Everything-Virtual

VCP-NV Study Guide

The following pages will detail my study guide for the VCP-NV exam.

The guide is based off the VMware VCP-NV Blueprint version 1.2

I have created a document package of all required documents listed in the blueprint. There are some duplications but for the most part common files per objective can be found under the common files.

The zip file contains folders for each objective and contains some duplications but for the most part shared files for each objective can be found under the common files folder in that objective folder.

The file can be downloaded here

Objective 1 – Define VMware NSX Technology and Architecture

[EXPAND Objective 1.1 – Describe the Benefits of a VMware NSX Implementation]

  • Identify challenges within a physical network interface
  • Explain common VMware NSX terms
  • Describe and differentiate functions and services performed by VMware NSX
  • Describe common use cases for VMware NSX [/EXPAND]

[EXPAND Objective 1.2 – Describe VMware NSX Architecture ]

  • Identify the components in a VMware NSX stack
  • Identify common physical network topologies
  • Describe a basic VMware NSX topology
  • Differentiate functional services delivered by a VMware NSX stack [/EXPAND]

[EXPAND Objective 1.3 – Differentiate VMware Network and Security Technologies]

  • Identify upgrade requirements for ESXi hosts
  • Identify steps required to upgrade a vSphere implementation
  • Describe core vSphere networking technologies
  • Describe vCloud Networking and Security technologies
  • Describe and differentiate VMware NSX for vSphere and VMware NSX for third-party hypervisors [/EXPAND]

[EXPAND Objective 1.4 – Contrast Physical and Virtual Network Technologies ]

  • Differentiate logical andphysical topologies
  • Differentiate logical and physical components (i.e. switches, routers, etc.)
  • Differentiate logical and physical services (i.e. firewall, NAT, etc.)
  • Differentiate between physical and logical security constructs
    • Service Composer
    • Endpoint Security
    • Data Security[/EXPAND]

[EXPAND Objective 1.5 – Explain VMware NSX Integration with Third-Party Products and Services]

  • Describe integration with third-party hypervisors
  • Describe integration with third-party cloud automation
  • Describe integration with third-party services
    • Network services
    • Security services
  • Describe integration with third-party hardware
    • Network Interface Cards (NICs)
    • Terminating overlay networks
  • Manually register a third-party service with NSX
  • Install a third-party service with NSX[/EXPAND]

[EXPAND Objective 1.6 – Explain VMware NSX Integration with vCloud Automation Center (vCAC)]

  • Describe integration with vCAC
  • Explain NSX deployment capabilities built into vCAC
  • List NSX components that can be pre-created using vCAC
  • Describe Network Profiles available in vCAC
  • Explain NSX preparation tasks that must be completed prior to attaching a network profile to a blueprint
  • Explain vCAC preparation tasks that must be completed prior to deploying a machine with on-demand network services[/EXPAND]

Objective 2 – Describe VMware NSX Physical Infrastructure Requirements

[EXPAND Objective 2.1 – Define Benefits of Running VMware NSX on Physical Network Fabrics]

  • Identify physical network topologies (Layer 2 Fabric, Multi-Tier, Leaf/Spine, etc.)
  • Identify physical network trends
  • Explain the purpose of a Spine node
  • Explain the purpose of a Leaf node
  • Identify virtual network topologies (Enterprise, Service Provider Multi-Tenant, Multi-Tenant Scalable)
  • Explain benefits of Multi-Instance TCP/IP stack
  • Describe challenges in a Layer 2 Fabric topology
  • Describe challenges in a Multi-Tier topology
  • Describe challenges in a Leaf/Spine topology
  • Differentiate physical/virtual QoS implementation
  • Differentiate single/multiple vSphere Distributed Switch (vDS) Distributed Logical Router implementations
  • Differentiate NSX Edge High Availability (HA)/Scale-out NSX NSX Edge HA implementations
  • Differentiate Collapsed/Separate vSphere Cluster topologies
  • Differentiate Layer 3 and Converged cluster infrastructures[/EXPAND]

[EXPAND Objective 2.2 – Describe Physical Infrastructure Requirements for a VMware NSX Implementation]

  • Identify management and edge cluster requirements
  • Describe minimum/optimal physical infrastructure requirements for a VMware NSX implementation
  • Describe how traffic types are handled in a physical infrastructure
  • Determine use cases for available virtual architectures
  • Describe ESXi host vmnic requirements
  • Differentiate virtual to physical switch connection methods
  • Describe VMkernel networking recommendations[/EXPAND]

Objective 3 – Configure and Manage vSphere Networking

[EXPAND Objective 3.1 – Configure Shared Storage for vSphere ]

  • Identify vSS capabilities
  • Add/Configure/Remove vmnics on a vSS
  • Configure vmkernel ports for network services
  • Add/Edit/Remove port groups on a vSS
  • Determine use cases for a vSphere Standard Switch[/EXPAND]

[EXPAND Objective 3.2 – Configure and Manage vSphere Distributed Switches (vDS)]

  • Identify vDS capabilities
  • Create/Delete a vDS
  • Add/Remove ESXi hosts from a vDS
  • Edit general vSphere vDS settings
  • Add/Configure/Remove dvPortgroups
  • Configure dvPort settings
  • Add/Remove uplink adapters to dvUplinkgroups
  • Create/Configure/Remove virtual adapters
  • Migrate virtual adapters to/from a vSS
  • Migrate virtual machines to/from a vDS
  • Monitor dvPort state
  • Determine use cases for a vDS[/EXPAND]

[EXPAND Objective 3.3 – Configure and Manage vSS and vDS Policies]

  • Identify common vSS and vDS policies
  • Configure dvPortgroup blocking policies
  • Configure load balancing and failover policies
  • Configure VLAN settings
  • Configure traffic shaping policies
  • Enable TCP Segmentation Offload (TOE) support for a virtual machine
  • Enable Jumbo Frame support on appropriate components
  • Determine appropriate VLAN configuration for a vSphere implementation[/EXPAND]

Objective 4 – Install and Upgrade VMware NSX

[EXPAND Objective 4.1 – Configure Environment for Network Virtualization]

  • Configure the physical infrastructure (MTU, Dynamic Routing for edge, etc.)
  • Prepare a new vSphere infrastructure
    • Configure Quality of Service (QoS)
    • Configure Link Aggregation Control Protocol (LACP)
  • Configure an existing vSphere infrastructure
    • Upgrade VMware Tools
  • Explain how IP address assignments work in VMware NSX
  • Identify minimum permissions required to deploy NSX in a vSphere environment[/EXPAND]

[EXPAND Objective 4.2 – Deploy VMware NSX Components]

  • Install NSX Manager
  • Register NSX Manager with vCenter Server
  • Install NSX License
  • Prepare ESXi hosts
  • Deploy NSX Controllers
  • Assign Segment ID pool and Multicast addresses
  • Configure VXLAN Transport
  • Install NSX Edge
  • Install vShield Endpoint
  • Install Data Security
  • Create an IP pool[/EXPAND]

[EXPAND Objective 4.3 – Upgrade Existing vCNS/NSX Implementation ]

  • Verify upgrade prerequisites have been met
  • Upgrade vCNS 5.5 to NSX 6.x
  • Upgrade vCNS Virtual Wires to NSX Logical Switches
  • Upgrade to NSX Components
    • Upgrade to NSX Firewall
    • Upgrade to NSX Edge
    • Upgrade vShield Endpoint from 5.5 to 6.x
    • Upgrade to NSX Data Security
  • Upgrade NSX
  • Manager from 6.0 to 6.x
  • Update vSphere Clusters after NSX upgrade[/EXPAND]

[EXPAND Objective 4.4 – Expand Transport Zone to Include New Cluster(s)]

  • Explain the function of a Transport Zone
  • Add a Transport Zone
  • Expand/Contract a Transport Zone
  • Edit a Transport Zone
  • Change the Control Plane mode for a Transport Zone[/EXPAND]

Objective 5 – Configure VMware NSX Virtual Networks

[EXPAND Objective 5.1 – Create and Administer Logical Switches]

  • Configure IP address assignments
  • Add/Remove a logical switch
  • Modify control plane mode
  • Connect a logical switch to an NSX Edge gateway
  • Deploy services to a logical switch
  • Connect/Disconnect virtual machines
  • Test logical switch connectivity
  • Determine distributed virtual switch type and version for a given NSX implementation[/EXPAND]

[EXPAND Objective 5.2 – Configure VXLAN ]

  • Identify where to install and configure VXLAN
  • Identify physical network requirements
  • Prepare a cluster for VXLAN
  • Determine the appropriate teaming policy for a given implementation
  • Add/Edit/Expand/Contract transport zones
  • Prepare VXLAN Tunnel End Points (VTEPs) on clusters[/EXPAND]

[EXPAND Objective 5.3 – Configure and Manage Layer 2 Bridging ]

  • Identify High Availability requirements for Layer 2 Bridging
  • Add a Layer 2 Bridge to an NSX Edge device
  • Determine when Layer 2 Bridging would be required for a given NSX implementation
  • Determine when multiple Layer 2 Bridges are required for a given NSX implementation[/EXPAND]

[EXPAND Objective 5.4 – Configure and Manage Logical Routers ]

  • Describe and differentiate router interfaces
  • Determine controller and logical switch requirements for logical router deployment
  • Add a logical router
  • Configure distributed routing
  • Configure a management interface
  • Configure High Available for a logical router
  • Configure edge routing
  • Configure routing protocols
    • Static
    • OSPF
    • BGP
    • IS-IS
  • Configure default gateway
  • Add/Delete a static route
  • Determine if cross-protocol route sharing is needed for a given NSX implementation[/EXPAND]

Objective 6 – Configure and Manage NSX Network Services

[EXPAND Objective 6.1 – Configure and Manage Logical Load Balancing]

  • Identify general ESXi host troubleshooting guidelines
  • Configure global load balancing configuration
  • Create a service monitor
  • Add/Edit/Delete a server pool
  • Add/Edit/Delete an application profile
  • Add/Edit/Delete virtual servers
  • Configure global server load balancing
  • Determine appropriate NSX Edge instance size based on load balancing requirements[/EXPAND]

[EXPAND Objective 6.2 – Configure and Manage Logical Virtual Private Networks (VPN)]

  • Configure IPSec VPN
    • Add/Edit/Disable IPSec VPN Service
    • Configure IPSec VPN parameters
    • Enable logging
  • Configure Layer 2 VPN
    • Enable Layer 2 VPN
    • Add Layer 2 VPN Client/Server
    • View Layer 2 VPN Statistics
  • Configure Network Access/Web Access SSL VPN-Plus
    • Edit Client Configurations
    • Edit General Settings
    • Edit Web Portal Designs
    • Add/Edit/Delete IP Pools
    • Enable/Disable IP Pools
    • Add/Edit/Delete Private Networks
    • Enable/Disable Private Networks
    • Add/Edit/Delete Installation Packages
    • Add/Edit/Delete Users
    • Add/Edit/Delete Login/Logoff script
    • Enable/Disable Login/Logoff script
  • Determine appropriate VPN service type for a given NSX implementation
  • Determine appropriate NSX Edge instance size based on load balancing requirements[/EXPAND]

[EXPAND Objective 6.3 – Configure and Manage DHCP/DNS/NAT]

  • Add/Edit a DHCP IP pool
  • Enable a DHCP IP pool
  • Add/Edit DHCP static binding
  • Configure DNS services
  • Add Source NAT (SNAT) rule
  • Add Destination NAT (DNAT) rule[/EXPAND]

[EXPAND Objective 6.4 – Configure and Manage Edge Services High Availability]

  • Describe NSX Edge High Availability
  • Explain Edge High Availability best practices
  • Describe service availability during an Edge High Availability failover
  • Differentiate NSX Edge High Availability and vSphere High Availability
  • Configure NSX Edge High Availability
    • Configure heartbeat settings
    • Configure management IP addresses
  • Modify and existing Edge High Availability deployment
  • Determine resource pool requirements for a given Edge High Availability configuration[/EXPAND]

Objective 7 – Configure and Administer Network Security

[EXPAND Objective 7.1 – Configure and Administer Logical Firewall Services]

  • Add/Edit/Delete an Edge Firewall rule
  • Configure Source/Destination/Service/Action rule components
  • Change the order of an Edge Firewall rule
  • Change the priority of an Edge Firewall rule[/EXPAND]

[EXPAND Objective 7.2 – Configure Distributed Firewall Services ]

  • Differentiate between Layer 2 and Layer 3 rules
  • Differentiate between entity-based and identity-basedrules
  • Identify firewall rule entities
  • Explain rule processing order
  • Explain rule segregation
  • Add/Delete a Distributed Firewall rule
  • Configure Source/Destination/Service/Action rule components
  • Change the order of a Distributed Firewall rule
  • Add/Merge/Delete a Distributed Firewall rule section
  • Determine publishing requirements for rules in a given NSX implementation
  • Import/Export Distributed Firewall Configuration
  • Load Distributed Firewall configuration
  • Determine need for excluding virtual machines from distributed firewall protection
  • Configure and manage SpoofGuard
    • Create a SpoofGuard policy
    • Approve IP addresses
    • Edit/Clear IP addresses[/EXPAND]

[EXPAND Objective 7.3 – Configure and Manage Service Composer ]

  • Identify assets that can be used with a Security Group
  • Identify services contained in a Security Policy
  • Identify common Service Composer use cases
  • Differentiate Security Groups and Security Policies
  • Create/Edit a Security Group in Service Composer
  • Create/Edit/Delete a Security Policy
  • Map a Security Policy to a Security Group
  • Add/Edit/Delete a Security Tag
  • Assign and view a Security Tag[/EXPAND]

      Objective 8 – Perform Operations Tasks in a VMware NSX Environment

      [EXPAND Objective 8.1 – Configure Roles, Permissions, and Scopes]

      • Identify default roles
      • Explain Single Sign-On (SSO) integration
      • Assign a role to a vCenter Server user
      • Assign objects to a user
      • Configure SSO
      • Enable/Disable a user account
      • Edit/Delete a user account[/EXPAND]

      [EXPAND Objective 8.2 – Describe NSX Automation]

      • Identify API-only functionality
      • Explain how REST APIs work
      • Describe how to use the NSX API in a supported browser
      • Identify port requirements for the NSX API
      • Describe common use cases for VMware NSX API
      • Explain how to access the VMware NSX API
      • Modify an existing API workflow[/EXPAND]

      [EXPAND Objective 8.3 – Monitor a VMware NSX Implementation ]

      • Identify available monitoring methods(UI, CLI, API, etc.)
      • Monitor infrastructure components
        • Control Cluster Health
        • Manager Health
        • Hypervisor Health
      • Perform Inbound/Outbound activity monitoring
      • Enable data collection for single/multiple virtual machines
      • Perform virtual machine activity monitoring
      • Monitor activity between inventory containers (security groups, AD groups)
      • Analyze network and security metrics in vCOPS
      • Monitor logical networks and services
        • Identify available statistics/counters
        • Network/service health
        • Configure and collect data from network[/EXPAND]

      [EXPAND Objective 8.4 – Perform Auditing and Compliance]

      • Identify applicable logs for auditing
      • Identify permissions for auditing
      • Identify common data security regulations supported by NSX Data Security
      • Identify common file formats supported by NSX Data Security
      • Describe and differentiate information available in audit logs
      • Use flow monitoring to audit firewall rules
      • Audit deleted users
      • Audit infrastructure changes
      • View NSX Manager audit logs and change data
      • Configure NSX Data Security
      • Create a Data Security policy
      • Run a Data Security scan
      • View and download compliance reports
      • Create a regular expression[/EXPAND]

      [EXPAND Objective 8.5 – Administer Logging]

      • Identify content contained in technical support bundles
      • Identify where to locate component/service specific log information
      • Explain usage of CLI for logging
      • Configure Syslog(s)
      • Configure logging for Dynamic Routing information
      • Log Distributed Firewall rule processing information
      • Log Edge Firewall rule processing information
      • Log address translation information
      • Log VPN traffic
      • Configure basic/advanced Load Balancer logging
      • Log DHCP assignments
      • Log DNS resolutions
      • Log security policy session information
      • Download NSX Edge tech support logs
      • Generate NSX Manager tech support logs[/EXPAND]

      [EXPAND Objective 8.6 – Backup and Recover Configurations]

      • Identify remote backup destinations
      • Explain how to backup and recover various components
      • Schedule backups
      • Export/Restore vSphere Distributed Switch configuration
      • Import/Export Service Composer profiles
      • Perform NSX Manager backup and restore operations[/EXPAND]

      Objective 9 – Troubleshoot a VMware Network Virtualization Implementation

      [EXPAND Objective 9.1 – Identify Tools Available for Troubleshooting]

      • Identify filters available for packet capture
      • Capture and trace uplink, vmknic, and physical NIC packets
      • Identify and track NSX infrastructure changes
      • Output packet data for use by a protocol analyzer
      • Capture and analyze traffic flows
      • Mirror network traffic for analysis
      • Performa a network health check
      • Configure vSphere Distributed Switch alarms[/EXPAND]

      [EXPAND Objective 9.2 – Troubleshoot Common NSX Installation/Configuration Issues ]

      • Identify ports required for NSX communication
      • Troubleshoot lookup service configuration
      • Troubleshoot vCenter Server link
      • Troubleshoot licensing issues
      • Troubleshoot permissions issues
      • Troubleshoot host preparation issues
      • Troubleshoot IP pool issues[/EXPAND]

      [EXPAND Objective 9.3 – Troubleshoot Common NSX Component Issues ]

      • Differentiate NSX Edge logging and troubleshooting commands
      • Verify NSX Controller cluster status and roles
      • Verify NSX Controller node connectivity
      • Check NSX Controller API service
      • Validate VXLAN and Logical Router mapping tables
      • List Logical Router instances and statistics
      • Verify Logical Router interface and route mapping tables
      • Verify active controller connections
      • View Bridge instances and learned MAC addresses
      • Display Logical Router instances
      • Verify NSX Manager services status
      • View Logical Interfaces and routing tables
      • Analyze NSX Edge statistics[/EXPAND]

      [EXPAND Objective 9.4 – Troubleshoot Common Connectivity Issues]

      • Review netcap logs for control plane connectivity issues
      • Verify VXLAN, VTEP, MAC, and ARP mapping tables
      • List VNI configuration
      • View VXLAN connection tables and statistics
      • Perform VTEP connectivity tests[/EXPAND]

      [EXPAND Objective 9.4 – Troubleshoot Common vSphere Networking Issues]

      • Verify network configuration
      • Verify a given virtual machine is configured with the correct network resources
      • Troubleshoot virtual switch and port group configuration issues
      • Troubleshoot physical network adapter configuration issues
      • Identify the root cause of a network issue based on troubleshooting information[/EXPAND]