Friday, June 17, 2016

NSX 6.2.3 and some exciting news for current customers with access to vShield

NSX 6.2.3 was released June 9. It's really an important release, although not a major one. I think a lot of the features are being added in response to actual customers hitting deployment limitations that no one had bothered to finish implementing. You can check the full release here

Some of the more important updates were:

  • Change in the VXLAN UDP port from 8472 to 4789
  • Hardware VTEP
  • Lots of UI & management enhancements
  • Log Insight for NSX now available

However, there is one big consequence that ended being quite the nice surprise.

Change in default license & evaluation key distribution: default license upon install is "NSX for vShield Endpoint", which enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only. Evaluation license keys can be requested through VMware sales.

What this means is huge. If you had vShield in your organization, the upgrade path is NSX. Since you had access to vShield before, you get access to NSX now.

Note: vShield isn't a high requirement. vShield Endpoint is part of Essentials Plus and up. Most enterprise vSphere customers will now see the NSX 6.2.3 download available if they look for the vSphere binaries, even if they choose version v5.5 (that is still the minimum, but please install the latest for your labs)



With this, the "floodgates" have opened and much more people have access to the NSX bits. You still need a real license to play with all the features, but at least the NSX OVA is in your hands and you can start deploying it and learning.

One can expect to see more NSX content out there, and also, I would think a lot of content and community presentations for people upgrading from vShield to this new NSX level.

I think VMware has released this at a good time and hopefully soon I'll add my grain of salt and help everyone that came from being a vSphere admin in learning NSX.

Thursday, June 9, 2016

Exam Tips - VCAP6-NV Deploy with Gabriel Maciel @gmaciel_ca

Gabriel Maciel is one of the smartest NSX engineers that VMware has and part of a "Dream Team" of Latin American NSX experts such as Elver Sena, Raymundo Escobar and Stalin Pena. Particularly for the VCAP6-NV Deploy, you will notice Gabriel is one of the exam contributors so heed any advice he gives out (without breaking NDA of course!).

Today he presented "Section 7 - Perform Advanced VMware NSX Troubleshooting" in the LATAM chapter of @vBrownBag. Once the video is live I'll embed it into this post. The presentation is in Spanish but the advice is Universal :D

Here are some of the tips covered for the exam in this session in written form:

  • HOL 1625 has everything you need to study for this topic
  • The documentation is your best friend: https://pubs.vmware.com/NSX-62/index.jsp
  • Apart from the Troubleshooting Guide mentioned in the blueprint, make sure to also study the Command Line Interface Reference manual! CLI is very important for both the exam and real life.
  • Learn how to check Manager and Cluster Health through GUI
  • Take advantage of Central commands that show information for the whole NSX deployment (new in 6.2)
  • Learn how to check common controller issues, such as lack of space, a wrong deployment network, or an exhausted IP pool!
  • Don't erase a failed controller unless 1) your other two have majority 2) you've already opened a case with GSS and uploaded logs 3) all other options are exhausted. There is normally a bigger problem that is manifested as a problem in the controller, so that needs to be fixed first.
  • Very important to understand the limits that transport zones represent. Make sure the correct clusters are members. This ties in with cross-vCenter NSX in Section 6.
  • Take advantage of the GUI troubleshooting tools to check for Flows and Logs, but be comfortable with the CLI options as well. Most networking guys will be happy that there is a CLI option to check all firewall rules applied to an interface or load balancer details.
  • For Section 7.3 search for "service" in the CLI Reference and learn and practice the commands in the mentioned HOL.
  • Gabriel keeps a document with all his frequently used commands - he graciously shared it with us for all vBrownBag listeners. You can download this document here.