Podcast
Questions and Answers
How does applying a segment profile to a segment affect the ports within that segment?
How does applying a segment profile to a segment affect the ports within that segment?
- The profile is not applied to any of the segment's ports unless explicitly specified.
- The profile is applied to only the first port of the segment.
- The profile is applied to all ports of the segment, and cannot be overwritten at the port level.
- The profile is applied to all ports of the segment, but can be explicitly overwritten at the port level. (correct)
Which of the following is NOT a supported segment profile in NSX?
Which of the following is NOT a supported segment profile in NSX?
- Firewall Hardening (correct)
- Port Mirroring
- IP Discovery
- QoS (Quality of Service)
In VMware Cloud Foundation, when is the NSX Manager three-node cluster deployed?
In VMware Cloud Foundation, when is the NSX Manager three-node cluster deployed?
- During the initial deployment of vCenter.
- As a manual step after the VI workload domain is created.
- When the first virtual machine is created in the VI workload domain.
- When the first VI workload domain that is supported by NSX is created. (correct)
What role do NSX Edge nodes typically play in a multi-tenant cloud environment regarding tenant boundaries?
What role do NSX Edge nodes typically play in a multi-tenant cloud environment regarding tenant boundaries?
After NSX Manager adds a VI workload domain vCenter instance as a compute manager, what network infrastructure components are created?
After NSX Manager adds a VI workload domain vCenter instance as a compute manager, what network infrastructure components are created?
Which of the following is NOT a type of object to which VM storage policies can be applied, according to the content?
Which of the following is NOT a type of object to which VM storage policies can be applied, according to the content?
In a four-node vSAN cluster, what is a primary consideration when choosing between RAID 1 (Mirroring) and RAID 5 (Erasure Coding) for an object?
In a four-node vSAN cluster, what is a primary consideration when choosing between RAID 1 (Mirroring) and RAID 5 (Erasure Coding) for an object?
What is the default Reactive Rebalance threshold in vSAN?
What is the default Reactive Rebalance threshold in vSAN?
In the context of a four-node vSAN cluster running both NSX Manager (RAID 5) and SDDC Manager (RAID 1), what is a likely outcome if a second host failure occurs during an extended maintenance period on the first host?
In the context of a four-node vSAN cluster running both NSX Manager (RAID 5) and SDDC Manager (RAID 1), what is a likely outcome if a second host failure occurs during an extended maintenance period on the first host?
Why might adding a fifth host to a four-node vSAN cluster be recommended when using RAID 5?
Why might adding a fifth host to a four-node vSAN cluster be recommended when using RAID 5?
Why is it important to consider FTT (Failures To Tolerate) = 2 for production workloads when planning vSphere host maintenance?
Why is it important to consider FTT (Failures To Tolerate) = 2 for production workloads when planning vSphere host maintenance?
How does deduplication differ from compression in the context of vSAN?
How does deduplication differ from compression in the context of vSAN?
What considerations should be taken into account when planning for vSphere host maintenance mode in a vSAN environment?
What considerations should be taken into account when planning for vSphere host maintenance mode in a vSAN environment?
What best describes NVMe in the context of vSAN?
What best describes NVMe in the context of vSAN?
Which infrastructure services are critical for VMware Cloud Foundation to function correctly?
Which infrastructure services are critical for VMware Cloud Foundation to function correctly?
Which of the following statements regarding component rebuilds in vSAN is most accurate?
Which of the following statements regarding component rebuilds in vSAN is most accurate?
Why is NTP critical for VMware Cloud Foundation?
Why is NTP critical for VMware Cloud Foundation?
What is the primary reason for recommending at least two domain controllers in a VMware Cloud Foundation environment?
What is the primary reason for recommending at least two domain controllers in a VMware Cloud Foundation environment?
Which of the following maintenance mode options offers the LEAST amount of data accessibility?
Which of the following maintenance mode options offers the LEAST amount of data accessibility?
In the context of vSAN, what does enabling 'vSAN Reserved Capacity' primarily help with?
In the context of vSAN, what does enabling 'vSAN Reserved Capacity' primarily help with?
Why is highly available DNS critical for VMware Cloud Foundation?
Why is highly available DNS critical for VMware Cloud Foundation?
Which of the following tasks can be automated using vSphere Lifecycle Manager?
Which of the following tasks can be automated using vSphere Lifecycle Manager?
What is the smallest unit used by vSphere Lifecycle Manager to install VMware and third-party software on ESXi hosts?
What is the smallest unit used by vSphere Lifecycle Manager to install VMware and third-party software on ESXi hosts?
Who creates and releases ESXi base images?
Who creates and releases ESXi base images?
Which element is mandatory when creating a vSphere Lifecycle Manager image?
Which element is mandatory when creating a vSphere Lifecycle Manager image?
What is the primary purpose of vendor add-ons in vSphere Lifecycle Manager?
What is the primary purpose of vendor add-ons in vSphere Lifecycle Manager?
Before adding a firmware or driver add-on to your image, what prerequisite must be met?
Before adding a firmware or driver add-on to your image, what prerequisite must be met?
Which of the following BEST describes what a component provides upon installation in vSphere Lifecycle Manager?
Which of the following BEST describes what a component provides upon installation in vSphere Lifecycle Manager?
What is the role of the NSX upgrade coordinator in VMware Cloud Foundation LCM?
What is the role of the NSX upgrade coordinator in VMware Cloud Foundation LCM?
What is the primary purpose of configuring route maps on the backup availability zone's BGP neighbor paths?
What is the primary purpose of configuring route maps on the backup availability zone's BGP neighbor paths?
In the context of network routing, what do IP Prefix Lists primarily define?
In the context of network routing, what do IP Prefix Lists primarily define?
What role do Route Maps play in influencing network traffic flow?
What role do Route Maps play in influencing network traffic flow?
What is the significance of setting up BGP Neighbors in the context of ensuring network resilience?
What is the significance of setting up BGP Neighbors in the context of ensuring network resilience?
How do route maps use IP prefix lists to determine the best routes?
How do route maps use IP prefix lists to determine the best routes?
In a scenario where the primary router fails, what mechanism allows network traffic to switch smoothly to the backup route?
In a scenario where the primary router fails, what mechanism allows network traffic to switch smoothly to the backup route?
What is the relationship between IP Prefix Lists and Route Maps?
What is the relationship between IP Prefix Lists and Route Maps?
Why is it important to configure route maps to make the backup availability zone's BGP neighbor paths less preferred under normal conditions?
Why is it important to configure route maps to make the backup availability zone's BGP neighbor paths less preferred under normal conditions?
What is a key consideration when determining the number of clusters that will utilize a network pool?
What is a key consideration when determining the number of clusters that will utilize a network pool?
Which of the following actions is permitted when adjusting an existing network pool?
Which of the following actions is permitted when adjusting an existing network pool?
Why is it important to carefully plan network pools and reserve only the necessary IP address ranges?
Why is it important to carefully plan network pools and reserve only the necessary IP address ranges?
What is the primary function of an overlay transport zone?
What is the primary function of an overlay transport zone?
What is the typical use case for VLAN transport zones in NSX deployments?
What is the typical use case for VLAN transport zones in NSX deployments?
Which statement accurately describes the relationship between transport nodes, transport zones, and NSX virtual switches?
Which statement accurately describes the relationship between transport nodes, transport zones, and NSX virtual switches?
What restriction applies to the attachment of NSX virtual switches to overlay transport zones?
What restriction applies to the attachment of NSX virtual switches to overlay transport zones?
In a Layer 2 transport switch fabric design, what role do top-of-rack (ToR) switches and upstream Layer 3 devices play?
In a Layer 2 transport switch fabric design, what role do top-of-rack (ToR) switches and upstream Layer 3 devices play?
Flashcards
Segment Ports
Segment Ports
Entities (routers, VMs, containers) connect to a segment.
Segment Profiles
Segment Profiles
Layer 2 networking config for logical switches/ports; applied at port or segment level.
NSX Edge Nodes
NSX Edge Nodes
Appliances hosting distributed routing/services with HA using active-active or active-standby models.
NSX Edge Use Cases
NSX Edge Use Cases
Signup and view all the flashcards
NSX Transport Zones
NSX Transport Zones
Signup and view all the flashcards
Network Pool
Network Pool
Signup and view all the flashcards
Transport Zone
Transport Zone
Signup and view all the flashcards
Overlay Transport Zone
Overlay Transport Zone
Signup and view all the flashcards
VLAN Transport Zone
VLAN Transport Zone
Signup and view all the flashcards
Transport Node Virtual Switches
Transport Node Virtual Switches
Signup and view all the flashcards
Transport Zone per vSwitch
Transport Zone per vSwitch
Signup and view all the flashcards
Transport Zone Function
Transport Zone Function
Signup and view all the flashcards
VCF Overlay Transport Zone
VCF Overlay Transport Zone
Signup and view all the flashcards
Network Infrastructure Check
Network Infrastructure Check
Signup and view all the flashcards
Network I/O Control
Network I/O Control
Signup and view all the flashcards
VCF Default Configurations
VCF Default Configurations
Signup and view all the flashcards
vSAN CPU/Memory Overhead
vSAN CPU/Memory Overhead
Signup and view all the flashcards
vSAN Failure Domains
vSAN Failure Domains
Signup and view all the flashcards
Reactive Rebalance Threshold
Reactive Rebalance Threshold
Signup and view all the flashcards
Essential Infrastructure Services
Essential Infrastructure Services
Signup and view all the flashcards
NTP Importance
NTP Importance
Signup and view all the flashcards
SPBM (Storage Policy-Based Management)
SPBM (Storage Policy-Based Management)
Signup and view all the flashcards
Objects Affected by VM Storage Policies
Objects Affected by VM Storage Policies
Signup and view all the flashcards
RAID 5 Component Distribution in Four-Node Clusters
RAID 5 Component Distribution in Four-Node Clusters
Signup and view all the flashcards
RAID 1 (Mirroring) Advantage in Four-Node Clusters
RAID 1 (Mirroring) Advantage in Four-Node Clusters
Signup and view all the flashcards
RAID 5 Space Requirement During Conversion
RAID 5 Space Requirement During Conversion
Signup and view all the flashcards
Benefit of a Fifth Host in a Four-Node Cluster
Benefit of a Fifth Host in a Four-Node Cluster
Signup and view all the flashcards
Impact of Host Failure on NSX Manager (RAID 5) and SDDC Manager (RAID 1)
Impact of Host Failure on NSX Manager (RAID 5) and SDDC Manager (RAID 1)
Signup and view all the flashcards
NVMe (Non-Volatile Memory Express)
NVMe (Non-Volatile Memory Express)
Signup and view all the flashcards
IP Prefix Lists
IP Prefix Lists
Signup and view all the flashcards
Route Maps
Route Maps
Signup and view all the flashcards
BGP Neighbors
BGP Neighbors
Signup and view all the flashcards
Traffic Preference Control
Traffic Preference Control
Signup and view all the flashcards
The Goal
The Goal
Signup and view all the flashcards
Primary Router Failover
Primary Router Failover
Signup and view all the flashcards
Route Maps in AZ2
Route Maps in AZ2
Signup and view all the flashcards
IP Address Ranges
IP Address Ranges
Signup and view all the flashcards
vSphere Lifecycle Manager
vSphere Lifecycle Manager
Signup and view all the flashcards
ESXi Base Image
ESXi Base Image
Signup and view all the flashcards
Component (in vSphere)
Component (in vSphere)
Signup and view all the flashcards
Vendor Add-ons
Vendor Add-ons
Signup and view all the flashcards
Firmware and Driver Add-ons
Firmware and Driver Add-ons
Signup and view all the flashcards
Component Function
Component Function
Signup and view all the flashcards
Firmware/Driver Add-on Requirement
Firmware/Driver Add-on Requirement
Signup and view all the flashcards
NSX Upgrade Coordinator
NSX Upgrade Coordinator
Signup and view all the flashcards
Study Notes
- SDDC Manager is essential for configuration changes, software updates, adding/removing hosts from workload domain clusters and ensuring accurate inventory within VMware Cloud Foundation (VCF).
Key SDDC Manager Services
- UI: HTML5-based interface consistent with VMware UIs
- Lifecycle Manager: Monitors/updates software, ensures product compatibility, automates upgrades, updates inventory
- Domain Manager: Orchestrates workload domain creation, deletion, and scaling
- SoS Utility: Performs health checks and collects logs via command line or API
- Network Pools: Provides IP address pools for deployed resources like ESXi hosts
- Inventory: Maintains a database of managed entities
User Management
- Roles include admin, operator, and view-only.
- Actions within SDDC Manager involve changing passwords, deploying NSX Edge, adding/removing hosts, and creating vSphere clusters.
- Actions outside SDDC Manager involve changing Active Directory permissions, adding resource pools/port groups, and applying vSphere license keys.
- vSphere admin actions can have serious ramifications on VCF, requiring a deep understanding to avoid issues like inaccessible clusters. Contact Broadcom support before attempting to fix such issues.
Password Management
- SDDC Manager uses the "admin" account for internal API calls, so the password should be changed periodically.
- Password resets for local accounts in SDDC Manager differ from changing the API "admin" account password.
Changing "root" and "vcf" Passwords
- Access SDDC Manager via SSH as the "vcf" user.
- Use the
su
command to switch to the “root” account. - Then, use the
passwd
command.
Changing API "admin" Password
- Access SDDC Manager via SSH as the "vcf" user, switch to “root”, and run:
/opt/vmware/vcf/commonsvcs/scripts/auth/set-basicauth-password.sh admin <password>
- Ensure proper escaping of special characters is applied.
NSX Overview
- Segments, or logical switches, provide switching functionality in NSX, similar to VLANs, with VNIs scaling beyond VLAN limits.
- Segments contain segment ports where entities like VMs connect.
- Segment profiles configure logical switches and ports, with NSX Manager providing default profiles.
- Profiles applied at the segment level apply to all ports unless overwritten at the port level and multiple profiles are supported, including QoS and port mirroring.
- NSX Edge nodes are appliances providing distributed routing and other services.
- NSX Edge offers high availability through active-active and active-standby models.
- VMware Cloud Foundation automates NSX Edge deployment in DMZs and multi-tenant environments.
NSX with VI Workload Domain Creation
- A three-node NSX Manager cluster deploys in the management domain when the first VI workload domain supported by NSX is created.
- The cluster can be shared or dedicated to single/multiple VI workload domains.
- NSX Manager adds VI workload domain vCenter instances as a compute manager, and creates VLAN and overlay transport zones for host transport nodes.
- NSX Manager creates and applies an uplink profile to transport nodes.
Uplink Profiles
- An uplink profile defines how Edges and transport nodes connect to VLAN/Overlay networks and specifies the NICs used
- Workload domain traffic separation allows separation of VMkernel traffic types.
- Separation can include management, storage, vSphere vMotion, and overlay traffic.
Multi-NIC Host Use Cases
- Use-cases involve adhering to legacy practices and traffic segregation for security/bandwidth limitations.
- VCF replaces the practice of multi-NIC by using consolidated VDS (NSX) with VLANs and GENEVE/ TEPs.
- Physical segregation environments can map management/storage/VM traffic to a logical switch connected to dedicated physical NICs.
Importing vSphere Infrastructure
- Two scenarios exist for importing vSphere infrastructure, depending on SDDC Manager deployment status.
- Scenario 1 involves deploying SDDC Manager into a vSphere cluster and using an import script to convert it into a management domain.
- Scenario 2 involves using an import script to import vSphere clusters as VI workload domains into an existing SDDC Manager deployment.
NSX Edge Networking
- VMware Cloud Foundation automates NSX Edge cluster deployment/configuration:
- Deployment of NSX Edge VMs with initial Tier-0 and Tier-1 gateways.
- Configuration of NSX Edge uplink profiles and segments.
- Enabling BGP when used.
- Scaling of existing NSX Edge clusters.
- NSX Edge clusters are associated with workload domains, sharing North-South routing and networking throughout the entire Workload Domain and other workload Domains that use the same NSX Manager cluster.
Edge Cluster Prerequisites
- Separate VLANs and subnets must be available.
- Host TEP VLAN and Edge TEP VLAN need routing.
- Reserve an ASN.
- Set two BGP peers on TORs or infra ESG.
- Populate DNS entries for NSX Edge.
- Have L2 Uniform vSphere clusters to host Edge clusters, with identical networking.
- Use identical PNIC speed and same NSX enabled VDS uplinks for the hosting vSphere cluster.
Edge Cluster Profile Options
- Select the default configuration unless BFD is required for BGP peering..
- BGP peering is used to enhance network reliability.
- BGP is required for dynamic route advertisement that requires a physical switch configuration.
Routing Options
- Select between BGP, which distributes routes automatically, or Static, where routes are configured manually.
- External BGP is typically preferred for automatic route redistribution. Static routes might be best when extra security is desired in various environments.
NSX Edges Appliances
- You must configure network interfaces for each NSX Edge Appliance before deploying: Mgt IP, one edge TEP for each edge note on the edge TEP VLAN and an uplink IP on separate uplink VLANs.
- NSX Edge nodes can be removed only if certain requirements are satisfied (active cluster, more than two nodes).
- Equal-cost multi-path routing (ECMP) load balances traffic across layer 3 connections.
BGP Protocol
- BGP exchanges routes and peer with NSX Edge nodes.
- Serves as interdomain routing protocol for loop-free routing among domains with independent policies.
- The new dvPortgroups in vSphere and NSX managed logical switches are connected north-south to ECMP On-Ramp.
L2 Fabric vs L3 ToR
- Edge nodes pair with L3 devices to which ToR connects.
- Both BGP and OSPF are applicable in L2 design.
- The L3 ToR design has the following characteristics: Simple design is using non-LACP uplink teaming and MLAG terminates LACP at the ToR
- With the use of MLAG (Arista etc.) LACP is terminated at the TOR and BGP or OSPF can be used.
- You are able to set the routing feature on Tier-0 logical router that does the peering with the Layer 3 device. Also, static routes or Multihop external BGP(eBGP).
BFD Protocol
- BFD aids in resilience via rapid detection of link/path failures.
- Is either set up with an internal iBGP, with BGP routers in the same AS, or categorized as external BGP (eBGP) sessions.
- Internal BGP are more secure.
- Equal-Cost Multi-Path (ECMP) is a technique, not routing protocol for balance with performance and reliability.
Appplication Virtual Networks (AVNs)
- Are software defied networks that serve a special purpose in the SDDC.
- Span clusters and traverse NSX Edge service gateways for North/South traffic.
- Implements SDN utilizing NSX in the management domain
- They contain a Tier-0 gateway that peers with physical networks.
- Made up of both a Tier-1 Gateway that services NSX segments and a NSX Edge cluster.
AVN Uses
- Mgmt-RegionA01-VXLAN is for VMware Aria Suite workloads, VMware Aria Operations for Logs and VMware Aria Automation Proxy Servers guided deployment. Does not require region portability
- Mgmt-xRegion01-VXLAN is used for VMware Aria Suite workloads that require portability, VMware Aria Suite Lifecycle guided deployment.
AVN Configuration
- Overlay-backed NSX segment are best, requiring a direct connection to the Tier-1 gateway. The traffic is carried between VMs and the traffic has its layer carried by a tunnel.
- VLAN- backed NSX has Layer 2 traffic that is across the VLAN network between running VMs on different hosts.
WLD Checklist
- After commissioning the host, the parameters should be rechecked if they match below criteria and ensure separate VLANs and subnets if required are setup.
- Before changing the storage, reach out to support and ensure required network pool is created.
Network Pools
- Each pool constitutes a range of IP addressed to assign specific VCF services.
- A vSphere vMotion subnet should be configured during it. Hosts are first connected to a Standard VSwitch and then upon Domain integration to the VMware Distributed Switch (VDS).
Transport node
- Follow a basic guideline that allows only one overlay transport zone, ensure transport nodes more than two pNICs and a single segment assigned to a single transport zone. For the best results, refer to the VMware installation documents for recommendations. All transport modes should be of same types (ESXi and NSX).
- Ensure appropriate bandwidth depending on type of usage on the network.
- A transport zone is also not a security boundary.
- VMware Cloud Foundation leverages a single Overlay Transport Zone per NSX instance.
Overlay Zone
- An overlay transport zone has TEP. The VLAN assigned enables effective traffic traversing.
- Use cases: NSX edge nodes and host edge.
Fabric Design:
- Has an upstream layer and all L2 VLANS is used to extend and connect across racks.
- VLAN must have support for both Layer 3 and gateway functionality.
- Single vendor is preffered and supported.
Per rack
- There are different NSX profile configurations for each rack.
- In Nsx a cluster or host is common elements that address and share network features.
Preparations
- You must configure both A DCHP server for NSX overlay and a Static IP pool for host. After host commissioning you may assign to the inventory.
- Also verify DNS records exist for both vCenters and NSX manager as well as unassigned hosts to the correct Storage.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.