Showing posts from October, 2015

[Integrate NSX with PaloAlto] Solve OVF Import Certificate problem using the OVFTool

In my next post I'll be focusing on the NSX and Palo Alto integration, and all the improvements this brings to the Micro Segmentation. For now, lets just focus on importing the Palo Alto Virtual FW VM (NSX Version) to the existing vSphere environment.
VMware Environment Details:
ESXi 6.0 on a Physical Host + 5 Nested ESXi 6 (deployed in my Demo Center, as explained here) vSphere 6.0 Managing Compute and Management Clusters NSX Vestion 6.2 Palo Alto 7.0.1, Model PAN-PA-VM-1000-HV-E60 (Features: Threat Prevention, BrightCloud, URL Filtering, PAN-DB URL Filtering, GlobalProtect Gateway, GlobalProtect Portal, PA-VM, Premium Support, WildFire License).
IMPORTANT: You will need to be a Palo Alto partner, as their permission is required in order to download their products.
What is OVFTool, and why did I need it?
OVFTool is a Multi-use VMware tool for various OVA/OVF files operations using the Command Line. I found it really handy in this occasion, while trying to deploy the Palo Alto NSX Ver…

VMware NSX Home Lab

The required Physical InfrastructureTo prepare for the VCIX-NV Exam, the ideal environment to practice is similar to the one we may find on the Hands-on-Labs:
We are particularly interested in the following 4 HoL-s: HOL-SDC-1403 - VMware NSX IntroductionHOL-SDC-1425 - VMware NSX AdvancedHOL-SDC-1603 - VMware NSX IntroductionHOL-SDC-1625 - VMware NSX Advanced

They all have one thing in common: There are 5 Physical Hosts (ESXi-s) distributed into 3 Logical Clusters: -Compute Cluster A (2 hosts) -Compute Cluster B (1 host) -Compute Cluster C (2 hosts)
In the ideal case, you would have 5 Physical Servers to install the native ESXi, and a Physical Switch. Since the majority of us do not have an infrastructure like this just lying around, we need to do an alternative approach: Use 1 Physical Server (needs to be packed with RAM, Memory and CPU), and build the Nested ESXi-s to simulate the target environment.
Before you even start thinking about buil…