VCF 5.2 Admin Exam

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson
Download our mobile app to listen on the go
Get App

Questions and Answers

How does applying a segment profile to a segment affect the ports within that segment?

  • The profile is not applied to any of the segment's ports unless explicitly specified.
  • The profile is applied to only the first port of the segment.
  • The profile is applied to all ports of the segment, and cannot be overwritten at the port level.
  • The profile is applied to all ports of the segment, but can be explicitly overwritten at the port level. (correct)

Which of the following is NOT a supported segment profile in NSX?

  • Firewall Hardening (correct)
  • Port Mirroring
  • IP Discovery
  • QoS (Quality of Service)

In VMware Cloud Foundation, when is the NSX Manager three-node cluster deployed?

  • During the initial deployment of vCenter.
  • As a manual step after the VI workload domain is created.
  • When the first virtual machine is created in the VI workload domain.
  • When the first VI workload domain that is supported by NSX is created. (correct)

What role do NSX Edge nodes typically play in a multi-tenant cloud environment regarding tenant boundaries?

<p>They create virtual boundaries for each tenant ensuring isolation. (A)</p> Signup and view all the answers

After NSX Manager adds a VI workload domain vCenter instance as a compute manager, what network infrastructure components are created?

<p>VLAN and overlay transport zones are created to which all host transport nodes are added. (D)</p> Signup and view all the answers

Which of the following is NOT a type of object to which VM storage policies can be applied, according to the content?

<p>Physical server hardware profiles (A)</p> Signup and view all the answers

In a four-node vSAN cluster, what is a primary consideration when choosing between RAID 1 (Mirroring) and RAID 5 (Erasure Coding) for an object?

<p>RAID 1 requires less temporary disk space during policy changes compared to RAID 5. (B)</p> Signup and view all the answers

What is the default Reactive Rebalance threshold in vSAN?

<p>80 percent (D)</p> Signup and view all the answers

In the context of a four-node vSAN cluster running both NSX Manager (RAID 5) and SDDC Manager (RAID 1), what is a likely outcome if a second host failure occurs during an extended maintenance period on the first host?

<p>SDDC Manager remains operational, but NSX Manager becomes unavailable and potentially inoperable. (A)</p> Signup and view all the answers

Why might adding a fifth host to a four-node vSAN cluster be recommended when using RAID 5?

<p>To ensure redundancy levels are maintained even if a host fails. (B)</p> Signup and view all the answers

Why is it important to consider FTT (Failures To Tolerate) = 2 for production workloads when planning vSphere host maintenance?

<p>Because maintenance mode counts as a failure, and FTT=2 provides sufficient redundancy. (C)</p> Signup and view all the answers

How does deduplication differ from compression in the context of vSAN?

<p>Deduplication removes redundant data across multiple data blocks, while compression removes redundant data within each data block. (B)</p> Signup and view all the answers

What considerations should be taken into account when planning for vSphere host maintenance mode in a vSAN environment?

<p>Ensuring accessibility and full data migration. (A)</p> Signup and view all the answers

What best describes NVMe in the context of vSAN?

<p>A high-performance storage protocol optimized for NUMA architectures. (C)</p> Signup and view all the answers

Which infrastructure services are critical for VMware Cloud Foundation to function correctly?

<p>Directory Services, DNS, NTP, DHCP, Certificate Authority, and BGP peers (B)</p> Signup and view all the answers

Which of the following statements regarding component rebuilds in vSAN is most accurate?

<p>vSAN might not be able to rebuild a component if a host is in maintenance mode, depending on the protection policy and available resources. (D)</p> Signup and view all the answers

Why is NTP critical for VMware Cloud Foundation?

<p>For ensuring accurate time synchronization, which is essential for authentication and troubleshooting purposes (B)</p> Signup and view all the answers

What is the primary reason for recommending at least two domain controllers in a VMware Cloud Foundation environment?

<p>To ensure high availability of directory services. (B)</p> Signup and view all the answers

Which of the following maintenance mode options offers the LEAST amount of data accessibility?

<p>No Data Migration (B)</p> Signup and view all the answers

In the context of vSAN, what does enabling 'vSAN Reserved Capacity' primarily help with?

<p>Facilitating vSAN cluster maintenance. (A)</p> Signup and view all the answers

Why is highly available DNS critical for VMware Cloud Foundation?

<p>Because VMware Cloud Foundation software components cannot communicate without proper name resolution. (B)</p> Signup and view all the answers

Which of the following tasks can be automated using vSphere Lifecycle Manager?

<p>All of the above. (D)</p> Signup and view all the answers

What is the smallest unit used by vSphere Lifecycle Manager to install VMware and third-party software on ESXi hosts?

<p>Component (A)</p> Signup and view all the answers

Who creates and releases ESXi base images?

<p>VMware by Broadcom (B)</p> Signup and view all the answers

Which element is mandatory when creating a vSphere Lifecycle Manager image?

<p>ESXi base image (A)</p> Signup and view all the answers

What is the primary purpose of vendor add-ons in vSphere Lifecycle Manager?

<p>To offer custom OEM images tailored for specific server families. (B)</p> Signup and view all the answers

Before adding a firmware or driver add-on to your image, what prerequisite must be met?

<p>Installing the Hardware Support Manager plug-in for the respective server family. (D)</p> Signup and view all the answers

Which of the following BEST describes what a component provides upon installation in vSphere Lifecycle Manager?

<p>A visible, usable feature such as a third-party network driver. (D)</p> Signup and view all the answers

What is the role of the NSX upgrade coordinator in VMware Cloud Foundation LCM?

<p>To ensure that NSX components are upgraded in the correct order. (D)</p> Signup and view all the answers

What is the primary purpose of configuring route maps on the backup availability zone's BGP neighbor paths?

<p>To ensure the backup routes are less preferred under normal operating conditions. (D)</p> Signup and view all the answers

In the context of network routing, what do IP Prefix Lists primarily define?

<p>Ranges of IP addresses that are advertised to other routers. (D)</p> Signup and view all the answers

What role do Route Maps play in influencing network traffic flow?

<p>They serve as sets of rules that use IP prefix lists to determine preferred or less preferred routes. (A)</p> Signup and view all the answers

What is the significance of setting up BGP Neighbors in the context of ensuring network resilience?

<p>It allows routers to share routing information, facilitating failover to backup routes. (A)</p> Signup and view all the answers

How do route maps use IP prefix lists to determine the best routes?

<p>By setting preferences for routes that match the IP ranges specified in the lists. (D)</p> Signup and view all the answers

In a scenario where the primary router fails, what mechanism allows network traffic to switch smoothly to the backup route?

<p>Automatic failover based on pre-configured route preferences and BGP neighbor relationships. (B)</p> Signup and view all the answers

What is the relationship between IP Prefix Lists and Route Maps?

<p>IP Prefix Lists define the IP ranges, and Route Maps use these lists to make routing decisions. (C)</p> Signup and view all the answers

Why is it important to configure route maps to make the backup availability zone's BGP neighbor paths less preferred under normal conditions?

<p>To ensure that the primary route is always used when available, reserving the backup for actual failures. (B)</p> Signup and view all the answers

What is a key consideration when determining the number of clusters that will utilize a network pool?

<p>All hosts within a cluster must use the same network pool, consuming one IP address per configured subnet. (A)</p> Signup and view all the answers

Which of the following actions is permitted when adjusting an existing network pool?

<p>Adding additional included IP address ranges. (B)</p> Signup and view all the answers

Why is it important to carefully plan network pools and reserve only the necessary IP address ranges?

<p>After an IP address range is included in a network pool, those addresses are locked to that pool. (C)</p> Signup and view all the answers

What is the primary function of an overlay transport zone?

<p>To serve as the internal tunnel for Geneve-encapsulated traffic between ESXi hosts and NSX Edge transport nodes. (D)</p> Signup and view all the answers

What is the typical use case for VLAN transport zones in NSX deployments?

<p>Northbound connectivity from NSX Edge nodes to top-of-rack switches. (A)</p> Signup and view all the answers

Which statement accurately describes the relationship between transport nodes, transport zones, and NSX virtual switches?

<p>A transport node can have multiple NSX virtual switches if it has sufficient pNICs, but a transport zone can only be attached to a single NSX virtual switch on that node. (C)</p> Signup and view all the answers

What restriction applies to the attachment of NSX virtual switches to overlay transport zones?

<p>An NSX virtual switch can only attach to a single overlay transport zone. (C)</p> Signup and view all the answers

In a Layer 2 transport switch fabric design, what role do top-of-rack (ToR) switches and upstream Layer 3 devices play?

<p>They form a switched fabric for the network. (D)</p> Signup and view all the answers

Flashcards

Segment Ports

Entities (routers, VMs, containers) connect to a segment.

Segment Profiles

Layer 2 networking config for logical switches/ports; applied at port or segment level.

NSX Edge Nodes

Appliances hosting distributed routing/services with HA using active-active or active-standby models.

NSX Edge Use Cases

Creates virtual boundaries for each tenant, deployed in DMZs and multi-tenant environments.

Signup and view all the flashcards

NSX Transport Zones

VLAN and overlay networks created to attach all transport nodes to a central network.

Signup and view all the flashcards

Network Pool

A group of IP addresses reserved for use by a cluster.

Signup and view all the flashcards

Transport Zone

Defines the scope of a logical network over the physical infrastructure.

Signup and view all the flashcards

Overlay Transport Zone

The internal tunnel between ESXi hosts and NSX Edge nodes.

Signup and view all the flashcards

VLAN Transport Zone

Used at NSX Edge uplinks for external connectivity.

Signup and view all the flashcards

Transport Node Virtual Switches

Can have multiple NSX virtual switches if the transport node has more than two pNICs.

Signup and view all the flashcards

Transport Zone per vSwitch

Can only be attached to a single NSX virtual switch on a given transport node.

Signup and view all the flashcards

Transport Zone Function

Determines which hosts can participate in a network.

Signup and view all the flashcards

VCF Overlay Transport Zone

VMware Cloud Foundation supports one overlay transport zone per NSX instance.

Signup and view all the flashcards

Network Infrastructure Check

Verifying network performance and configuration including throughput, VLANs, and jumbo frames.

Signup and view all the flashcards

Network I/O Control

Technology used to manage the network traffic for virtual machines, ensuring efficient bandwidth allocation

Signup and view all the flashcards

VCF Default Configurations

Default settings may need adjustments to suit specific needs.

Signup and view all the flashcards

vSAN CPU/Memory Overhead

Consider the CPU and memory consumed by vSAN itself.

Signup and view all the flashcards

vSAN Failure Domains

Structures that define how failures are handled within the vSAN cluster.

Signup and view all the flashcards

Reactive Rebalance Threshold

Threshold at which vSAN starts rebalancing data across the cluster.

Signup and view all the flashcards

Essential Infrastructure Services

Critical services for VMware Cloud Foundation to function correctly.

Signup and view all the flashcards

NTP Importance

Critical for accurate timekeeping and authentication.

Signup and view all the flashcards

SPBM (Storage Policy-Based Management)

Method to protect vSAN data by strategically placing data objects across the datastore.

Signup and view all the flashcards

Objects Affected by VM Storage Policies

VM namespaces, VMDK objects, swap objects, snapshots, memory objects, performance data, file system services.

Signup and view all the flashcards

RAID 5 Component Distribution in Four-Node Clusters

An object is split into four components across all four hosts.

Signup and view all the flashcards

RAID 1 (Mirroring) Advantage in Four-Node Clusters

Has more rebuild flexibility than RAID 5 in a four-node setup.

Signup and view all the flashcards

RAID 5 Space Requirement During Conversion

Requires extra temporary space when changing from RAID 1, due to it's method of erasure coding.

Signup and view all the flashcards

Benefit of a Fifth Host in a Four-Node Cluster

To ensure continued redundancy if a host fails.

Signup and view all the flashcards

Impact of Host Failure on NSX Manager (RAID 5) and SDDC Manager (RAID 1)

NSX Manager might become unavailable. SDDC Manager keeps running.

Signup and view all the flashcards

NVMe (Non-Volatile Memory Express)

High-performance, NUMA optimized storage protocol connecting host to memory.

Signup and view all the flashcards

IP Prefix Lists

Lists that specify ranges of IP addresses to share with other routers.

Signup and view all the flashcards

Route Maps

Sets of rules that use IP prefix lists to determine preferred routes.

Signup and view all the flashcards

BGP Neighbors

Other routers with which we exchange routing information (BGP).

Signup and view all the flashcards

Traffic Preference Control

Ensuring traffic smoothly switches to a backup route if the main route fails.

Signup and view all the flashcards

The Goal

To maintain continuous operation even if the primary router fails.

Signup and view all the flashcards

Primary Router Failover

Making sure the backup location can take over seamlessly if the primary fails.

Signup and view all the flashcards

Route Maps in AZ2

Used to make routes in the secondary AZ less preferred for inbound/outbound traffic.

Signup and view all the flashcards

IP Address Ranges

Ranges of IP addresses that we want to advertise to other routers.

Signup and view all the flashcards

vSphere Lifecycle Manager

Automates tasks like managing VMware Tools, VM hardware upgrades, ESXi patching, and third-party software installation.

Signup and view all the flashcards

ESXi Base Image

A complete ESXi installation package providing software fixes and enhancements.

Signup and view all the flashcards

Component (in vSphere)

A logical grouping of one or more VIBs that encapsulates functionality in ESXi.

Signup and view all the flashcards

Vendor Add-ons

Custom OEM images with components tailored for a specific family of servers.

Signup and view all the flashcards

Firmware and Driver Add-ons

Bundles containing firmware and driver updates for specific server types.

Signup and view all the flashcards

Component Function

Used by vSphere Lifecycle Manager to install VMware and third-party software on ESXi hosts. Basic packaging for VIBs and metadata.

Signup and view all the flashcards

Firmware/Driver Add-on Requirement

You must first install the Hardware Support Manager plug-in to add this type of add-on to your image.

Signup and view all the flashcards

NSX Upgrade Coordinator

Ensures NSX components are upgraded in the correct order in VMware Cloud Foundation domains.

Signup and view all the flashcards

Study Notes

  • SDDC Manager is essential for configuration changes, software updates, adding/removing hosts from workload domain clusters and ensuring accurate inventory within VMware Cloud Foundation (VCF).

Key SDDC Manager Services

  • UI: HTML5-based interface consistent with VMware UIs
  • Lifecycle Manager: Monitors/updates software, ensures product compatibility, automates upgrades, updates inventory
  • Domain Manager: Orchestrates workload domain creation, deletion, and scaling
  • SoS Utility: Performs health checks and collects logs via command line or API
  • Network Pools: Provides IP address pools for deployed resources like ESXi hosts
  • Inventory: Maintains a database of managed entities

User Management

  • Roles include admin, operator, and view-only.
  • Actions within SDDC Manager involve changing passwords, deploying NSX Edge, adding/removing hosts, and creating vSphere clusters.
  • Actions outside SDDC Manager involve changing Active Directory permissions, adding resource pools/port groups, and applying vSphere license keys.
  • vSphere admin actions can have serious ramifications on VCF, requiring a deep understanding to avoid issues like inaccessible clusters. Contact Broadcom support before attempting to fix such issues.

Password Management

  • SDDC Manager uses the "admin" account for internal API calls, so the password should be changed periodically.
  • Password resets for local accounts in SDDC Manager differ from changing the API "admin" account password.

Changing "root" and "vcf" Passwords

  • Access SDDC Manager via SSH as the "vcf" user.
  • Use the su command to switch to the “root” account.
  • Then, use the passwd command.

Changing API "admin" Password

  • Access SDDC Manager via SSH as the "vcf" user, switch to “root”, and run: /opt/vmware/vcf/commonsvcs/scripts/auth/set-basicauth-password.sh admin <password>
  • Ensure proper escaping of special characters is applied.

NSX Overview

  • Segments, or logical switches, provide switching functionality in NSX, similar to VLANs, with VNIs scaling beyond VLAN limits.
  • Segments contain segment ports where entities like VMs connect.
  • Segment profiles configure logical switches and ports, with NSX Manager providing default profiles.
  • Profiles applied at the segment level apply to all ports unless overwritten at the port level and multiple profiles are supported, including QoS and port mirroring.
  • NSX Edge nodes are appliances providing distributed routing and other services.
  • NSX Edge offers high availability through active-active and active-standby models.
  • VMware Cloud Foundation automates NSX Edge deployment in DMZs and multi-tenant environments.

NSX with VI Workload Domain Creation

  • A three-node NSX Manager cluster deploys in the management domain when the first VI workload domain supported by NSX is created.
  • The cluster can be shared or dedicated to single/multiple VI workload domains.
  • NSX Manager adds VI workload domain vCenter instances as a compute manager, and creates VLAN and overlay transport zones for host transport nodes.
  • NSX Manager creates and applies an uplink profile to transport nodes.
  • An uplink profile defines how Edges and transport nodes connect to VLAN/Overlay networks and specifies the NICs used
  • Workload domain traffic separation allows separation of VMkernel traffic types.
  • Separation can include management, storage, vSphere vMotion, and overlay traffic.

Multi-NIC Host Use Cases

  • Use-cases involve adhering to legacy practices and traffic segregation for security/bandwidth limitations.
  • VCF replaces the practice of multi-NIC by using consolidated VDS (NSX) with VLANs and GENEVE/ TEPs.
  • Physical segregation environments can map management/storage/VM traffic to a logical switch connected to dedicated physical NICs.

Importing vSphere Infrastructure

  • Two scenarios exist for importing vSphere infrastructure, depending on SDDC Manager deployment status.
  • Scenario 1 involves deploying SDDC Manager into a vSphere cluster and using an import script to convert it into a management domain.
  • Scenario 2 involves using an import script to import vSphere clusters as VI workload domains into an existing SDDC Manager deployment.

NSX Edge Networking

  • VMware Cloud Foundation automates NSX Edge cluster deployment/configuration:
  • Deployment of NSX Edge VMs with initial Tier-0 and Tier-1 gateways.
  • Configuration of NSX Edge uplink profiles and segments.
  • Enabling BGP when used.
  • Scaling of existing NSX Edge clusters.
  • NSX Edge clusters are associated with workload domains, sharing North-South routing and networking throughout the entire Workload Domain and other workload Domains that use the same NSX Manager cluster.

Edge Cluster Prerequisites

  • Separate VLANs and subnets must be available.
  • Host TEP VLAN and Edge TEP VLAN need routing.
  • Reserve an ASN.
  • Set two BGP peers on TORs or infra ESG.
  • Populate DNS entries for NSX Edge.
  • Have L2 Uniform vSphere clusters to host Edge clusters, with identical networking.
  • Use identical PNIC speed and same NSX enabled VDS uplinks for the hosting vSphere cluster.

Edge Cluster Profile Options

  • Select the default configuration unless BFD is required for BGP peering..
  • BGP peering is used to enhance network reliability.
  • BGP is required for dynamic route advertisement that requires a physical switch configuration.

Routing Options

  • Select between BGP, which distributes routes automatically, or Static, where routes are configured manually.
  • External BGP is typically preferred for automatic route redistribution. Static routes might be best when extra security is desired in various environments.

NSX Edges Appliances

  • You must configure network interfaces for each NSX Edge Appliance before deploying: Mgt IP, one edge TEP for each edge note on the edge TEP VLAN and an uplink IP on separate uplink VLANs.
  • NSX Edge nodes can be removed only if certain requirements are satisfied (active cluster, more than two nodes).
  • Equal-cost multi-path routing (ECMP) load balances traffic across layer 3 connections.

BGP Protocol

  • BGP exchanges routes and peer with NSX Edge nodes.
  • Serves as interdomain routing protocol for loop-free routing among domains with independent policies.
  • The new dvPortgroups in vSphere and NSX managed logical switches are connected north-south to ECMP On-Ramp.

L2 Fabric vs L3 ToR

  • Edge nodes pair with L3 devices to which ToR connects.
  • Both BGP and OSPF are applicable in L2 design.
  • The L3 ToR design has the following characteristics: Simple design is using non-LACP uplink teaming and MLAG terminates LACP at the ToR
  • With the use of MLAG (Arista etc.) LACP is terminated at the TOR and BGP or OSPF can be used.
  • You are able to set the routing feature on Tier-0 logical router that does the peering with the Layer 3 device. Also, static routes or Multihop external BGP(eBGP).

BFD Protocol

  • BFD aids in resilience via rapid detection of link/path failures.
  • Is either set up with an internal iBGP, with BGP routers in the same AS, or categorized as external BGP (eBGP) sessions.
  • Internal BGP are more secure.
  • Equal-Cost Multi-Path (ECMP) is a technique, not routing protocol for balance with performance and reliability.

Appplication Virtual Networks (AVNs)

  • Are software defied networks that serve a special purpose in the SDDC.
  • Span clusters and traverse NSX Edge service gateways for North/South traffic.
  • Implements SDN utilizing NSX in the management domain
  • They contain a Tier-0 gateway that peers with physical networks.
  • Made up of both a Tier-1 Gateway that services NSX segments and a NSX Edge cluster.

AVN Uses

  • Mgmt-RegionA01-VXLAN is for VMware Aria Suite workloads, VMware Aria Operations for Logs and VMware Aria Automation Proxy Servers guided deployment. Does not require region portability
  • Mgmt-xRegion01-VXLAN is used for VMware Aria Suite workloads that require portability, VMware Aria Suite Lifecycle guided deployment.

AVN Configuration

  • Overlay-backed NSX segment are best, requiring a direct connection to the Tier-1 gateway. The traffic is carried between VMs and the traffic has its layer carried by a tunnel.
  • VLAN- backed NSX has Layer 2 traffic that is across the VLAN network between running VMs on different hosts.

WLD Checklist

  • After commissioning the host, the parameters should be rechecked if they match below criteria and ensure separate VLANs and subnets if required are setup.
  • Before changing the storage, reach out to support and ensure required network pool is created.

Network Pools

  • Each pool constitutes a range of IP addressed to assign specific VCF services.
  • A vSphere vMotion subnet should be configured during it. Hosts are first connected to a Standard VSwitch and then upon Domain integration to the VMware Distributed Switch (VDS).

Transport node

  • Follow a basic guideline that allows only one overlay transport zone, ensure transport nodes more than two pNICs and a single segment assigned to a single transport zone. For the best results, refer to the VMware installation documents for recommendations. All transport modes should be of same types (ESXi and NSX).
  • Ensure appropriate bandwidth depending on type of usage on the network.
  • A transport zone is also not a security boundary.
  • VMware Cloud Foundation leverages a single Overlay Transport Zone per NSX instance.

Overlay Zone

  • An overlay transport zone has TEP. The VLAN assigned enables effective traffic traversing.
  • Use cases: NSX edge nodes and host edge.

Fabric Design:

  • Has an upstream layer and all L2 VLANS is used to extend and connect across racks.
  • VLAN must have support for both Layer 3 and gateway functionality.
  • Single vendor is preffered and supported.

Per rack

  • There are different NSX profile configurations for each rack.
  • In Nsx a cluster or host is common elements that address and share network features.

Preparations

  • You must configure both A DCHP server for NSX overlay and a Static IP pool for host. After host commissioning you may assign to the inventory.
  • Also verify DNS records exist for both vCenters and NSX manager as well as unassigned hosts to the correct Storage.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

More Like This

Password Management in VCF 5.2
30 questions
VCF 5.2 Deployment of Aria Suite
31 questions
Removing Workload Domain in VCF 5.2
40 questions
Use Quizgecko on...
Browser
Browser