Today I took a shot at the VCP6-NV exam. Leading up to the exam I was feeling good. Through my head, I could run through packet flows, the security types. I knew how to put the pieces together and make NSX work. Even could recall those trivia details that after an exam we always just end up googling when building a design. Let';s start on the positive, what went right. A large part of my NSX based questions revolved around behaviour and steps.
The Logical Router (Distributed Logical Router) is installed on ESXi hosts as a VIB by the NSX manager during host preparation. The installation does not require any interruption to ESXi hosts. Removal of the VIB does require a host restart though. The DLR runs in kernel space and sits on the data plane. A Logical Router is defined as an instance. Each DLR created is an instance and participating hosts receive a copy of the instance.
Whenever evaluating a product / technology, the question of “What problem does this solve?” should always be asked. Many times. This is how we understand the value and justify the expense, which can be very substantial. With that in mind, lets jump into some NSX Use Cases. Security NSX has a lot of features and capabilities, but security is probably the biggest draw card, especially micro-segmentation. In a traditional network, it’s very difficult and cumbersome to segregate workloads on the same L2 domain.
Switching: NSX switching resides on the data plane and utilises VMware vDS. Logical Switches are port groups on a vDS that are used for VXLAN traffic. Distributed port groups can also be used, but only for VLAN traffic. Routing: Distributed routing, enabling routing to take place in kernel, without the need for traffic to enter the physical network. Dynamic routing is supported with OSPF, BGP and ISIS. Active / Active routing failover with physical routing.
Let’s crack open a can of acronym soup, because NSX is full of them. Seriously, typing about NSX makes my pinky fingers real shift workers. Software Defined Networking (SDN): Software-defined anything refers to decoupling the management from physical architecture. SDN is moving the management and configuration of the Datacentre Network away from the physical devices (underlay) to a central platform (overlay). Network Edge: In NSX the Edge (or NSX Edge) is the point where traffic leaves NSX network to traverse another (Typically physical) network.
Data Storage Networking, is a great book to cover the fundamentals of storage protocols, including their pros and cons. This book would be suited for people just learning storage concepts or needing to brush up on skills. I could also see a physical copy of this book being used for new staff building experience. For the CompTIA cert component, I can';t comment as it';s not a cert I';m looking at attaining.
Theory of Design is a new series for the vBrownBag APAC podcast. Intended to take a vendor agnostic look at design practices and principals. The series will provide the tools needed to assess, build and communicate solutions regardless of the vendor or product classification. The series will cover a number of topics (listed in more detail below), covering areas such as; capacity planning, client engagement, and risks. I am looking for presenters with experience in designing solutions and project delivery, not only from a technology perspective but also a business perspective.
There’s an old saying “Heathy body, healthy mind” and it’s something I agree with strongly. Being physically active is something I find very helpful for my work and personal life. Due to this, I would like to deviate from the technical side of things and write a post about lifestyle. When I talk about being more physically active, I’m not explicitly referring to getting fitter or achieving a fitness goal. I am simply talking about moving more, finding times during the day to move a bit.
In part 1, we looked at making the necessary changes to AD for LAPS, from extended the schema to modifying the object attribute security. In this part, we will go through deploying the LAPS agent on a workstation. This process is very straight forward, we will use GPO to deploy the agent to our workstation and confirm that the password is now random and stored in AD. During the configuration of the workstation, I set the admin password as “Password1”, secure I know.
Recently, I had the chance to look at a Dell FX2 and from the time I got to spend on it, I was quite impressed. Time spend on this bit of kit wasn';t as long as I would have liked. It turned out the storage options didn';t suit the client needs. The configuration I was tasked with implementing involved 1 FX2 chassis with 2 x FC630 compute sleds and 1 x FD332 storage sled.
VMwares Hands on Labs (HOL) are a great way to explore products and features, without needing to have your own lab. When you launch a lab, the environment is spun up, when you exit it is torn down. An entire lab is built in a built in a matter of minutes, sometimes less. Each lab has an intended objective, with a manual on the right to guide you through. Going through the a lab and following the designated steps is great, but that doesn';t mean you have to stay on track.
In May 2015 Microsoft released Local Administrator Password Solution (LAPS) to help address the issue of keeping local administrator accounts secure. Setting the account password by GPO generally means a large number of computers will have the same password. LAPS provides the ability for workstations to have randomly generated passwords, that are constantly refreshed and easy to retrieve. Managed workstations will set a random password which is stored in an AD attribute called ms-Mcs-AdmPwd.
This is an exercise I thought of on the drive home from work. Just a task to help give context to the concepts I have been learning. This exercise came from wanting to VPN into my home network. The home network has a dynamic external IP address, which means I need a way to know if that IP has changed. The script IPcheck.py helps solve that problem. It';s been created to check the current external IP against a stored value and notify by email if the two do not match.