac Smith is a lead Data Center Solutions Engineer at Hydra 1303. He specializes in providing automated data center solutions. Zac has been in the IT industry for 20 years and has been a part of many enterprise solution designs and deployments. Zac has also been involved in writing numerous courses for VMware and Cisco, as well as providing partner and customer enablement sessions on a global scale.
Shane Weinbrecht has been in the technology industry for the past 20 years, working as a systems administrator for enterprise companies such as IBM and The Adidas Group; for the past 10 years, he has been on the vendor side currently employed by Nutanix as a senior systems engineer covering healthcare. Most importantly, Shane is happily married and the proud father of two amazing boys and enjoys spending time with his family and friends, photography, Obstacle Course Racing, and Krav Maga.
A special thanks goes to Luciana de Padua, a key member of our team here at Hydra 1303 that we rely on for … well, everything. She sets a high bar for excellence with her ninja-level PKS and NSX-T skills, positive energy, and ability to make all of this fun, while loving what she does. Always in demand, both by VMware internally and our direct customers, she's never in one time zone for very long. This book wouldn't have been written if we didn't have Lu leading Hydra 1303's European engagements throughout the process.
Thanks also to the talented editors at Wiley Publishing: Tom Cirtin, Kim Cofer, Shane Weinbrecht, Kathyrn Duggan and Athiyappan Lalith Kumar. Your suggestions were consistently dead on and helped to improve the clarity every time.
The advantages of server virtualization in data centers are well established. From the beginning, VMware has led the charge with vSphere. Organizations migrating physical servers to virtual immediately see the benefits of lower operational costs, the ability to pool CPU and memory resources, server consolidation, and simplified management.
VMware had mastered compute virtualization and thought, “Why not do the same for the entire data center?” Routers, switches, load balancers, firewalls … essentially all key physical networking components, could be implemented in software, creating a Software-Defined Data Center (SDDC). That product, VMware NSX, is the subject of this book.
In 1962, Sir Arthur Clarke published an essay asserting three laws. His third law stated, “Any sufficiently advanced technology is indistinguishable from magic.” If you're not familiar with NSX, the abilities you gain as a network administrator almost seem like magic at first, but we'll dive into the details to explain how it all works. It doesn't matter if you don't have a background in vSphere. There are plenty of analogies and examples throughout, breaking down the underlying concepts to make it easy to understand the capabilities of NSX and how to configure it.
The way NSX provides network virtualization is to overlay software on top of your existing physical network, all without having to make changes to what you have in place. This is much like what happens with server virtualization. When virtualizing servers, a hypervisor separates and hides the underlying complexities of physical CPU and memory resources from the software components (operating system and application), which exist in a virtual machine. With this separation, the server itself just becomes a collection of files, easily cloned or moved. An immediate benefit gained is the time and effort saved when deploying a server. Instead of waiting for the order of your physical servers to arrive by truck, then waiting for someone to rack and stack, then waiting for someone else to install an operating system, then waiting again for network connectivity, security, installation, and configuration of the application … you get the picture. Instead of waiting on each of those teams, the server can be deployed with a click of a button.
NSX can do the same and much more for your entire data center. The agility NSX provides opens new possibilities. For instance, a developer comes to you needing a temporary test server and a NAT router to provide Internet connectivity. The admin can use NSX to deploy a virtual machine (VM) and a virtual NAT router. The developer completes the test, the VM and NAT router are deleted, and all of this occurs before lunch. NSX can do the same thing for entire networks.
The same developer comes to you in the afternoon requesting a large test environment that mimics the production network while being completely isolated. She needs routers, multiple subnets, a firewall, load balancers, some servers running Windows, others running Linux: all set up with proper addressing, default gateways, DNS, DHCP, and her favorite dev tools installed and ready to go. It's a good bet that setting this up in a physical lab would take a lot of time and may involve several teams.
With NSX, that same network could be deployed by an administrator with a few clicks, or even better, it can be automated completely, without having to involve an administrator at all. VMware has a product that works with NSX called vRealize Automation (vRA) that does just that. It provides our developer with a catalog portal, allowing her to customize and initiate the deployment herself, all without her needing to have a background in networking.
If you're a security admin, this might seem like chaos would ensue, with anyone being able to deploy whatever they want on the network. NSX has that covered as well. As a security administrator, you still hold the keys and assign who can do what, but those keys just got a lot more powerful with NSX.
Imagine if you had an unlimited budget and were able to attach a separate firewall to every server in the entire network, making it impossible to bypass security while significantly reducing latency. Additionally, what if you didn't have to manage each of those firewalls individually? What if you could enter the rules once and they propagate instantly to every firewall, increasing security dramatically while making your job a lot easier and improving performance. It's not magic; that's the S in NSX.
The N in NSX is for networking, the S is for security. The X? Some say it stands for eXtensibility or eXtended, but it could just as well be a way to make the product sound cool. Either way, the point is that both networking and security get equal treatment in NSX, two products in one. At the same time, instead of these additions adding more complexity to your job, you'll find just the opposite. With the firewall example or the example of the developer deploying the large test network, as a security administrator, you set the rules and permissions and you're done. Automation takes care of the tedious legwork, while avoiding the typical mistakes that arise when trying to deploy something before having your morning coffee. Those mistakes often lead to even more legwork with more of your time drained troubleshooting.
Wait, the title of the book says NSX-V. What does the V for? Since NSX is tightly integrated with vSphere, its legal name is NSX for vSphere, but we'll just refer to it as NSX for short. NSX-V has a cousin, NSX-T, with the T standing for transformers. In a nutshell, that product is made to easily integrate with environments using multiple hypervisors, Kubernetes, Docker, KVM, and OpenStack. If all that sounds like a lot to take in, not to worry, we'll save that for another book.
Welcome to NSX.
Here's a list of supporting resources that augment what is covered in this book, including the authorized VCP6-NV NSX exam guide, online videos, free practice labs, helpful blogs, and supporting documentation.
www.amazon.com/VCP6-NV-Official-Cert-Guide-2V0-641/dp/9332582750/ref=sr_1_1?keywords=elver+sena+sosa&qid=1577768162&sr=8-1
www.youtube.com/results?search_query=vsan+architecture+100+series
www.hydra1303.com
www.vmware.com/products/nsx/nsx-hol.html
www.vmug.com
www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf
mylearn.vmware.com/mgrReg/courses.cfm?ui=www_edu&a=one&id_subject=83185
If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts, an error may occur.
In order to submit your possible errata, please email it to our Customer Service Team at wileysupport@wiley.com
with the subject line “Possible Book Errata Submission.”