Module 1: IT Architectures, Technologies, Standards
Demonstrate knowledge of VMware Virtual Cloud Network and NSX
- Describe the purpose of VMware Virtual Cloud Network and its framework
- Identify the benefits and recognize the use cases for NSX
- Describe how NSX fits into the NSX product portfolio
- Recognize features and the main elements in the NSX architecture
- Describe NSX policy and centralized policy management
- Describe the NSX management cluster and the management plane
- Identify the functions of control plane components, data plane components, and communication channels
Demonstrate knowledge of NSX Management Cluster
- Explain the deployment workflows for the NSX infrastructure
Demonstrate knowledge of the NSX UI
- Distinguish between the Policy and the Manager UI
Demonstrate knowledge of the data plane
- Describe the functions of transport zones, transport nodes, VDS, and N-VDS
- Explain the relationships among transport nodes, transport zones, VDS, and N-VDS
- Describe NSX VDS
- Describe uplink profiles
Demonstrate knowledge of logical switching
- Describe the functions of NSX segments
- Recognize different types of segments
- Explain tunneling and the Geneve encapsulation protocol
- Describe the interaction between components in logical switching
- Describe the function of kernel modules and NSX agents installed on ESXi
- Describe the function of the management plane in logical switching
- Describe the function of the control plane in logical switching
Demonstrate knowledge of logical switching packet forwarding
- Describe the functions of each table used in packet forwarding
- Describe how BUM traffic is managed in switching
- Explain how ARP suppression is achieved
Demonstrate knowledge of segments and segment profiles
- Define what a segment is
- Describe the purpose of segment profiles
- Identify the functions of the segment profiles in NSX
Demonstrate knowledge of logical routing
- Explain the function and features of logical routing
- Describe the architecture of NSX two-tier routing
- Differentiate between north-south and east-west routing
- Describe the gateway components
- Recognize the various types of gateway interfaces
Demonstrate knowledge of NSX Edge and Edge Clusters
- Explain the main functions and features of the NSX Edge node
- Describe the functions of the NSX Edge cluster
- Identify the NSX Edge node form factors and sizing options
- Describe the different NSX Edge node deployment methods
Demonstrate knowledge of Tier-0 and Tier-1 Gateways
- Explain how to configure a Tier-0 gateway and Tier-1 gateway
- Explain Active/Active Tier-0 and Tier-1 configurations
- Explain Active standby Tier-0 and Tier-1 configurations
- Explain Stateful Active/Active Tier-0 and Tier-1 configurations
- Explain multi-tenancy use in a Tier-0 gateway
Distinguish between static and dynamic routing lain OSPF and BGP configurations Demonstrate knowledge of ECMP and high availability
- Explain the purpose of ECMP routing
- Identify the active-active and active-standby modes for high availability
- Recognize failure conditions and explain the failover process
Demonstrate knowledge of logical routing packet walk
- Describe the datapath of single-tier routing
- Explain the datapath of multitier routing
Demonstrate knowledge of VRF Lite
- Describe VRF Lite
- Explain the benefits of VRF Lite
Demonstrate knowledge of bridging
- Describe the purpose and function of bridging
- Distinguish between routing and bridging
Demonstrate knowledge of NAT and how it is used with NSX
- Explain the role of network address translation (NAT)
- Distinguish between source and destination NAT
- Describe how Reflexive NAT works
- Explain how NAT64 facilitates communication between IPv6 and IPv4 networks
- Describe stateful active-active NAT operation
Demonstrate knowledge of DHCP and DNS
- Explain how DHCP and DHCP Relay are used for IP address allocation
- Configure DHCP services in NSX
- Describe how to use a DNS forwarder service
Demonstrate knowledge of IPSec VPN
- Explain how IPSec-based technologies are used to establish VPNs
- Compare policy-based and route-based IPSec VPN
- Describe IPSec VPN requirements in NSX
Demonstrate knowledge of L2 VPN
- Describe L2 VPN technologies in an NSX
- Identify various supported L2 VPN endpoints
Demonstrate knowledge of integrating NSX with VMware Identity Manager
- Describe the purpose of VMware Identity Manager
- Identify the benefits of integrating NSX with VMware Identity Manager
Demonstrate knowledge of integrating NSX with LDAP
- Identify the benefits of integrating NSX with LDAP
- Describe the LDAP authentication architecture
Demonstrate knowledge of managing users and configuring RBAC
- Identify the different types of users in NSX
- Recognize permissions and roles available in NSX
- Understand the use of orgs and projects in multi-tenancy
Demonstrate knowledge of Federation Architecture, needed prerequisites, Federation Networking, and Federation Security
- Describe Federation and its use cases
- Describe the requirements and limitations of Federation
- Describe the Federation configuration workflow
- Describe the prerequisites for Federation
- Describe the onboarding of Local Manager configurations and workloads
- Describe the stretched networking concepts in Federation
- Explain the supported Tier-0 and Tier-1 stretched topologies
- Explain Layer 2 concepts related to NSX Federation
- Explain the Federation security use cases
- Describe the Federation security components
- Explain the security configuration workflows
Demonstrate knowledge of DPU-based acceleration for NSX
Module 2: Plan and Design the VMware Solution
Prepare an NSX infrastructure for deployment
- Create Transport Zones
- Create IP Pools
- Prepare ESXi Hosts
Configure segments
- Create segments
- Attach VMs to segments
- Use network topology to validate the logical switching configuration
Deploy and configure NSX Edge Nodes
- Deploy NSX Edge Nodes
- Configure an Edge Cluster
Configure the Tier-1 gateway
- Create a Tier-1 gateway
- Connect segments to the Tier-1 gateway
- Use network topology to validate the Tier-1 gateway configuration
Create and configure a Tier-0 gateway with OSPF
- Create uplink segments
- Create a Tier-0 gateway
- Connect the Tier-0 and Tier-1 gateways
- Use network topology to validate the Tier-0 gateway configuration
Configure the Tier-0 gateway with BGP
- Create uplink segments
- Create a Tier-0 gateway
- Connect the Tier-0 and Tier-1 gateways
- Use network topology to validate the Tier-0 gateway configuration
Configure VRF Lite
- Create the uplink trunk segment
- Deploy and configure the VRF gateways
- Deploy and connect the Tier-1 gateways to the VRF gateways
- Create and connect segments to the Tier-1 gateways
- Attach VMs to segments on each VRF
- Review the routing tables in each VRF
Configure Network Address Translation (NAT)
- Create a Tier-1 gateway for Network Address Translation
- Create a segment
- Attach a VM to NAT segment
- Configure NAT
- Configure NAT route redistribution
Deploy Virtual Private Networks
- Deploy a new NSX Edge Node to support a VPN deployment
- Configure a new Edge Cluster
- Deploy and configure a new Tier-0 gateway and segments for VPN support
- Create an IPSec VPN service
- Create an L2 VPN server and session
- Configure a pre-deployed autonomous Edge as an L2 VPN client
Manage users and roles
- Add an Active Directory Domain as an identity source
- Assign NSX roles to domain users and validate permissions
- Modify an existing role and validate the role permissions
Perform operations tasks in a VMware NSX environment (syslog, backup/restore etc.) Monitor a VMware NSX implementation USE NSX Intelligence
- Generate network flows and visualize traffic
- Use recommendations to create security policies
- Enable detection of suspicious traffic
Module 3: Troubleshoot and Optimize the VMware Solution
Use log files to troubleshoot issues
- Identify the default log file locations of NSX component
- Generate Log Bundles
- Use log files to help identify NSX issues
Identify Tools Available for Troubleshooting Issues
- Use traceflow, traffic analysis, dashboard for troubleshooting
Troubleshoot Common NSX Issues
- Troubleshoot Common NSX Installation/Configuration Issues
- Troubleshoot Common NSX Component Issues
- Troubleshoot Common Connectivity Issues
- Troubleshoot Common logical infrastructure Issues
- Troubleshoot Common physical infrastructure Issues
