Atnaujinkite slapukų nuostatas

El. knyga: Mastering VMware NSX for vSphere [Wiley Online]

  • Formatas: 320 pages
  • Išleidimo metai: 03-Aug-2020
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119648564
  • ISBN-13: 9781119648567
Kitos knygos pagal šią temą:
  • Wiley Online
  • Kaina: 63,44 €*
  • * this price gives unlimited concurrent access for unlimited time
Mastering VMware NSX for vSphereDidesnis paveikslėlis
  • Formatas: 320 pages
  • Išleidimo metai: 03-Aug-2020
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119648564
  • ISBN-13: 9781119648567
Kitos knygos pagal šią temą:
Wiley Online E-booksMore info about Wiley Online
Partnerių interneto svetainė: https://onlinelibrary.wiley.com/doi/book/10.1002/9781119648567

A clear, comprehensive guide to VMware’s latest virtualization solution

Mastering VMware NSX for vSphere is the ultimate guide to VMware’s network security virtualization platform. Written by a rock star in the VMware community, this book offers invaluable guidance and crucial reference for every facet of NSX, with clear explanations that go far beyond the public documentation. Coverage includes NSX architecture, controllers, and edges; preparation and deployment; logical switches; VLANS and VXLANS; logical routers; virtualization; edge network services; firewall security; and much more to help you take full advantage of the platform’s many features.

More and more organizations are recognizing both the need for stronger network security and the powerful solution that is NSX; usage has doubled in the past year alone, and that trend is projected to grow—and these organizations need qualified professionals who know how to work effectively with the NSX platform. This book covers everything you need to know to exploit the platform’s full functionality so you can:

  • Step up security at the application level
  • Automate security and networking services
  • Streamline infrastructure for better continuity
  • Improve compliance by isolating systems that handle sensitive data

VMware’s NSX provides advanced security tools at a lower cost than traditional networking. As server virtualization has already become a de facto standard in many circles, network virtualization will follow quickly—and NSX positions VMware in the lead the way vSphere won the servers. NSX allows you to boost security at a granular level, streamline compliance, and build a more robust defense against the sort of problems that make headlines. Mastering VMware NSX for vSphere helps you get up to speed quickly and put this powerful platform to work for your organization.

Introduction xvii
Chapter 1 Abstracting Network and Security
1(14)
Networks: 1990s
1(3)
Colocation
2(1)
Workload-to-Server Ratio
3(1)
Inefficient Resource Allocation
3(1)
The Long Road to Provisioning
3(1)
Data Centers Come of Age
4(2)
Data Center Workloads
4(1)
Workloads Won't Stay Put
5(1)
VMware
6(2)
Visualization
6(1)
What Is Happening in There?
6(2)
Portability
8(1)
Virtualize Away
8(5)
Extending Visualization to Storage
9(1)
Virtual Networking and Security
9(1)
NSX to the Rescue
10(3)
The Bottom Line
13(2)
Chapter 2 NSX Architecture and Requirements
15(24)
NSX Network Visualization
16(8)
Planes of Operation
16(2)
NSX Manager Role and Function
18(1)
ESXi Hosts
19(1)
vCenter Server
20(1)
vSphere Distributed Switch
21(2)
NSX VIBs
23(1)
Competitive Advantage: IOChain
24(6)
IOChain Security Features
24(1)
NSX Controllers
25(1)
NSX Controller Clustering
26(1)
NSX Controller Roles
26(2)
NSX Edge
28(2)
ESG Sizing
30(1)
NSX Role-Based Access Control
30(6)
Overlay and Underlay Networks
32(2)
Replication Modes for Traffic Going to Multiple Destinations
34(2)
The Bottom Line
36(3)
Chapter 3 Preparing NSX
39(22)
NSX Manager Prerequisites
39(5)
Open Ports and Name Resolution
40(1)
Minimum Resource Requirements for NSX Data Center Appliances
40(1)
vSphere HA and DRS
41(2)
IP Addressing and Port Groups
43(1)
Installing the Client Integration Plug-in
44(1)
Installing NSX Manager
44(7)
Associating NSX Manager to vCenter
46(1)
Adding AD/LDAP to NSX
47(4)
Linking Multiple NSX Managers Together (Cross-vCenter NSX)
51(5)
Multi-site Consistency with Universal Components
51(2)
Primary and Secondary NSX Managers
53(1)
Preparing ESXi Clusters for NSX
54(2)
Creating a Universal Transport Zone on the Primary NSX Manager
56(3)
vSphere Distributed Switches Membership
57(1)
Adding Secondary NSX Managers
58(1)
The Bottom Line
59(2)
Chapter 4 Distributed Logical Switch
61(26)
vSphere Standard Switch (vSS)
62(5)
Traffic Shaping
63(1)
Understanding Port Groups
64(1)
NIC Teaming
65(1)
Ensuring Security
66(1)
Virtual Distributed Switch (vDS)
67(1)
Virtual extensible LANs (VXLANs)
68(3)
Employing Logical Switches
71(2)
Three Tables That Store VNI Information
73(6)
Collecting VNI Information
74(1)
Centralized MAC Table
75(1)
VTEP Table
76(3)
We Might as Well Talk about ARP Now
79(4)
Filling In the L2 and L3 Headers
79(2)
Switch Security Module
81(2)
Understanding Broadcast, Unknown Unicast, and Multicast
83(2)
Layer 2 Flooding
83(1)
Replication Modes
83(1)
Deploying Logical Switches
84(1)
Creating a Logical Switch
85(1)
The Bottom Line
85(2)
Chapter 5 Marrying VLANs and VXLANs
87(20)
Shotgun Wedding: Layer 2 Bridge
87(16)
Architecture
88(1)
Challenges
89(1)
Deployment
90(12)
Under the Hood
102(1)
Layer 2 VPN
102(1)
NSX Native L2 Bridging
103(1)
Hardware Switches to the Rescue
103(2)
Hardware VTEPs
103(1)
Deployment
104(1)
Under the Hood
104(1)
The Bottom Line
105(2)
Chapter 6 Distributed Logical Router
107(30)
Distributed Logical Router (DLR)
107(1)
Control Plane Smarts
108(9)
Logical Router Control Virtual Machine
108(3)
Understanding DLR Efficiency
111(4)
Another Concept to Consider
115(2)
Let's Get Smart about Routing
117(8)
OSPF
119(1)
Border Gateway Protocol (BGP)
120(3)
Oh Yeah, Statics Too
123(2)
Deploying Distributed Logical Routers
125(9)
The Bottom Line
134(3)
Chapter 7 NFV: Routing with NSX Edges
137(26)
Network Function Virtualization: NSX Has It Too
137(3)
This Is Nice: Edge HA
138(1)
Adding HA
139(1)
Let's Do Routing Like We Always Do
140(16)
Deploying the Edge Services Gateway
144(7)
Configuring BGP
151(3)
Configuring OSPF
154(1)
Configuring Static Routes
155(1)
Routing with the DLR and ESG
156(4)
Using CLI Commands
156(1)
Default Behaviors to Be Aware Of
157(1)
Equal Cost Multi-Path Routing
157(3)
The Bottom Line
160(3)
Chapter 8 More NVF: NSX Edge Services Gateway
163(40)
ESG Network Placement
163(1)
Network Address Translation
164(7)
Configuring Source NAT
166(1)
Configuring Destination NAT
166(1)
Configuring SNAT on the ESG
167(2)
Configuring DNAT on the ESG
169(2)
ESG Load Balancer
171(2)
Configuring an ESG Load Balancer
173(5)
Layer 2 VPN (If You Must)
178(1)
Secure Sockets Layer Virtual Private Network
179(8)
Split Tunneling
180(1)
Configuring SSL VPN
180(7)
Internet Protocol Security VPN
187(3)
Understanding NAT Traversal
188(1)
Configuring IPsec Site-to-Site VPN with the ESG
188(2)
Round Up of Other Services
190(10)
DHCP Service
191(1)
Configuring the ESG as a DHCP Server
192(2)
DHCP Relay
194(2)
Configuring the DLR for DHCP Relay
196(2)
DNS Relay
198(1)
Configuring DNS Relay on the ESG
199(1)
The Bottom Line
200(3)
Chapter 9 NSX Security, the Money Maker
203(20)
Traditional Router ACL Firewall
203(1)
I Told You about the IOChain
204(6)
Slot 2: Distributed Firewall
206(1)
Under the Hood
207(3)
Adding DFW Rules
210(8)
Segregating Firewall Rules
214(1)
IP Discovery
215(1)
Gratuitous ARP Used in ARP Poisoning Attacks
216(2)
Why Is My Traffic Getting Blocked?
218(2)
Great, Now It's Being Allowed
219(1)
Identity Firewall: Rules Based on Who Logs In
220(1)
Distributing Firewall Rules to Each ESXi Host: What's Happening?
220(3)
The Bottom Line
222(1)
Chapter 10 Service Composer and Third-Party Appliances
223(24)
Security Groups
224(12)
Dynamic Inclusion
225(1)
Static Inclusion
226(1)
Static Exclusion
226(1)
Defining a Security Group through Static Inclusion
227(2)
Defining a Security Group through Dynamic Inclusion
229(2)
Customizing a Security Group with Static Exclusion
231(1)
Defining a Security Group Using Security Tags
231(2)
Adding to DFW Rules
233(3)
Service Insertion
236(2)
IOChain, the Gift that Keeps on Giving
236(1)
Layer 7 Stuff: Network Introspection
236(1)
Guest Introspection
237(1)
Service Insertion Providers
238(1)
Security Policies
239(6)
Creating Policies
239(4)
Enforcing Policies
243(2)
The Bottom Line
245(2)
Chapter 11 vRealize Automation and REST APIs
247(32)
vRealize Automation Features
247(2)
vRA Editions
249(1)
Integrating vRA and NSX
250(11)
vRealize Automation Endpoints
250(2)
Associating NSX Manager with vRealize Automation
252(1)
Network Profiles
253(2)
vRA External, Routed, and NAT Network Profiles
255(3)
Reservations
258(3)
vRealize Orchestrator Workflows
261(10)
Creating a Blueprint for One Machine
261(3)
Adding NSX Workflow to a Blueprint
264(1)
Creating a Request Service in the vRA Catalog
265(3)
Configuring an Entitlement
268(3)
Deploying a Blueprint that Consumes NSX Services
271(2)
REST APIs
273(4)
NSX REST API GET Request
275(1)
NSX REST API POST Request
275(1)
NSX REST API DELETE Request
276(1)
The Bottom Line
277(2)
Appendix The Bottom Line
279(14)
Chapter 1 Abstracting Network and Security
279(1)
Chapter 2 NSX Architecture and Requirements
280(1)
Chapter 3 Preparing NSX
280(1)
Chapter 4 Distributed Logical Switch
281(2)
Chapter 5 Marrying VLANs and VXLANs
283(1)
Chapter 6 Distributed Logical Router
284(2)
Chapter 7 NFV: Routing with NSX Edges
286(1)
Chapter 8 More NVF: NSX Edge Services Gateway
287(2)
Chapter 9 NSX Security, the Money Maker
289(1)
Chapter 10 Service Composer and Third-Party Appliances
290(1)
Chapter 11 vRealize Automation and REST APIs
291(2)
Index 293
Elver Sena Sosa is a data center solutions architect with 20 years' networking experience. He is the author of two VMWare Press VCP certification books, holds VCDX-NV and VCI certifications from VMWare, and he is a frequent speaker and blogger well known in the VMware community.
Pastovi nuoroda: https://www.kriso.lt/db/9781119648567_pe.html
Raktažodžiai: