دانلود کتاب Multi-Site Network and Security Services with NSX-T: Implement Network Security, Stateful Services, and Operations

فهرست مطالب :

Table of Contents
About the Author
About the Technical Reviewers
Acknowledgments
Introduction
Chapter 1: NSX-T Security and Firewalls
Traditional Data Center Security
Data Center Security Requirements
NSX-T Micro-Segmentation
Zero Trust Security Model
NSX-T Micro-Segmentation Use Cases
NSX-T Micro-Segmentation Benefits
Enforcing the Zero Trust Security Model Using Micro-Segmentation
NSX-T Distributed Firewall
NSX-T Distributed Firewall (DFW) Features
NSX-T DFW Concepts
Security Policy Overview
DFW Security Policy
DFW Configuration
DFW Policy Advanced Setting Configuration
DFW Time-Based Security Policy Configuration
DFW Rule Configuration
DFW Rule Parameters Configuration
DFW Source and Destination Definitions
Groups
Creating a Group and Adding Members
Service Specification Inside a DFW Rule
Add a Context Profile to a DFW Rule
Context Attributes Configuration
Scope of the DFW Rule
DFW Rule Actions
DFW Rule Settings
Enable/Disable a DFW Rule
Save and View DFW Rule Configurations
Roll Back Saved DFW Rule Configurations
Distributed Firewall (DFW) Architecture
DFW Architecture on the ESXi Hypervisor
NSX-T Gateway Firewall
Predefined NSX-T Gateway Firewall Categories
NSX-T Gateway Firewall Policy
NSX-T Gateway Firewall Policy Setting Configuration
NSX-T Gateway Firewall Rule Configuration
NSX-T Gateway Firewall Rule Setting Configuration
NSX-T Gateway Firewall Architecture
Summary
Chapter 2: NSX-T Advanced Security
Distributed Intrusion Detection
Distributed Intrusion Detection Use Case
Distributed Intrusion Detection Requirements
IDS Signatures
IDS Profiles
IDS Policy and Rules
Distributed Intrusion Detection Architecture
Distributed Intrusion Detection Configuration
IDS Profile Configuration
IDS Rules Configuration
IDS Event Monitoring
URL Analysis
URL Analysis Use Case
URL Analysis Requirements
URL Categories
Reputation Score and Severity
URL Analysis Use Case
Webroot as the Cloud Service
URL Analysis Architecture
URL Analysis Configuration
URL Analysis Context Profiles
Layer-7 Rule for DNS Traffic
URL Analysis Dashboard
Summary
Chapter 3: NSX-T Service Insertion
Service Insertion
Endpoint Protection Use Cases
Network Introspection
North-South Network Introspection
East-West Network Introspection
Network Introspection Configuration
Service Registration
Service Deployment
Service Consumption
Service Profile Creation
Service Chain Creation
Redirection Policy Configuration
Endpoint Protection Overview
Endpoint Protection Use Cases
Endpoint Protection Process
New VMs: Automated Policy Enforcement
Virus and Malware: Automated Quarantine with Security Tags
Service Profile Creation for Endpoint Protection
Endpoint Protection Rules Configuration
Guest Introspection Architecture
Summary
Chapter 4: NSX-T NAT, DHCP, and DNS Services
Network Address Translation (NAT) Support
Source Network Address Translation (SNAT)
Destination Network Address Translation (DNAT)
Reflexive Network Address Translation (Reflexive NAT)
SNAT and DNAT Configuration
No SNAT or DNAT Rule Configuration
Reflexive NAT Configuration
NAT Packet Flow
NAT64
NAT64 Use Cases
NAT64 Requirements
NAT64 Limitations
NAT64 Tables
NAT64 Packet Flow
NAT64 Rule Configuration
DHCP Services
DHCP Architecture
DHCP Use Cases
DHCP Workflow
DHCP Server Profile Creation
DHCP Server on a Tier-0/Tier-1 Gateway
DHCP Configuration on a Segment
DHCP Server Status Verification
DHCP Relay Profile Creation
DHCP Relay Server on a Tier-0/Tier-1 Gateway Configuration
DNS Services
DNS Forwarder
DNS Forwarder Benefits
DNS Services and DNS Zones Configuration
DNS Forwarder Verification
Summary
Chapter 5: NSX-T Load Balancing
NSX-T Load Balancing Use Cases
Layer-4 Load Balancing
Layer-7 Load Balancing
Load Balancer Component Relation
Load Balancer Architecture
Load Balancer Attachment to a Tier-1 Gateway
Virtual Servers
Profiles
Server Pools
Monitors
Load Balancer Deployment Modes
Inline Mode
One-Arm Mode
Load Balancing Configuration Steps
Load Balancer Creation
Virtual Server Creation
Layer-4 Virtual Server Creation
Layer-7 Virtual Server Creation
Application Profile Configuration
Persistence Profile Configuration
Layer-7 Load Balancer SSL Modes
Layer-7 SSL Profile Configuration
Layer-7 SSL Load Balancer Rules Configuration
Server Pool Creation
Load-Balancing Algorithms
SNAT Translation Mode Configuration
Active Monitoring Configuration
Passive Monitoring Configuration
Summary
Chapter 6: NSX-T VPN
NSX-T VPN Services
IPsec VPN Use Cases
IPsec VPN Methods
IPsec VPN Modes
IPsec Protocols and Algorithms
IPsec VPN Certificate-Based Authentication
IPsec VPN Dead Peer-to-Peer Detection
IPsec VPN Types
IPsec VPN Deployment Considerations
IPsec High Availability (HA)
IPsec VPN Scalability
IPsec VPN Configuration
IPsec VPN Service Configuration
DPD Profile Configuration
IKE Profile Configuration
IPsec Profile Configuration
IPsec VPN Session Configuration
Policy-Based IPsec Session
Route-Based IPsec Session
L2VPN
L2VPN Use Cases
NSX-T L2VPN
NSX-T L2VPN Deployment Considerations
NSX-T L2VPN Hub-and-Spoke
NSX-T L2VPN Packet Format
NSX-T L2VPN Packet Flow
Layer-2 VPN Scalability
NSX-T L2VPN Configuration Steps
IPsec Local Endpoint Configuration
NSX-T L2VPN Server Configuration
NSX-T L2VPN Session Configuration
NSX-T L2VPN Segment Configuration
NSX-T L2VPN Supported Clients
NSX-T L2VPN Peer Compatibility Matrix
NSX-T Autonomous Edge
NSX-v Standalone Edge
NSX-v Managed Edge
NSX-T L2VPN Client Configuration
NSX-T L2VPN Session Configuration
NSX-T L2VPN Segment Configuration
Summary
Chapter 7: NSX Intelligence, NSX-T Alarms/Events, and Network Visualizations
NSX Intelligence
NSX Intelligence Use Cases
NSX Intelligence vs vRealize Network Insight
NSX Intelligence Requirements
NSX Intelligence Footprint
NSX Intelligence Deployment
NSX Intelligence Verification
Flow Visualization with NSX Intelligence
Recommendations with NSX Intelligence
Alarms with NSX Intelligence
NSX-T Network Topology
NSX-T Network Topology Use Cases
NSX-T Network Topology GUI
NSX-T Alarms and Events
NSX-T Native Monitoring Tools
NSX-T Events
NSX-T Alarms
NSX-T Alarm Use Cases
NSX-T Alarm and Events Architecture
NSX-T Alarm Definitions
NSX-T Alarm Definition Configuration
NSX-T Alarm Verification
NSX-T Alarm Actions
NSX-T Alarm Suppression
View NSX-T Open Alarms
Summary
Chapter 8: Authentication and Authorization
VMware Identity Manager (vIDM)
vIDM with NSX-T Integration
VIDM with NSX-T integration Prerequisites
VIDM with NSX-T Integration
Creating an OAuth Client
SHA-256 Certificate Thumbprint
VIDM with NSX-T Integration Configuration
vIDM with NSX-T Integration Verification
Logging In with vIDM Services Enabled
Default NSX-T GUI Login Screen
Local Login When VIDM Is Enabled
NSX-T LDAP Integration
LDAP
LDAP and NSX-T Integration Benefits
LDAP Authentication and NSX-T
Identity Source Configuration
LDAP Server Configuration
GUI Login Using LDAP
Role-Based Access Control (RBAC)
NSX-T User Account Types
Policy Management, Access, and Authentication
Local NSX-T Users
Password Change
Authentication Policy Settings Configuration
Authentication Policy Setting Configuration for VIDM Users
Authentication Policy Setting Configuration for LDAP Users
Default Roles
Role Assignment for Local Users
Role Assignment for vIDM Users
Role Assignment for LDAP Users
Summary
Chapter 9: NSX-T Federation
NSX-T Federation
NSX-T Federation Use Cases
Policy Consistency and Simplification of Operations
NSX-T Federation Components
Global Manager (GM)
Local Manager (LM)
GM vs LM Components
Multi-Site Federation View
NSX-T Federation Consumption Methods
LM Configuration Ownership
GM Configuration Ownership
LM Configuration
GM (Federation) Configuration
GM (Federation) Initial Configuration Steps
GM (Federation) Greenfield
Prerequisites
Onboarding
The First Location
Additional Locations
GM (Federation) GUI: Local Management Cluster
GM (Federation) GUI: Location Manager
GM (Federation) GUI: Location Selector
GM (Federation) GUI: System Overview
NSX-T Federation Networking
NSX-T Federation Stretched Networking
Logical Topologies with Tier-0 and Tier-1 Gateways
Tier-0 and Tier-1 Gateway Deployment Rules
Tier-0 and Tier-1 Single Location Deployments
Tier-0 and Tier-1 Multi-Location Deployments
Tier-0 Multi-Location Stretched Modes
Tier-1 Multi-Location Stretched Modes
Remote TEP (RTEP)
Stretched Layer-2 Network
Stretched Layer-2 Network VNI Mapping
Stretched Layer-2 Packetwalk
Local Egress Example
Primary Location Example
NSX-T Federation Security
NSX-T Federation Security Use Cases
NSX-T Federation Security Components
GM Firewall Policy
GM Firewall Rules
GM and LM Section Overlap
Global Groups
Global Groups GUI
Regions
NSX-T Federation Security Tags
Federation Security Configuration Steps
GM Group Types and Span of Group Types
GM Group Rules
GM Group Span of Dynamic Members
GM Group Based on a Virtual Machine Tag
Summary
Chapter 10: Public Cloud Integration
NSX-T on VMware Hyperscalers
What Is a VMware Hyperscaler?
VMware Hyperscaler Use Cases
NSX-T Deployment Footprint
NSX Cloud
NSX Cloud Use Cases
NSX Cloud Components
NSX-T Manager (Cluster)
NSX Cloud Service Manager
NSX Public Cloud Gateway
Multi-Cloud Deployment
Deployment Architectures: Direct Connectivity
Deployment Architectures: Transit Network with Peering
Deployment Modes
Cloud Enforcement Mode
NSX Tools Mode
Deployment Steps
On AWS
On Azure
Summary
Chapter 11: Cloud Management Platform Integration and Automation
VMware Cloud Management Platforms
vRealize Automation (vRA)
vRealize Orchestrator (vRO)
VMware Cloud Director
Other Cloud Management Platforms
Ansible
Terraform
PowerShell/PowerCLI
Summary
Index