Friday, June 17, 2016

NSX 6.2.3 and some exciting news for current customers with access to vShield

NSX 6.2.3 was released June 9. It's really an important release, although not a major one. I think a lot of the features are being added in response to actual customers hitting deployment limitations that no one had bothered to finish implementing. You can check the full release here

Some of the more important updates were:

  • Change in the VXLAN UDP port from 8472 to 4789
  • Hardware VTEP
  • Lots of UI & management enhancements
  • Log Insight for NSX now available

However, there is one big consequence that ended being quite the nice surprise.

Change in default license & evaluation key distribution: default license upon install is "NSX for vShield Endpoint", which enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only. Evaluation license keys can be requested through VMware sales.

What this means is huge. If you had vShield in your organization, the upgrade path is NSX. Since you had access to vShield before, you get access to NSX now.

Note: vShield isn't a high requirement. vShield Endpoint is part of Essentials Plus and up. Most enterprise vSphere customers will now see the NSX 6.2.3 download available if they look for the vSphere binaries, even if they choose version v5.5 (that is still the minimum, but please install the latest for your labs)

With this, the "floodgates" have opened and much more people have access to the NSX bits. You still need a real license to play with all the features, but at least the NSX OVA is in your hands and you can start deploying it and learning.

One can expect to see more NSX content out there, and also, I would think a lot of content and community presentations for people upgrading from vShield to this new NSX level.

I think VMware has released this at a good time and hopefully soon I'll add my grain of salt and help everyone that came from being a vSphere admin in learning NSX.

Thursday, June 9, 2016

Exam Tips - VCAP6-NV Deploy with Gabriel Maciel @gmaciel_ca

Gabriel Maciel is one of the smartest NSX engineers that VMware has and part of a "Dream Team" of Latin American NSX experts such as Elver Sena, Raymundo Escobar and Stalin Pena. Particularly for the VCAP6-NV Deploy, you will notice Gabriel is one of the exam contributors so heed any advice he gives out (without breaking NDA of course!).

Today he presented "Section 7 - Perform Advanced VMware NSX Troubleshooting" in the LATAM chapter of @vBrownBag. Once the video is live I'll embed it into this post. The presentation is in Spanish but the advice is Universal :D

Here are some of the tips covered for the exam in this session in written form:

  • HOL 1625 has everything you need to study for this topic
  • The documentation is your best friend:
  • Apart from the Troubleshooting Guide mentioned in the blueprint, make sure to also study the Command Line Interface Reference manual! CLI is very important for both the exam and real life.
  • Learn how to check Manager and Cluster Health through GUI
  • Take advantage of Central commands that show information for the whole NSX deployment (new in 6.2)
  • Learn how to check common controller issues, such as lack of space, a wrong deployment network, or an exhausted IP pool!
  • Don't erase a failed controller unless 1) your other two have majority 2) you've already opened a case with GSS and uploaded logs 3) all other options are exhausted. There is normally a bigger problem that is manifested as a problem in the controller, so that needs to be fixed first.
  • Very important to understand the limits that transport zones represent. Make sure the correct clusters are members. This ties in with cross-vCenter NSX in Section 6.
  • Take advantage of the GUI troubleshooting tools to check for Flows and Logs, but be comfortable with the CLI options as well. Most networking guys will be happy that there is a CLI option to check all firewall rules applied to an interface or load balancer details.
  • For Section 7.3 search for "service" in the CLI Reference and learn and practice the commands in the mentioned HOL.
  • Gabriel keeps a document with all his frequently used commands - he graciously shared it with us for all vBrownBag listeners. You can download this document here.

Friday, May 20, 2016

NSX Socialab NYC 05-2016

This was a cool session. I was able to see Prabhu Barathi and Mike Fortuna (sorry, no twitter, please remind him about that) again after seeing them in the last VMUG and meet other VMware administrators who were eager to learn about NSX. I also got to meet Julie Starr, who is a firewall specialist inside the NSX team (I put some of her blog posts here).

The dynamics consisted of VMware employees giving you a more technical presentation than you would get at a VMUG, with people testing out the homelabs, and basically answering every question that came up. This is actually very important, because the people that showed up (over 100 signed up, we had three simultaneous classes on this date) have different backgrounds: from CCIE or firewall specialists with no VMware experience, to students that are just learning about VMware. The work of teaching and explaining about NSX is quite difficult since it encompasses so many skills until you get the "aha" moment.

The website that features the Hands On Labs is . You can create an account and possibly also have these HOLs count for (this is a great list of all the NSX tasks ).

Some excellent tips for the labs:

1) Increase the Hands on Labs VM resolution. By default it's not set to the maximum!

2) Use the "More Options" on the Manual and select Split Screen

Tell it to send the manual link to your e-mail. This is a special link that gives you the manual in full screen (without the whole HOL)

3) HOL documentation in PDF and HTML format is also available at

Tuesday, May 17, 2016

Como le explicaria NSX a un colega en 10 minutos

I just came back from manning the Q&A interface on the Mission VMUG event. I was able to translate my VMUG presentation into Spanish and join other 5 friends . I'm switching to Spanish now

Hola amigos de Latinoamérica! Fue un honor participar en las sesiones de comunidad de este evento. Fue muy divertido ponernos de acuerdo entre todos para asegurarnos q esta oportunidad de presentar en un evento global de VMUG en espanol! 

Grabe dos sesiones "Como le explicaria NSX a un colega en 10 minutos" y "¡Entra en la comunidad virtual!". Aqui dejo las presentaciones para que puedan aprovechar los links :)

Aqui están los twitter handles de todos los presentadores en Espanol:

Tuesday, May 3, 2016

NYC VMUG April 2016 presentation "How I would explain NSX to a friend in 10 minutes"

I did a small presentation on "How I would explain NSX to a friend in 10 minutes" because I found out that explaining NSX to a fellow VMware administrator was not something that could be done in a few sentences. I would add a bit more today - for example, I'd like to add the convenience of having the VM's networks defined virtually and not needing to trunk a new vlan into the hosts whenever you need to create a new subnet. 

It was a great "tee up" to VMware's @prabhu_b and Michael Fortuna who gave an excellent (and more in depth) session .

The full ppt is available here and hopefully I will get a video of it soon. 

My friend @stalin_pena snagged a pic for me (you can see @GregLaub next to me) and we sent it out the @nycvmug handle as well :D

Tuesday, April 12, 2016

Why network virtualization changes the security game

I recently gave a VMUG presentation - the concept was doing an introduction to NSX to a friend. One of the slides highlights that the context from which you can manage changes from being what the network sees to what the VMware admin sees - which is quite a lot more.

I found this video by the great Martin Casado and I think it's a perfect short snippet of this idea and thought to share here.

Friday, January 29, 2016

Getting VCP-NV without taking the required class through the CCNA/CCNP program

Please check out this blog entry from VMware Education and Certification

You still have to take the VCP-NV exam but if you have an active CCNA/CCNP you don't need to go to the required class to achieve the certification. There is now no time limit on this path. This is significantly cheaper :)