I’m honored to be featured by VMware Learning on the VCDX spotlight! Check out the blog here.
Welcome to 288clouds
288clouds is a personal blog focused on virtualization and cloud technologies.
The views and opinions expressed on this blog are my own and do not reflect the views and opinions of my employer (VMware).
When I was starting my journey to achieve the VCDX-NV certification, I had a lot of questions. Now after going through the certification process, I thought it might be useful if I help answer some of those questions in a blogpost. Here we go! Common FAQs Should I use NSX-V or NSX-T in my design? This is entirely up to you. Of course you have to be technical and extremely knowledgeable with the product (NSX-V or NSX-T), but remember that VCDX is an exam for architects.
vRA 8 + NSX-T Blog Series Part 8: Create a vRA 8 (Cloud) Blueprint with On-demand NSX-T One-Arm Load Balancer
You can create a vRA Cloud blueprint to deploy machines and place them behind an on-demand NSX-T one-arm load balancer. This method creates a tier-1 router then configures load balancing services, adding virtual server, server pool, and application profile (monitor too if you want). This method should work in vRA 8.1, but I used vRA Cloud to create the demo. Below is a simplified diagram of a NSX-T one-arm load balancer.
vRA 8 + NSX-T Blog Series Part 7: Create a vRA 8 (Cloud) Blueprint with Existing NSX-T One-Arm Load Balancer
You can create a vRA Cloud blueprint to deploy machines and place them behind an existing NSX-T one-arm load balancer. This method does not create any on-demand tier-1 routers. It uses the existing load balancer and simply adds virtual server, server pool, and application profile (monitor too if you want). This method should work in vRA 8.1 as well, but I used vRA Cloud to create the demo. Below is a simplified diagram of a NSX-T one-arm load balancer.
Carbon Black Cloud (CBC) can detect if an application on the company blacklist is running then send an alert and deny/terminate the process. Let’s setup a demo using Logkeys, a linux application that stores keystrokes with or without the knowledge of user, to see how CBC reacts. Prerequisites Carbon Black Cloud access (Note: the environment I’m using is Carbon Black Cloud Enterprise) A linux machine (Note: I’m using CentOS 7) - should have administrator/root access CBC sensor installed and active on the linux machine Process Overview Install logkeys on the linux machine.
Let’s manually install a Carbon Black Cloud (CBC) sensor on a CentOS 7 machine! Prerequisites Carbon Black Cloud access (Note: the environment I’m using is Carbon Black Cloud Enterprise) CentOS 7 machine (can be Ubuntu as well) Process Overview Download the Carbon Black Cloud sensor kit on the linux machine. Install the sensor via terminal. Verify that the endpoint shows up in Carbon Black Cloud. Demo / Example Download Carbon Black Cloud Sensor Kit Log into Carbon Black Cloud from the linux machine where you want to install the sensor.
Remote VCDX defense option has normally been reserved for candidates attempting to achieve their second, third, or even fourth VCDX. But in the midst of the COVID-19 pandemic, having a remote VCDX defense seems to be a possibility for candidates trying to receive their first VCDX in some cases. I got my VCDX in January 2020 through a remote defense, and I thought it may be valuable to share what I’ve used during my defense for candidates who may have remote defenses in the future.
I recently had a customer who asked for some general feedback on their high-level plan to migrate from NSX-V to NSX-T using layer 2 bridges. Although every environment is different and the details of migration procedures should be tailored to each environment, I thought I’d share the general guidance I gave to this customer in case there are some points here that may be transferrable to other similar NSX-V to NSX-T migration plans.
You can create a vRA 8 blueprint to deploy machines and place them in an on-demand NSX-T security group. Demo Product Versions vSphere 6.5 U3 vRA 8.0.1 (including vRSLCM and vIDM) NSX-T 2.5.1 vSAN 6.6.1 Prerequisites vRA 8: NSX-T account connected Basic infrastructure configured (Projects, Cloud Zones, Flavor Mappings, Image Mappings) NSX-T: logical network(s) configured Process Overview Create or edit a network profile. Select “Create an on-demand security group” in the network profile.
You can create a vRA 8 blueprint to deploy machines and place them in existing NSX-T security group(s) by putting tags on the machine segment port(s). Update: July 26, 2021 Starting with vRA 8.2, using segment port tags to place machines in NSX-T security groups longer works. Thanks to my colleague, Mukesh Idnani, for this finding! Demo Product Versions vSphere 6.5 U3 vRA 8.0.1 (including vRSLCM and vIDM) NSX-T 2.