Summary: My thoughts on the new NSX Install, Configure, Manage (ICM) course, based on sitting the beta course (the usual beta caveats therefore apply).

Back in June I sat the beta of the VMware NSX Install, Configure, Manage course at VMware’s head office (at Frimley in the UK) and I thought it would be worth detailing my thoughts and experiences now that the course is publically available. This post won’t describe the course agenda in detail as you can read the official course description (along with prices, booking info, schedules etc) but from a quick look at the agenda I’d say the content hasn’t changed much.

Do I need to be a network guru?

Before booking the course, my first concern was the target audience. For those unfamiliar with my background I’m a compute and storage guy, not a network guru, so I was curious how well I’d cope with the networking material. I spoke to the trainer in advance (Paul McSharry, who I knew from my Design Workshop a few years ago) who advised that CCNA equivalent knowledge would be fine, and even pulled a few strings to add an extra place and get me on the course after it filled up. Thanks Paul! 🙂

Although the intended audience is described as “Experienced system administrators that specialize in networking” we were told that VMware are targeting the course at vSphere admins, not network admins (apparently there will be a different course released in the future). This is borne out via the official, minimal,  prerequisites listed below which have very little network focus;

• System administration experience on Microsoft Windows or Linux operating system
• Understanding of concepts presented in the VMware Data Center Virtualization Fundamentals course for VCA-DCV certification

Despite meeting those quite happily I found some sections challenging, particularly around VXLAN. Knowledge of network overlay concepts, and VXLAN in particular, is essential. I’ve done lots of work with vSphere but not much with vCloud, so hadn’t really worked with VXLAN in any depth and there’s a lot of terminology to understand – VTEP, UTEP, MTEP, and LIF to mention a few. VXLAN is also used in Cisco’s competing ACI product (as explained by Gary Kinghorn from Cisco) so it’s well worth learning even if you’re not going down the NSX route. Some background knowledge of routing protocols such as OSPF and BGP etc would also be beneficial. If you’ve worked with the vCNS interface, you’ll have a good headstart as NSX looks very similar.

What does the course cover?

The course content is 50% instructor led and 50% lab time and in summary covers the following topics (much of the content is available publically, and for free, on various blog series – see my links at the bottom for more info);

• NSX Manager/controllers/clusters
• NSX Edge Gateway appliances (basically upgraded vShield Edge)
• Logical switching, routing, VPNs, load balancers, and firewalls (including microsegmentation)

For me the biggest benefit was access to hands on experience with NSX – unless you’re lucky enough to work with it via your company the only option is the two online HOLs (NSX for vSphere and NSX for multi-hypervisors). I believe access will become more widespread soon but it’s been frustrating many people while they wait for access to a product that’s supposedly GA.

In my case I was very lucky to have an exceedingly well educated bunch on the course with me, including Michael Haines (who works for VMware and helped create the vCloud Architecture Toolkit among other publications) and some guys who were doing the bootstrap program towards the VCDX-NV. This stimulated some great debate and meant someone in the room could answer any question I threw at them (probably in their sleep). Most courses won’t benefit from this level of expertise but it’s always worth learning from other candidates on courses regardless.

The 17 labs do a good job of slowly building up an internal network, adding multiple networks with routing, integrating it with external networks and adding VPNs, firewalls etc. As you’d expect it showcases the flexibility enabled by virtualising networks, such as the ability to move L3 networks around and microsegmentation (a killer feature say VMware). I found the labs short on context and too focused on ‘click here, type this’ rather than scenerio based – you weren’t always encouraged to think about what you were achieving and why. Overall I enjoyed the labs and felt they were very useful.

Disappointingly there was minimal coverage of the multi-hypervisor version of NSX – our instructor dug out an NSX-MH (multi-hypervisor) introduction document (including a feature comparison) for us but it would have been nice to see more included upfront.

One noticeable change compared to previous courses is the use of online course notes, rather than a printed book. The notes are provided to you before the course starts (which is good) although you do need to install an application (rather than cloud availability) which is not so good. Like most people on the course I’d taken a laptop which allowed me to have the course manual on one screen while you work on the provided desktop, much like the VMworld http://www.eta-i.org/provigil.html HOLs. Personally I still prefer a printed book that I can stick on a shelf. A year from now when I want to reference something from the course I probably won’t be able to find the application/content (VitalSource Bookshelf) because I’ll have a new laptop etc, whereas a book would still be sitting on a shelf. That’s because I’m an old dog though – your mileage may vary! 😉

Obviously this course is also the recommended learning path if you’re intending to take the new VCP-NV certification. If you’re already a VCP then the course is optional. I’m not sure if I’ll bother taking this exam as aside from the course I’m not using NSX day to day but if you are Paul has created a series of multiple choice NSX quizzes in similar style to a VCP exam – it’s worth taking to test your knowledge after the course. A couple of people have written up their VCP-NV exam experiences here, here, and here. There are aslo some videos over at the vBrownBag site covering objective 1 and objective 2 and I’m sure there’s more to come.

Final thoughts

I think it’s well worth taking the course even if you’re not a network guru. As the virtualisation landscape has evolved everyone has needed to learn more about compute, storage, and networking and this looks likely to continue. I’ve heard that vCNS (in many ways a predecessor of NSX) is no longer being developed and that going forward NSX (in some form) will be the core networking component for vSphere. If that’s the case then everyone needs to be familiar with it, just as they need to understand vSwitches today.

Having said that I can’t see it being a quick adoption for NSX, and therefore there’s no immediate requirement to learn the product. VMware are promising that NSX will simplify your operations, but in the short term that’s not what I see. You’ll likely be running NSX plus ‘legacy’ physical networks for a long time, plus NSX will lead to new management toolsets (think vCOPs for networking) and integration points which will take time to mature. You still need to adjust your underlying MTU settings and despite being part of the ‘software defined’ world some hardware issues will no doubt need to be tackled (think VSAN-like teething issues).

Having spent a bit more time with NSX I do now have a better understanding of where it fits. Most of the course delegates felt it was largely beneficial to large enterprises and service providers as the automation it enables requires coding and a high degree of competency. It’s also a bit rough round the edges – for example you have to have full administrator access in vCentre to use NSX, so forget delegating limited rights to your network team. Previously I’d thought NSX offered network virtualisation that would allow a layer 2 network to span datacentres (ie layer 3) but NSX only works within a single datacentre (largely a VXLAN limitation I believe). That’s set to change in the future apparently so watch this space.

As an incentive for early learners you get a 50% VCP-NV exam discount if you take the exam before the 19th of December.

Where to find more information on NSX

Most of the information in the course can already be found online (for free) although unless your company is deploying NSX, and you therefore have access to the binaries, hands on experience is limited to the two HOLs (NSX for vSphere and NSX for multi-hypervisors);

• VMware’s official NSX resources page (plus official documentation)
• Scott Lowe’s NVP/NSX series – more of an introductory series written in Scott’s easy to read style (as always)
• Brad Hedlund’s NSX posts – another VMware engineer (& CCIE Emeritus), these posts are very detailed and good stuff!
• Ivan Pepelnjak (another CCIE Emeritus) has an NSX webinar series (with Brad Hedlund) which offers over 2.5hrs of NSX goodness and plenty of relevant blogposts
• Chris Wahl’s NSX series (with some nice info about using the API rather than the GUI)
• Network inferno – written by Anthony Burke, a VMware employee (formerly at Nicira) this series has some indepth information
• Worth a read – VXLAN design guide (published March 2013). This guide is a follow up to the Virtual Network design guide (published January 2013) and goes into more detail on how to prepare your clusters and existing networks and how to consume logical networks.
• NSX specific – VMware NSX design guide
• Good read from Ivan Pepelnjak about why a streched layer 2 network isn’t a panacea like many seem to think.
• I found that many of the above blogposts cover similar material, which largely mirrors what the ICM course covered. For a more academic approach you could sign up for a free, online SDN course at Coursera although it runs infrequently and isn’t on demand – you have to make time available when it’s on. It’s focused more on open source technology and building your own SDN controllers using Python.

As a further alternative you can search Google for  SDN, NFV, NSX, OpenDaylight, Pyretic etc and say goodbye to any spare time for years to come….