luca19100's Posts

Starting with NSX version 4.1, many more certificates are visible in NSX. Those certificates have always been present on the platform, even in previous versions, but it was impossible to lifecycle them. This document will help the reader understand the purpose of all the certificates part of the NSX platform. It will provide examples covering common certificate-related tasks an NSX administrator may tackle while administering NSX. To make these examples reproducible, they are presented in the form of bash scripts. We opted to use bash for maximum portability. The scripts mainly use curl to perform API calls to the NSX API and use the jq to process the returned JSON data structures. You must install jq on your system to run the sample scripts. You can use your system package manager (i.e., apt or homebrew) The scripts are provided for educational purposes only. You should perform your validations before leveraging them on production systems. The current doc applies to NSX version 4.1.1 and later  Note: copy and paste from the PDF doc will lead to formatting errors. All the scripts are available on GitHub for easy copy and paste: https://github.com/vmware-nsx/nsx_certificates_cookbook Author: NSX Product Team

VMware NSX Data Center is a full-stack Software-Defined Networking and Security platform from VMware. The full-stack solution (L2/L3 to L4-L7 services ) is flexible and scalable from a minimum footprint of two hosts to the cloud-scale need of large enterprises. This document aims to build a simplified consumption model based on two prescriptive use cases suitable for small footprint, single rack, and satellite data centers. The two use cases offered in this design guide are: A simplified security solution designed for existing workloads where the physical network retains many networking functionalities. A full-stack design that primarily targets new deployments minimizing interaction with the external network while providing extensive flexibility and Network and Security services inside the solution. The solutions presented focus on the following goals and parameters: Physical network-friendly configuration – minimum configuration Leverage existing knowledge base from vSphere and Security Admin Exploit the features and capabilities from NSX-T to build a flexible yet consolidated solution for a variety of application needs, services (NAT, VPN, FW), and security Scope of deployment meeting most common footprint for small workload, satellite DC, and hosted solutions Self-contained guidance and step-by-step design rational This document incorporates two main sections. Each of them addresses the two use cases at a different level. Section 2 covers a high-level overview of the two solutions, together with their value proposition in the context of well-defined requirements and constraints. We also include a brief overview of the relevant NSX-T components. Section 3 provides a detailed design and engineering specification for both use cases. It includes a comprehensive list of assumptions on the supporting infrastructure. Design decisions have accompanying justifications and implications for making the designs actionable and the rationale behind the choices clear and transparent. An example of end-to-end automation for the DC in a Box use case is available here. Please use the branch specific to your version. This version (3.2) of the design guide includes the following updates: Distributed firewall implementation on vCenter distributed port-groups NSX vCenter server plug-in included as part of the simple security for applications use case NSX Application Platform added as an optional component for both use cases to support NSX Intelligence and Advanced Threat Prevention features Next Generation Gateway Firewall added as an optional component in the DC a box design  NSX Advanced Load Balancer added as an optional component in the DC a box design  The Easy Adoption guide for NSX-T version 3.1 is available on this community page Readers are encouraged to send feedback to NSXDesignFeedback_AT_groups_vmware_com (convert to email format).

Highlights: This updated version of the document aligns with NSX version 3.2. It includes the following updates: NSX vCenter server plug-in for the simple security for applications use case Distributed Firewall on vCenter distributed virtual port-groups for VLAN-only micro-segmentation NSX Application platform as an optional component to support NSX intelligence and Advanced Threat Prevention features for both the simple security for applications and the data center in a box use cases NSX Next-Generation gateway firewall as an optional component for the data center in a box use case NSX Advanced Load Balancer as an optional component for the data center in a box use case About the NSX Easy Adoption Design guide: VMware NSX Data Center is a full-stack Software-Defined Networking and Security platform from VMware. The full-stack solution (L2/L3 to L4-L7 services ) is flexible and scalable from a minimum footprint of two hosts to the cloud-scale need of large enterprises. This document aims to build a simplified consumption model based on two prescriptive use cases suitable for small footprint, single rack, and satellite data centers. The two use cases offered in this design guide are: A simplified security solution designed for existing workloads where the physical network retains many networking functionalities. A full-stack design that primarily targets new deployments minimizing interaction with the external network while providing extensive flexibility and Network and Security services inside the solution. The solutions presented focus on the following goals and parameters: Physical network-friendly configuration – minimum configuration Leverage existing knowledge base from vSphere and Security Admin Exploit the features and capabilities from NSX-T to build a flexible yet consolidated solution for a variety of application needs, services (NAT, VPN, FW, LB), and security Scope of deployment meeting most common footprint for small workload, satellite DC, and hosted solutions Self-contained guidance and step-by-step design rational This document incorporates two main sections. Each of them addresses the two use cases at a different level. Section 2 covers a high-level overview of the two solutions, together with their value proposition in the context of well-defined requirements and constraints. We also include a brief overview of the relevant NSX-T components. Section 3 provides a detailed design and engineering specification for both use cases. It includes a comprehensive list of assumptions on the supporting infrastructure. Design decisions have accompanying justifications and implications for making the designs actionable and the rationale behind the choices clear and transparent. Additional resources and next steps An example of end-to-end automation for the DC in a Box use case is available on github The repository has different branches for different NSX versions. Readers are encouraged to reference the NSX Reference Design Guide for NSX implementations outside of the scope of the NSX Easy Adoption Design Guide. Readers are encouraged to send feedback to NSXDesignFeedback_AT_groups_vmware_com (convert to email format).