Curious-Techies

May 31, 2023

Quick NSX D-IDPS validation

A conversation about basic validation of NSX Distributed Intrusion Detection and Prevention System

CuriousTechie: Hey IT Guy, I am doing a Green filed deployment and have enabled NSX distributed IDPS in the environment. It may take few days to setup a testing environment with Security testing tools to simulate attacks and validate if the NSX D-IDPS is actually working or not. Is there a way to quicky validate the basic intrusion detection and prevention functionality of the solution?

May 15, 2023May 15, 2023

Changing Service Engine Network in NSX ALB

CuriousTechie: Hey ITGuy ! I have a scenario with NSX ALB that I need to work on, can we talk about it?

ITGuy: Sure! Let’s understand the scenario and we can evaluate a feasible solution.

CuriousTechie: I have few Active Virtual Services running in my AVI environment on vCenter Write Access cloud. Frontend VIP and Backend Servers are on different networks and the deployment is on Two Arm mode.

Due to some backend configuration on vCenter, I had to create new DV PortGroups for the same VLAN communication and now I need to make sure that my AVI Services Engines gets connected to the new PortGroups that I have created and not on the old ones.

ITGuy: For normal VM’s running in the environment, this move is as easy as changing the network adapter of a VM but for Service Engines that is not the case. If you change the Network adapter of the SE from vCenter then it would result in mismatch of configuration between AVI and vCenter. For example, in vCenter you will see SE connected to New PortGroup but in AVI console you will see the SE connected to Old PortGroup.(Do not try that!)

The way to perform the activity is by using proper placement networks and during this activity your Virtual Service will not be available for some time thus it will be best done during maintenance window. Let’s see how it can be done!

May 12, 2023May 15, 2023