VCP-NV Study Guide

The following pages will detail my study guide for the VCP-NV exam.

The guide is based off the VMware VCP-NV Blueprint version 1.2

I have created a document package of all required documents listed in the blueprint. There are some duplications but for the most part common files per objective can be found under the common files.

The zip file contains folders for each objective and contains some duplications but for the most part shared files for each objective can be found under the common files folder in that objective folder.

The file can be downloaded here

Objective 1 – Define VMware NSX Technology and Architecture

  • Identify challenges within a physical network interface
  • Explain common VMware NSX terms
  • Describe and differentiate functions and services performed by VMware NSX
  • Describe common use cases for VMware NSX

  • Identify the components in a VMware NSX stack
  • Identify common physical network topologies
  • Describe a basic VMware NSX topology
  • Differentiate functional services delivered by a VMware NSX stack

  • Identify upgrade requirements for ESXi hosts
  • Identify steps required to upgrade a vSphere implementation
  • Describe core vSphere networking technologies
  • Describe vCloud Networking and Security technologies
  • Describe and differentiate VMware NSX for vSphere and VMware NSX for third-party hypervisors

  • Differentiate logical andphysical topologies
  • Differentiate logical and physical components (i.e. switches, routers, etc.)
  • Differentiate logical and physical services (i.e. firewall, NAT, etc.)
  • Differentiate between physical and logical security constructs
    • Service Composer
    • Endpoint Security
    • Data Security

  • Describe integration with third-party hypervisors
  • Describe integration with third-party cloud automation
  • Describe integration with third-party services
    • Network services
    • Security services
  • Describe integration with third-party hardware
    • Network Interface Cards (NICs)
    • Terminating overlay networks
  • Manually register a third-party service with NSX
  • Install a third-party service with NSX

  • Describe integration with vCAC
  • Explain NSX deployment capabilities built into vCAC
  • List NSX components that can be pre-created using vCAC
  • Describe Network Profiles available in vCAC
  • Explain NSX preparation tasks that must be completed prior to attaching a network profile to a blueprint
  • Explain vCAC preparation tasks that must be completed prior to deploying a machine with on-demand network services

Objective 2 – Describe VMware NSX Physical Infrastructure Requirements

  • Identify physical network topologies (Layer 2 Fabric, Multi-Tier, Leaf/Spine, etc.)
  • Identify physical network trends
  • Explain the purpose of a Spine node
  • Explain the purpose of a Leaf node
  • Identify virtual network topologies (Enterprise, Service Provider Multi-Tenant, Multi-Tenant Scalable)
  • Explain benefits of Multi-Instance TCP/IP stack
  • Describe challenges in a Layer 2 Fabric topology
  • Describe challenges in a Multi-Tier topology
  • Describe challenges in a Leaf/Spine topology
  • Differentiate physical/virtual QoS implementation
  • Differentiate single/multiple vSphere Distributed Switch (vDS) Distributed Logical Router implementations
  • Differentiate NSX Edge High Availability (HA)/Scale-out NSX NSX Edge HA implementations
  • Differentiate Collapsed/Separate vSphere Cluster topologies
  • Differentiate Layer 3 and Converged cluster infrastructures

  • Identify management and edge cluster requirements
  • Describe minimum/optimal physical infrastructure requirements for a VMware NSX implementation
  • Describe how traffic types are handled in a physical infrastructure
  • Determine use cases for available virtual architectures
  • Describe ESXi host vmnic requirements
  • Differentiate virtual to physical switch connection methods
  • Describe VMkernel networking recommendations

Objective 3 – Configure and Manage vSphere Networking

  • Identify vSS capabilities
  • Add/Configure/Remove vmnics on a vSS
  • Configure vmkernel ports for network services
  • Add/Edit/Remove port groups on a vSS
  • Determine use cases for a vSphere Standard Switch

  • Identify vDS capabilities
  • Create/Delete a vDS
  • Add/Remove ESXi hosts from a vDS
  • Edit general vSphere vDS settings
  • Add/Configure/Remove dvPortgroups
  • Configure dvPort settings
  • Add/Remove uplink adapters to dvUplinkgroups
  • Create/Configure/Remove virtual adapters
  • Migrate virtual adapters to/from a vSS
  • Migrate virtual machines to/from a vDS
  • Monitor dvPort state
  • Determine use cases for a vDS

  • Identify common vSS and vDS policies
  • Configure dvPortgroup blocking policies
  • Configure load balancing and failover policies
  • Configure VLAN settings
  • Configure traffic shaping policies
  • Enable TCP Segmentation Offload (TOE) support for a virtual machine
  • Enable Jumbo Frame support on appropriate components
  • Determine appropriate VLAN configuration for a vSphere implementation

Objective 4 – Install and Upgrade VMware NSX

  • Configure the physical infrastructure (MTU, Dynamic Routing for edge, etc.)
  • Prepare a new vSphere infrastructure
    • Configure Quality of Service (QoS)
    • Configure Link Aggregation Control Protocol (LACP)
  • Configure an existing vSphere infrastructure
    • Upgrade VMware Tools
  • Explain how IP address assignments work in VMware NSX
  • Identify minimum permissions required to deploy NSX in a vSphere environment

  • Install NSX Manager
  • Register NSX Manager with vCenter Server
  • Install NSX License
  • Prepare ESXi hosts
  • Deploy NSX Controllers
  • Assign Segment ID pool and Multicast addresses
  • Configure VXLAN Transport
  • Install NSX Edge
  • Install vShield Endpoint
  • Install Data Security
  • Create an IP pool

  • Verify upgrade prerequisites have been met
  • Upgrade vCNS 5.5 to NSX 6.x
  • Upgrade vCNS Virtual Wires to NSX Logical Switches
  • Upgrade to NSX Components
    • Upgrade to NSX Firewall
    • Upgrade to NSX Edge
    • Upgrade vShield Endpoint from 5.5 to 6.x
    • Upgrade to NSX Data Security
  • Upgrade NSX
  • Manager from 6.0 to 6.x
  • Update vSphere Clusters after NSX upgrade

  • Explain the function of a Transport Zone
  • Add a Transport Zone
  • Expand/Contract a Transport Zone
  • Edit a Transport Zone
  • Change the Control Plane mode for a Transport Zone

Objective 5 – Configure VMware NSX Virtual Networks

  • Configure IP address assignments
  • Add/Remove a logical switch
  • Modify control plane mode
  • Connect a logical switch to an NSX Edge gateway
  • Deploy services to a logical switch
  • Connect/Disconnect virtual machines
  • Test logical switch connectivity
  • Determine distributed virtual switch type and version for a given NSX implementation

  • Identify where to install and configure VXLAN
  • Identify physical network requirements
  • Prepare a cluster for VXLAN
  • Determine the appropriate teaming policy for a given implementation
  • Add/Edit/Expand/Contract transport zones
  • Prepare VXLAN Tunnel End Points (VTEPs) on clusters

  • Identify High Availability requirements for Layer 2 Bridging
  • Add a Layer 2 Bridge to an NSX Edge device
  • Determine when Layer 2 Bridging would be required for a given NSX implementation
  • Determine when multiple Layer 2 Bridges are required for a given NSX implementation

  • Describe and differentiate router interfaces
  • Determine controller and logical switch requirements for logical router deployment
  • Add a logical router
  • Configure distributed routing
  • Configure a management interface
  • Configure High Available for a logical router
  • Configure edge routing
  • Configure routing protocols
    • Static
    • OSPF
    • BGP
    • IS-IS
  • Configure default gateway
  • Add/Delete a static route
  • Determine if cross-protocol route sharing is needed for a given NSX implementation

Objective 6 – Configure and Manage NSX Network Services

  • Identify general ESXi host troubleshooting guidelines
  • Configure global load balancing configuration
  • Create a service monitor
  • Add/Edit/Delete a server pool
  • Add/Edit/Delete an application profile
  • Add/Edit/Delete virtual servers
  • Configure global server load balancing
  • Determine appropriate NSX Edge instance size based on load balancing requirements

  • Configure IPSec VPN
    • Add/Edit/Disable IPSec VPN Service
    • Configure IPSec VPN parameters
    • Enable logging
  • Configure Layer 2 VPN
    • Enable Layer 2 VPN
    • Add Layer 2 VPN Client/Server
    • View Layer 2 VPN Statistics
  • Configure Network Access/Web Access SSL VPN-Plus
    • Edit Client Configurations
    • Edit General Settings
    • Edit Web Portal Designs
    • Add/Edit/Delete IP Pools
    • Enable/Disable IP Pools
    • Add/Edit/Delete Private Networks
    • Enable/Disable Private Networks
    • Add/Edit/Delete Installation Packages
    • Add/Edit/Delete Users
    • Add/Edit/Delete Login/Logoff script
    • Enable/Disable Login/Logoff script
  • Determine appropriate VPN service type for a given NSX implementation
  • Determine appropriate NSX Edge instance size based on load balancing requirements

  • Add/Edit a DHCP IP pool
  • Enable a DHCP IP pool
  • Add/Edit DHCP static binding
  • Configure DNS services
  • Add Source NAT (SNAT) rule
  • Add Destination NAT (DNAT) rule

  • Describe NSX Edge High Availability
  • Explain Edge High Availability best practices
  • Describe service availability during an Edge High Availability failover
  • Differentiate NSX Edge High Availability and vSphere High Availability
  • Configure NSX Edge High Availability
    • Configure heartbeat settings
    • Configure management IP addresses
  • Modify and existing Edge High Availability deployment
  • Determine resource pool requirements for a given Edge High Availability configuration

Objective 7 – Configure and Administer Network Security

  • Add/Edit/Delete an Edge Firewall rule
  • Configure Source/Destination/Service/Action rule components
  • Change the order of an Edge Firewall rule
  • Change the priority of an Edge Firewall rule

  • Differentiate between Layer 2 and Layer 3 rules
  • Differentiate between entity-based and identity-basedrules
  • Identify firewall rule entities
  • Explain rule processing order
  • Explain rule segregation
  • Add/Delete a Distributed Firewall rule
  • Configure Source/Destination/Service/Action rule components
  • Change the order of a Distributed Firewall rule
  • Add/Merge/Delete a Distributed Firewall rule section
  • Determine publishing requirements for rules in a given NSX implementation
  • Import/Export Distributed Firewall Configuration
  • Load Distributed Firewall configuration
  • Determine need for excluding virtual machines from distributed firewall protection
  • Configure and manage SpoofGuard
    • Create a SpoofGuard policy
    • Approve IP addresses
    • Edit/Clear IP addresses

  • Identify assets that can be used with a Security Group
  • Identify services contained in a Security Policy
  • Identify common Service Composer use cases
  • Differentiate Security Groups and Security Policies
  • Create/Edit a Security Group in Service Composer
  • Create/Edit/Delete a Security Policy
  • Map a Security Policy to a Security Group
  • Add/Edit/Delete a Security Tag
  • Assign and view a Security Tag

      Objective 8 – Perform Operations Tasks in a VMware NSX Environment

      • Identify default roles
      • Explain Single Sign-On (SSO) integration
      • Assign a role to a vCenter Server user
      • Assign objects to a user
      • Configure SSO
      • Enable/Disable a user account
      • Edit/Delete a user account

      • Identify API-only functionality
      • Explain how REST APIs work
      • Describe how to use the NSX API in a supported browser
      • Identify port requirements for the NSX API
      • Describe common use cases for VMware NSX API
      • Explain how to access the VMware NSX API
      • Modify an existing API workflow

      • Identify available monitoring methods(UI, CLI, API, etc.)
      • Monitor infrastructure components
        • Control Cluster Health
        • Manager Health
        • Hypervisor Health
      • Perform Inbound/Outbound activity monitoring
      • Enable data collection for single/multiple virtual machines
      • Perform virtual machine activity monitoring
      • Monitor activity between inventory containers (security groups, AD groups)
      • Analyze network and security metrics in vCOPS
      • Monitor logical networks and services
        • Identify available statistics/counters
        • Network/service health
        • Configure and collect data from network

      • Identify applicable logs for auditing
      • Identify permissions for auditing
      • Identify common data security regulations supported by NSX Data Security
      • Identify common file formats supported by NSX Data Security
      • Describe and differentiate information available in audit logs
      • Use flow monitoring to audit firewall rules
      • Audit deleted users
      • Audit infrastructure changes
      • View NSX Manager audit logs and change data
      • Configure NSX Data Security
      • Create a Data Security policy
      • Run a Data Security scan
      • View and download compliance reports
      • Create a regular expression

      • Identify content contained in technical support bundles
      • Identify where to locate component/service specific log information
      • Explain usage of CLI for logging
      • Configure Syslog(s)
      • Configure logging for Dynamic Routing information
      • Log Distributed Firewall rule processing information
      • Log Edge Firewall rule processing information
      • Log address translation information
      • Log VPN traffic
      • Configure basic/advanced Load Balancer logging
      • Log DHCP assignments
      • Log DNS resolutions
      • Log security policy session information
      • Download NSX Edge tech support logs
      • Generate NSX Manager tech support logs

      • Identify remote backup destinations
      • Explain how to backup and recover various components
      • Schedule backups
      • Export/Restore vSphere Distributed Switch configuration
      • Import/Export Service Composer profiles
      • Perform NSX Manager backup and restore operations

      Objective 9 – Troubleshoot a VMware Network Virtualization Implementation

      • Identify filters available for packet capture
      • Capture and trace uplink, vmknic, and physical NIC packets
      • Identify and track NSX infrastructure changes
      • Output packet data for use by a protocol analyzer
      • Capture and analyze traffic flows
      • Mirror network traffic for analysis
      • Performa a network health check
      • Configure vSphere Distributed Switch alarms

      • Identify ports required for NSX communication
      • Troubleshoot lookup service configuration
      • Troubleshoot vCenter Server link
      • Troubleshoot licensing issues
      • Troubleshoot permissions issues
      • Troubleshoot host preparation issues
      • Troubleshoot IP pool issues

      • Differentiate NSX Edge logging and troubleshooting commands
      • Verify NSX Controller cluster status and roles
      • Verify NSX Controller node connectivity
      • Check NSX Controller API service
      • Validate VXLAN and Logical Router mapping tables
      • List Logical Router instances and statistics
      • Verify Logical Router interface and route mapping tables
      • Verify active controller connections
      • View Bridge instances and learned MAC addresses
      • Display Logical Router instances
      • Verify NSX Manager services status
      • View Logical Interfaces and routing tables
      • Analyze NSX Edge statistics

      • Review netcap logs for control plane connectivity issues
      • Verify VXLAN, VTEP, MAC, and ARP mapping tables
      • List VNI configuration
      • View VXLAN connection tables and statistics
      • Perform VTEP connectivity tests

      • Verify network configuration
      • Verify a given virtual machine is configured with the correct network resources
      • Troubleshoot virtual switch and port group configuration issues
      • Troubleshoot physical network adapter configuration issues
      • Identify the root cause of a network issue based on troubleshooting information

      Leave a Reply

      Your email address will not be published. Required fields are marked *