Can’t create Universal Transport Zone or UDLR with NSX 6.2 / 6.3

VMware NSX 6.2 introduced Cross-vCenter including Universal objects like Universal Transport Zone, Universal Logical (Distributed) Router (UDLR), Universal Logical Switch.

So what happens if you’re on 6.2+ and you can’t create those objects?

Can’t create Universal Transport Zone.

Can’t create Universal Logical rRouter.

Can’t create Universal Logical Switch.

If you find yourself trying to create these objects but the option isn’t available but you’re sure you’re on 6.2 or higher, set your primary NSX manager to “Primary”

Assign Primary Role to the main NSX Manager.

This will enable the creation of universal objects and enable more options for NSX managers including “Perform Universal Synchronization”.

And now we can create the Universal Transport Zone

and UDLR

Creating a UDLR.

Posted in Network, NSX, Virtualization, VMware | Tagged , , | Leave a comment

VCAP6-NV (VCIX6-NV) Sample Question 10

Sample Question Intro
HOL: HOL-1703-SDC-1 – VMware NSX: Introduction and Feature Tour
Prerequisites: none
Lab: Module 5 : Distributed Firewall

Question 10

The security team has requested new rules to protect an externally-facing three-tier app.

Requirements:
VMware web client login: administrator@vsphere.local / VMware1!

Web Servers:
web-01a.corp.local
web-01a.corp.local

New rule group:
Customer DB-app

New traffic type:
Name: MyApp
Protocol: TCP
Port: 8443

Rules:
Allow any external or internal system scan access the web servers for HTTPS or SSH traffic
Allow the web servers to access any system on the application network using the application port.
Allow any system on the application network to access any system on the database network for MySQL traffic.

1) Without creating a new object, ensure all traffic not covered by a firewall rule is denied.
2) Create a new object named “Web-Tier” to group the two web servers.
3) Create a new object for the application traffic so that rules are more readable.
4) Create the rules as described and group them as Customer DB-app.
5) Functionality can be tested using the Customer DB-App Direct Connect favorite in Chrome along with pinging between the app layers.

Posted in Certification, Network, NSX, Security, Virtualization, VMware | Tagged , , , , | Leave a comment

VCAP6-DCV Deploy Sample Question 11

Sample Question Intro
HOL: HOL-1706-SDC-3 – Security Concepts in the Software Defined Data Center
Prerequisites: None
Lab: Module 3 : Automating Password Complexity for ESXi Users.

Question 11

The Administration team has requested a PowerCLI script to update all ESXi hosts connected to a vCenter server with a specific local password policy.

Requirements:
vCenter Server: vcsa-01a.corp.local
vCenter Credentials: administrator@vsphere.local / VMware1!

New Powershell script: password.ps1

Password policy:
At least three character classes are required.
At least seven characters are required.
The user had three tries to set a password.

Create the powershell script on the desktop of the Main Console machine.

Note: The actual exam would not be this “open” – you would have much more structure to the question to make scoring easier. Perhaps being given some of the commands or a similar script to start with.

Posted in Certification, PowerShell, Scripting, Virtualization, VMware | Tagged , , , , | Leave a comment

VCAP6-DCV Deploy Sample Question 10

Sample Question Intro
HOL: HOL-1810-01-SDC – Virtualization 101: Introduction to vSphere
Prerequisites: None
Lab: Module 3 :Introduction to vSphere Storage : Working with Virtual Machine Snapshots

Question 10

The VDI team has requested a virtual hardware change be captured on a virtual machine for deployment testing.

Requirements:

Credentials: Use Windows session authentication

Virtual Machine name: w12-core
Master snapshot name: Snapshot#1
Change snapshot name: Snapshot#2

Hardware change: 4096 MB Total RAM

1) Capture the hardware change as Snapshot#2

2) Make sure the virtual machine is running in its original configuration.

Spoiler Alert: This item requires you to perform a step not covered in the lab.

Posted in Certification, Virtualization, VMware | Tagged , , , | Leave a comment

VCAP6-DCV Deploy Sample Question 9

Sample Question Intro
HOL: HOL-1810-01-SDC – Virtualization 101: Introduction to vSphere
Prerequisites: None
Lab: Module 3 :Introduction to vSphere Storage : Creating and Configuring vSphere Datastores

Question 9

New hosts have been provisioned to the environment and existing storage needs to be accessed from the new servers.

Requirements:

Credentials: Use Windows session authentication

New NFS datastore name: ds-site-a-nfs02
NFS server: 10.10.20.60
NFS Folder: /mnt/NDS02

New iSCSI datastore name: ds-iscsi02
iSCSI Server: 10.10.20.60
LUN ID: 12

New Host: esx-03a.corp.local
New Host credentials: root / VMware1!

1) Add host esx-03a.corp.local to Cluster Site A.

2) Make sure esx-03a.corp.local does not have an eval license.

3) Ensure all hosts in Cluster Site A can access the NFS storage.

4) Ensure all hosts in Cluster Site A can access the iSCSI storage.
Note: The datastore will be shared with a vSphere 5.5 cluster at a later date.

Posted in Certification, Storage, Virtualization, VMware | Tagged , , , | Leave a comment

VCAP6-DCV Deploy Sample Question 8

Sample Question Intro
HOL: HOL-1810-01-SDC – Virtualization 101: Introduction to vSphere
Prerequisites: None
Lab: Module 2 : Understanding Single Sign On

Question 8

The administration team has requested a new user with specific permissions.

They would also like to use their AD accounts to manage a specific host.

Requirements:

Credentials: administrator@vsphere.local / VMware1!

New User credentials: holadmin@vsphere.local / VMware1!
New User name: HOL Admin
New Group: HOL Group

Administation host: esx-01a.corp.local
AD domain: corp.local
AD credentials: administrator / VMware1!

1) Ensure any member of the new group can manage virtual machines disks and browse host datastores but not manage host or cluster settings.
Note: No objects other than a user and a group should be created.

2) Ensure the rights are propagated down the object hierarchy.

3) Ensure AD objects can be granted permissions directly on esx-01a.corp.local.

Posted in Certification, Security, Virtualization, VMware | Tagged , , , | Leave a comment

VCAP6-DCV Deploy Sample Question 7

Sample Question Intro
HOL: HOL-1810-01-SDC – Virtualization 101: Introduction to vSphere
Prerequisites: None
Lab: Module 2 : User Access and Authentication Roles

Question 7

The administration team has requested two new groups of permissions.

Requirements:

Credentials: Use Windows session Authentication

Role: HOL Admin Role
Rights: No network or storage rights

Role: HOL Dev Role
Rights: Full rights

Create the roles as specified.

Posted in Certification, Security, Virtualization, VMware | Tagged , , , | Leave a comment