Creating SpoofGuard Policy in VMware NSX

NSX Manager collects the IP addresses of all vCenter guest virtual machines from VMware Tools on each virtual machine after Initial Synchronization with vCenter Server. In case  virtual machine gets compromised, the IP address can be spoofed and malicious transmissions can bypass firewall policies. VMware NSX includes Spoofguard which allows administrator to authorize IP addresses …

VMware NSX 6.2 – Communication Channel Health Check

In NSX 6.2.0 VMware adds the ability to create communication channel health. The channel health status between NSX Manager and the firewall agent: A heartbeat is sent every 3 minutes, if two iterations are lost a sync will occur. NSX Manager and the control plane agent: A heartbeat is sent every 2 minutes, if two …

NSX Step by Step – Configuring HA for EDGE Appliances

High Availability for VMware NSX Edge appliance doesn’t work like the HA works for vSphere. HA for NSX Edge Appliance ensures the availability for Edge Appliance by installing an active pair of Edge. HA for NSX Edge appliance can be enabled either during the installation of Edge appliance or after installing Edge Appliance. Once HA …

Integrating VMware NSX with VMware vRealize Log Insight

VMware vRealize Log Insight is a log analyzer with capabilities to receive logs from almost any device. It can be used for quick and easy operation tasks, giving one a full picture of their environment. You can install or create your own content pack inside Log Insight to create dashboards and filtered data. One of …

NSX Step by Step – (Part – 32 ) – Monitoring NSX using vROPS

vRealize Operations Management pack for NSX is the  industry’s best-in- class solution for managing and operating NSX. You can install  vRealize Operations Management pack for NSX-vSphere 2.0 on your vROPS cluster. Once configured, vROPS will start collecting data. The management pack discovers, analyzes and represents the broad number of virtual networking services available within NSX-vSphere …

NSX Step by Step – (Part – 31 ) – Working with Security Group

In VMware NSX Using Security groups administrators can associate and group workloads dynamically. These Security groups can be used to define rule sets in firewall for these dynamic workloads. Security groups can have the following types of memberships: Dynamic Membership based on Security Tag, IP Set, Active Directory Group VM Name, OS Type, Computer Name, …

NSX Step by Step – (Part – 30 ) – Configuring Centralized logging

It is recommended that you specify the same syslog server for the NSX component and vCenter Server to get a complete picture when viewing logs on the syslog server. To Configure Syslog Server for NSX Manager Log in to the NSX Manager virtual appliance. Under Appliance Management, click Manage Appliance Settings. From the Settings panel, …

NSX Step by Step – (Part – 29 ) – Managing User Roles

A user’s role defines the actions the user is allowed to perform on a given resource. The role determine the user’s authorized activities on the given resource. Enterprise Administrator : NSX operations and security. NSX Administrator : NSX operations only: user can install virtual appliances, configure port groups. Security Administrator : NSX security only: user …

NSX Step by Step – ( Part -28 ) – Common NSX Operational Activity

In this post I will be covering few common Administrative task we might be required to perform as operational activity. Excluding Virtual Machines from Distributed Firewall Protection Excluding virtual machines from firewall protection is useful for instances where vCenter Server resides in the same cluster where firewall is being utilized. Once a virtual machine is …

NSX Step by Step – (Part – 27) – Configuring Edge Gateway and Distributed Firewall

VMware NSX provides an advance level of security. The reason why VMware Distributed Firewall (DFW) is so affective is, it runs inside the ESXi host as a kernel space module. Distributed Firewall offers multiple sets of configurable rules: Layer 3 and Layer 2 rules. Layer 2 firewall rules are processed before Layer 3 rules. User defined firewall …