I have recently studied (and eventually passed) my VCP-NV exam which covers VMware's software-defined-networking product, VMware NSX. For those that haven't seen or worked with VMware NSX, it is (IMO) a collection of networking technologies to enable DC automation, scale, plus reducing provisioning times, vendor lock-in, cost associated with specific HW and associated licensing and support.
The headline features are...
- Logical Switch - Data is encapsulated over a VXLAN which sits on top of traditional networks. This means that customers can stretch L2 networks over L3... Switching is happening in the kernel so reduces physical network load.
- Logical Firewall - Firewalling decisions have been moved away from the physical devices to the hypervisor; this means that firewalling can happen at near line-speed and dramatically reduces the amount on north-south traffic (traffic between the virtualisation platform and the rest of your network).
- Logical Routing - Again, moved away (where possible) from physical devices and into the hypervisor kernel. This dramatically reduces north-south traffic (i.e., cuts down on so-called 'hair-pinning').
- VPN - A few offerings here; L2, IPsec, plus comes with a client to allow remote users / admins to connect directly to an environment without the use of 3rd party devices.
- Load-balancing - Powerful application load balancer which can be deployed in minutes.
There are other features (such as the security composer and ARP suppression) which are will have customers swaying towards NSX.
N.B., if you are completely new to NSX - go here VMware NSX Introduction - YouTube for the marketing message!
I've taken notes on the NSX Blueprint which I will be sharing via this blog. The main reference for my research / study has been:
- The ICM course (IMO far too 'next-next-finish' and I didn't get a good feel for how the solution would work for businesses / the implications of certain design decisions, etc).
- HOL (Hands on Labs) VMware Learning Platform - Labs 1403 and 1425. Particularly useful as you can go 'off-piste' with the environment and do what you want to do rather than what the lab is trying to show you to do. Also, for the DCV Exams, it is quite easy to setup an ESXi host and vCenter on VMware workstation; but for NSX, to create a management & edge cluster, two compute clusters, the RAM on your workstation soon runs out! This is where the HOL become your best friend.
- The Blueprint - this is a given as always... VCP-NV
- The Design Guide - Part of the blueprint in Section 1.1 - VERY useful, goes it to great depths about not only what design decisions you'd make, but why you would make them. Print it - take it everywhere you go!
- The Admin Guide - Again, part of the blueprint...
- Paul McSharry's sample questions. Practice Questions | Elastic Sky
- vBrownBags - One that I found particularly useful by Ross Wynne - #vBrownBag Follow-Up VMware VCP-NV Objective 2 with Ross Wynne (@RossWynne) - YouTube
Exam hints (without breaching the NDA ):
- Quick & easy points to be had for VMware administrators - the differences between a vSS and vDS
- Understand a VTEP (and UTEP/MTEP for that matter).
- Replication methods, unicast, multicast, hybrid. Why would you use them, what changes to the underlying network do you need to consider, etc.
- MTU = 1500 non NSX default, 1550 NSX minimum, 1600 NSX Recommended minimum - due to the VXLAN header.
- NSX is not just for vSphere - also for KVM / Xen running on Open Switch.
- All documentation seems to assume you will be running a leaf-spine architecture (which brings me onto another point - physical network topology - know what the differences are!)
- Upgrade path from vCNS --> NSX. Know the order (covered in the install guide).
The exam itself is the usual VMware format (pass mark 300, 100-500, no obvious point weighting for questions, Pearson Vue test centres, etc). The exam is 120 minutes with 120 questions; if you're prepared, you should not find time is a constraint.
Hopefully, I have covered the points on the blueprint in good detail to help some of you with the exam, but you need to be prepared to spend a good number of hours on the above list, particularly if you haven't been working with vSphere, Networking and NSX before.
N.B., section 1 to come very shortly - I need to tidy the others up before publishing!