In the world of IT there are not a lot of moments of recognition, unless something goes wrong and we have all been there. If those in IT are doing their job then things just run and for the most part no one really thinks about those supporting the infrastructure. The time and effort it takes to keep the lights on, the nights and weekends sacrificed for upgrades and patches, and the endless amounts of studying to stay on top of technology changes in the industry and the time you will never get back from on-call. IT can be a very thankless job.
VMware has built a program to honor those that go above and beyond and take their passion for virtualizing IT into the realm of evangelizing. Evangelizing about the products we work with on a daily basis through blogs, podcasts, and community involvement. The VMware vExpert program is an honorary title VMware grants to outstanding advocates of the company's products. VMware recognizes vExperts with a certificate. The certificate and title give vExperts special privileges such as access to private betas, free licenses and exclusive events.
After long hours on the job, these IT professionals engage in work on their blogs, podcasts, etc. to contribute to the virtualization IT community. They do this to demonstrate their passion for various areas of IT and expertise for the purpose of teaching and helping others grow as technologists.
In my spare time I write blogs on VMware technologies along with supporting my local community by serving as a local VMware User Group (VMUG) Leader. In my current role I am also privileged to help educate customers about VMware and related products through presentations, etc. along with architecting solutions for them. I am a vExpert because I have a passion for virtualization technology.
At Advizex, we are proud to have a number of individuals who continue to make the vExpert program and demonstrate their passion for technology, to their local communities and their customers.
Brandon Seymour - Virtualization Architect
Established track record with 12 plus years of hands-on experience in Microsoft technologies, VMware virtualization, storage design and network infrastructure. He bring an innovative and pragmatic approach to analyzing complex business needs, enabling me to conceptualize, design and implement cutting edge solutions based on the latest virtualization, storage, and cloud technologies. His community-focused involvement allows him to effectively share his passion for virtualization and cloud technologies with peers.
Nemtallah Daher - Principal Consultant
Bilingual (English and Arabic) Network Engineer offering in-depth understanding of IT infrastructure areas, particularly IT network integration. Detail-oriented self-starter with demonstrated success in initiating, tracking, reporting and closing projects. Over 20 years of experience in designing and managing data networks in large and complex environments.
Doug Watkins - Senior Virtualization Consultant
Doug has over 15 years of experience in enterprise system architecture, planning, design and administration including: VMware Server Virtualization, VMware SRM, Microsoft Hyper-V 2012 R2, Dell Rackmount & Blade Systems, Cisco Blade Systems, EMC Storage Systems, Dell Compellent & EqualLogic Storage Systems, Networking Infrastructure, Fiber Channel Switch Infrastructure.
Joe Clarke - Principal Consultant
Joe Clarke is a Principal Consultant in the AdvizeX Services Solutions Practice on the virtualization team. His primary focus is EUC with VMware based technologies and easily integrates with network and storage teams. His skills include the design, implementation, troubleshooting and ongoing administration of enterprise systems. Joe has facilitated numerous large scale implementations along with post implementation support and upgrades. Joe is a certified VCDX-DTM #138.
Chris Miller - Principal Architect
IT infrastructure consultant specializing in data center technologies including storage, server and blade technologies, Cisco data center products, and virtualization. Specialties / Certifications: VCDX-NV #163, EMCTA.
How to become a vExpert?
To become a vExpert you need to fill out an application which becomes available twice a year and there are several paths to becoming a vExpert. Once received applications are moved into voting and once voting is complete selected vExperts are notified. Applications open for each calendar year are opened in November and results are announced in early February. Applications are opened again in June with an August announcement.
The Evangelist Path includes book authors, bloggers, tool builders, public speakers, VMTN contributors, and other IT professionals who share their knowledge and passion with others with the leverage of a personal public platform to reach many people. Employees of VMware can also apply via the Evangelist path. A VMware employee reference is recommended if your activities weren’t all in public or were in a language other than English.
The Customer Path is for leaders from VMware customer organizations. They have been internal champions in their organizations, or worked with VMware to build success stories, act as customer references, given public interviews, spoken at conferences, or were VMUG leaders. A VMware employee reference is recommended if your activities weren’t all in public.
VPN (VMware Partner Network) Path
The VPN Path is for employees of our partner companies who lead with passion and by example, who are committed to continuous learning through accreditations and certifications and to making their technical knowledge and expertise available to many. This can take shape of event participation, video, IP generation, as well as public speaking engagements. A VMware employee reference is required for VPN Path candidates.
Recommend a Colleague
You can recommend a colleague that you believe should become part of the vExpert community due to their evangelizing, educating, etc. of fellow employees and local community.
You can find more information on the vExpert program from the vExpert community page here.
Back on February 2nd, VMware announced two new products, VMware NSX for vSphere 6.3 and VMware NSX-T 1.1, and the adoption rate has reached new heights for VMware, as Chief Executive Pat Gelsinger mentioned in the Q4 2016 earnings that NSX is on track to bring in $1 Billion in revenue this year. That is impressive especially if you take into account the initial slow adoption rate of NSX.
The customer focused demand for tighter security in the data center with NSX and Micro-Segmentation, Automating IT provisioning while increasing efficiency, and Application Continuity is helping to drive the success of NSX into corporate IT.
So what is NSX anyway? As I mentioned in a previous blog, NSX is an innovative approach to solving long-standing network provisioning bottlenecks within the data center, and it allows for the integration of switching, routing and upper-layer services into an integrated application and network orchestration platform. With an overlay solution that may not require hardware upgrades, NSX offers customers a potentially quicker way of taking advantage of SDN capabilities by decoupling the network from hardware into a software abstraction layer allowing the end-user to programmatically create, provision and manage networks.
Let's take a look at what's new in version 6.3. You can see the announcement from VMware here.
VMware is bringing some new capabilities to security in NSX with Application Rule Manager, available in NSX Advanced and Enterprise editions. Application Rule Manager is responsible for the creation of security groups and firewalls for applications based on network traffic flows which is a sequence of packets from a source computer to a destination, which may be another host, a multicast group, or a broadcast domain. This along with Endpoint monitoring, available in NSX Enterprise, enables you to set profiles for applications inside the guest OS. This gives you end-to-end visibility into applications while simplifying the profile creations.
It is good to note that for security certification and requirements:
Here are a few other updates in NSX 6.3:
Software Defined Networking with NSX rounds off the Software Defined Data Center vision of VMware, bringing the ability to automate the provisioning of what once was, very manual physical networks, and the security of them. VMware continues to enhance the integration of NSX Load Balancers with vRealize Automation and offer support for third-party IP Address Management (IPAM) systems. VMware has also enhanced the integration with NSX for vSphere and vCloud Director. These new enhancements will enable new multi-tenant capabilities for our vCloud Air Network partners.
Some other new features found in Automation for 6.3:
As the adoption of NSX increases VMware is seeing more and more uses cases around Active-Active data center architectures utilizing the network overlay capabilities of NSX allowing for true workload mobility while maintaining ip addresses and consistent security policies across data centers. New enhancements in security tagging while simplifying security policy management across multiple data centers will help to ensure a consistent and reliable virtual network in a multi-vCenter deployment.
In NSX 6.3 there is also a new ROBO SKU introduced which allows you to take advantage of all these features in a ROBO solution allowing you to simplify the security and management across remote branch offices.
Here are a few other features introduced in NSX 6.3:
The focus for NSX-T is around emerging application frameworks and architectures like private IaaS on OpenStack and multi-hypervisor support for development teams using dev clouds. NSX-T supports multiple KVM distributions, within the hypervisor kernel, while delivering security with the use of distribute firewalls, logical switches and distributed routers; This includes Red Hat Enterprise and Ubuntu. This means freedom of choice to technologists allowing them to choose what's best suited for their applications.
Integration with VMware Photon allows IT to deliver security and services to their developers that are building containerized and cloud native applications. NSX can automate the creation of networks and routers when a new namespace/project/organization is created and then secure it all with micro-segmentation policies for containers and pods.
As noted above you now have standard, advanced, and enterprise editions. According to CRN, NSX Enterprise is $6,995 per CPU socket; Advanced costs $4,495 per socket and Standard will cost $1,995 per socket.
See VMware NSX for more information.
If you are interested in learning more and getting some hands-on lab time with NSX, take a look at VMware's hands-on labs, here.
Today VMware announced vSphere 6.5 at VMworld Europe 2016, the latest version of its industry-leading virtualization platform.
The vCenter Server Appliance becomes the core component of the new vSphere environment. The new appliance brings easy deployment and reduces the complexities of managing a vSphere environment by combining the vSphere Update Manager and introduces file-backup and recovery natively with VCSA High Availability. As a side note vSphere HA has been renamed to vSphere Availability inside the client and instead of having one long settings page for vSphere HA, it has now been divided up into multiple sub-pages and organized by the function that the setting is for. You will now see ‘Failures and Responses’, ‘Proactive HA Failures and Responses’, ‘Admission Control’, ‘Heartbeat Datastores’, ‘Advanced Options’.
You no longer need to have a Windows VM to deploy and run the Update Manager which can save on Microsoft licenses while reducing complexities. VMware is also touting 3x in performance optimizations and upgrading to this new version will be made easier with the new vCenter Server Appliance Migration tool.
vSphere 6.5 introduces new REST-based APIs for VM Management which brings better automation of virtual machines while improving both the user and partner experience.
Yes it is finally here, the highly anticipated new HTML5-based vSphere Client which provides a more responsive and easy to use interface. This update has been made available as part of a Fling on VMware Labs. If you haven't tested it out follow the link and take it for a spin.
In a world with increasing security threats, VMware has taken further steps to ensure increased security in the new vSphere 6.5 environment. In vSphere 6.5 VMware introduces VM-level disk encryption. This gives the ability to encrypt a VM disk regardless of OS and combined with the new Encrypted vMotion capability, vSphere can safe-guard your data at-rest and data in-motion. These new features will be appealing to those looking to migrate loads between on-prem and off-prem data centers in a secure fashion. The new encryption feature is designed to protect against unauthorized access.
To further protect the environment in vSphere 6.5, VMware introduced secure boot which protects both hypervisor and guest OS. This will address security issues around images from be tampered with and denying unauthorized access and prevent the loading of unauthorized components into vSphere environments.
For those that require further security needs around auditing vSphere 6.5 brings enhanced audit-quality logging capabilities. These forensic logs can help determine who did what, when and where.
VMware is realizing, that with more competitors and with more and more software start ups in the containers arena, the importance of supporting containers, ie. their own. VMware knows that the world of traditional and next-generation apps need infrastructure that will scale, perform and allow for high availability.
In this new release VMware delivers vSphere Integrated Containers, which allows for the deployment of containers in a vSphere environment for infrastructure needs. This means you can deploy containers in your environment without the need to re-architect your infrastructure. The new containers environment contains three components - the Engine providing core container run-time, Harbor a registry for container images, and Admiral which is the portal for management. vSphere Integrated Containers provides a Docker-compatible interface to app teams and of course is completely compatible with NSX and vSAN.
The VMware vSphere Integrated Containers new feature of vSphere 6.5 will be available for vSphere Enterprise Plus Edition customers at no additional charge. Pricing for vSphere starts at $995 per CPU.
vSphere 6.5 is the foundation for the new partner announcement between VMware and AWS continuing the cloud strategy of any cloud, any application and any device. Of course this is all integrated with the new Cloud Foundation announced by VMware in Vegas at Vmworld 2016.
To learn more about this announcement read the news release.
For more information on the AWS partnership check out this article.
VMware announced VMware Cloud Foundation back in the general session of VMworld 2016. Cloud Foundation is a unified platform for private and public clouds.
Let's start with defining the term "Clouds". This term has been thrown around a lot and some take this term as "In the Cloud" off premises platforms, but some use the term more all inclusive which includes both "On-Prem" and "Off-Prem" platforms. Wikipedia defines this term as "computing that provides shared computer processing resources and data to computers and other devices on demand". For this blog I am using the definition of cloud as the latter. I think of cloud as all inclusive of both off and on-prem platforms for providing resources. I know some feel as though cloud was meant to replace the "on-prem" private cloud and yes, that will ultimately be the direction in years to come, but for now we live in a world of hybrid-cloud and that is what Cloud Foundation is here to assist us with.
Now that we have cleared that up, let's move on to Cloud Foundation from VMware. Cloud Foundation brings together, VMware's vision for SDDC where compute, storage, and networking services are decoupled from the underlying hardware and abstracted into software as pools of resources allowing for IT to become more flexible and agile while also allowing for better management, into an integrated stack for cloud. This is done by defining a platform common to both private and public clouds.
The foundational components of Cloud Foundation are VMware vSphere, Virtual SAN, and NSX and can be packaged with vRealize Suite to bring automation into the picture. If you are not familiar with the vRealize Suite from VMware let's just take a moment to discuss this.
The vRealize Suite is a software defined product suite built to enable IT to create and manage hybrid clouds. It includes products like IT Business Enterprise, which VMware just sold off, and is an IT financial management tool to manage and analyze cost associated with IT services. It also includes vCloud Automation Center, vCenter Operations Management, and LogInsight.
The management for Cloud Foundation is VMware's SDDC Manager. SDDC Manager serves as a single interface for managing the infrastructure. From this interface, the IT administrator can provision new cloud resources, monitor changes to the logical infrastructure, and manage lifecycle and other operational activities. The idea here is a single pane of glass for management along with monitoring of all your cloud environments whether it be on-prem, IBM-Cloud, AWS, etc., providing ongoing performance management, capacity optimization, real-time analytics, and cloud automation.
Cloud Foundation allows for a flexible solution allowing for on-prem and off-prem deployment options and can be deployed on-prem or off-prem as a service. You can choose on-prem options like integrated solutions from OEM providers such as VCE with hyper-converged systems and VSAN ready nodes from Dell.
Cloud Foundation will help to reduce the complexities faced with cloud strategies to date. The idea of "who cares where your data resides as long as it it secure and accessible" comes to mind. You can have applications being delivered from multiple clouds whether on or off-prem, Azure, or AWS. IT only needs a single pane of glass to monitor and manage these environments while also allowing for IT and management to track related costs. Ultimately giving IT the agility of migrating between cloud platforms when needed.
A use case for this would be a merger and acquisition of a company with a hybrid cloud environment. Cloud Foundation would help manage the complexities involved with integrating those resources into your own environment while maintaining security and the integrity of your current environment.
VMware announced alongside the Cloud Foundation announcement at VMworld 2016 the new partnership with IBM Cloud. This allows companies to have choice in deploying SDCC whether it be on-prem in their own private data center(s) or with IBM. This solution is based with Cloud Foundation and allowing VMware customers to seamlessly extend private to public.
Again, the software stack includes VMware vSphere, Virtual SAN, NSX, and VMware SDDC Manager. VMware SDDC Manager was announced back at VMworld 2015 and combined with Cloud Foundation is just the next step toward IoT with what VMware states as "Any Cloud, Any Application, Any Device". The SDDC Manager allows for a simplified management of a highly distributed architecture and resources.
Cloud foundation integrates with the entire VMware stack which includes Horizon, vRealize Suite, vRealize Automation, vRealize Business, OpenStack and products like LogInsight.
With Cloud Foundation natively integrating the software-defined data center stack and SDDC Manager, customers can flexibly upgrade individual components in the stack to higher editions allowing for flexibility in lifecycle management which consumes large amount of time in traditional IT.
With Cloud foundation you can automate the entire software stack. Once the rack is installed and powered on with networking to the rack, the SDDC Manager takes the BOM that was built with your partner like Advizex, and includes user-provided environmental information like DNS, IP addresses, etc. to build out the rack. The claim is that this can reduce the provisioning time from weeks to hours which for those of you that have done this in a non-automated fashion can attest to how painful the process can be. When complete you have a virtual infrastructure ready to start deploying and provisioning workloads.
In the complexities of traditional IT with silos, it takes extensive resources to provision a highly available private clouds, but with Cloud Foundation an administrator only needs to create and manage pools of resources decreasing the time to delivery of IT resources for consumption by the end-user whether it be a vm or a virtual desktop. This is done through a new abstraction layer called, Workload Domains.
Workload Domains are a policy-driven approach for capacity deployment. Each workload domain provides the needed capacity with specified policies for performance, availability and security. An admin can create a workload for dev/test with a balanced performance and low availability requirement while also creating one for production with high availability and high performance.
The SDDC Manager translates these policies into the underlying resources of compute which allows for the admin to concentrate on higher level tasks instead of spending time researching how to best implement.
Lifecycle management introduces a lot of complexities which are typically manual process to patch and upgrade and can lead to issues within an infrastructure due to interoperability and configuration errors. In turn the validation and testing of these patches takes a lot of time away from an IT staff. Sometimes patches get deployed before they have been vetted correctly for security and other reasons or defer patches which can slow down the roll-out of new features, etc. SDDC Manager automates these tasks for both physical and virtual infrastructures. VMware tests all the components for the Cloud Foundation before shipping new patches to the customer.
Within the lifecycle management of Cloud Foundation you can choose to apply the patches to just certain workloads or the entire infrastructure. SDDC can patch the vms, servers and switches while maintaining uptime thereby freeing resources to focus on business critical initiatives.
Scalability is built into the platform within a hyper-converged architecture. You can start with a deployment as small as 8 nodes, and scale to multiple racks. Capacity can be added linearly in increments as small as one server node at a time within each rack allowing IT to align CapEx with business needs. Cloud Foundation automatically discovers any new capacity and adds it into the larger pool of available capacity for use.
Some main use cases for Cloud Foundation are; Virtual Infrastructure allowing IT to expand and contract the underlying infrastructure to meet their changing business needs; IT Automating IT allowing IT accelerate the delivery and ongoing management of infrastructure, application and custom services, while improving overall IT efficiency; Virtual Desktop making VDI deployments faster and more secure. Administrators can focus on specifying the policies and needs of the VDI infrastructure instead of dealing with the details of deploying the VDI infrastructure.
To learn more about VMware's Cloud Foundation you can visit the product page here.
You can also get hands-on with the product from the hands-on lab provided online from VMware.
HOL-1706-SDC-5 - VMware Cloud Foundation Fundamentals
Back in July of 2016, VMware issued a Field Advisory, announcing bugs for the release of NSX for vSphere 6.2.3. VMware urged its user community, not to upgrade to this version and if you had they came out with a 6.2.3.a release to resolve the issues. The issues that VMware found were that both primary and secondary HA nodes would be placed into Active State, causing network disruption and issues related to the DFW rules causing traffic disruptions.
VMware has now released, back in August, the new version 6.2.4 for GA. This release includes some critical bug fixes previously identified which includes a critical input validation vulnerability for sites that use NSX SSL VPN. You can see the full list what's new in the release notes.
Most of the new features were already discussed by me in a previous post you can find here. In this new version the only thing listed as new is a new feature around "Firewall Status API".
VMware also has announced the End of Availability (EOA) and End of General Support (EOGS) for Cloud Networking and Security 5.5.x. The date is September 19, 2016 for both.
You can see a list of NSX trending issues here.
VMware announced on June 9th, 2016 the new version of the NSX platform version 6.2.3. A minor release to their network virtualization platform.
The NSX solution is an innovative approach to solving long-standing network provisioning bottlenecks within the data center, and it allows for the integration of switching, routing and upper-layer services into an integrated application and network orchestration platform. With an overlay solution that may not require hardware upgrades, NSX offers customers a potentially quicker way of taking advantage of SDN capabilities by decoupling the network from hardware into a software abstraction layer allowing the end-user to programmatically create, provision and manage networks.
Networking and Edge Services
The release notes for NSX for vSphere 6.2.3 can be found here.
Disruptive innovation, is a term coined by Clayton Christensen. The term describes a process by which a product or service takes root initially in simple applications at the bottom of a market and then relentlessly moves up market, eventually displacing established competitors.
For example, take a look at what a company like Uber has done to the taxi service in San Francisco. They don't hire drivers like Yellow Cab. They don't own a fleet of cars. They built an application. An application that has been very disruptive to the taxi industry and is changing the landscape of ride-hailing services.
Thanks to Uber, San Francisco's largest yellow cab company is filing for bankruptcy. Yellow Cab Co-op President Pamela Martinez was quoted saying that some of the financial setbacks "are due to business challenges beyond our control and others are of our own making." Yellow Cab's drivers are flocking to Uber, an app-based enterprise, lured by the promise of more riders and better schedules.
Yellow Cab has been turned on its head by a disruptive innovation. Uber has disrupted the ride-hailing service industry with a lasting impact which is now moving across the county.
Why do I point this out? Because, you are either being disrupted or are the disrupter. Think about that for a second. Ask Yellow Cab how it feels to be disrupted in an industry they felt very secure in before an application took over.
Look at companies like Blockbuster. I bet you can tell me who disrupted them? Got it in your mind?
Blockbuster in its peak in 2004 consisted of nearly 60,000 employees and over 9,000 store locations. In 2000 a fledgling company came on the seen slowly changing the landscape of the movie rental industry and eventually bankrupting Blockbuster in 2010.
If you were thinking of Netflix then you are correct. Now a $28 billion dollar company, about ten times what Blockbuster was worth. Blockbuster has been greatly disrupted and is reinventing itself.
You can either be disrupted or be the disrupter as with VMware. They have been a disruptive force in the technology industry from their entry with vSphere to their latest creations like SDDC, vSAN and NSX. VMware's vSphere changed the landscape of compute forever, moving cpu, memory, etc. into software, removing the dependency on hardware and has now become the most popular infrastructure management API in use today.
Disruption doesn't happen overnight; Disruption happens gradually. Remember, the term "Disruptive Innovation," is taking root and relentlessly moving up the market. Uber didn't overtake Yellow Cab overnight just as with Blockbuster. A disruptor was introduced and slowly moved to overtake the industry.
The same is true for vSphere. Industry leaders were hesitant to adopt such a drastically different technology but now this tried, tested and proven technology is the leader in x86 server virtualization infrastructure.
VMware continues to be a disruptive force in the technology industry. Look at the movement to hyper-converged. Hyper-converged is about software, not hardware. Hyper-converged derive from being able to support all infrastructure in software, and without the need for separate dedicated hardware, such as a storage array or fibre channel switch. And, what is the core software technology in just about every hyper-converged product available today? VMware vSphere and the Software Defined Data Center.
VMware is disrupting the way that we have traditionally approached the data center. Fully virtualized infrastructure, delivered on a flexible mix of private and hybrid clouds. I'm sure you have all heard the mantra, "One Cloud, Any application, Any Device." This is the next evolution in data center technology and VMware continues to lead disruptive change with products like NSX for Software Defined Networking (SDN).
NSX like vSphere has had a slow adoption. I find myself having the same conversations with customers that I had when vSphere was introduced. You don't have to convince customers of the value of vSphere anymore. The speed of adoption is picking up and VMware saw an increase of threefold in the number of paying customers for its NSX network virtualization product and in Q4 of 2015 9 out of 10 VMware deals included NSX.
The NSX solution is an innovative approach to solving long-standing network provisioning bottlenecks within the data center, and it allows for the integration of switching, routing and upper-layer services into an integrated application and network orchestration platform. With an overlay solution that may not require hardware upgrades, NSX offers customers a potentially quicker way of taking advantage of SDN capabilities.
NSX is that disruptor in the networking industry bringing agility to existing network deployments with limited impact to existing network hardware and offering all of this without vendor lock-in. VMware NSX works across many IP-based network installations and in virtual environments running mainstream hypervisors and has established relationships with a broad set of IT vendor partners to provide integration of security and optimization solutions, as well as key network hardware players, such as Palo Alto, Arista Networks, Brocade, Dell, HP and Juniper Networks.
Remember back in the beginning of this blog where I quoted President Pamela Martinez as saying that some of the financial setbacks "are due to business challenges beyond our control and others are of our own making." Some challenges were of their own making. Remember too that disruptive innovation happens over a period of time. It took 10 years for Netflix to overtake Blockbuster. Could Blockbuster have moved quicker to insue their spot as the leader in the online movie rental industry? The same is true with VMware and vSphere. This disruptive innovation took time to take hold and now it is still a driving force to change the industry with SDDC.
VMware NSX is picking up steam and is in the heart of every hyper-converged to hybrid-cloud solution that companies are moving toward. The question is will you be disrupted or be part of the disruption? I want to be part of the disruption and drive change in an exciting time to be a part of this industry. Will you be disrupted or will you help disrupt? It's a call to action; To be the disruptive force that your company doesn't even know it needs because NSX will do for networking what vSphere did for compute.
Disrupt or be disrupted.
I just recently passed my VCP6-NV and wanted to take some time to blog about the experience and to gather together some resources for those that are looking to pursue this certification.
For those you that may not know much about NSX I will start with a brief introduction and explain why I feel that you should pursue this certification for your company.
What is NSX? VMware NSX is the next evolution in software defined everything. It is VMware's network virtualization and security software platform that came from an acquisition of Nicira back in 2012.
What does NSX do? NSX de-couples the network functions from the physical network devices in your data center, in a way that analogous to decoupling virtual servers from the physical. NSX natively creates the traditional network constructs in the virtual realm. These include ports, switches, routers, firewalls, load balancers, etc.
I could write an entire blog just on the features of NSX and the integrations with other third party vendors, such as Palo Alto Networks and Trend Micro; oh wait I did. You can read that in my blog here. But, that is not what this blog is about so let's move on.
The VMware Certified Professional Network Virtualization exam, tests candidates on their knowledge and abilities to demonstrate basic virtualization networking skills such as vSwitch, vDistributed Switches, installation & configuration of NSX, and finally administration of NSX. In order to pass the exam you will need to have in depth understanding of these areas. Hands on with both NSX and vSphere are highly recommended. In fact, I believe that VMware recommends at least 6 months of hands-on.
I would recommend setting aside dedicated time to go over the following resources along with practicing packet walks and architecture design.
These are the resources that I used to study for the exam over a period of 6 months.
Section 1 – Define VMware NSX Technology and Architecture
The test consists of 80+ questions in which you have approximately 1 minute per question, which doesn't seem like a lot of time but it is plenty. You can also mark questions for review.. I found that once I completed the exam I had enough time to go back through all the questions once more to check for anything I missed.
So, now that I have reviewed what NSX is and discussed the exam the next question is why should you take the exam? Besides certifications being a great way to show value to your company more importantly is that NSX is the next big wave in the virtual realm.
I chose to take this exam because I believe that NSX is the next step in virtualizing the datacenter and I wanted to be on the forefront to help lead the direction for my company and our customers. I have the same excitement with NSX that I felt when I first became engaged with ESX.
Since taking the exam, I have been between Buffalo and Albany NY, speaking to customers and white boarding their environments. This has lead to better engagements with customers and within VMUG (VMware User Group) where I lead three groups, Albany now Capital District, Syracuse and Rochester.
NSX will change the face of networking just as vSphere did for physical servers. If you want to help drive the future direction of your company and help them become more secure, agile and flexible or if your company, like many others, are in the process of developing their cloud strategy then NSX can play a large role in that.
Bringing VMware NSX and Horizon together
Virtual desktop infrastructure (VDI) has become an even more popular virtualization option for many organizations and VMware customers.
VMware continues to work with partners to advance the protection of VDI deployments. Most recently the focus has been on introducing advanced security controls with VMware NSX (network virtualization platform) and Horizon 6 (VDI) environment. VDI in combination with NSX offers organizations the chance to make huge leaps forward in the security and management of their virtualized desktop deployments.
Two big challenges that have slowed the adoption of large-scale desktop virtualization in the past are:
NSX addresses these concerns and much more.
Security for VDI deployments is more critical because of the need to limit “east-west traffic,” the internal traffic in the data center. However, “east-west traffic” isn’t monitored well, if at all, by traditional perimeter defenses. For example a basic surfing or email mistake by a trusted end user could bring a threat right past those defenses into your data center resulting in a breach.
VMware NSX with Horizon enables micro-segmentation and automates the deployment and provisioning processes. This allows for the insertion of advanced security services from third parties that includes:
This provides instant, automated protection as soon as a new virtual desktop is spun up.
NSX brings security inside the data center with automated fine-grained policies tied to the virtual machines, while its network virtualization capabilities let you create entire networks in software, without touching the underlying physical infrastructure
To learn more about NSX and Horizon see the VMware Deep-dive video below.
mobility management (EMM) from VMware AirWatch, the recently introduced VMware Identity Manager and the new cloud management service in VMware Horizon Air.
Workspace One includes self-service access, choice of device, conditional access, automation and productivity tools along with several major updates to the VMware End-User Computing portfolio.
Updates to the VMware End-User Computing product portfolio include:
So What does Workspace One do for you?
Self-Service Access to Cloud, Mobile & Windows Apps
Once authenticated through the VMware Workspace ONE app, employees can instantly access their personalized enterprise app catalog where they can subscribe to virtually any mobile, cloud or Windows application.
With the built-in VMware Identity Manager, access to applications is only a touch away as single sign-on authentication is already established through the device.
VMware Workspace ONE with adaptive enrollment puts the device choice in employees’ hands for the level of convenience, access, security and management that makes sense for their workstyle providing friction-free adoption of BYOD programs while getting IT out of the device business.
Workspace One will include consumer-style email, calendar, contacts, documents, chat, and enterprise social that employees want to use while invisible security measures protect the organization from data leakage by restricting how attachments and files can be edited and shared.
Employees, devices, apps and data increasingly live beyond the physical walls of the workplace, the data center, or the network. VMware Workspace ONE combines identity and device management to enforce access decisions based on a range of conditions from strength of authentication, network, location and device compliance. For sensitive information, Workspace One will combine identity and device management with ComplianceCheck Conditional Access to enforce access decisions across any application or device.
The AirWatch policy engine automates device compliance through customizable warnings and full or selective device wipe and secures information by protecting the data stored in applications and limiting data leakage through cut, copy, paste or export controls.
Single-Sign On access, for example, leverages Secure App Token Systems for authentication. Once authenticated, employees gain instant self-service access to a personalized enterprise application store where they can subscribe to virtually any mobile, cloud or Windows application.
Application Delivery & Automation
Workspace One will combine VMware AirWatch mobile management and VMware Horizon along with VMware App Volumes application-delivery technology.
It will also take full advantage of the new capabilities of Windows and leverages VMware AirWatch mobile management system to allow desktop administrators to automate application distribution and updates on the fly. Combined with Horizon virtualization technology, automating the application delivery process enables better security and compliance.
The new platform is expected to be generally available this quarter in standard, advanced and enterprise editions. Prices will start at $8 per user per month for cloud subscriptions and $150 per user for on-premises perpetual licenses.
In the video below, Sumit Dhawan, Senior Vice President and General Manager of desktop products in the End-User Computing group at VMware, introduces Workspace One.