VMware

VMware Certified Professional 6 – Network Virtualization Exam

Exam Number: 2V0-641 Duration (minutes): 120 Minutes
Associated Certification: VCP6-NV Number of Questions: 85
Exam Product: VMware NSX for vSphere v6 Passing Score: 300
Recommended Training: VMware NSX: Install, Configure, Manage [V6.2] Validated Against: VMware NSX for vSphere v6
Exam Price: $250 USD, More on Pricing Exam Languages: English, Japanese
First Available Appointment: 30 August 2015 Format: Single and Multiple Choice, Proctored
Exam Details Information Last Updated: 12 January 2017

This exam tests your skills and abilities installing, configuring and administering a VMware NSX 6.x environment.


Note: this exam will be retired on 30 April 2017.

Exam Topics How to Prepare Additional Resources
+ Section 1: Define VMware NSX Technology and Architecture
+ Objective 1.1: Describe the Benefits of a VMware NSX Implementation
Knowledge
  • Define and differentiate challenges with physical network implementations
  • Explain common VMware NSX terms
  • Describe and differentiate NSX network and security functions and services
  • Explain common use cases for VMware NSX
Tools
+ Objective 1.2: Describe VMware NSX Architecture
Knowledge
  • Differentiate component functionality of NSX stack infrastructure components
  • Compare and contrast with advantages/disadvantages of topologies (star, ring, etc.) as well as scaling limitations
  • Compare and contrast VMware NSX data center deployment models
  • Prepare a vSphere implementation for NSX
Tools
+ Objective 1.3: Differentiate VMware Network and Security Technologies
Knowledge
  • Explain the benefits of NSX architecture components
  • Given a scenario, determine the appropriate steps required to upgrade a vSphere implementation
  • Describe core vSphere networking technologies
  • Describe vCloud Networking and Security technologies
  • Describe and differentiate VMware NSX for vSphere and VMware NSX for third-party hypervisors
Tools
+ Objective 1.4: Contrast Physical and Virtual Network Technologies
Knowledge
  • Differentiate logical and physical topologies
  • Differentiate logical and physical components (i.e. switches, routers, etc.)
  • Differentiate logical and physical services (i.e. firewall, NAT, etc.)
  • Differentiate between physical and logical security constructs
    • Service Composer
    • Endpoint Security
    • Data Security
Tools
+ Objective 1.5: Explain VMware NSX Integration with Third-Party Products and Services
Knowledge
  • Explain integration with third-party partner tools and systems using NSX REST APIs
  • Explain integration with third-party services
    • Network services
    • Security services
    • Load Balancing
    • Anti-malware
    • IDS/IPS
  • Explain integration with third-party hardware
    • Network Interface Cards (NICs)
    • Terminating overlay networks
    • HW VTEP
    • VXLAN offload
    • RSS
  • Install/register a third-party service with NSX
Tools
+ Objective 1.6: Explain VMware NSX Integration with vRealize Automation (vRA)
Knowledge
  • Explain integration with vRealize Automation
  • Explain NSX deployment capabilities built into vRealize Automation
  • Describe Network Profiles available in vRealize Automation
  • Explain NSX preparation tasks for attaching a network profile to a blueprint
  • Explain vRealize Automation preparation tasks for deploying a machine with on-demand network services
Tools
+ Section 2: Describe VMware NSX Physical Infrastructure Requirements
+Objective 2.1: Define Benefits of Running VMware NSX on Physical Network Fabrics
Knowledge
  • Describe and differentiate physical network topologies
    • Differentiate physical network trends
    • Explain the purpose of a Spine node
    • Explain the purpose of a Leaf node
  • Describe and differentiate virtual network topologies
    • Enterprise
    • Service Provider Multi-Tenant
    • Multi-Tenant Scalable
  • Given a specific physical topology, determine what challenges could be addressed by a VMware NSX implementation.
  • Differentiate physical/virtual QoS implementation
  • Differentiate single/multiple vSphere Distributed Switch (vDS)/Distributed Logical Router implementations
  • Differentiate NSX Edge High Availability (HA)/Scale-out implementations
  • Differentiate Separate/Collapsed vSphere Cluster topologies
  • Differentiate Layer 3 and Converged cluster infrastructures
Tools
+Objective 2.2: Describe Physical Infrastructure Requirements for a VMware NSX Implementation
Knowledge
  • Differentiate management and edge cluster requirements
  • Describe and differentiate minimum/optimal physical infrastructure requirements for a VMware NSX implementation
  • Explain how traffic types are handled in a physical infrastructure
  • Determine use cases for available virtual architectures
  • Describe ESXi host vmnic requirements
  • Differentiate virtual to physical switch connection methods
  • Describe and differentiate VMkernel networking scenarios
Tools
+ Section 3: Configure and Manage vSphere Networking
+ Objective 3.1: Configure and Manage vSphere Standard Switches (vSS)
Knowledge
  • Explain vSS capabilities
  • Add/Configure/Remove vmnics on a vSS
  • Configure vmkernel ports for network services
  • Add/Edit/Remove port groups on a vSS
  • Determine use cases for a vSphere Standard Switch
Tools
+ Objective 3.2: Configure and Manage vSphere Distributed Switches (vDS)
Knowledge
  • Compare and contrast vDS capabilities
  • Create/Delete a vDS
  • Add/Remove ESXi hosts from a vDS
  • Edit general vSphere vDS settings
  • Add/Configure/Remove dvPortgroups
  • Configure dvPort settings
  • Add/Remove uplink adapters to dvUplinkgroups
  • Create/Configure/Remove virtual adapters
  • Migrate virtual machines to/from a vDS
  • Monitor dvPort state
  • Determine use cases for a vDS
Tools
+ Objective 3.3: Configure and Manage vSS and vDS Policies
Knowledge
  • Compare and contrast common vDS policies
  • Configure dvPortgroup blocking policies
  • Explain benefits of Multi-Instance TCP/IP stack
  • Configure load balancing and failover policies
  • Configure VLAN settings
  • Configure traffic shaping policies
  • Enable TCP Segmentation Offload (TOE) support for a virtual machine
  • Enable Jumbo Frame support on appropriate components
  • Determine appropriate VLAN configuration for a vSphere implementation
  • Understand how DSCP is handled in a VXLAN frame
Tools
+ Section 4: Install and Upgrade VMware NSX
+ Objective 4.1: Configure Environment for Network Virtualization
Knowledge
  • Identify and understand physical infrastructure configuration for NSX Compute, Edge and Management clusters (MTU, Dynamic Routing for Edge, etc.)
  • Prepare a Greenfield vSphere Infrastructure for NSX Deployment
    • Configure Quality of Service (QoS)
    • Configure Link Aggregation Control Protocol (LACP)
  • Configure a Brownfield vSphere Infrastructure for NSX
  • Explain how IP address assignments work in VMware NSX
  • Determine minimum permissions required to perform an NSX deployment task in a vSphere implementation
Tools
+ Objective 4.2: Deploy VMware NSX Components
Knowledge
  • Install/Register NSX Manager
  • Prepare ESXi hosts
  • Deploy NSX Controllers
  • Understand assignment of Segment ID Pool and appropriate need for Multicast addresses
  • Install vShield Endpoint
  • Create an IP pool
  • Understand when to use IP Pools versus DHCP for NSX Controller Deployment
Tools
+ Objective 4.3: Upgrade Existing vCNS/NSX Implementation
Knowledge
  • Based on a given upgrade scenario, identify requisite steps and components for upgrading to NSX 6.x
  • Upgrade vCNS 5.5 to NSX 6.x
  • Upgrade vCNS Virtual Wires to NSX Logical Switches
  • Upgrade to NSX Components
    • Upgrade to NSX Firewall
    • Upgrade to NSX Edge
    • Upgrade vShield Endpoint from 5.5 to 6.x
    • Upgrade to NSX Data Security
  • Upgrade NSX Manager from 6.0 to 6.x
  • Update vSphere Clusters after NSX upgrade
  • Understand the impact of availability to the aspects of NSX during an upgrade
Tools
+ Objective 4.4: Expand Transport Zone to Include New Cluster(s)
Knowledge
  • Explain the function of a Transport Zone
  • Understand proper addition of a Transport Zone
  • Understand necessity to expand or contract a Transport Zone
  • Edit a Transport Zone
  • Understand appropriate use of Control Plane mode modification of a Transport zone
Tools
+ Section 5: Configure VMware NSX Virtual Networks
+ Objective 5.1: Create and Administer Logical Switches
Knowledge
  • Given a scenario, demonstrate the proper way to add/remove a logical switch
  • Determine use case for and contrast the three Control Plane Modes
    • Multi-cast
    • Hybrid
    • Unicast
  • Determine use case for connecting a logical switch to an NSX Edge gateway
  • Deploy services to a logical switch
  • Demonstrate multiple ways of adding or removing virtual machines from a logical switch
  • Test logical switch connectivity
Tools
+ Objective 5.2: Configure VXLAN
Knowledge
  • Describe and understand areas where VXLANs should be configured
  • Understand physical network requirements for virtual topologies with VXLANs
  • Understand how to prepare a vSphere cluster for VXLAN
  • Determine the appropriate teaming policy for a given implementation
  • Understand how to configure and modify the options of a Transport Zone
  • Understand how prepare VXLAN Tunnel End Points (VTEPs) on vSphere clusterss
Tools
+ Objective 5.3: Configure and Manage Layer 2 Bridging
Knowledge
  • Given a scenario, determine an appropriate High Availability configuration for Layer 2 Bridging
  • Understand how to add a Layer 2 Bridge to an NSX Edge device
  • Determine when Layer 2 Bridging would be required for a given NSX implementation
  • Determine use cases for multiple Layer 2 Bridges
  • Compare and contrast software and hardware bridging
Tools
+ Objective 5.4: Configure and Manage Logical Routers
Knowledge
  • Install NSX Edge
  • Understand how to connect/disconnect a logical switch from a logical router
  • Understand and describe the different types of router interfaces
  • Determine NSX components needed to build out topologies with logical routers
  • Understand how to add and configure a new logical router
  • Determine use case for and configure a management interface
  • Determine use case for and configure High Availability for a logical router
  • Configure routing protocols
    • Static
    • OSPF
    • BGP
    • IS-IS
  • Configure default gateway
  • Determine if cross-protocol route sharing is needed for a given NSX implementation
  • Understand how to configure administrative distances for routing
  • Understand configuration differences between iBGP and eBGP
  • Understand and configure route redistribution
Tools
+ Section 6: Configure and Manage NSX Network Services
+ Objective 6.1: Configure and Manage Logical Load Balancing
Knowledge
  • Describe and understand when to use the two topologies for load balancing
  • Understand how to configure load balancing
  • Configure and understand service monitors
  • Understand how to Add/Edit/Delete a server pool
  • Understand how to Add/Edit/Delete an application profile
  • Understand how to Add/Edit/Delete virtual servers
  • Determine appropriate NSX Edge instance size based on load balancing requirements
Tools
+ Objective 6.2: Configure and Manage Logical Virtual Private Networks (VPN)
Knowledge
  • Understand how to configure IPSec VPN
    • Configure IPSec VPN parameters
    • Enable logging
  • Understand how to configure Layer 2 VPN
    • Add Layer 2 VPN Client/Server
    • View Layer 2 VPN Statistics
  • Configure Network Access/Web Access SSL VPN-Plus
    • Edit Client Configurations
    • Edit General Settings
    • Edit Web Portal Designs
    • Add/Edit/Delete IP Pools
    • Add/Edit/Delete Private Networks
    • Add/Edit/Delete Installation Packages
    • Add/Edit/Delete Users
    • Add/Edit/Delete Login/Logoff script
  • Determine appropriate VPN service type for a given NSX implementation
Tools
+ Objective 6.3: Configure and Manage DHCP/DNS/NAT
Knowledge
  • Understand proper use and addition of a DHCP IP Pool
  • Enable a DHCP IP pool
  • Describe use and proper implementation of DNS services
  • Describe when and how to configure Source NAT
  • Describe when and how to configure Destination NAT
  • Given a scenario, compare and contrast proper DHCP uses
Tools
+ Objective 6.4: Configure and Manage Edge Services High Availability
Knowledge
  • Given a scenario, compare and contrast proper HA uses
  • Describe service availability during an Edge High Availability failover
  • Differentiate NSX Edge High Availability and vSphere High Availability
  • Configure NSX Edge High Availability
    • Configure heartbeat settings
    • Configure management IP addresses
  • Modify and existing Edge High Availability deployment
  • Determine resource pool requirements for a given Edge High Availability configuration
  • Configure Equal-Cost Multi-Path Routing (ECMP)
    • Determine ECMP timers
    • Understand process flows
  • Combine ECMP with other stateful services
Tools
+ Section 7: Configure and Administer Network Security
+ Objective 7.1: Configure and Administer Logical Firewall Services
Knowledge
  • Add/Edit/Delete an Edge Firewall rule
  • Configure Source/Destination/Service/Action rule components
  • Describe the differences between Edge Rule Types (Pre Rules/Internal/User Rules/Default Rules)
  • Change the order of an Edge User Firewall rule
  • Describe/Demonstrate how to configure an Edge Firewall Pre Rule
  • Describe the limitations of ECMP and Edge Firewall Policy
Tools
+ Objective 7.2: Configure Distributed Firewall Services
Knowledge
  • Describe VM IP Address learning for the purposes of DFW vCenter attribute learning
  • Differentiate between Layer 2 and Layer 3 rules
  • Differentiate between entity-based and identity-based rules
  • Identify firewall rule entities
  • Explain rule processing order
  • Explain rule segregation
  • Demonstrate steps to Add/Delete a Distributed Firewall rule
  • Demonstrate configuration of Source/Destination/Service/Action rule components
  • Change the order of a Distributed Firewall rule
  • Add/Merge/Delete a Distributed Firewall rule section
  • Determine publishing requirements for rules in a given NSX implementation
  • Demonstrate Import/Export Distributed Firewall Configuration
  • Load Distributed Firewall configuration
  • Determine need for excluding virtual machines from distributed firewall protection
  • Describe SpoofGuard Operation and Default Policy and Actions
  • Describe SpoofGuard IP Address Learning
  • Identify requirements for a Spoofguard Policy
  • Demonstrate how to Create and Edit a SpoofGuard Policy
    • IP Local Addresses
    • Approve IP addresses
    • Edit/Clear IP addresses
Tools
+ Objective 7.3: – Configure and Manage Service Composer
Knowledge
  • Identify assets that can be used with a Security Group
  • Describe and differentiate services contained in a Security Policy
  • Explain common Service Composer use cases
  • Describe third party integration and service redirection
  • Differentiate Security Groups and Security Policies
  • Demonstrate the ability to redirect specific flows (e.g. 80) to network introspection services
  • Differentiate between vCenter attribute based Firewall rules (including IP Sets) vs Active Directory identity-based rule
  • Create/Edit a Security Group in Service Composer
  • Create/Edit/Delete a Security Policy in Service Composer
  • Map a Security Policy to a Security Group
  • Add/Edit/Delete a Security Tag
  • Assign and view a Security Tag
Tools
+ Section 8: Perform Operations Tasks in a VMware NSX Environment
+ Objective 8.1: Configure Roles, Permissions, and Scopes
Knowledge
  • Identify default roles
  • Explain Single Sign-On (SSO) integration
  • Configure SSO
  • Assign a role to a vCenter Server user or group
  • Describe the uses for the various NSX Security Roles
  • Describe how roles can be applied to a subset of the vCenter infrastructure for multi Tenancy purposes
  • Explain how to apply NSX Roles to an AD group
  • Assign objects to a user
  • Enable/Disable a user account
  • Edit/Delete a user account
Tools
+ Objective 8.2: Describe NSX Automation
Knowledge
  • Explain common use cases that require the NSX REST API
  • Describe how the NSX REST API works and how it is used with a support browser
  • Explain how NSX REST API Calls are sent to the NSX Manager
  • Describe and differentiate common NSX REST API verbs
  • Describe how to use NSX REST API calls to learn the network topology
Tools
+ Objective 8.3: Monitor a VMware NSX Implementation
Knowledge
  • Compare and contrast available monitoring methods (UI, CLI, API, etc.)
  • Monitor infrastructure components
    • Control Cluster Health
    • Manager Health
    • Hypervisor Health
  • Perform Inbound/Outbound activity monitoring
  • Enable data collection for single/multiple virtual machines
  • Perform virtual machine activity monitoring
  • Monitor activity between inventory containers (security groups, AD groups)
  • Analyze network and security metrics in vRealize Operations
  • Monitor logical networks and services
    • Identify available statistics/counters
    • Network/service health
    • Configure and collect data from network
Tools
+ Objective 8.4: Perform Auditing and Compliance
Knowledge
  • Given an auditing scenario, determine where applicable log information can be located
  • Describe and differentiate permissions for auditing
  • Describe and differentiate common data security regulations supported by NSX Data Security
  • Describe and differentiate information available in audit logs
  • Use flow monitoring to audit firewall rules
  • Audit deleted users
  • Audit infrastructure changes
  • View NSX Manager audit logs and change data
  • Configure NSX Data Security
  • Create a Data Security policy
  • Install Data Security
  • Run a Data Security scan
  • View and download compliance reports
  • Create a regular expression
  • Configure Guest Introspection (Install vShield Endpoint)
Tools
+ Objective 8.5: Administer Logging
Knowledge
  • Given a scenario, utilize information contained in technical support bundles/logs to assist in troubleshooting
  • Explain usage of CLI for logging
  • Configure Syslog(s)
  • Configure logging for Dynamic Routing information
  • Log Distributed Firewall rule processing information
  • Log Edge Firewall rule processing information
  • Log address translation information
  • Log VPN traffic
  • Configure basic/advanced Load Balancer logging
  • Log DHCP assignments
  • Log DNS resolutions
  • Log security policy session information
  • Download NSX Edge tech support logs
  • Generate NSX Manager tech support logs
Tools
+ Objective 8.6: Backup and Recover Configurations
Knowledge
  • Explain how to backup and recover various components
  • Schedule backups
  • Export/Restore vSphere Distributed Switch configuration
  • Import/Export Service Composer profiles
  • Perform NSX Manager backup and restore operations
Tools
+ Section 9: Troubleshoot a VMware Network Virtualization Implementation
+ Objective 9.1: Identify Tools Available for Troubleshooting
Knowledge
  • Capture and trace uplink, vmknic, and physical NIC packets
  • Audit NSX infrastructure changes
  • Output packet data for use by a protocol analyzer
  • Capture and analyze traffic flows
  • Mirror network traffic for analysis
  • Perform a network health check
  • Configure vSphere Distributed Switch alarms
Tools
+ Objective 9.2: Troubleshoot Common NSX Installation/Configuration Issues
Knowledge
  • Troubleshoot lookup service configuration
  • Troubleshoot vCenter Server link
  • Troubleshoot licensing issues
  • Troubleshoot permissions issues
  • Troubleshoot host preparation issues
  • Troubleshoot IP pool issues
Tools
+ Objective 9.3: Troubleshoot Common NSX Component Issues
Knowledge
  • Differentiate NSX Edge logging and troubleshooting commands
  • Verify NSX Controller cluster status and roles
  • Verify NSX Controller node connectivity
  • Check NSX Controller API service
  • Validate VXLAN and Logical Router mapping tables
  • List Logical Router instances and statistics
  • Verify Logical Router interface and route mapping tables
  • Verify active controller connections
  • View Bridge instances and learned MAC addresses
  • Display Logical Router instances
  • Verify NSX Manager services status
  • View Logical Interfaces and routing tables
  • Analyze NSX Edge statistics
Tools
+ Objective 9.4: Troubleshoot Common Connectivity Issues
Knowledge
  • Review netcpa logs for control plane connectivity issues
  • Verify VXLAN, VTEP, MAC, and ARP mapping tables
  • List VNI configuration
  • View VXLAN connection tables and statistics
  • Perform VTEP connectivity tests
Tools
+ Exam Contributors
William Grismore
John Hays
Paul Mancuso
Chris McCain
Hadar Freehling
Joshua Newton
Dwayne Sinclair
Elver Sena