Securing NSXALB Using NSX
Presentation on securing NSXALB with NSX at UK VMUG The outline of the presentation is how to use the pre-populated security groups deployed by NSXALB into NSX to secure the platform.
NSX
Configuring NSX Distributed IDS/IPS
NSX IDS Configuration workflow: Enabling NSX IDSP To enable distributed IDSP for standalone hosts or clusters where traffic passes through NSX virtual network segments – VLAN-backed and overlay. Note: The configuration flow to enable NSX-distributed IDS/IPS is as follows: Security > [Policy Management] IDS/IPS & Malware Prevention > Settings > Shared Within the Define Scope for Malware Prevention & IDS/IPS Deployment, select the cluster … Read more
Create an NSX-T manager health check within AVI
Create an NSX-T manager health check within AVI: As previously mentioned in this post AVI and heath check we want the ability to run an API health check against each node of the pool (NSX manager nodes). Before we create the virtual service we need to create a health monitor for the NSX-T managers. To … Read more
Load Balance NSX-T Managers using NSX-ALB (AVI)
The NSX-T Management Cluster comprises of three NSX-T Manager nodes to provide high availability and scalability. To support a single access point for the NSX-T Manager user interface and API, you can assign a VIP address for the NSX-T Management Cluster. Once the VIP is set, any UI and API requests to NSX-T are redirected … Read more
NSX-T IDFW how-to guide: How to consume NSX-T IDFW efficiently
I’ve had the privilege of working with VMware’s BU and the Livefire teams on an IDFW design that can be consumed at scale. Hopefully, people can make use of my findings. Note: That this design can be consumed by VDI. but in this example i’m am using RDSH. Requirements: Just some critical information in the … Read more
NSX-T IDFW how-to guide: Get NSX-T IDFW to consume a specific OU
NSX-T IDFW (identity firewall) is a great feature that enables customers to create Active Directory group-based Distributed Firewall (DFW) rules within an NSX-T deployment. One of the biggest challenges specifically in larger Active Directory deployments is the total number of users and a total number of groups that NSX-T 3.1.x can consume. At the current … Read more
NSX-T 3.0 IDS, What makes it different from other IDS solutions? And how do I configure it?
What Is an Intrusion Detection System (IDS) Intrusion Detection (ID) is the process of monitoring for and identifying attempted unauthorized system access or manipulation. An ID system gathers and analyzes information from areas within the network to identify possible security breaches which include both intrusions (attack from outside the organization) and misuse (attack from within … Read more
NSX-T Installation: Deploy Additional NSX-T Manager Nodes from UI
login into the MSX manager UI https://nsxmanagerip Click System -> Overview -> Add Nodes: 2Select the Compute Manager from the drop-down menu, enable SSH (if required), enter the cli and root password, DNS, NTP and select the form factor: Note: Select the same form factor as of the first NSX-T manager deployment in https://virtual-llew.com/nsx-t-deployment-deploy-nsx-t-manager/ Specify the name, … Read more
Do my ESXi NICs support GENEVE Offloading
Step one: taking a Network Interface Card inventory on an ESXi host Step Two: Collect NIC Vendor and device ID numbers: Step Three: Decode the NIC Vendor and device ID numbers into the format VID:DID SVID:SSID Example: VID = Vendor Id = 14e4 DID = Device Id = 165f SVID = Sub-Vendor Id =1028 Max SSID = … Read more