| 000 -LEADER |
|---|
| fixed length control field |
10354nam a22003377a 4500 |
| 003 - CONTROL NUMBER IDENTIFIER |
|---|
| control field |
CITU |
| 005 - DATE AND TIME OF LATEST TRANSACTION |
|---|
| control field |
20240628105036.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS--GENERAL INFORMATION |
|---|
| fixed length control field |
m |o d | |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION |
|---|
| fixed length control field |
cr ||||||||||| |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION |
|---|
| fixed length control field |
240628b ||||| |||| 00| 0 eng d |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER |
|---|
| International Standard Book Number |
9781119648567 |
| 040 ## - CATALOGING SOURCE |
|---|
| Original cataloging agency |
DLC |
| Language of cataloging |
eng |
| Transcribing agency |
DLC |
| Modifying agency |
DLC |
| Description conventions |
rda |
| 041 ## - LANGUAGE CODE |
|---|
| Language code of text/sound track or separate title |
eng |
| 082 00 - DEWEY DECIMAL CLASSIFICATION NUMBER |
|---|
| Classification number |
005.4/3 |
| 100 1# - MAIN ENTRY--PERSONAL NAME |
|---|
| Preferred name for the person |
Sosa, Elver Sena, |
| Relator term |
author. |
| 245 10 - TITLE STATEMENT |
|---|
| Title |
Mastering VMware NSX for vSphere / |
| Statement of responsibility, etc |
Elver Sena Sosa. |
| 264 #1 - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) |
|---|
| Place of publication, distribution, etc |
Indianapolis : |
| Name of publisher, distributor, etc |
Sybex, |
| Date of publication, distribution, etc |
2020. |
| 300 ## - PHYSICAL DESCRIPTION |
|---|
| Extent |
1 online resource (xx, 300 pages) ; |
| Other physical details |
illustrations. |
| 336 ## - CONTENT TYPE |
|---|
| Content type term |
text |
| Content type code |
txt |
| Source |
rdacontent |
| 337 ## - MEDIA TYPE |
|---|
| Media type term |
computer |
| Media type code |
c |
| Source |
rdamedia |
| 338 ## - CARRIER TYPE |
|---|
| Carrier type term |
online resource |
| Carrier type code |
cr |
| Source |
rdacarrier |
| 501 ## - WITH NOTE |
|---|
| With note |
Includes index. |
| 505 0# - CONTENTS |
|---|
| Formatted contents note |
Table of Contents<br/>Introduction xvii<br/><br/>Chapter 1 Abstracting Network and Security 1<br/><br/>Networks: 1990s 1<br/><br/>Colocation 2<br/><br/>Workload-to-Server Ratio 3<br/><br/>Inefficient Resource Allocation 3<br/><br/>The Long Road to Provisioning 3<br/><br/>Data Centers Come of Age 4<br/><br/>Data Center Workloads 4<br/><br/>Workloads Won’t Stay Put 5<br/><br/>VMware 6<br/><br/>Virtualization 6<br/><br/>What is Happening in There? 6<br/><br/>Portability 8<br/><br/>Virtualize Away 8<br/><br/>Extending Virtualization to Storage 9<br/><br/>Virtual Networking and Security 9<br/><br/>NSX to the Rescue 10<br/><br/>The Bottom Line 13<br/><br/>Chapter 2 NSX Architecture and Requirements 15<br/><br/>NSX Network Virtualization 16<br/><br/>Planes of Operation 16<br/><br/>NSX Manager Role and Function 18<br/><br/>ESXi Hosts 19<br/><br/>vCenter Server 20<br/><br/>vSphere Distributed Switch 21<br/><br/>NSX VIBs 23<br/><br/>Competitive Advantage: IOChain 24<br/><br/>IOChain Security Features 24<br/><br/>NSX Controllers 25<br/><br/>NSX Controller Clustering 26<br/><br/>NSX Controller Roles 26<br/><br/>NSX Edge 28<br/><br/>ESG Sizing 30<br/><br/>NSX Role-Based Access Control 30<br/><br/>Overlay and Underlay Networks 32<br/><br/>Replication Modes for Traffic Going to Multiple Destinations 34<br/><br/>The Bottom Line 36<br/><br/>Chapter 3 Preparing NSX 39<br/><br/>NSX Manager Prerequisites 39<br/><br/>Open Ports and Name Resolution 40<br/><br/>Minimum Resource Requirements for NSX Data Center Appliances 40<br/><br/>vSphere HA and DRS 41<br/><br/>IP Addressing and Port Groups 43<br/><br/>Installing the Client Integration Plug-in 44<br/><br/>Installing NSX Manager 44<br/><br/>Associating NSX Manager to vCenter 46<br/><br/>Adding AD/LDAP to NSX 47<br/><br/>Linking Multiple NSX Managers Together (Cross- vCenter NSX) 51<br/><br/>Multi-site Consistency with Universal Components 51<br/><br/>Primary and Secondary NSX Managers 53<br/><br/>Preparing ESXi Clusters for NSX 54<br/><br/>Creating a Universal Transport Zone on the Primary NSX Manager 56<br/><br/>vSphere Distributed Switches Membership 57<br/><br/>Adding Secondary NSX Managers 58<br/><br/>The Bottom Line 59<br/><br/>Chapter 4 Distributed Logical Switch 61<br/><br/>vSphere Standard Switch (vSS) 62<br/><br/>Traffic Shaping 63<br/><br/>Understanding Port Groups 64<br/><br/>NIC Teaming 65<br/><br/>Ensuring Security 66<br/><br/>Virtual Distributed Switch (vDS) 67<br/><br/>Virtual eXtensible LANs (VXLANs) 68<br/><br/>Employing Logical Switches 71<br/><br/>Three Tables That Store VNI Information 73<br/><br/>Collecting VNI Information 74<br/><br/>Centralized MAC Table 75<br/><br/>VTEP Table 76<br/><br/>We Might as Well Talk about ARP Now 79<br/><br/>Filling In the L2 and L3 Headers 79<br/><br/>Switch Security Module 81<br/><br/>Understanding Broadcast, Unknown Unicast, and Multicast 83<br/><br/>Layer 2 Flooding 83<br/><br/>Replication Modes 83<br/><br/>Deploying Logical Switches 84<br/><br/>Creating a Logical Switch 85<br/><br/>The Bottom Line 85<br/><br/>Chapter 5 Marrying VLANs and VXLANs 87<br/><br/>Shotgun Wedding: Layer 2 Bridge 87<br/><br/>Architecture 88<br/><br/>Challenges 89<br/><br/>Deployment 90<br/><br/>Under the Hood 102<br/><br/>Layer 2 VPN 102<br/><br/>NSX Native L2 Bridging 103<br/><br/>Hardware Switches to the Rescue 103<br/><br/>Hardware VTEPs 103<br/><br/>Deployment 104<br/><br/>Under the Hood 104<br/><br/>The Bottom Line 105<br/><br/>Chapter 6 Distributed Logical Router 107<br/><br/>Distributed Logical Router (DLR) 107<br/><br/>Control Plane Smarts 108<br/><br/>Logical Router Control Virtual Machine 108<br/><br/>Understanding DLR Efficiency 111<br/><br/>Another Concept to Consider 115<br/><br/>Let’s Get Smart about Routing 117<br/><br/>OSPF 119<br/><br/>Border Gateway Protocol (BGP) 120<br/><br/>Oh Yeah, Statics Too 123<br/><br/>Deploying Distributed Logical Routers 125<br/><br/>The Bottom Line 134<br/><br/>Chapter 7 NFV: Routing with NSX Edges 137<br/><br/>Network Function Virtualization: NSX Has It Too 137<br/><br/>This is Nice: Edge HA A 138<br/><br/>Adding HA 139<br/><br/>Let’s Do Routing Like We Always Do 140<br/><br/>Deploying the Edge Services Gateway 144<br/><br/>Configuring BGP 151<br/><br/>Configuring OSPF 154<br/><br/>Configuring Static Routes 155<br/><br/>Routing with the DLR and ESG 156<br/><br/>Using CLI Commands 156<br/><br/>Default Behaviors to Be Aware Of 157<br/><br/>Equal Cost Multi-Path Routing157<br/><br/>The Bottom Line 160<br/><br/>Chapter 8 More NVF: NSX Edge Services Gateway 163<br/><br/>ESG Network Placement 163<br/><br/>Network Address Translation 164<br/><br/>Configuring Source NAT 166<br/><br/>Configuring Destination NAT 166<br/><br/>Configuring SNAT on the ESG 167<br/><br/>Configuring DNAT on the ESG 169<br/><br/>ESG Load Balancer 171<br/><br/>Configuring an ESG Load Balancer 173<br/><br/>Layer 2 VPN (If You Must) 178<br/><br/>Secure Sockets Layer Virtual Private Network 179<br/><br/>Split Tunneling 180<br/><br/>Configuring SSL VPN 180<br/><br/>Internet Protocol Security VPN 187<br/><br/>Understanding NAT Traversal 188<br/><br/>Configuring IPsec Site-to-Site VPN with the ESG 188<br/><br/>Round Up of Other Services 190<br/><br/>DHCP Service 191<br/><br/>Configuring the ESG as a DHCP Server 192<br/><br/>DHCP Relay 194<br/><br/>Configuring the DLR for DHCP Relay 196<br/><br/>DNS Relay 198<br/><br/>Configuring DNS Relay on the ESG 199<br/><br/>The Bottom Line 200<br/><br/>Chapter 9 NSX Security, the Money Maker 203<br/><br/>Traditional Router ACL Firewall 203<br/><br/>I Told You about the IOChain 204<br/><br/>Slot 2: Distributed Firewall 206<br/><br/>Under the Hood 207<br/><br/>Adding DFW Rules 210<br/><br/>Segregating Firewall Rules 214<br/><br/>IP Discovery 215<br/><br/>Gratuitous ARP Used in ARP Poisoning Attacks 216<br/><br/>Why is My Traffic Getting Blocked? 218<br/><br/>Great, Now It’s Being Allowed 219<br/><br/>Identity Firewall: Rules Based on Who Logs In 220<br/><br/>Distributing Firewall Rules to Each ESXi Host: What’s Happening? 220<br/><br/>The Bottom Line 222<br/><br/>Chapter 10 Service Composer and Third-Party Appliances 223<br/><br/>Security Groups 224<br/><br/>Dynamic Inclusion 225<br/><br/>Static Inclusion 226<br/><br/>Static Exclusion 226<br/><br/>Defining a Security Group through Static Inclusion 227<br/><br/>Defining a Security Group through Dynamic Inclusion 229<br/><br/>Customizing a Security Group with Static Exclusion 231<br/><br/>Defining a Security Group Using Security Tags 231<br/><br/>Adding to DFW Rules 233<br/><br/>Service Insertion 236<br/><br/>IOChain, the Gift that Keeps on Giving 236<br/><br/>Layer 7 Stuff: Network Introspection 236<br/><br/>Guest Introspection 237<br/><br/>Service Insertion Providers 238<br/><br/>Security Policies 239<br/><br/>Creating Policies 239<br/><br/>Enforcing Policies 243<br/><br/>The Bottom Line 245<br/><br/>Chapter 11 vRealize Automation and REST APIs 247<br/><br/>vRealize Automation Features 247<br/><br/>vRA Editions 249<br/><br/>Integrating vRA and NSX 250<br/><br/>vRealize Automation Endpoints 250<br/><br/>Associating NSX Manager with vRealize Automation 252<br/><br/>Network Profiles 253<br/><br/>vRA External, Routed, and NAT Network Profiles 255<br/><br/>Reservations 258<br/><br/>vRealize Orchestrator Workflows 261<br/><br/>Creating a Blueprint for One Machine261<br/><br/>Adding NSX Workflow to a Blueprint 264<br/><br/>Creating a Request Service in the vRA Catalog 265<br/><br/>Configuring an Entitlement 268<br/><br/>Deploying a Blueprint that Consumes NSX Services 271<br/><br/>REST APIs 273<br/><br/>NSX REST API GET Request 275<br/><br/>NSX REST API POST Request 275<br/><br/>NSX REST API DELETE Request 276<br/><br/>The Bottom Line 277<br/><br/>Appendix The Bottom Line 279<br/><br/>Chapter 1: Abstracting Network and Security 279<br/><br/>Chapter 2: NSX Architecture and Requirements 280<br/><br/>Chapter 3: Preparing NSX 280<br/><br/>Chapter 4: Distributed Logical Switch 281<br/><br/>Chapter 5: Marrying VLANs and VXLANs 283<br/><br/>Chapter 6: Distributed Logical Router 284<br/><br/>Chapter 7: NFV: Routing with NSX Edges 286<br/><br/>Chapter 8: More NVF: NSX Edge Services Gateway 287<br/><br/>Chapter 9: NSX Security, the Money Maker 289<br/><br/>Chapter 10: Service Composer and Third-Party Appliances 290<br/><br/>Chapter 11: vRealize Automation and REST APIs 291<br/><br/>Index 293 |
| 520 ## - SUMMARY, ETC. |
|---|
| Summary, etc |
Description<br/>A clear, comprehensive guide to VMware’s latest virtualization solution<br/><br/>Mastering VMware NSX for vSphere is the ultimate guide to VMware’s network security virtualization platform. Written by a rock star in the VMware community, this book offers invaluable guidance and crucial reference for every facet of NSX, with clear explanations that go far beyond the public documentation. Coverage includes NSX architecture, controllers, and edges; preparation and deployment; logical switches; VLANS and VXLANS; logical routers; virtualization; edge network services; firewall security; and much more to help you take full advantage of the platform’s many features.<br/><br/>More and more organizations are recognizing both the need for stronger network security and the powerful solution that is NSX; usage has doubled in the past year alone, and that trend is projected to grow—and these organizations need qualified professionals who know how to work effectively with the NSX platform. This book covers everything you need to know to exploit the platform’s full functionality so you can:<br/><br/>Step up security at the application level<br/>Automate security and networking services<br/>Streamline infrastructure for better continuity<br/>Improve compliance by isolating systems that handle sensitive data<br/>VMware’s NSX provides advanced security tools at a lower cost than traditional networking. As server virtualization has already become a de facto standard in many circles, network virtualization will follow quickly—and NSX positions VMware in the lead the way vSphere won the servers. NSX allows you to boost security at a granular level, streamline compliance, and build a more robust defense against the sort of problems that make headlines. Mastering VMware NSX for vSphere helps you get up to speed quickly and put this powerful platform to work for your organization. |
| 545 0# - BIOGRAPHICAL OR HISTORICAL DATA |
|---|
| Biographical or historical note |
Elver Sena Sosa is a data center solutions architect with 20 years' networking experience. He is the author of two VMWare Press VCP certification books, holds VCDX-NV and VCI certifications from VMWare, and he is a frequent speaker and blogger well known in the VMware community. |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
VMware |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM |
|---|
| Topical term or geographic name as entry element |
Virtual computer systems. |
| 655 #4 - INDEX TERM--GENRE/FORM |
|---|
| Genre/form data or focus term |
Electronic books. |
| 856 40 - ELECTRONIC LOCATION AND ACCESS |
|---|
| Uniform Resource Identifier |
https://onlinelibrary.wiley.com/doi/book/10.1002/9781119648567 |
| Link text |
Full text is available at Wiley Online Library Click here to view. |
| 942 ## - ADDED ENTRY ELEMENTS |
|---|
| Source of classification or shelving scheme |
|
| Item type |
EBOOK |