Identify upgrade requirements for ESXi hosts
Check VMware Product Interoperability Matrix for validate the compatibility between ESXi host version, vCenter Server version and other components/plugins etc…
Check VMware Compatibility Guide (HCL) to make sure the system hardware is compliant with ESXi host version that will be deployed
Note : When you upgrade a host that contains custom VIBs, the upgrade displays an error message unless the same VIBs are included in the upgrade ISO file.
Identify steps required to upgrade a vSphere implementation
Describe core vSphere networking tehcnologies
Describe vCloud Networking and Security technologies
Key Capabilities of vCloud Networking and Security :
Firewall – Stateful inspection firewall that can be applied either at the perimeter of the virtual data center or at the virtual network interface card (vNIC) level directly in front of specific workloads. The firewall-rule table is designed for ease of use and automation with VMware vCenter™ objects for simple, reliable policy creation. Stateful failover enables high availability for business-critical applications.
VPN – Industry-standard IPsec and SSL VPN capabilities that securely extend the virtual data center. Site-to-site VPN support links virtual data centers and enables hybrid cloud computing at low cost. The SSL VPN capability delivers remote administration into the virtual data center through a bastion host, the method favored by auditors and compliance regulators.
Load balancer – A virtual-appliance–based load balancer to scale application delivery without the need for dedicated hardware. Placed at the edge of the virtual data center, the load balancer supports Web-, SSL- and TCP-based scale-out for high-volume applications.
VXLAN – Technology that, along with VMware vSphere® Distributed Switch™, creates Layer 2 logical networks across noncontiguous clusters or pods without the need for VLANs (multicast required). This enables you to scale your applications across clusters and pods and improve compute utilization. Instrumentation – Granular network traffic telemetry that enables rapid troubleshooting and incident response. Traffic counters for sessions, packets and bytes provide visibility into the virtual network and streamline firewall-rule creation.
Management – Integrates with vCenter Server and vCloud Director to provide separation of duties with role- based access control (RBAC) while providing a central point of configuration and control for network and security services.
vCloud Ecosystem Framework – Integrates partner services at either the vNIC or the virtual edge using REST APIs
There are two vCloud Networking and Security virtual-appliance types :
- Edge Gateway (VPN IP Sec, Load Balancer, NAT, Static Routing, DHCP, Relay DNS)
- App Firewall (based on vCenter objects rather than IP address)
- Once defined, rules can be enforced at either the perimeter of the virtual data center with vCloud Networking and Security Edge, or directly in front of a workload at the vNIC level with the vCloud Networking and Security App firewall
VPN IPSec Site-to-site : IKE 256 bits, AES 256bits. This capability enables you to interconnect virtual datacenters securely to physical firewalls from a variety of vendors.
SSL remote access to give administrators access to the virtual data center. SSL is implemented on the Edge Gateway virtual appliance and enables administrators to perform remote configuration, troubleshooting and other routine management tasks.
Load Balancing algorithms supported :
- Round Robin
Edge High Availibility, vCloud Networking and Security enables stateful high-availability (HA) firewalls for virtual data centers (see Figure 7). With vCloud Networking and Security Edge HA, active firewall connections can be continuously synchronized between an active/standby pair of Edge virtual appliances. If a failure occurs in the active Edge appliance, sessions are not lost, and the standby unit
resumes the passing of traffic in less than 10 seconds.
VXLAN protocol leverages user datagram protocol (UDP) encapsulation to enable networks to stretch across multiple clusters and Layer 3 segments of the data center. Moreover, VXLAN scales to 16 million segments without requiring a large upgrade to existing physical switching infrastructure. VMware has enhanced the vSphere Distributed Switch component of vSphere Enterprise Plus Edition to provide troubleshooting and traffic statistics about VXLAN encapsulated traffic.