Welcome back! We’re looking at how to gain visibility at different points in the NSX-T data path. You may remember from part one that virtual machine “app01” (172.16.2.50) is trying to ping another virtual machine called “web01” (172.16.1.53), but it’s receiving “request timeout”. We’re trying to find out where in the data path we’re having…
Having good insight into the different components of a network communication path is key when managing networks. This goes for physical networks and for software defined networks. Today I’m having a closer look at the NSX-T data path and more specifically how to capture network traffic at different reference points in the NSX-T data path.…
Anybody working with NSX micro-segmentation knows the importance of monitoring application traffic and the associated distributed firewall rules. Today I just want to share a simple and quick way to increase visibility in the NSX distributed firewall logs. For this short article I’m using NSX-T 2.4.1 and vRealize Log Insight 4.8. vRealize Log Insight has…
Wether you like it or not, the API plays a significant role when installing, configuring, and managing an NSX-T environment. Sooner or later you will be facing tasks that either require you to use the API or simply are much faster to complete using the API. Luckily, with the right tools and some preparation, getting…
NSX tags on virtual machines often play a fundamental role in a NSX micro-segmentation security framework. Tags are used as the criteria for security group membership which in turn are used as source or destination in distributed firewall policy rules. Tagging virtual machines in NSX-T can be done in a number of ways. We essentially…
Read more Add NSX-T Tags To Virtual Machines with PowerShell
One of the first things to configure after deploying the NSX Manager nodes is backup. No NSX-T implementation should ever get configured let alone go live without a working backup (and restore) in place. Let’s have a look at how to set this up. Backup target NSX-T uses SFTP (TCP port 22) to transfer backup…
For Role Based Access Control (RBAC) in NSX-T we need to configure integration with VMware Identity Manager. There’s an excellent VMware blog post that explains in detail how to set up vIDM and how to configure the integration in NSX Manager. The problem When setting this up myself I ran into a small problem that…
Back in February VMware announced version 2.4 of NSX-T calling it a “landmark release in the history of NSX”. The new and enhanced features introduced in version 2.4 are indeed impressive: Converged NSX Manager appliance – bringing together management, policy, and central control services in one appliance with 3-node clustering support. Thus we now have…
Welcome to the final part of this series. We’ve come a long way. After configuring North-South dynamic routing between the Tier-0 logical router and the “physical” (pfSense) router in part 5, it’s now time to add a Tier-1 logical router and some logical switches. Tier-1 logical router The purpose of Tier-1 routers is to facilitate…
Hi there again! I’ve made some good progress with my NSX-T lab deployment, but there’s still a lot to do! The plan Back in part three I made a high-level plan for the NSX data plane deployment. Let’s have a look: Prepare the vSphere distributed switch – part three Configure transport zones – part three…
