VMware NSX: Install, Configure, Manage plus Troubleshooting and Operations [V6.4]

Course code: NSXICMTSFT64


Duration: 40 Hours

This intensive five-day, extended-hours course focuses on configuring and troubleshooting a VMware NSX® deployment. This course presents NSX as a part of the software-defined data center. You will learn how to use logical switching in NSX to virtualize your switching environment and how to use gateway services, firewall configurations, and security services to help secure and optimize your NSX environment. In addition, you will be presented with various types of technical problems that you will learn how to identify and solve through a systematic process. You will also be introduced to several operational, management, and troubleshooting tools.

A software-defined data center environment with hands-on labs is provided to reinforce the skills and concepts presented in the course.


By the end of the course, you should be able to meet the following objectives:
•  Describe the evolution of the software-defined data center
•  Configure and deploy NSX components for management and control
•  Describe basic NSX layer 2 networking
•  Configure, deploy, and use logical switch networks
•  Configure and deploy NSX distributed router appliances to establish east-west connectivity
•  Configure and use all main features of the VMware NSX® Edge™ services gateway
•  Configure NSX Edge firewall rules to restrict network traffic
•  Configure NSX distributed firewall rules to restrict network traffic
•  Configure Service Composer policies
•  Configure an identity-aware firewall
•  Describe NSX data security
•  Use the cross-vCenter NSX feature
•  Establish and apply a structured approach and methodology for troubleshooting
•  Identify, analyze, and troubleshoot problems related to NSX logical switching, logical routing, and NSX  Edge services
•  Identify, analyze, and troubleshoot network security problems related to the NSX distributed firewall and  the NSX Edge firewall

Target Audience

Experienced system or network administrators


• Introductions and course logistics
• Course objectives
• Identify additional resources

• Describe vSphere networking components
• Describe vSphere standard switches
• Describe vSphere distributed switches

• Describe the benefits of NSX
• Identify NSX key use cases

• Describe the NSX architecture
• Describe the cloud management, management, control, and data planes of NSX
• Identify the component interactions
• Describe the NSX Controller cluster and its functions
• Explain the NSX Controller workload distribution

• Explain the steps required for an NSX installation
• Describe what is involved in planning an NSX deployment
• Describe the NSX Controller cluster and deployment
• Describe NSX Controller cluster high availability and load distribution
• Explain how to deploy and configure the NSX Controller cluster
• Explain the workflow involved in host preparation

• Explain transport zones, VXLANs, and VXLAN tunnel endpoints (VTEPs)
• Describe the procedure of preparing the infrastructure for virtual networking
• Describe the configuration of vSphere distributed switches for VXLAN
• Identify the components involved in NSX logical switching
• Define VLANs for VXLAN

• Explain the east-west and north-south routing concepts
• Define the NSX distributed logical router
• Explain the logical router, interfaces, and interface addresses
• Describe the management plane and control plane interaction
• Describe logical router deployment models and two-tier routing for east-west traffic
• Explain the common topologies of an NSX Edge services gateway

• Describe how routers connect remote networks
• Explain route redistribution methods
• Describe less-than-or-equal (LE) and greater-than-or-equal (GE) configurations
• Describe routing event notification enhancements
• Configure equal-cost multipath (ECMP) routing
• Describe high availability for NSX Edge service gateways

• Explain L2 bridging use cases
• Describe software and hardware L2 bridging between VXLAN and VLANs
• Discuss L2 bridging packet flows

• Describe the NSX Edge services
• Explain how network address translation (NAT) works
• Describe source NAT and destination NAT
• Explain NAT64
• Explain the function of load balancing
• Explain the one-armed and inline load-balancing architectures
• Explain the DHCP and DNS services of NSX Edge

• Describe the NSX Edge VPN services
• Describe the VPN use cases
• Configure an L2 VPN on an NSX Edge device
• Configure an NSX Edge device for IPsec VPN services
• Explain NSX Edge SSL VPN-Plus services
• Configure NSX Edge SSL VPN-Plus server settings

• Describe the policy enforcement of the distributed firewall
• Describe virtualization context-awareness
• Explain custom network and security containers
• Describe the architecture of an NSX Edge firewall
• Explain DHCP snooping
• Explain ARP snooping

• Describe NSX SpoofGuard
• Identify how tags enable dynamic security service chains
• Explain Service Composer groups, policies, tags
• Describe the Identity Firewall architecture
• Explain Application Rule Manager
• Explain how to create a monitoring session

• Describe the types of introspection services
• Describe the installation and configuration of Guest Introspection and Network Introspection
• Summarize Guest Introspection and Network Introspection alarms, events, and audit messages

• Describe cross-vCenter NSX features and use cases
• Identify NSX Manager roles and NSX Controller cluster placement
• Deploy universal logical networks
• Explain the design considerations for cross-vCenter NSX

• Develop a structured troubleshooting approach
• Differentiate between symptoms and root causes
• Identify and isolate problems residing in various areas
• Apply an appropriate methodology and procedure to troubleshooting

• Discuss NSX operational requirements
• Use the native NSX tools (such as the central CLI, the NSX dashboard, and Application Rule Manager) to
solve various types of problems
• Use vRealize Network Insight to identify and analyze problems
• Use vRealize Log Insight Content Pack for NSX in troubleshooting and operations

• Explain the NSX infrastructure and component communications
• Troubleshoot NSX Manager and the management plane
• Troubleshoot NSX Controller and the control plane
• Troubleshoot problems in host preparation

• Explain VXLAN and logical switching components
• Verify the VXLAN and logical switch configuration and status
• Identify and troubleshoot common L2 configuration errors
• Use the GUI, the CLI, packet capture, traceflow, and other tools to troubleshoot logical switching problems

• Describe the NSX logical routing architecture
• Explain routing components, functions, and communications
• Verify logical router configuration settings
• Use packet capture on routers and perform packet walk
• Use the GUI, the CLI, traceflow, and other tools to troubleshoot various logical routing problems

• Verify edge services (such as DHCP and DNS) configuration settings and operational status
• Troubleshoot various types of VPN services (SSL VPN-Plus, L2 VPN, and IPsec VPN)
• Verify the configuration and status of logical load balancers
• Troubleshoot common load-balancing and high availability scenarios

• Discuss the NSX distributed firewall architecture, components, communication channels, and features
• Use the CLI and other tools to troubleshoot the configuration and operations of the NSX distributed firewall
and the NSX Edge firewall
• Explain and troubleshoot the Service Composer components and architecture
• Troubleshoot common problems related to Identity Firewall
• Verify Guest Introspection deployment configuration and functions, and troubleshoot common problems


This course requires that you have completed the VMware Data Center Virtualization Fundamentals course, the Introduction to Network Virtualization with NSX, or that you have the following skills and knowledge:

• Understanding of enterprise switching and routing
• Knowledge of TCP/IP services
• Experience with firewalls and firewall rule setsa

Have questions or need more information?

Please complete the form and let us know what you’re looking for.

* denotes required field

By entering your email address, you agree to receive information by email from Sanisoft Training including newsletters and information about offers and specials. You may unsubscribe at any time.

Alternatively, you may contact us through quicker ways.