VMware Certified Professional 6 – Network Virtualization (VCP6-NV)–Study Guide

So this is an unoffical study guide for VCP6-NV which is the second level certification for Network Virtualization from Vmware. In order to take this certification you have two options, if you are Cisco certified then you can take an foundation exam and you are good to go. If you don’t have a cisco certification you need to attend an NSX training course. You can read more about it here –> https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64294&ui=www_cert#tab-faqs

This blogpost is also used for my own study purposes since I am aiming for this exam after new year.

You can read more about the exam objetives here –> https://mylearn.vmware.com/mgrReg/plan.cfm?plan=64297&ui=www_cert

There is also a pratice exam here –> http://mylearn.vmware.com/quiz.cfm?item=57466

Note that it is a long list of objectives but not all of them require in-depth knowledge. This is still a work in progress but all objectives will link to another URL or containing some info where to find information regarding the objetive.

There are also some other things to get you started:

Pluralsight: https://www.pluralsight.com/courses/vmware-nsx-vsphere-network-services

Offical Exam Cert Guide: http://www.amazon.com/VCP6-NV-Official-2V0-641-VMware-Certification/dp/0789754800/ref=sr_1_3?ie=UTF8&qid=1452111914&sr=8-3&keywords=vmware+nsx

Objective 1.1: Describe the Benefits of a VMware NSX Implementation
Define and differentiate challenges with physical network implementations
Explain common VMware NSX terms
Describe and differentiate NSX network and security functions and services
Explain common use cases for VMware NSX

http://www.vmware.com/files/pdf/products/nsx/VMware-NSX-Network-Virtualization-Platform-WP.pdf

Objective 1.2: Describe VMware NSX Architecture
Differentiate component functionality of NSX stack infrastructure components
Compare and contrast with advantages/disadvantages of topologies (star, ring, etc.) as well as scaling limitations
Compare and contrast VMware NSX data center deployment models
Prepare a vSphere implementation for NSX

http://www.vmware.com/files/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf

http://pubs.vmware.com/NSX-62/topic/com.vmware.nsx.admin.doc/GUID-10944155-28FF-46AA-AF56-7357E2F20AF4.html

http://pubs.vmware.com/NSX-62/index.jsp#com.vmware.nsx.install.doc/GUID-B76EBDE5-5F92-4911-92B2-221BDCEE724D.html

Objective 1.3: Differentiate VMware Network and Security Technologies
Explain the benefits of NSX architecture components
Given a scenario, determine the appropriate steps required to upgrade a vSphere implementation
Describe core vSphere networking technologies
Describe vCloud Networking and Security technologies
Describe and differentiate VMware NSX for vSphere and VMware NSX for third-party hypervisors

http://pubs.vmware.com/NSX-62/topic/com.vmware.nsx.install.doc/GUID-10944155-28FF-46AA-AF56-7357E2F20AF4.html?resultof="NSX"%20"nsx"%20"architecture"%20"architectur"%20"components"%20"compon"

https://www.vmware.com/files/pdf/products/vcns/vCloud-Networking-and-Security-Overview-Whitepaper.pdf

Objective 1.4: Contrast Physical and Virtual Network Technologies
Differentiate logical and physical topologies
Differentiate logical and physical components (i.e. switches, routers, etc.)
Differentiate logical and physical services (i.e. firewall, NAT, etc.)
Differentiate between physical and logical security constructs
Service Composer
Endpoint Security
Data Security

http://pubs.vmware.com/NSX-62/index.jsp#com.vmware.nsx.admin.doc/GUID-E496C826-6DDA-4357-8D69-4AD21F8C2EEC.html

http://pubs.vmware.com/NSX-62/index.jsp#com.vmware.nsx.admin.doc/GUID-DBA0522E-92DC-48F4-8801-49C92E001AA1.html

Objective 1.5: Explain VMware NSX Integration with Third-Party Products and Services
Explain integration with third-party partner tools and systems using NSX REST APIs
Explain integration with third-party services
Network services
Security services
Load Balancing
Anti-malware
IDS/IPS
Explain integration with third-party hardware
Network Interface Cards (NICs)
Terminating overlay networks
HW VTEP
VXLAN offload
RSS
Install/register a third-party service with NSX

http://pubs.vmware.com/NSX-62/index.jsp#com.vmware.nsx.admin.doc/GUID-1D85FF4A-6828-4D18-B5B8-B0D4080F85DA.html

https://blogs.vmware.com/cto/network-virtualization-gets-physical/

https://blogs.vmware.com/cto/geneve-vxlan-network-virtualization-encapsulations/

Objective 1.6: Explain VMware NSX Integration with vRealize Automation (vRA)
Explain integration with vRealize Automation
Explain NSX deployment capabilities built into vRealize Automation
Describe Network Profiles available in vRealize Automation
Explain NSX preparation tasks for attaching a network profile to a blueprint
Explain vRealize Automation preparation tasks for deploying a machine with on-demand network services

https://www.vmware.com/files/pdf/products/vrealize-automation/VMware-NSX-And-vRealize-Automation-Solution-Overview.pdf

https://blogs.vmware.com/networkvirtualization/2015/12/vmware-nsx-vrealize-automation.html

Objective 2.1: Define Benefits of Running VMware NSX on Physical Network Fabrics
Describe and differentiate physical network topologies
Differentiate physical network trends
Explain the purpose of a Spine node
Explain the purpose of a Leaf node
Describe and differentiate virtual network topologies
Enterprise
Service Provider Multi-Tenant
Multi-Tenant Scalable
Given a specific physical topology, determine what challenges could be addressed by a VMware NSX implementation.
Differentiate physical/virtual QoS implementation
Differentiate single/multiple vSphere Distributed Switch (vDS)/Distributed Logical Router implementations
Differentiate NSX Edge High Availability (HA)/Scale-out implementations
Differentiate Separate/Collapsed vSphere Cluster topologies
Differentiate Layer 3 and Converged cluster infrastructures

http://bit.ly/1J3ejgT

https://www.vmware.com/files/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf

Objective 2.2: Describe Physical Infrastructure Requirements for a VMware NSX Implementation
Differentiate management and edge cluster requirements
Describe and differentiate minimum/optimal physical infrastructure requirements for a VMware NSX implementation
Explain how traffic types are handled in a physical infrastructure
Determine use cases for available virtual architectures
Describe ESXi host vmnic requirements
Differentiate virtual to physical switch connection methods
Describe and differentiate VMkernel networking scenarios

https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.install.doc/GUID-311BBB9F-32CC-4633-9F91-26A39296381A.html

https://www.vmware.com/files/pdf/products/nsx/vmware-nsx-on-cisco-n7kucs-design-guide.pdf

Objective 3.1: Configure and Manage vSphere Standard Switches (vSS)
Explain vSS capabilities
Add/Configure/Remove vmnics on a vSS
Configure vmkernel ports for network services
Add/Edit/Remove port groups on a vSS
Determine use cases for a vSphere Standard Switch

https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%2FGUID-350344DE-483A-42ED-B0E2-C811EE927D59.html

https://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.networking.doc/GUID-49DC6CD8-F3BF-4D35-B9A0-CFD31681F1A0.html

Objective 3.2: Configure and Manage vSphere Distributed Switches (vDS)
Compare and contrast vDS capabilities
Create/Delete a vDS
Add/Remove ESXi hosts from a vDS
Edit general vSphere vDS settings
Add/Configure/Remove dvPortgroups
Configure dvPort settings
Add/Remove uplink adapters to dvUplinkgroups
Create/Configure/Remove virtual adapters
Migrate virtual machines to/from a vDS
Monitor dvPort state
Determine use cases for a vDS

https://pubs.vmware.com/vsphere-51/index.jsp#com.vmware.vsphere.networking.doc/GUID-B15C6A13-797E-4BCB-B9D9-5CBC5A60C3A6.html

http://www.vmware.com/files/pdf/techpaper/vsphere-distributed-switch-best-practices.pdf

Objective 3.3: Configure and Manage vSS and vDS Policies
Compare and contrast common vDS policies
Configure dvPortgroup blocking policies
Explain benefits of Multi-Instance TCP/IP stack
Configure load balancing and failover policies
Configure VLAN settings
Configure traffic shaping policies
Enable TCP Segmentation Offload (TOE) support for a virtual machine
Enable Jumbo Frame support on appropriate components
Determine appropriate VLAN configuration for a vSphere implementation
Understand how DSCP is handled in a VXLAN frame

http://blog.mwpreston.net/vcp-5/vcp-objective-2-3-configure-vss-and-vds-policies/

 

Objective 4.1: Configure Environment for Network Virtualization
Identify and understand physical infrastructure configuration for NSX Compute, Edge and Management clusters (MTU, Dynamic Routing for Edge, etc.)
Prepare a Greenfield vSphere Infrastructure for NSX Deployment
Configure Quality of Service (QoS)
Configure Link Aggregation Control Protocol (LACP)
Configure a Brownfield vSphere Infrastructure for NSX
Explain how IP address assignments work in VMware NSX
Determine minimum permissions required to perform an NSX deployment task in a vSphere implementation

Objective 4.2: Deploy VMware NSX Components
Install/Register NSX Manager
Prepare ESXi hosts
Deploy NSX Controllers
Understand assignment of Segment ID Pool and appropriate need for Multicast addresses
Install vShield Endpoint
Create an IP pool
Understand when to use IP Pools versus DHCP for NSX Controller Deployment

https://pubs.vmware.com/NSX-6/topic/com.vmware.nsx.install.doc/GUID-8FEE494F-8D3E-45B3-BFC6-4BE41F87607B.html

https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.install.doc/GUID-A5EBCAF2-2FE6-4DD0-89E7-0D1D20C8F533.html

https://pubs.vmware.com/NSX-6/topic/com.vmware.ICbase/PDF/nsx_6_install.pdf

Objective 4.3: Upgrade Existing vCNS/NSX Implementation
Based on a given upgrade scenario, identify requisite steps and components for upgrading to NSX 6.x
Upgrade vCNS 5.5 to NSX 6.x
Upgrade vCNS Virtual Wires to NSX Logical Switches
Upgrade to NSX Components
Upgrade to NSX Firewall
Upgrade to NSX Edge
Upgrade vShield Endpoint from 5.5 to 6.x
Upgrade to NSX Data Security
Upgrade NSX Manager from 6.0 to 6.x
Update vSphere Clusters after NSX upgrade
Understand the impact of availability to the aspects of NSX during an upgrade

https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.install.doc/GUID-15F31422-CD1B-4C28-9631-05AFCBE2C674.html

https://pubs.vmware.com/NSX-6/index.jsp#com.vmware.nsx.install.doc/GUID-CF30814C-C477-4C1A-9BE9-067FA14D07DB.html

Objective 4.4: Expand Transport Zone to Include New Cluster(s)
Explain the function of a Transport Zone
Understand proper addition of a Transport Zone
Understand necessity to expand or contract a Transport Zone
Edit a Transport Zone
Understand appropriate use of Control Plane mode modification of a Transport zone
Objective 5.1: Create and Administer Logical Switches
Given a scenario, demonstrate the proper way to add/remove a logical switch
Determine use case for and contrast the three Control Plane Modes
Multi-cast
Hybrid
Unicast
Determine use case for connecting a logical switch to an NSX Edge gateway
Deploy services to a logical switch
Demonstrate multiple ways of adding or removing virtual machines from a logical switch
Test logical switch connectivity

https://pubs.vmware.com/NSX-6/topic/com.vmware.ICbase/PDF/nsx_6_install.pdf

Objective 5.2: Configure VXLAN
Describe and understand areas where VXLANs should be configured
Understand physical network requirements for virtual topologies with VXLANs
Understand how to prepare a vSphere cluster for VXLAN
Determine the appropriate teaming policy for a given implementation
Understand how to configure and modify the options of a Transport Zone
Understand how prepare VXLAN Tunnel End Points (VTEPs) on vSphere clusters

Objective 5.3: Configure and Manage Layer 2 Bridging
Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
Understand how to add a Layer 2 Bridge to an NSX Edge device
Determine when Layer 2 Bridging would be required for a given NSX implementation
Determine use cases for multiple Layer 2 Bridges
Compare and contrast software and hardware bridging

Objective 5.4: Configure and Manage Logical Routers
Install NSX Edge
Understand how to connect/disconnect a logical switch from a logical router
Understand and describe the different types of router interfaces
Determine NSX components needed to build out topologies with logical routers
Understand how to add and configure a new logical router
Determine use case for and configure a management interface
Determine use case for and configure High Availability for a logical router
Configure routing protocols
    Static
    OSPF
    BGP
    IS-IS
Configure default gateway
Determine if cross-protocol route sharing is needed for a given NSX implementation
Understand how to configure administrative distances for routing
Understand configuration differences between iBGP and eBGP
Understand and configure route redistribution

Objective 6.1: Configure and Manage Logical Load Balancing
Describe and understand when to use the two topologies for load balancing
Understand how to configure load balancing
Configure and understand service monitors
Understand how to Add/Edit/Delete a server pool
Understand how to Add/Edit/Delete an application profile
Understand how to Add/Edit/Delete virtual servers
Determine appropriate NSX Edge instance size based on load balancing requirements

Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN)
Understand how to configure IPSec VPN
Configure IPSec VPN parameters
Enable logging
Understand how to configure Layer 2 VPN
Add Layer 2 VPN Client/Server
View Layer 2 VPN Statistics
Configure Network Access/Web Access SSL VPN-Plus
Edit Client Configurations
Edit General Settings
Edit Web Portal Designs
Add/Edit/Delete IP Pools
Add/Edit/Delete Private Networks
Add/Edit/Delete Installation Packages
Add/Edit/Delete Users
Add/Edit/Delete Login/Logoff script
Determine appropriate VPN service type for a given NSX implementation

Objective 6.3: Configure and Manage DHCP/DNS/NAT
Understand proper use and addition of a DHCP IP Pool
Enable a DHCP IP pool
Describe use and proper implementation of DNS services
Describe when and how to configure Source NAT
Describe when and how to configure Destination NAT
Given a scenario, compare and contrast proper DHCP uses

Objective 6.4: Configure and Manage Edge Services High Availability
Given a scenario, compare and contrast proper HA uses
Describe service availability during an Edge High Availability failover
Differentiate NSX Edge High Availability and vSphere High Availability
Configure NSX Edge High Availability
Configure heartbeat settings
Configure management IP addresses
Modify and existing Edge High Availability deployment
Determine resource pool requirements for a given Edge High Availability configuration
Configure Equal-Cost Multi-Path Routing (ECMP)
Determine ECMP timers
Understand process flows
Combine ECMP with other stateful services

Objective 7.1: Configure and Administer Logical Firewall Services
Add/Edit/Delete an Edge Firewall rule
Configure Source/Destination/Service/Action rule components
Describe the differences between Edge Rule Types (Pre Rules/Internal/User Rules/Default Rules)
Change the order of an Edge User Firewall rule
Describe/Demonstrate how to configure an Edge Firewall Pre Rule
Describe the limitations of ECMP and Edge Firewall Policy

Objective 7.2: Configure Distributed Firewall Services
Describe VM IP Address learning for the purposes of DFW vCenter attribute learning
Differentiate between Layer 2 and Layer 3 rules
Differentiate between entity-based and identity-based rules
Identify firewall rule entities
Explain rule processing order
Explain rule segregation
Demonstrate steps to Add/Delete a Distributed Firewall rule
Demonstrate configuration of Source/Destination/Service/Action rule components
Change the order of a Distributed Firewall rule
Add/Merge/Delete a Distributed Firewall rule section
Determine publishing requirements for rules in a given NSX implementation
Demonstrate Import/Export Distributed Firewall Configuration
Load Distributed Firewall configuration
Determine need for excluding virtual machines from distributed firewall protection
Describe SpoofGuard Operation and Default Policy and Actions
Describe SpoofGuard IP Address Learning
Identify requirements for a Spoofguard Policy
Demonstrate how to Create and Edit a SpoofGuard Policy
IP Local Addresses
Approve IP addresses
Edit/Clear IP addresses

Objective 7.3: – Configure and Manage Service Composer
Identify assets that can be used with a Security Group
Describe and differentiate services contained in a Security Policy
Explain common Service Composer use cases
Describe third party integration and service redirection
Differentiate Security Groups and Security Policies
Demonstrate the ability to redirect specific flows (e.g. 80) to network introspection services
Differentiate between vCenter attribute based Firewall rules (including IP Sets) vs Active Directory identity-based rule
Create/Edit a Security Group in Service Composer
Create/Edit/Delete a Security Policy in Service Composer
Map a Security Policy to a Security Group
Add/Edit/Delete a Security Tag
Assign and view a Security Tag

Objective 8.1: Configure Roles, Permissions, and Scopes
Identify default roles
Explain Single Sign-On (SSO) integration
Configure SSO
Assign a role to a vCenter Server user or group
Describe the uses for the various NSX Security Roles
Describe how roles can be applied to a subset of the vCenter infrastructure for multi Tenancy purposes
Explain how to apply NSX Roles to an AD group
Assign objects to a user
Enable/Disable a user account
Edit/Delete a user account

Objective 8.2: Describe NSX Automation
Explain common use cases that require the NSX REST API
Describe how the NSX REST API works and how it is used with a support browser
Explain how NSX REST API Calls are sent to the NSX Manager
Describe and differentiate common NSX REST API verbs
Describe how to use NSX REST API calls to learn the network topology
Objective 8.3: Monitor a VMware NSX Implementation
Compare and contrast available monitoring methods (UI, CLI, API, etc.)
Monitor infrastructure components
Control Cluster Health
Manager Health
Hypervisor Health
Perform Inbound/Outbound activity monitoring
Enable data collection for single/multiple virtual machines
Perform virtual machine activity monitoring
Monitor activity between inventory containers (security groups, AD groups)
Analyze network and security metrics in vRealize Operations
Monitor logical networks and services
Identify available statistics/counters
Network/service health
Configure and collect data from network

Objective 8.4: Perform Auditing and Compliance
Given an auditing scenario, determine where applicable log information can be located
Describe and differentiate permissions for auditing
Describe and differentiate common data security regulations supported by NSX Data Security
Describe and differentiate information available in audit logs
Use flow monitoring to audit firewall rules
Audit deleted users
Audit infrastructure changes
View NSX Manager audit logs and change data
Configure NSX Data Security
Create a Data Security policy
Install Data Security
Run a Data Security scan
View and download compliance reports
Create a regular expression
Configure Guest Introspection (Install vShield Endpoint)

Objective 8.5: Administer Logging
Given a scenario, utilize information contained in technical support bundles/logs to assist in troubleshooting
Explain usage of CLI for logging
Configure Syslog(s)
Configure logging for Dynamic Routing information
Log Distributed Firewall rule processing information
Log Edge Firewall rule processing information
Log address translation information
Log VPN traffic
Configure basic/advanced Load Balancer logging
Log DHCP assignments
Log DNS resolutions
Log security policy session information
Download NSX Edge tech support logs
Generate NSX Manager tech support logs

Objective 8.6: Backup and Recover Configurations
Explain how to backup and recover various components
Schedule backups
Export/Restore vSphere Distributed Switch configuration
Import/Export Service Composer profiles
Perform NSX Manager backup and restore operations

Objective 9.1: Identify Tools Available for Troubleshooting
Capture and trace uplink, vmknic, and physical NIC packets
Audit NSX infrastructure changes
Output packet data for use by a protocol analyzer
Capture and analyze traffic flows
Mirror network traffic for analysis
Perform a network health check
Configure vSphere Distributed Switch alarms

Objective 9.2: Troubleshoot Common NSX Installation/Configuration Issues
Troubleshoot lookup service configuration
Troubleshoot vCenter Server link
Troubleshoot licensing issues
Troubleshoot permissions issues
Troubleshoot host preparation issues
Troubleshoot IP pool issues

Objective 9.3: Troubleshoot Common NSX Component Issues
Differentiate NSX Edge logging and troubleshooting commands
Verify NSX Controller cluster status and roles
Verify NSX Controller node connectivity
Check NSX Controller API service
Validate VXLAN and Logical Router mapping tables
List Logical Router instances and statistics
Verify Logical Router interface and route mapping tables
Verify active controller connections
View Bridge instances and learned MAC addresses
Display Logical Router instances
Verify NSX Manager services status
View Logical Interfaces and routing tables
Analyze NSX Edge statistics

Objective 9.4: Troubleshoot Common Connectivity Issues
Review netcpa logs for control plane connectivity issues
Verify VXLAN, VTEP, MAC, and ARP mapping tables
List VNI configuration
View VXLAN connection tables and statistics
Perform VTEP connectivity tests

#vcp6-nv, #vmware-nsx