Multi-Site Network and Security Services with NSX-T: Implement Network Security, Stateful Services,
Iwan Hoogendoorn
Résumé
Know the basics of network security services and other stateful services such as NAT, gateway and distributed firewalls (L2-L7), virtual private networks (VPN), load balancing (LB), and IP address management. This book covers these network and security services and how NSX-T also offers integration and interoperability with various other products that are not only created by VMware, but are also referred by VMware as third-party integrated vendors.
With the integration of VMware vRealize Automation, you can automate full application platforms consisting of multiple virtual machines with network and security services orchestrated and fully automated.
From the operational perspective, this book provides best practices on how to configure logging, notification, and monitoring features and teaches you how to get the required visibility of not only your NSX-T platform but also your NSX-T-enabled network infrastructure.
Another key part of this book is the explanation of multi-site capabilities and how network and security services can be offered across multiple on-premises locations with a single management pane. Interface with public cloud services also is included. The current position of NSX-T operation in on-premises private clouds and the position and integration with off-premises public clouds are covered as well.
This book provides a good understanding of integrations with other software to bring the best out of NSX-T and offer even more features and capabilities.
What You Will Learn
- Understand the NSX-T security firewall and advanced security
- Become familiar with NAT, DNS, DHCP, and load balancing features
- Monitor your NSX-T environment
- Be aware of NSX-T authentication and authorization possibilities
- Understand integration with cloud automation platforms
- Know what multi-cloud integrations are possible and how to integrate NSX-T with the public cloud
Who This Book Is For
Virtualization administrators, system integrators
* Chapter 1
o Title: NSX-T Security | Firewall
o Chapter Goal: The theory about the Basic Security Services offered by NSX-T followed by the deployment's details and steps with proper verification.
o Number of Pages: 20
o Subtopics:
Gateway Firewalls
Distributed Firewall
Security Profiles
Time-Based Firewall Policy
* Chapter 2
o Title: NSX-T Advanced Security
o Chapter Goal: The theory about the Advanced Security Services/features offered by NSX-T.
o Number of Pages: 20
o Subtopics:
Distributed IDS
Layer-7 Context Profiles
Identity based Firewall
Bare Metal Server Security
* Chapter 3
o Title: NSX-T Service Insertion
o Chapter Goal: The theory about the Security Services/features offered by 3 rd Party vendors from VMware's perspective and how the integration works.
o Number of Pages: 15
o Subtopics:
East/West Third-party service insertion
North/South Third-party service insertion
End-Point Protection
Network Introspection Settings
* Chapter 4
o Title: Network Address Translation (NAT), DNS and DHCP
o Chapter Goal: Know the difference between SNAT and DNAT and explanation on how to configure NAT, DNS and DHCP IP address Management using the internal NSX-T.
o Number of Pages: 20
o Subtopics:
SNAT
DNAT
Configure NAT Services
DNS Zone
DNS Forwarding Zone
DHCP Profile
IP Address Pool
IP Address Block
* Chapter 5
o Title: Load Balancing (LB)
o Chapter Goal: Discuss Load Balancing capabilities and configuration.
o Number of Pages: 30
o Subtopics:
Load Balancing Concepts
Distributed Load Balancer
Setting up the Load Balancer Components
* Chapter 6
o Title: Virtual Private Network (VPN)
o Chapter Goal: Know the differ types of VPN and how to configure and monitor them.
o Number of Pages: 25
o Subtopics:
IPSEC (L3 VPN)
L2 VPN
Configuration of VPN
* L3
* L4
Monitoring of VPN sessions
* Chapter 7
o Title: NSX-T Monitoring
o Chapter Goal: Tools to verify the Routing and Routing performance.
o Number of Pages: 30
o Subtopics:
Network Monitoring
Logging
vRealize Network insight integration
IPFIX
Network Performance Testing using IPERF Tools
Monitoring / Events and Alarms
Logging
vRealize Log insight integration
vRealize Operations integration
Other Operation Tools Integration
* Chapter 8
o Title: Authentication and Authorization
o Chapter Goal: Information on how to integrate NSX-T with an external LDAP server and create user (groups) with different roles and rights (RBAC).
o Number of Pages: 15
o Subtopics:
vIDM Integration & LDAP Integration
LDAP only integration
RBAC
* Chapter 9
o Title: Multi-Site and Federation
o Chapter Goal: Design Principles regarding Multi Site routing
o Number of Pages: 40
o Subtopics:
Multi-Site Capabilities
NSX-T Federation overview
Networking with Federation
Security with Federation
Backup & Restore with Federation
* Chapter 10
o Title: Public Cloud Integration
o Chapter Goal: NSX-T is also used in all major Public Clouds. This chapter gives you an overview on what is deployed there and how NSX-T can be consumed in these Public Clouds.
o Number of Pages: 30
o Subtopics:
Forwarding Policies
VMC on AWS
Azure VMware Solution (AVS)
Google Cloud VMware Engine
* Chapter 11
o Title: Cloud Management Platform Integration & Automation
o Chapter Goal: Get familiar on the out-of-the-box automation capabilities and vRO extensibility.
o Number of Pages: 20
o Subtopics:
vCloud Director
* Allowing Tenants to Create / Use NSX-T Related automated network and security Services
vRealize Automation / vRealize Orchestration
* Allowing Tenants to Create / Use NSX-T Related automated network and security Services
NSX-T API Capabilities
Iwan got the opportunity to work for VMware in 2016 as Senior NSX PSO Consultant. In his time at VMware, he gained more knowledge on private and public clouds and the related products that VMware developed to build the Software-Defined Data Center (SDDC). As new technology is growing at a rapid pace (especially within VMware and the VMware cloud space), Iwan is trying to keep up.
After working for four years as Senior NSX PSO Consultant (primarily with VMware NSX-v and NSX-T), Iwan was promoted to Staff SDDC Consultant, focusing on the full SDDC stack that includes Hyperscaler offerings on the main public clouds such as AWS (VMC on AWS), Microsoft (Azure VMware Solution), and Google (Google Cloud VMware Engine).
Iwan is certified on multiple VMware products, including NSX, and he is actively working together with VMware certification to develop network-related exams for VMware. Next to his VMware certifications, Iwan is also AWS and TOGAF certified.
Iwan is the author of the Apress book, Getting Started with NSX-T: Logical Routing and Switching .
Caractéristiques techniques
| PAPIER | |
| Éditeur(s) | Apress |
| Auteur(s) | Iwan Hoogendoorn |
| Parution | 20/05/2021 |
| Nb. de pages | 329 |
| EAN13 | 9781484270820 |
Avantages Eyrolles.com
Consultez aussi
- Les meilleures ventes en Graphisme & Photo
- Les meilleures ventes en Informatique
- Les meilleures ventes en Construction
- Les meilleures ventes en Entreprise & Droit
- Les meilleures ventes en Sciences
- Les meilleures ventes en Littérature
- Les meilleures ventes en Arts & Loisirs
- Les meilleures ventes en Vie pratique
- Les meilleures ventes en Voyage et Tourisme
- Les meilleures ventes en BD et Jeunesse
