VMware NSX-T and NSX Courses

Course Overview

This five-day, fast-paced course provides comprehensive training to install, configure, and manage a VMware NSX® environment. This course covers key features and functionality offered in the NSX 4.0.0.1 and NSX 4.0.1 releases, including the overall infrastructure, logical switching, logical routing, networking and security services, firewalls and advanced threat prevention, and more.

Product Alignment

NSX 4.0.0.1
NSX 4.0.1

Who should attend

Experienced security administrators or network administrators

Prerequisites

Good understanding of TCP/IP services and protocols
Knowledge and working experience of computer networking, including switching and routing technologies (L2 through L3) and L2 through L7 firewall
Knowledge and working experience with VMware vSphere® environments
Knowledge and working experience with Kubernetes or VMware vSphere® with VMware Tanzu® environments
Solid understanding of concepts presented in the following courses:
VMware Virtual Cloud Network Core Technical Skills
VMware Data Center Virtualization: Core Technical Skills
Kubernetes Fundamentals

Course Objectives

By the end of the course, you should be able to meet the following objectives:

Describe the architecture and main components of NSX
Explain the features and benefits of NSX
Deploy the NSX Management cluster and VMware NSX® Edge™ nodes
Prepare VMware ESXi™ hosts to participate in NSX networking
Create and configure segments for layer 2 forwarding
Create and configure Tier-0 and Tier-1 gateways for logical routing
Use distributed and gateway firewall policies to filter east-west and north-south traffic in NSX
Configure Advanced Threat Prevention features
Configure network services on NSX Edge nodes
Use VMware Identity Manager™ and LDAP to manage users and access
Explain the use cases, importance, and architecture of Federation

Course Content

Course Introduction

Introductions and course logistics
Course objectives

VMware Virtual Cloud Network and VMware NSX

Introduce the VMware Virtual Cloud Network vision
Describe the NSX product portfolio
Discuss NSX features, use cases, and benefits
Explain NSX architecture and components
Explain the management, control, data, and consumption planes and their functions.

Preparing the NSX Infrastructure

Deploy VMware NSX® ManagerTM nodes on ESXi hypervisors
Navigate through the NSX UI
Explain data plane components such as N-VDS/VDS, transport nodes, transport zones, profiles, and more
Perform transport node preparation and configure the data plane infrastructure
Verify transport node status and connectivity
Explain DPU-based acceleration in NSX
Install NSX using DPUs

NSX Logical Switching

Introduce key components and terminology in logical switching
Describe the function and types of L2 segments
Explain tunneling and the Geneve encapsulation
Configure logical segments and attach hosts using NSX UI
Describe the function and types of segment profiles
Create segment profiles and apply them to segments and ports
Explain the function of MAC, ARP, and TEP tables used in packet forwarding
Demonstrate L2 unicast packet flow
Explain ARP suppression and BUM traffic handling

NSX Logical Routing

Describe the logical routing function and use cases
Introduce the two-tier routing architecture, topologies, and components
Explain the Tier-0 and Tier-1 gateway functions
Describe the logical router components: Service Router and Distributed Router
Discuss the architecture and function of NSX Edge nodes
Discuss deployment options of NSX Edge nodes
Configure NSX Edge nodes and create NSX Edge clusters
Configure Tier-0 and Tier-1 gateways
Examine single-tier and multitier packet flows
Configure static routing and dynamic routing, including BGP and OSPF
Enable ECMP on a Tier-0 gateway
Describe NSX Edge HA, failure detection, and failback modes
Configure VRF Lite

NSX Bridging

Describe the function of logical bridging
Discuss the logical bridging use cases
Compare routing and bridging solutions
Explain the components of logical bridging
Create bridge clusters and bridge profiles

NSX Firewalls

Describe NSX segmentation
Identify the steps to enforce Zero-Trust with NSX segmentation
Describe the Distributed Firewall architecture, components, and function
Configure Distributed Firewall sections and rules
Configure the Distributed Firewall on VDS
Describe the Gateway Firewall architecture, components, and function
Configure Gateway Firewall sections and rules

NSX Advanced Threat Prevention

Explain NSX IDS/IPS and its use cases
Configure NSX IDS/IPS
Deploy NSX Application Platform
Identify the components and architecture of NSX Malware Prevention
Configure NSX Malware Prevention for east-west and north-south traffic
Describe the use cases and architecture of VMware NSX® Intelligence™
Identify the components and architecture of VMware NSX® Network Detection and Response™
Use NSX Network Detection and Response to analyze network traffic events.

NSX Services

Explain and configure Network Address Translation (NAT)
Explain and configure DNS and DHCP services
Describe VMware NSX® Advanced Load Balancer™ architecture, components, topologies, and use cases.
Configure NSX Advanced Load Balancer
Discuss the IPSec VPN and L2 VPN function and use cases
Configure IPSec VPN and L2 VPN using the NSX UI

NSX User and Role Management

Describe the function and benefits of VMware Identity Manager™ in NSX
Integrate VMware Identity Manager with NSX
Integrate LDAP with NSX
Identify the various types of users, authentication policies, and permissions
Use role-based access control to restrict user access
Explain object-based access control in NSX

NSX Federation

Introduce the NSX Federation key concepts, terminology, and use cases.
Explain the onboarding process of NSX Federation
Describe the NSX Federation switching and routing functions.
Describe the NSX Federation security concepts.

Overview

This five-day, fast-paced course provides comprehensive training on how to install, configure, and manage a VMware NSX-T™ Data Center environment. This course covers key NSX-T Data Center features and functionality offered in the NSX-T Data Center 3.2 release, including the overall infrastructure, logical switching, logical routing, networking and security services, firewalls and advanced threat prevention, and more.

Product Alignment

VMware NSX-T Data Center 3.2

Objectives

By the end of the course, you should be able to meet the following objectives:
Describe the architecture and main components of NSX-T Data Center
Explain the features and benefits of NSX-T Data Center
Deploy the NSX Management cluster and VMware NSX® Edge™ nodes
Prepare VMware ESXi™ and KVM hosts to participate in NSX-T Data Center networking
Create and configure segments for layer 2 forwarding
Create and configure Tier-0 and Tier-1 gateways for logical routing
Use distributed and gateway firewall policies to filter east-west and north-south traffic in NSX-T Data Center
Configure Advanced Threat Prevention features
Configure network services on NSX Edge nodes
Use VMware Identity Manager and LDAP to manage users and access
Explain the use cases, importance, and architecture of Federation

Intended Audience

Experienced security administrators or network administrators

Prerequisites

Good understanding of TCP/IP services and protocols
Knowledge and working experience of computer networking, including switching and routing technologies (L2-L3) and L2-L7 firewall
Knowledge and working experience with VMware vSphere® environments
Knowledge and working experience with Kubernetes or vSphere with VMware Tanzu™ environments

Solid understanding of concepts presented in the following courses:

VMware Virtual Cloud Network: Core Technical Skills
VMware Data Center Virtualization: Core Technical Skills
Kubernetes Fundamentals

Outline

1 Course Introduction

Introductions and course logistics
Course objectives

2 VMware Virtual Cloud Network and NSX-T Data Center

Introduce the VMware Virtual Cloud Network vision
Discuss NSX-T Data Center solutions, use cases, and benefits
Explain NSX-T Data Center architecture and components
Describe the VMware NSXTM product portfolio and features
Explain the management, control, data, and consumption planes and function

3 Preparing the NSX-T Data Center Infrastructure

Describe NSX Management Cluster
Deploy VMware NSXTM ManagerTM nodes on VMware ESXi and KVM hypervisors
Navigate through the NSX Manager UI
Explain data-plane components such as
N-VDS/VDS, transport nodes, transport zones, profiles, and more
Perform transport node preparation and establish the data center infrastructure
Verify transport node status and connectivity

4 NSX-T Data Center Logical Switching

Introduce key components and terminology in logical switching
Describe the function and types of L2 segments
Explain tunneling and the GENEVE encapsulation
Configure logical segments and attach hosts using NSX Manager UI
Describe the function and types of segment profiles
Create segment profiles and apply them to segments and ports
Explain the function of MAC, ARP, and TEP tables used in packet forwarding
Demonstrate L2 unicast packet flow
Explain ARP suppression and BUM traffic handling

5 NSX-T Data Center Logical Routing

Describe the logical routing function and use cases
Introduce the two-tier routing architecture, topologies, and components
Explain the Tier-0 and Tier-1 Gateway functions
Describe the logical router components: Service Router and Distributed Router
Discuss the architecture and function of NSX Edge nodes
Discuss deployment options of NSX Edge nodes
Configure NSX Edge nodes and create NSX Edge clusters
Configure Tier-0 and Tier-1 Gateways
Examine the single-tier and multitier packet flow
Configure static routing and dynamic routing, including BGP and OSPF
Enable ECMP on Tier-0 Gateway
Describe NSX Edge HA, failure detection, and failback modes
Configure VRF Lite

6 NSX-T Data Center Bridging

Describe the function of logical bridging
Discuss the logical bridging use cases
Compare routing and bridging solutions
Explain the components of logical bridging
Create bridge clusters and bridge profiles

7 NSX-T Data Center Firewalls

Describe NSX segmentation
Identify the steps to enforce Zero-Trust with NSX segmentation
Describe the Distributed Firewall architecture, components, and function
Configure Distributed Firewall sections and rules
Configure the Distributed Firewall on VDS
Describe the Gateway Firewall architecture, components, and function
Configure Gateway Firewall sections and rules

8 NSX-T Data Center Advanced Threat Prevention

Explain NSX IDS/IPS and its use cases
Configure NSX IDS/IPS
Deploy the NSX Application Platform
Identify the components and architecture of NSX Malware Prevention
Configure NSX Malware Prevention for east-west and north-south traffic
Describe the use cases and architecture of NSX Intelligence
Identify the components and architecture of VMware NSX® Network Detection and Response™
Use NSX Network Detection and Response to analyze network traffic events.

9 NSX-T Data Center Services

Describe NSX-T Data Center services
Explain and configure Network Address Translation (NAT)
Explain and configure DNS and DHCP services
Describe VMware NSX® Advanced Load Balancer™ architecture, components, topologies, and use cases.
Configure NSX Advanced Load Balancer
Discuss the IPSec VPN and L2 VPN function and use cases
Configure IPSec VPN and L2 VPN using the NSX Manager UI

10 NSX-T Data Center User and Role Management

Describe the function and benefits of VMware Identity Manager™ in NSX-T Data Center
Integrate VMware Identity Manager with NSX-T Data Center
Integrate LDAP with NSX-T Data Center
Identify the various types of users, authentication policies, and permissions
Use role-based access control to restrict user access

11 NSX-T Data Center Federation

Introduce the NSX-T Data Center Federation key concepts, terminology, and use-cases.
Explain the onboarding process of NSX-T Data Center Federation
Describe the NSX-T Data Center Federation switching and routing functions.
Describe the NSX-T Data Center Federation security concepts.

Overview

This five-day, hands-on training course provides the advanced knowledge, skills, and tools to achieve competency in operating and troubleshooting the VMware NSX infrastructure. This course introduces you to workflows of various networking and security constructs along with several operational and troubleshooting tools that help you manage and troubleshoot your VMware NSX environment.

In addition, various types of technical problems are presented to you, which you will identify, analyze, and solve through a systematic process.

Product Alignment

NSX 4.0.0.1
NSX 4.0.1

Objectives

By the end of the course, you should be able to meet the following objectives:
Use the native tools available in NSX to identify and troubleshoot the problems.
Use VMware Aria Operations for Logs and VMware Aria Operations for Networks to identify and troubleshoot problems related to the NSX environment
Explain the NSX infrastructure components and the communications between them
Identify, analyze, and troubleshoot problems related to the management, control, and data planes in NSX
Identify, analyze, and troubleshoot problems related to infrastructure preparation and VMware NSX Edge deployments
Identify, analyze, and troubleshoot problems related to logical switching and logical routing
Identify, analyze, and troubleshoot network security problems related to the Distributed firewalls, Gateway firewalls, and Distributed IDS/IPS.
Identify, analyze, and troubleshoot problems related to VPN and VMware NSX Advanced Load Balancer
Identify the components and packet flows involved in the NSX datapath and troubleshoot related problems

Prerequisites

Before taking this course, you must complete the following course:
VMware NSX: Install, Configure, Manage [V4.0]
You should also have understanding or knowledge of these technologies:
Good understanding of TCP/IP services and protocols
Knowledge and working experience of computer networking and security, including:
Switching and routing technologies (L2 andL3)
Network and application delivery services (L4 through L7)
Firewalling (L4 through L7)
VMware vSphere environments
The VMware Certified Professional – Network Virtualization certification is recommended.

Audience

Experienced system administrators and network administrators
Network and security professionals who work with enterprise networks

Outline

1 Course Introduction

Introduction and course logistics
Course objectives

2 NSX Operations and Tools

Explain and validate the native troubleshooting tools for NSX
Configure syslog, IPFIX, and log collections for the NSX environment
Integrate NSX with VMware Aria Operations for Logs and VMware Aria Operations for Networks
Validate and review the API methods available to configure the NSX environment

3 Troubleshooting the NSX Management Cluster

Describe the NSX Management cluster architecture, components, and communication channels
Identify the workflows involved in configuring the NSX Management cluster
Validate and troubleshoot the NSX Management cluster formation

4 Troubleshooting Infrastructure Preparation

Describe the data plane architecture, components, and communication channels
Explain and troubleshoot VMware ESXi transport node preparation issues
Explain and troubleshoot NSX Edge deployment issues

5 Troubleshooting Logical Switching

Describe the architecture of logical switching
List the modules and processes involved in configuring logical switching
Explain the importance of VDS in transport nodes
Review the architecture and workflows involved in attaching workloads to segments
Identify and troubleshoot common logical switching issues

6 Troubleshooting Logical Routing

Review the architecture of logical routing
Explain the workflows involved in the configuration of Tier-0 and Tier-1 gateways
Explain the high availability modes and validate logical router placements
Identify and troubleshoot common logical routing issues using both BGP and OSPF

7 Troubleshooting Security

Review the architecture of the Distributed Firewall
Explain the workflows involved in configuring the Distributed Firewall
Review the architecture of the Gateway Firewall
Explain the workflows involved in configuring the Gateway Firewall
Identify and troubleshoot common Distributed firewall and Gateway Firewall issues
Review the architecture and workflows involved in configuring Distributed IDS/IPS
Identify and troubleshoot common Distributed IDS/IPS problems.

8 Troubleshooting the NSX Advanced Load Balancer and VPN Services

Review the NSX Advanced Load Balancer architecture and components
Identify and troubleshoot common NSX Advanced Load Balancer issues
Review the IPsec and L2 VPN architecture and components
Identify and troubleshoot common IPsec and L2 VPN issues

9 Datapath Walkthrough

Verify and validate the path of the packet on the NSX datapath
Identify and perform packet captures at various points in the datapath
Use NSX CLI and native hypervisor commands to retrieve configurations involved in the NSX datapath

Course Overview

This five-day course provides comprehensive training on considerations and practices to design a VMware NSX® environment as part of a software-defined data center strategy. This course prepares the student with the skills to lead the design of an NSX environment, including design principles, processes, and frameworks. The student gains a deeper understanding of the NSX architecture and how it can be used to create solutions to address the customer’s business needs.

Product Alignment

VMware NSX 4.1.0

Who should attend

Network and security architects and consultants who design the enterprise and data center networks and NSX environments

Prerequisites

Before taking this course, you must complete the following course:

VMware NSX: Install, Configure, Manage [V4.0] (NSXICM4)
You should also have understanding or knowledge of these technologies:

Good understanding of TCP/IP services and protocols
Knowledge and working experience of computer networking and security, including:
Switching and routing technologies (L2 and L3)
Network and application delivery services (L4 through L7)
Firewalling (L4 through L7)
vSphere environments
The VMware Certified Professional – Network Virtualization certification is recommended.

Course Objectives

By the end of the course, you should be able to meet the following objectives:

Describe and apply a design framework
Apply a design process for gathering requirements, constraints, assumptions, and risks
Design a VMware vSphere® virtual data center to support NSX requirements
Create a VMware NSX® Manager™ cluster design
Create a VMware NSX® Edge™ cluster design to support traffic and service requirements in NSX
Design logical switching and routing
Recognize NSX security best practices
Design logical network services
Design a physical network to support network virtualization in a software-defined data center
Create a design to support the NSX infrastructure across multiple sites
Describe the factors that drive performance in NSX

Course Outline

Course Introduction

Introduction and course logistics
Course objectives

NSX Design Concepts

Identify design terms
Describe framework and project methodology
Describe the role of VMware Cloud Foundation™ in NSX design
Identify customers’ requirements, assumptions, constraints, and risks
Explain the conceptual design
Explain the logical design
Explain the physical design

NSX Architecture and Components

Recognize the main elements in the NSX architecture
Describe the NSX management cluster and the management plane
Identify the functions and components of management, control, and data planes
Describe the NSX Manager sizing options
Recognize the justification and implication of NSX Manager cluster design decisions
Identify the NSX management cluster design options

NSX Edge Design

Explain the leading practices for edge design
Describe the NSX Edge VM reference designs
Describe the bare-metal NSX Edge reference designs
Explain the leading practices for edge cluster design
Explain the effect of stateful services placement
Explain the growth patterns for edge clusters
Identify design considerations when using L2 bridging services

NSX Logical Switching Design

Describe concepts and terminology in logical switching
Identify segment and transport zone design considerations
Identify virtual switch design considerations
Identify uplink profile and transport node profile design considerations
Identify Geneve tunneling design considerations
Identify BUM replication mode design considerations

NSX Logical Routing Design

Explain the function and features of logical routing
Describe the NSX single-tier and multitier routing architectures
Identify guidelines when selecting a routing topology
Describe the BGP and OSPF routing protocol configuration options
Explain gateway high availability modes of operation and failure detection mechanisms
Identify how multitier architectures provide control over stateful service location
Identify EVPN requirements and design considerations
Identify VRF Lite requirements and considerations
Identify the typical NSX scalable architectures

NSX Security Design

Identify different security features available in NSX
Describe the advantages of an NSX Distributed Firewall
Describe the use of NSX Gateway Firewall as a perimeter firewall and as an intertenant firewall
Determine a security policy methodology
Recognize the NSX security best practices

NSX Network Services

Identify the stateful services available in different edge cluster high availability modes
Describe failover detection mechanisms
Compare NSX NAT solutions
Explain how to select DHCP and DNS services
Compare policy-based and route-based IPSec VPN
Describe an L2 VPN topology that can be used to interconnect data centers
Explain the design considerations for integrating VMware NSX® Advanced Load Balancer™ with NSX

Physical Infrastructure Design

Identify the components of a switch fabric design
Assess Layer 2 and Layer 3 switch fabric design implications
Review guidelines when designing top-of-rack switches
Review options for connecting transport hosts to the switch fabric
Describe typical designs for VMware ESXi™ compute hypervisors with two pNICs
Describe typical designs for ESXi compute hypervisors with four or more pNICs
Differentiate dedicated and collapsed cluster approaches to SDDC design

NSX Multilocation Design

Explain scale considerations in an NSX multisite design
Describe the main components of the NSX Federation architecture
Describe the stretched networking capability in Federation
Describe stretched security use cases in Federation
Compare the Federation disaster recovery designs

NSX Optimization and DPU-Based Acceleration

Describe Geneve Offload
Describe the benefits of Receive Side Scaling and Geneve Rx Filters
Explain the benefits of SSL Offload
Describe the effect of Multi-TEP, MTU size, and NIC speed on throughput
Explain the available enhanced datapath modes and use cases
List the key performance factors for compute nodes and NSX Edge nodes
Describe DPU-Based Acceleration
Define the NSX features supported by DPUs
Describe the hardware and networking configurations supported with DPUs

Course Overview

This five-day, hands-on training course provides you with the knowledge, skills, and tools to achieve competency in configuring, operating, and troubleshooting VMware NSX® for intrinsic security. This course introduces all the security features in NSX, including Distributed Firewall and Gateway Firewall, Intrusion Detection and Prevention (IDS/IPS), NSX Application Platform, NSX Malware Prevention, VMware NSX® Intelligence™, and VMware NSX® NDR™. In addition, this course presents common configuration issues and gives a methodology to resolve them.

This course is also available in an On Demand format. For more information, select this link: VMware NSX for Intrinsic Security [V4.x] — On Demand.

Product Alignment

VMware NSX 4.1.0

Course Objectives

By the end of the course, you should be able to meet the following objectives:
Define the concepts related to information security
Explain the different types of firewalls and their use cases
Describe the operation of intrusion detection and intrusion prevention systems
Differentiate between Malware Prevention approaches
Describe the VMware intrinsic security portfolio
Use NSX segmentation to implement Zero-Trust Security
Configure user and role management
Configure and troubleshoot Distributed Firewall, Identity Firewall, and time-based policies
Configure and troubleshoot Gateway Security
Use VMware Aria Operations™ for Logs and VMware Aria Operations™ for Networks to operate NSX firewalls
Explain the security best practices related to grouping, tagging, and rule configuration
Describe north-south and east-west service insertion
Describe endpoint protection
Configure and troubleshoot IDS/IPS
Deploy NSX Application Platform
Configure and troubleshoot NSX Malware Prevention
Describe the capabilities of NSX Intelligence and NSX NDR

Course Content

Course Introduction
Security Basics
VMware Intrinsic Security
Implementing Zero-Trust Security
User and Role Management
Distributed Firewall
Gateway Security
Operating Internal Firewalls
Network Introspection
Endpoint Protection
Intrusion Detection and Prevention
NSX Application Platform
NSX Malware Prevention
NSX Intelligence and NSX NDR

Who should attend

Experienced security administrators

Prerequisites

You should also have the following understanding or knowledge:
Good understanding of TCP/IP services and protocols
Knowledge and working experience of network security, including:
L2 through L7 firewalling
Intrusion detection and prevention systems
Malware prevention systems
Knowledge of and working experience with VMware vSphere® environments
The VMware Certified Technical Associate — Network Virtualization is recommended.

Course Outline

Course Introduction

Introduction and course logistics
Course objectives

Security Basics

Define the concepts related to information security
Explain the different types of firewalls and their use cases
Describe the operation of IDS/IPS
Differentiate between Malware Prevention approaches

VMware Intrinsic Security

Define the VMware intrinsic security strategy
Describe the VMware intrinsic security portfolio
Explain how NSX aligns with the intrinsic security strategy

Implementing Zero-Trust Security

Define Zero-Trust Security
Describe the five pillars of a Zero-Trust architecture
Define NSX segmentation and its use cases
Describe the steps needed to enforce Zero-Trust with NSX segmentation

User and Role Management

Integrate NSX and VMware Identity Manager™
Integrate NSX and LDAP
Describe the native users and roles in NSX
Create and assign custom user roles
Explain object-based RBAC in a multitenancy environment

Distributed Firewall

Configure Distributed Firewall rules and policies
Describe the NSX Distributed Firewall architecture
Troubleshoot common problems related to NSX Distributed Firewall
Configure time-based policies
Configure Identity Firewall rules
Configure the distributed firewall to block malicious IPs
Gateway Security

Configure Gateway Firewall rules and policies
Describe the architecture of the Gateway Firewall
Identify and troubleshoot common Gateway Firewall issues
Configure TLS Inspection to decrypt traffic for both internal and external services
Configure URL filtering and identify common configuration issue

Operating Internal Firewalls

Use VMware Aria Operations for Logs and VMware Aria Operations for Networks to operate NSX firewalls
Explain security best practices related to grouping, tagging, and rule configuration

Network Introspection

Explain network introspection
Describe the architecture and workflows of north-south and east-west service insertion
Troubleshoot north-south and east-west service insertion

Endpoint Protection

Explain endpoint protection
Describe the architecture and workflows of endpoint protection
Troubleshoot endpoint protection

Intrusion Detection and Prevention

Describe the MITRE ATT&CK framework
Explain the different phases of a cyber attack
Describe how NSX security solutions can be used to protect against cyber attacks
Configure and troubleshoot Distributed IDS/IPS
Configure and troubleshoot North-South IDS/IPS

NSX Application Platform

Describe NSX Application Platform and its use cases
Identify the topologies supported for the deployment of NSX Application Platform
Deploy NSX Application Platform
Explain the NSX Application Platform architecture and services
Validate the NSX Application Platform deployment and troubleshoot common issues

NSX Malware Prevention

Identify use cases for NSX Malware Prevention
Identify the components in the NSX Malware Prevention architecture
Describe the NSX Malware Prevention packet flows for known and unknown files
Configure NSX Malware Prevention for east-west and north-south traffic

NSX Intelligence and NSX NDR

Describe NSX Intelligence and its use cases
Explain NSX Intelligence visualization, recommendation, and network traffic analysis capabilities
Describe NSX NDR and its use cases
Explain the architecture of NSX NDR in NSX
Describe the visualization capabilities of NSX NDR