E-Book, Englisch, 329 Seiten, eBook
Hoogendoorn Multi-Site Network and Security Services with NSX-T
1. Auflage 2021
ISBN: 978-1-4842-7083-7
Verlag: APRESS
Format: PDF
Kopierschutz: 1 - PDF Watermark
Implement Network Security, Stateful Services, and Operations
E-Book, Englisch, 329 Seiten, eBook
ISBN: 978-1-4842-7083-7
Verlag: APRESS
Format: PDF
Kopierschutz: 1 - PDF Watermark
Know the basics of network security services and other stateful services such as NAT, gateway and distributed firewalls (L2-L7), virtual private networks (VPN), load balancing (LB), and IP address management. This book covers these network and security services and how NSX-T also offers integration and interoperability with various other products that are not only created by VMware, but are also referred by VMware as third-party integrated vendors.
With the integration of VMware vRealize Automation, you can automate full application platforms consisting of multiple virtual machines with network and security services orchestrated and fully automated.
From the operational perspective, this book provides best practices on how to configure logging, notification, and monitoring features and teaches you how to get the required visibility of not only your NSX-T platform but also your NSX-T-enabled network infrastructure.
Another key part of this book is the explanation of multi-site capabilities and how network and security services can be offered across multiple on-premises locations with a single management pane. Interface with public cloud services also is included. The current position of NSX-T operation in on-premises private clouds and the position and integration with off-premises public clouds are covered as well.
This book provides a good understanding of integrations with other software to bring the best out of NSX-T and offer even more features and capabilities.
What You Will Learn
- Understand the NSX-T security firewall and advanced security
- Become familiar with NAT, DNS, DHCP, and load balancing features
- Monitor your NSX-T environment
- Be aware of NSX-T authentication and authorization possibilities
- Understand integration with cloud automation platforms
- Know what multi-cloud integrations are possible and how to integrate NSX-T with the public cloud
Virtualization administrators, system integrators
Zielgruppe
Professional/practitioner
Autoren/Hrsg.
Weitere Infos & Material
· Chapter 1
o Title: NSX-T Security | Firewall
o Chapter Goal: The theory about the Basic Security Services offered by NSX-T followed by the deployment’s details and steps with proper verification.
o Number of Pages: 20
o Subtopics:
§ Gateway Firewalls
§ Distributed Firewall
§ Security Profiles
§ Time-Based Firewall Policy
· Chapter 2
o Title: NSX-T Advanced Security
o Chapter Goal: The theory about the Advanced Security Services/features offered by NSX-T.
o Number of Pages: 20
o Subtopics:
§ Distributed IDS
§ Layer-7 Context Profiles
§ Identity based Firewall
§ Bare Metal Server Security
· Chapter 3
o Title: NSX-T Service Insertion
o Chapter Goal: The theory about the Security Services/features offered by 3 Party vendors from VMware’s perspective and how the integration works.
o Number of Pages: 15
o Subtopics:
§ East/West Third-party service insertion
§ North/South Third-party service insertion
§ End-Point Protection
§ Network Introspection Settings
· Chapter 4
o Title: Network Address Translation (NAT), DNS and DHCP
o Chapter Goal: Know the difference between SNAT and DNAT and explanation on how to configure NAT, DNS and DHCP IP address Management using the internal NSX-T.
o Number of Pages: 20
o Subtopics:§ SNAT
§ DNAT
§ Configure NAT Services§ DNS Zone
§ DNS Forwarding Zone
§ DHCP Profile
§ IP Address Pool
§ IP Address Block
· Chapter 5
o Title: Load Balancing (LB)
o Chapter Goal: Discuss Load Balancing capabilities and configuration.o Number of Pages: 30
o Subtopics:
§ Load Balancing Concepts
§ Distributed Load Balancer
§ Setting up the Load Balancer Components
· Chapter 6
o Title: Virtual Private Network (VPN)
o Chapter Goal: Know the differ types of VPN and how to configure and monitor them.
o Number of Pages: 25
o Subtopics:
§ IPSEC (L3 VPN)
§ L2 VPN
§ Configuration of VPN
· L3
· L4
§ Monitoring of VPN sessions· Chapter 7
o Title: NSX-T Monitoring
o Chapter Goal: Tools to verify the Routing and Routing performance.
o Number of Pages: 30
o Subtopics:§ Network Monitoring
§ Logging
§ vRealize Network insight integration
§ IPFIX
§ Network Performance Testing using IPERF Tools
§ Monitoring / Events and Alarms
§ Logging
§ vRealize Log insight integration
§ vRealize Operations integration
§ Other Operation Tools Integration
· Chapter 8o Title: Authentication and Authorization
o Chapter Goal: Information on how to integrate NSX-T with an external LDAP server and create user (groups) with different roles and rights (RBAC).o Number of Pages: 15
o Subtopics:
§ vIDM Integration & LDAP Integration
§ LDAP only integration
§ RBAC· Chapter 9
o Title: Multi-Site and Federation
o Chapter Goal: Design Principles regarding Multi Site routing
o Number of Pages: 40o Subtopics:
§ Multi-Site Capabilities
§ NSX-T Federation overview
§ Networking with Federation
§ Security with Federation
§ Backup & Restore with Federation
· Chapter 10
o Title: Public Cloud Integrationo Chapter Goal: NSX-T is also used in all major Public Clouds. This chapter gives you an overview on what is deployed there and how NSX-T can be consumed in these Public Clouds.
o Number of Pages: 30o Subtopics:
§ Forwarding Policies
§ VMC on AWS
§ Azure VMware Solution (AVS)
§ Google Cloud VMware Engine
· Chapter 11
o Title:Cloud Management Platform Integration & Automation
o Chapter Goal: Get familiar on the out-of-the-box automation capabilities and vRO extensibility.
o Number of Pages: 20
o Subtopics:§ vCloud Director
· Allowing Tenants to Create / Use NSX-T Related automated network and security Services
§ vRealize Automation / vRealize Orchestration
· Allowing Tenants to Create / Use NSX-T Related automated network and security Services
§ NSX-T API Capabilities