├── .DS_Store
├── README.md
└── docs
    ├── .DS_Store
    ├── 1-Requirements.md
    ├── 2-Installation.md
    ├── 3-NSX-Evaluation.md
    ├── 3.1-Security-Only.md
    ├── 3.2-LogicalNetwork-Security.md
    ├── 3.3-Operation-Tools.md
    ├── 3.4 Security-Identity-Firewall.md
    └── assets
        ├── .DS_Store
        ├── Graphics
            ├── .DS_Store
            ├── 1.1.Pre-Req Compute.jpg
            ├── 1.2.Pre-Req Networking.jpg
            ├── 2.0.Installation-Design-1.jpg
            ├── 2.0.Installation-Design-2.jpg
            ├── 2.1.step1.jpg
            ├── 2.2.step1.jpg
            ├── 2.2.step10.jpg
            ├── 2.2.step11.jpg
            ├── 2.2.step2.jpg
            ├── 2.2.step3.jpg
            ├── 2.2.step4.jpg
            ├── 2.2.step5.jpg
            ├── 2.2.step6.jpg
            ├── 2.2.step7.jpg
            ├── 2.2.step8.jpg
            ├── 2.2.step9.jpg
            ├── 2.3.step1.jpg
            ├── 2.3.step2.jpg
            ├── 2.3.step3a.jpg
            ├── 2.3.step3b.jpg
            ├── 2.3.step4.jpg
            ├── 2.4.1.step1.jpg
            ├── 2.4.1.step10.jpg
            ├── 2.4.1.step11.jpg
            ├── 2.4.1.step12.jpg
            ├── 2.4.1.step13.jpg
            ├── 2.4.1.step14.jpg
            ├── 2.4.1.step2.jpg
            ├── 2.4.1.step3.jpg
            ├── 2.4.1.step4.jpg
            ├── 2.4.1.step5.jpg
            ├── 2.4.1.step6.jpg
            ├── 2.4.1.step7.jpg
            ├── 2.4.1.step8.jpg
            ├── 2.4.1.step9.jpg
            ├── 2.4.2.step1.jpg
            ├── 2.4.3.step1.jpg
            ├── 2.4.3.step2a.jpg
            ├── 2.4.3.step2b.jpg
            ├── 2.4.3.step3.jpg
            ├── 2.5.1.step1.jpg
            ├── 2.5.1.step2.jpg
            ├── 2.5.1.step3.jpg
            ├── 2.5.1.step4.jpg
            ├── 2.5.2.step1.jpg
            ├── 2.5.2.step2.jpg
            ├── 2.5.2.step3.jpg
            ├── 2.5.2.step4.jpg
            ├── 2.5.2.step5.jpg
            ├── 2.5.2.step6.jpg
            ├── 2.5.2.step7.jpg
            ├── 2.5.3.step1.jpg
            ├── 2.5.3.step2.jpg
            ├── 3.1.1.step1.jpg
            ├── 3.1.1.step2.jpg
            ├── 3.1.1.step3.jpg
            ├── 3.1.2.step1.jpg
            ├── 3.1.3.1.step1.jpg
            ├── 3.1.3.1.step2.jpg
            ├── 3.1.3.1.step3.jpg
            ├── 3.1.3.1.step4.jpg
            ├── 3.1.3.2.step1.jpg
            ├── 3.1.3.2.step2.jpg
            ├── 3.1.3.2.step3.jpg
            ├── 3.1.LogicalView.jpg
            ├── 3.1.PhysicalView.jpg
            ├── 3.2.1.step1.jpg
            ├── 3.2.1.step2.jpg
            ├── 3.2.1.step3.jpg
            ├── 3.2.1.step4.jpg
            ├── 3.2.2.1.step1.jpg
            ├── 3.2.2.1.step2.jpg
            ├── 3.2.2.1.step3.jpg
            ├── 3.2.2.1.step4.jpg
            ├── 3.2.2.2.LogicalView.jpg
            ├── 3.2.2.2.step1.jpg
            ├── 3.2.2.2.step2.jpg
            ├── 3.2.2.3.LogicalView.jpg
            ├── 3.2.2.3.step1.jpg
            ├── 3.2.2.3.step2.jpg
            ├── 3.2.2.3.step3.jpg
            ├── 3.2.2.3.step4.jpg
            ├── 3.2.2.3.step5.jpg
            ├── 3.2.2.3.step6.jpg
            ├── 3.2.4.LogicalView.jpg
            ├── 3.2.4.step1.jpg
            ├── 3.2.LogicalView.jpg
            ├── 3.2.PhysicalView.jpg
            ├── 3.3.1.step1.jpg
            ├── 3.3.1.step2.jpg
            ├── 3.3.2.step1.jpg
            ├── 3.3.2.step2.jpg
            ├── 3.3.2.step3.jpg
            ├── 3.3.2.step4.jpg
            ├── 3.3.2.step5.jpg
            ├── 3.3.2.step6.jpg
            ├── 3.3.LogicalView.jpg
            ├── Graphics-v0.1.pptx
            └── IDFW
            │   ├── .DS_Store
            │   ├── IDFW.step1.png
            │   ├── IDFW.step10.png
            │   ├── IDFW.step11.png
            │   ├── IDFW.step12.png
            │   ├── IDFW.step13.png
            │   ├── IDFW.step14.png
            │   ├── IDFW.step15.png
            │   ├── IDFW.step16.png
            │   ├── IDFW.step2.png
            │   ├── IDFW.step3.png
            │   ├── IDFW.step4.png
            │   ├── IDFW.step5.png
            │   ├── IDFW.step6.png
            │   ├── IDFW.step7.png
            │   ├── IDFW.step8.png
            │   ├── IDFW.step9.png
            │   └── IDFW_topology.png
        └── logo
            └── NSX_Logo.jpeg


/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/.DS_Store


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | 
 2 | <p align="center">
 3 | </p>
 4 | 
 5 | # NSX-T - Evaluation Guide
 6 | 
 7 | <p align="center">
 8 |   <img width="292" height="172" src="/docs/assets/logo/NSX_Logo.jpeg">
 9 | </p>
10 | 
11 | ---
12 | 
13 | ## Overview
14 | The goal of this document is to offer a "step by step" NSX Evaluation Guide to test (some) NSX Services:
15 | - Security Services
16 |   - Micro-Segmentation (DFW)
17 |   - Identity Firewall
18 | - Logical Networking Services
19 |   - Logical Switching
20 |   - Logical Routing (with distributed routing)
21 | - Operation tools
22 |   - Network Topology
23 |   - Traceflow
24 | 
25 | NSX offers many more services, such as Load Balancing, VPN, IDS, NSX Intelligence, Federation, etc.  
26 | Those are currently out of scope of that document.  
27 | 
28 | Also to limit the ESXi/Storage requirements, this evaluation does not cover high-availability and only 1 element of each NSX component will be installed.
29 | 
30 | ---
31 | This document table of content is:
32 | 1. [Requirements](/docs/1-Requirements.md)
33 | 1. [Installation of NSX](/docs/2-Installation.md)
34 | 1. [NSX Evaluation](/docs/3-NSX-Evaluation.md)
35 |    1. [Security only (no Logical Network)](/docs/3.1-Security-Only.md)
36 |    1. [Logical Network + Security](/docs/3.2-LogicalNetwork-Security.md)
37 |    1. [Operation Tools](/docs/3.3-Operation-Tools.md)
38 |    1. [Other - Identity Firewall](/docs/3.4-Security-Identity-Firewall.md)
39 | 
40 | ---
41 | 
42 | [***Next Step: 1. Requirements***](/docs/1-Requirements.md)
43 | 


--------------------------------------------------------------------------------
/docs/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/.DS_Store


--------------------------------------------------------------------------------
/docs/1-Requirements.md:
--------------------------------------------------------------------------------
 1 | 
 2 | ## 1. Requirements
 3 | 
 4 | Here are the requirements for NSX-T Evaluation.
 5 | 
 6 | ### Compute & Storage
 7 | 
 8 | <details>
 9 | <summary>"Click to expand"</summary>
10 | 
11 | <p align="center">
12 |   <img width=75% height=75% src="/docs/assets/Graphics/1.1.Pre-Req Compute.jpg">
13 | </p>
14 | 
15 | | Compute          | Number | Version |                                                     Download                                                      |
16 | |:-----------------|:------:|:-------:|:-----------------------------------------------------------------------------------------------------------------:|
17 | | vCenter          |   1    |   7.0   | [download link](https://my.vmware.com/en/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0) |
18 | | vCenter-Cluster  |   1+   |   n/a   |                                                        n/a                                                        |
19 | | ESXi per Cluster |   2+   |   7.0   | [download link](https://my.vmware.com/en/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0) |
20 | | CPU per ESXi     |   8+   |   n/a   |                                                        n/a                                                        |
21 | | RAM per ESXi     | 48GB+  |   n/a   |                                                        n/a                                                        |
22 | | NIC per ESXi     |   2+   |   n/a   |                                                        n/a                                                        |
23 | 
24 | | Storage | Shared storage - Recommended for live vMotion tests |
25 | |:--------|:---------------------------------------------------:|
26 | | Size    |                       500 GB                        |
27 | 
28 | </details>
29 | 
30 | ---
31 | 
32 | ### Networking
33 | 
34 | <details>
35 | <summary>"Click to expand"</summary>
36 | 
37 | <p align="center">
38 |   <img width=75% height=75% src="/docs/assets/Graphics/1.2.Pre-Req Networking.jpg">
39 | </p>
40 | 
41 | | VLAN       | Number  | Description                                                                                  |
42 | |:-----------|:-------:|:---------------------------------------------------------------------------------------------|
43 | | Management | VLAN 11 | VLAN where Management is running (vCenter / ESXi-Mgt / future NSX-Mgr / future EdgeNode-Mgt) |
44 | | Overlay    | VLAN 12 | VLAN where future NSX Logical Switches Overlay will run in                                   |
45 | 
46 | | Physical Router | VLAN      | IP                | MTU     | Note                                                                                          |
47 | |:----------------|:----------|:------------------|:--------|:----------------------------------------------------------------------------------------------|
48 | | Management      | VLAN 11   | 192.168.50.1/24   | 1500    |                                                                                               |
49 | | Overlay         | VLAN 12   | 192.168.51.1/24 * | 1700+ * |                                                                                               |
50 | | Web             | VLAN 16   | 10.16.1.1/24      | 1500    | Needed for [NSX Evaluation - Security only (no Logical Network)](/docs/3.1-Security-Only.md)  |
51 | | External        | VLAN 3103 | 20.20.20.1/24     | 1500    | Needed for [NSX Evaluation -Logical Network + Security](/docs/3.2-LogicalNetwork-Security.md) |
52 | 
53 | 
54 | 
55 | \* Since in this lab all Transport Nodes (ESXi / Edge Nodes) run the Overlay traffic in the same VLAN 12, there is actually requirement to have an IP and MTU 1700+ on the physical router.
56 | 
57 | 
58 | </details>
59 | 
60 | 
61 | ---
62 | 
63 | [***Next Step: 2. Installation of NSX***](/docs/2-Installation.md)
64 | 


--------------------------------------------------------------------------------
/docs/2-Installation.md:
--------------------------------------------------------------------------------
  1 | 
  2 | ## 2. Installation of NSX-T
  3 | 
  4 | *Disclaimer: The below install is a minimal installation intended for a lab environment only. We do not recommend below install in a live production environment.*
  5 | 
  6 | <p align="center">
  7 |   <img width=75% height=75% src="/docs/assets/Graphics/2.0.Installation-Design-1.jpg">
  8 | </p>  
  9 | <p align="center">
 10 |   <img width=75% height=75% src="/docs/assets/Graphics/2.0.Installation-Design-2.jpg">
 11 | </p>  
 12 | 
 13 | 
 14 | | IP of each Element | Management (VLAN11) | Overlay -TEP (VLAN12) |
 15 | |:-------------------|:-------------------:|:---------------------:|
 16 | | vCenter            |     19.168.50.4     |           -           |
 17 | | ESXi1              |    19.168.50.21     |     192.168.51.21     |
 18 | | ESXi2              |    19.168.50.22     |     192.168.51.22     |
 19 | | NSX-T Manager      |     19.168.50.5     |           -           |
 20 | | Edge Node          |    19.168.50.31     |     192.168.51.31     |
 21 | 
 22 | ---
 23 | 
 24 | ### Steps:
 25 | 
 26 | ### 1. Download of NSX Manager OVA
 27 | <details>
 28 | <summary>"Click to expand"</summary>
 29 | 
 30 | Download NSX-T 3.0 Manager for VMware ESXi OVA file [download link ](https://my.vmware.com/web/vmware/details?downloadGroup=NSX-T-300&productId=982&rPId=45015)
 31 | <p align="center">
 32 |   <img width=75% height=75% src="/docs/assets/Graphics/2.1.step1.jpg">
 33 | </p>
 34 | 
 35 | *Note: NSX-T Evaluations are based on Limited export build (no IPSEC VPN, no HTTPS LB), with no transition path to the full version.*
 36 | 
 37 | </details>
 38 | 
 39 | ---
 40 | 
 41 | ### 2. Deployment of NSX-T Manager
 42 | <details>
 43 | <summary>"Click to expand"</summary>
 44 | 
 45 | - **From vCenter, deploy NSX-T Unified Appliance OVA.**  
 46 | 	<p align="center">
 47 | 	  <img width=25% height=25% src="/docs/assets/Graphics/2.2.step1.jpg">
 48 | 	</p>
 49 | 
 50 | - **Select OVF file.**  
 51 | 	<p align="center">
 52 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step2.jpg">
 53 | 	</p>
 54 | 
 55 | - **Enter NSX-T Manager VM name + vCenter folder for VM.**  
 56 | 	<p align="center">
 57 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step3.jpg">
 58 | 	</p>
 59 | 
 60 | - **Select ESXi to host NSX-T Manager.**  
 61 | 	<p align="center">
 62 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step4.jpg">
 63 | 	</p>
 64 | 
 65 | - **Review NSX-T Manager VM details.**  
 66 | 	<p align="center">
 67 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step5.jpg">
 68 | 	</p>
 69 | 
 70 | - **Select NSX-T Manager VM size (Small).**  
 71 | 	<p align="center">
 72 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step6.jpg">
 73 | 	</p>
 74 | 
 75 | - **Select storage for NSX-T Manager VM.**  
 76 | 	<p align="center">
 77 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step7.jpg">
 78 | 	</p>
 79 | 
 80 | - **Select VDS Port Group for NSX-T Manager management vNIC (vCenter Managament Port Group).**  
 81 | 	<p align="center">
 82 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step8.jpg">
 83 | 	</p>
 84 | 
 85 | - **Enter NSX-T Manager information (passwords, hostname, IP, DNS, NTP). Important: Rolename is "NSX Manager".**  
 86 | 	<p align="center">
 87 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step9.jpg">
 88 | 	</p>
 89 | 
 90 | - **Review NSX-T Manager VM settings.**  
 91 | 	<p align="center">
 92 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.2.step10.jpg">
 93 | 	</p>
 94 | 
 95 | - **Once NSX-T Manager deployment is finished, start the VM.**  
 96 | 	<p align="center">
 97 | 	  <img width=40% height=40% src="/docs/assets/Graphics/2.2.step11.jpg">
 98 | 	</p>
 99 | </details>
100 | 
101 | ---
102 | 
103 | ### 3. Register NSX-T to vCenter
104 | <details>
105 | <summary>"Click to expand"</summary>
106 | 
107 | *Note: NSX-T Manager requires few minutes to fully start and get all its services running.*
108 | 
109 | - **Log on NSX-T Manager UI.**  
110 | In a browser: https://192.168.50.5/.  
111 | 	<p align="center">
112 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.3.step1.jpg">
113 | 	</p>
114 | 
115 | - **Configuration NSX-T Licence.**  
116 | Under "System - Settings - Licenses", click "Add".  
117 | 	<p align="center">
118 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.3.step2.jpg">
119 | 	</p>
120 | 
121 | 
122 | - **Register NSX-T in vCenter (to allow the deplyment of NSX elements into vCenter/ESXi from NSX).**  
123 | Under "System - Configuration - Fabric - Compute Managers", click "Add".  
124 | 	<p align="center">
125 | 	  <img width=50% height=50% src="/docs/assets/Graphics/2.3.step3a.jpg">
126 | 	</p>  
127 | 	<p align="center">
128 | 	  <img width=40% height=40% src="/docs/assets/Graphics/2.3.step3b.jpg">
129 | 	</p>
130 | 
131 | - **Validate NSX-T registration in vCenter.**  
132 | Under "System - Configuration - Fabric - Compute Managers", click "Refresh" (bottom-left).
133 | 	<p align="center">
134 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.3.step4.jpg">
135 | 	</p>
136 | 
137 | </details>
138 | 
139 | ---
140 | 
141 | ### 4. ESXi Host Preparation
142 | <details>
143 | <summary>"Click to expand"</summary>
144 | 
145 | #### 4.1. New VDS-NSX creation
146 | 
147 | <details>
148 | <summary>"Click to expand"</summary>
149 | 
150 | - **Create New VDS-NSX (for future NSX-T Logical Switches).**  
151 | From vCenter, under "Networking", select the Data Center, and right-click to create a "New Distributed Switch".  
152 | *For this lab, see the top of page for "Number of uplinks (1)",  
153 | and "Default Port Group (none)".*  
154 |   	<p align="center">
155 | 	  <img width=40% height=40% src="/docs/assets/Graphics/2.4.1.step1.jpg">
156 | 	</p>  
157 |   	<p align="center">
158 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step2.jpg">
159 | 	</p>  
160 |   	<p align="center">
161 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step3.jpg">
162 | 	</p>  
163 |   	<p align="center">
164 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step4.jpg">
165 | 	</p>  
166 |   	<p align="center">
167 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step5.jpg">
168 | 	</p>  
169 | 
170 | - **Add that VDS-NSX to ESXi.**  
171 | From vCenter, under "Networking", select the VDS-NSX, and right-click to "Add and Manage Hosts...".  
172 |   	<p align="center">
173 | 	  <img width=40% height=40% src="/docs/assets/Graphics/2.4.1.step6.jpg">
174 | 	</p>  
175 |   	<p align="center">
176 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step7.jpg">
177 | 	</p>  
178 |   	<p align="center">
179 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step8.jpg">
180 | 	</p>  
181 |   	<p align="center">
182 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step9.jpg">
183 | 	</p>  
184 |   	<p align="center">
185 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step10.jpg">
186 | 	</p>  
187 |   	<p align="center">
188 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step11.jpg">
189 | 	</p>  
190 |   	<p align="center">
191 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step12.jpg">
192 | 	</p>  
193 | 
194 | - **Configure that VDS-NSX with an large MTU (at least 1700).**  
195 | From vCenter, under "Networking", select the VDS-NSX, and right-click to "Add and Manage Hosts...".  
196 |   	<p align="center">
197 | 	  <img width=40% height=40% src="/docs/assets/Graphics/2.4.1.step13.jpg">
198 | 	</p>  
199 |   	<p align="center">
200 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.4.1.step14.jpg">
201 | 	</p>  
202 | 
203 | </details>
204 | 
205 | 
206 | #### 4.2. Uplink Profile Creation
207 | 
208 | <details>
209 | <summary>"Click to expand"</summary>
210 | 
211 | - **Create Uplink Profile for Transport Nodes ("VLAN-Overlay + NIC" information for ESXis + Edge Node).**  
212 | From NSX-T, under "System - Configuration - Fabric - Profiles - Uplink Profiles", click "Add".  
213 | *For this lab, see the top of page for VLAN for Overlay traffic information (12),  
214 | and number of uplinks for "VDS - NSX-T" information (1 NIC).*  
215 |   	<p align="center">
216 | 	  <img width=50% height=50% src="/docs/assets/Graphics/2.4.2.step1.jpg">
217 | 	</p>  
218 | 
219 | </details>
220 | 
221 | 
222 | #### 4.3. Installion of NSX in ESXi
223 | 
224 | <details>
225 | <summary>"Click to expand"</summary>
226 | 
227 | - **Configure NSX-T for ESXi.**  
228 |   - Select each ESXi of vCenter-Cluster  
229 |   Under "System - Configuration - Fabric - Node - Host Transport Nodes - Managed by", select "Lab-vCenter".  
230 |   *Select Type = VDS (to enable NSX into the existing "VDS-NSX" vCenter Distributed Switch),  
231 |   Mode = Standard,  
232 |   Transport Zone = "nsx-overlay-transportzone" (Default TZ for overlay traffic) + "nsx-vlan-transportzone" (Default TZ for VLAN traffic),  
233 |   Uplink Profile = "Lab-HostProfile" (with VLAN-Overlay information),  
234 |   IP (TEP) = Information on top of the page,  
235 |   Uplink = ESX VDS Uplink1.*
236 |   	<p align="center">
237 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.4.3.step1.jpg">
238 | 	</p>   
239 | 
240 |   - **For each ESXi, configure its new "VDS - NSX-T"**  
241 |   Click "Configure NSX".  
242 | 	<p align="center">
243 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.4.3.step2a.jpg">
244 | 	</p>  
245 | 	<p align="center">
246 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.4.3.step2b.jpg">
247 | 	</p>  
248 |   - **For each ESXi, validate "VDS - NSX-T" creation.**  
249 | 
250 | 	<p align="center">
251 | 	  <img width=75% height=75% src="/docs/assets/Graphics/2.4.3.step3.jpg">
252 | 	</p>  
253 | </details>
254 | 
255 | </details>
256 | 
257 | ---
258 | 
259 | ### 5. Deployment of Edge Node
260 | 
261 | 
262 | <details>
263 | <summary>"Click to expand"</summary>
264 | 
265 | *Note: If you limit your Evaluation at [Security only (no Logical Network)](/docs/3.1-Security-Only.md) and not [Logical Network + Security](/docs/3.2-LogicalNetwork-Security.md) nor [Operation Tools](/docs/3.3-Operation-Tools.md), you don't need to deploy Edge Nodes.*
266 | 
267 | #### 5.1. Creation of VDS Port Group "All VLAN"
268 | 
269 | <details>
270 | <summary>"Click to expand"</summary>
271 | 
272 | - **Create a Port Group "All VLAN" (= VLAN Tag 0-4096) on VDS.**  
273 | From vCenter, under "Networking", select the VDS-NSX, and right-click to "New Distributed Port Group...".
274 | *For this lab, see the top of page for this Port Group on VDS.*  
275 |   	<p align="center">
276 | 	  <img width=40% height=40% src="/docs/assets/Graphics/2.5.1.step1.jpg">
277 | 	</p>  
278 |   	<p align="center">
279 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.5.1.step2.jpg">
280 | 	</p>  
281 |   	<p align="center">
282 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.5.1.step3.jpg">
283 | 	</p>  
284 |   	<p align="center">
285 | 	  <img width=70% height=70% src="/docs/assets/Graphics/2.5.1.step4.jpg">
286 | 	</p>  
287 | 
288 | </details>
289 | 
290 | #### 5.2. Installation of NSX Edge Node
291 | 
292 | <details>
293 | <summary>"Click to expand"</summary>
294 | 
295 | - **Deploy 1 Edge Node on ESXi.**  
296 | Under "System - Configuration - Fabric - Nodes - Edge Transport Nodes", click "Add Edge VM".  
297 | *Select Form Factor Medium (useful if you want to test later Load-Balancing),  
298 | enable SSH for admin and root if you want to try later deeper troubleshooting,  
299 | Management and Switch (TEP) IP addresses on the top of the page), and  
300 | Transport Zones = "nsx-overlay-transportzone" (default TZ for Overlay traffic) and "nsx-vlan-transportzone" (default TZ for VLAN traffic).*
301 | 	<p align="center">
302 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.2.step1.jpg">
303 | 	</p>  
304 | 	<p align="center">
305 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.2.step2.jpg">
306 | 	</p>  
307 | 	<p align="center">
308 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.2.step3.jpg">
309 | 	</p>  
310 | 	<p align="center">
311 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.2.step4.jpg">
312 | 	</p>  
313 | 	<p align="center">
314 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.2.step5.jpg">
315 | 	</p>  
316 | 	<p align="center">
317 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.2.step6.jpg">
318 | 	</p>  
319 | 
320 | - **Validate Edge Node deployment.**  
321 | Under "System - Configuration - Fabric - Nodes - Edge Transport Nodes", click "Refresh" (bottom UI)  
322 | 	<p align="center">
323 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.2.step7.jpg">
324 | 	</p>  
325 | 
326 | </details>
327 | 
328 | #### 5.3. Creation of Edge Cluster
329 | 
330 | <details>
331 | <summary>"Click to expand"</summary>
332 | 
333 | - **Create 1 Edge Cluster with EdgeNode1 member.**  
334 | Under "System - Configuration - Fabric - Nodes - Edge Clusters", click "Add".  
335 | *Select EdgeNode1 as member of that Edge Cluster.*
336 | 	<p align="center">
337 | 	  <img width=50% height=50% src="/docs/assets/Graphics/2.5.3.step1.jpg">
338 | 	</p>  
339 | 
340 | - **Validate Edge Cluster creation.**  
341 | Under "System - Configuration - Fabric - Nodes - Edge Clusters", click "Refresh".  
342 | 	<p align="center">
343 | 	  <img width=85% height=85% src="/docs/assets/Graphics/2.5.3.step2.jpg">
344 | 	</p>  
345 | 
346 | 
347 | </details>
348 | 
349 | </details>
350 | 
351 | ---
352 | 
353 | [***Next Step: 3. NSX Evaluation***](/docs/3-NSX-Evaluation.md)
354 | 
355 | 


--------------------------------------------------------------------------------
/docs/3-NSX-Evaluation.md:
--------------------------------------------------------------------------------
 1 | 
 2 | ## 3. NSX Evaluation
 3 | 
 4 | ### Overview
 5 | NSX-T Services evaluated in that Evaluation Guide:
 6 | - Security Services
 7 |   - Micro-Segmentation (DFW)
 8 |   - Identity Firewall
 9 | - Logical Networking Services
10 |   - Logical Switching
11 |   - Logical Routing (with distributed routing)
12 | - Operation tools
13 |   - Network Topology
14 |   - Traceflow
15 | 
16 | 
17 | 
18 | 
19 | NSX offers many more services, such as Load Balancing, VPN, IDS, NSX Intelligence, Federation, etc.  
20 | Those are currently out of scope of that document.  
21 | 
22 | Also to limit the ESXi/Storage requirements, this evaluation does not cover high-availability and only 1 element of each NSX component will be installed.
23 | 
24 | ---
25 | 
26 | 3. NSX Evaluation
27 |    1. [Security only (no Logical Network)](/docs/3.1-Security-Only.md)
28 |    1. [Logical Network + Security](/docs/3.2-LogicalNetwork-Security.md)
29 |    1. [Operation Tools](/docs/3.3-Operation-Tools.md)
30 |    1. [Other - Identity Firewall](/docs/3.4-Security-Identity-Firewall.md)
31 | 
32 | 
33 | 


--------------------------------------------------------------------------------
/docs/3.1-Security-Only.md:
--------------------------------------------------------------------------------
  1 | 
  2 | ## 3.1. Security only (no Logical Network)
  3 | 
  4 | In this section, you'll configure 2 Web VMs on a new VLAN and provide micro-segmentation (DFW) on those 2 VMs.  
  5 | *Important Note: In this section, the routing is still fully done by physical fabric.  
  6 | So your physical router needs an interface for that new VLAN (10.114.218.1/24 in my lab).*
  7 | 
  8 | <p align="center">
  9 |   <img width=50% height=50% src="/docs/assets/Graphics/3.1.LogicalView.jpg"><br>
 10 |   Logical View<br>
 11 |   <img width=75% height=75% src="/docs/assets/Graphics/3.1.PhysicalView.jpg"><br>
 12 |   Physical View<br>
 13 | </p>  
 14 | 
 15 | 
 16 | *The Security evaluation done in this chapter is focusing on NSX L4 Stateful North/South and East/West firewalling capabilities.  
 17 | NSX-T offers more than L4 Stateful firewal capabilities, such as Layer7 Firewalling, Intrusion Detection System (IDS), eco-system with Security Vendors like Checkpoint, Fortinet, or Palo Alto Networks.  
 18 | More information on https://www.vmware.com/products/nsx.html and https://nsx.techzone.vmware.com/.*
 19 | 
 20 | ---
 21 | 
 22 | ### 3.1.1. Create VLAN in NSX-T
 23 | 
 24 | <details>
 25 | <summary>"Click to expand"</summary>
 26 | 
 27 | - **Log on NSX-T Manager UI.**  
 28 | In a browser: https://192.168.50.5/.  
 29 |   <p align="center">
 30 |     <img width=85% height=85% src="/docs/assets/Graphics/2.3.step1.jpg">
 31 |   </p>  
 32 | 
 33 | 
 34 | - **Create new VLAN "Web" + interface on physical router**
 35 | *For this lab, see on top of the page for the physical router interface + VLAN information.  
 36 | There is no steps described in this document, as it varies per physical router.*  
 37 | 
 38 | 
 39 | - **Create new VLAN Segment "VLAN-Web".**  
 40 | Under "Networking - Segments", click "Add Segment".  
 41 | *For this lab, see on top of the page for the VLAN number (16).*  
 42 | *Select Transport Zone = "nsx-vlan-transportzone" (Default TZ for VLAN traffic),  
 43 |   VLAN = "16",
 44 |   and no extra configuration for that Segment.*  
 45 |   <p align="center">
 46 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.1.step1.jpg">
 47 |   </p>  
 48 |   <p align="center">
 49 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.1.step2.jpg">
 50 |   </p>  
 51 | 
 52 | - **Validate new VLAN Segment "VLAN-Web" is available on vCenter.**  
 53 | From vCenter, under "Networking", validate "VLAN-Web" is under VDS-NSX.  
 54 | *For this lab, see on top of the page for the VM IP addresses.*  
 55 |   <p align="center">
 56 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.1.step3.jpg">
 57 |   </p>  
 58 | 
 59 | </details>
 60 | 
 61 | ---
 62 | 
 63 | ### 3.1.2. Create 2 Web VMs in VLAN "VLAN-Web"
 64 | 
 65 | <details>
 66 | <summary>"Click to expand"</summary>
 67 | 
 68 | - **Create 2 Web VMs in VLAN "VLAN-Web"**  
 69 | From vCenter, under "Host and Clusters", validate 2 Web VMs are well created and connected to "VLAN-Web" 
 70 |   <p align="center">
 71 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.2.step1.jpg">
 72 |   </p>  
 73 | 
 74 | - **Validate connectivity from external to those VMs**  
 75 | From external client, validate ping communication to VMs is allowed,  
 76 | and validate SSH communication to VMs is also allowed.  
 77 | *Note: I'm using ping + SSH, but you can use any protocol of your choice*  
 78 | ```  
 79 | root@lab3-jumphost:~# ping 10.16.1.11
 80 | PING 10.16.1.11 (10.16.1.11) 56(84) bytes of data.
 81 | 64 bytes from 10.16.1.11: icmp_seq=1 ttl=63 time=0.565 ms
 82 | 64 bytes from 10.16.1.11: icmp_seq=2 ttl=63 time=0.593 ms
 83 | ^C
 84 | --- 10.16.1.11 ping statistics ---
 85 | 2 packets transmitted, 2 received, 0% packet loss, time 1022ms
 86 | rtt min/avg/max/mdev = 0.565/0.579/0.593/0.014 ms
 87 | 
 88 | root@lab3-jumphost:~# ssh root@10.16.1.11
 89 | The authenticity of host '10.16.1.11 (10.16.1.11)' can't be established.
 90 | ECDSA key fingerprint is SHA256:uncl2WyCuNSTwllyvR2He8JEKqZn0K2qdhYB06L+bKE.
 91 | Are you sure you want to continue connecting (yes/no)? yes
 92 | Warning: Permanently added '10.16.1.11' (ECDSA) to the list of known hosts.
 93 | root@10.16.1.11's password: 
 94 | Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-116-generic x86_64)
 95 | 
 96 |  * Documentation:  https://help.ubuntu.com
 97 |  * Management:     https://landscape.canonical.com
 98 |  * Support:        https://ubuntu.com/advantage
 99 | 
100 | 217 packages can be updated.
101 | 136 updates are security updates.
102 | 
103 | 
104 | Last login: Mon Apr  6 16:58:28 2020
105 | root@VLANWebeb-VM1:~#
106 | ```  
107 |   
108 | ```  
109 | root@lab3-jumphost:~# ping 10.16.1.12
110 | PING 10.16.1.12 (10.16.1.12) 56(84) bytes of data.
111 | 64 bytes from 10.16.1.12: icmp_seq=1 ttl=63 time=1.21 ms
112 | 64 bytes from 10.16.1.12: icmp_seq=2 ttl=63 time=0.441 ms
113 | ^C
114 | --- 10.16.1.12 ping statistics ---
115 | 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
116 | rtt min/avg/max/mdev = 0.441/0.828/1.216/0.388 ms
117 | 
118 | root@lab3-jumphost:~# ssh root@10.16.1.12
119 | The authenticity of host '10.16.1.12 (10.16.1.12)' can't be established.
120 | ECDSA key fingerprint is SHA256:uncl2WyCuNSTwllyvR2He8JEKqZn0K2qdhYB06L+bKE.
121 | Are you sure you want to continue connecting (yes/no)? yes
122 | Warning: Permanently added '10.16.1.12' (ECDSA) to the list of known hosts.
123 | root@10.16.1.12's password: 
124 | Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0-116-generic x86_64)
125 | 
126 |  * Documentation:  https://help.ubuntu.com
127 |  * Management:     https://landscape.canonical.com
128 |  * Support:        https://ubuntu.com/advantage
129 | 
130 | 217 packages can be updated.
131 | 136 updates are security updates.
132 | 
133 | 
134 | Last login: Mon Apr  6 16:59:23 2020
135 | root@VLANWeb-VM2:~#
136 | 
137 | ```
138 | 
139 | </details>
140 | 
141 | ---
142 | 
143 | ### 3.1.3. Configure Microsegmentation
144 | 
145 | <details>
146 | <summary>"Click to expand"</summary>
147 | 
148 | #### 3.1.3.1. Create NSX Group "VLAN Web VMs"
149 | 
150 | <details>
151 | <summary>"Click to expand"</summary>
152 | 
153 | To simplify the configuration of micro-segmentation, NSX offers the ability to Group Workload into static or dynamic membership, such as VM name, tags, segment, etc.  
154 | 
155 | - **Create NSX Group "Group VLAN Web VMs".**  
156 | From NSX-T, under "Inventory - Groups", click "Add Group".
157 | *For this lab, we create dynamic Membership Criteria based on VM Name "starts with VLANWeb".*  
158 |   <p align="center">
159 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.3.1.step1.jpg">
160 |   </p>  
161 |   <p align="center">
162 |     <img width=75% height=75% src="/docs/assets/Graphics/3.1.3.1.step2.jpg">
163 |   </p>  
164 | 
165 | - **Validate membership of NSX Group "Group VLAN Web VMs".**  
166 | From NSX-T, under "Inventory - Groups", click "View Members" of "Group VLAN Web VMs".
167 |   <p align="center">
168 |     <img width=75% height=75% src="/docs/assets/Graphics/3.1.3.1.step3.jpg">
169 |   </p>  
170 |   <p align="center">
171 |     <img width=75% height=75% src="/docs/assets/Graphics/3.1.3.1.step4.jpg">
172 |   </p>  
173 | 
174 | </details>
175 | 
176 | 
177 | #### 3.1.3.2. Create Micro-Segmentation (DFW)
178 | 
179 | <details>
180 | <summary>"Click to expand"</summary>
181 | 
182 | Micro-segmentation is defined in "Categories" (Emergency, Infrastructure, Environment, Application), with security "Sections" + "Rules" in each.
183 | The security rules in the different sections will be pushed to the relevant VMs vNics based on the "Apply To" defined in the Section and/or Rule. 
184 | 
185 | 
186 | - **Create new DFW Section (= Policy).**  
187 | From NSX-T, under "Security - Distributed Firewall - Category Specific Rules", click "Add Policy".  
188 | *For this lab, let's create a Section name "Section-VLANWeb",  
189 | and with an Applied To = "Group VLAN Web VMs".*  
190 |   <p align="center">
191 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.3.2.step1.jpg">
192 |   </p>  
193 | 
194 | - **Create new DFW Rule.**  
195 | From NSX-T, under "Security - Distributed Firewall - Category Specific Rules", select section "Section-VLANWeb" and click "Add Rule".  
196 | For this lab, let's create the folling rules:  
197 | 
198 | | Name     |      Sources       | Destinations       | Services    | Profiles | Applied To | Action |
199 | |:---------|:------------------:|:------------------:|:-----------:|:--------:|:----------:|:------:|
200 | | Internal | Group VLAN Web VMs | Group VLAN Web VMs | HTTP + ICMP | None     | DFW        | Allow  |
201 | | External |        Any         | Group VLAN Web VMs | HTTP        | None     | DFW        | Allow  |
202 | | Default  |        Any         | Group VLAN Web VMs | Any         | None     | DFW        | Reject |
203 |   <p align="center">
204 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.3.2.step2.jpg">
205 |   </p>  
206 | 
207 | - **Publish DFW.**  
208 | From NSX-T, under "Security - Distributed Firewall - Category Specific Rules", click "Publish" (top-right).
209 |   <p align="center">
210 |     <img width=85% height=85% src="/docs/assets/Graphics/3.1.3.2.step3.jpg">
211 |   </p>  
212 | 
213 | </details>
214 | 
215 | </details>
216 | 
217 | ---
218 | 
219 | ### 3.1.4. Validate Micro-Segmentation
220 | 
221 | <details>
222 | <summary>"Click to expand"</summary>
223 | 
224 | - **Validate connectivity from external to those VMs.**  
225 | From external client, validate HTTP communication to VMs is allowed,  
226 | and validate ICMP communication to VMs is NOT allowed.  
227 | *Note: I'm using the web client "curl" to access the web page "/test.php", but you can use any web client.*    
228 | ```
229 | root@lab3-jumphost:~# curl http://10.16.1.11/test.php
230 | The Client IP@ is: 10.114.218.216<br>
231 | The Server IP@ is: 10.16.1.11
232 | 
233 | root@lab3-jumphost:~# ping 10.16.1.11
234 | PING 10.16.1.11 (10.16.1.11) 56(84) bytes of data.
235 | From 10.16.1.11 icmp_seq=1 Destination Host Prohibited
236 | From 10.16.1.11 icmp_seq=2 Destination Host Prohibited
237 | ^C
238 | --- 10.16.1.11 ping statistics ---
239 | 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1013ms
240 | ```
241 |   
242 | ```
243 | root@lab3-jumphost:~# curl http://10.16.1.12/test.php
244 | The Client IP@ is: 10.114.218.216<br>
245 | The Server IP@ is: 10.16.1.12
246 | 
247 | root@lab3-jumphost:~# ping 10.16.1.12
248 | PING 10.16.1.12 (10.16.1.12) 56(84) bytes of data.
249 | From 10.16.1.12 icmp_seq=1 Destination Host Prohibited
250 | From 10.16.1.12 icmp_seq=2 Destination Host Prohibited
251 | ^C
252 | --- 10.16.1.12 ping statistics ---
253 | 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1001ms
254 | ```
255 | 
256 | - **Validate L2 connectivity between those VMs.**  
257 | From VLANWeb VM, validate HTTP + ICMP communication to VLANWeb VM is allowed,  
258 | and validate SSH communication to VLAN Web VM is NOT allowed.  
259 | ```
260 | root@VLANWebeb-VM1:~# ping 10.16.1.12
261 | PING 10.16.1.12 (10.16.1.12) 56(84) bytes of data.
262 | 64 bytes from 10.16.1.12: icmp_seq=1 ttl=64 time=1.80 ms
263 | 64 bytes from 10.16.1.12: icmp_seq=2 ttl=64 time=1.23 ms
264 | ^C
265 | --- 10.16.1.12 ping statistics ---
266 | 2 packets transmitted, 2 received, 0% packet loss, time 1000ms
267 | rtt min/avg/max/mdev = 1.231/1.518/1.805/0.287 ms
268 | (reverse-i-search)`cu': ^Crl http://127.0.0.1/response_code.php
269 | root@VLANWebeb-VM1:~# curl http://10.16.1.12/test.php
270 | The Client IP@ is: 10.16.1.11<br>
271 | The Server IP@ is: 10.16.1.12
272 | 
273 | root@VLANWebeb-VM1:~# ssh 10.16.1.12
274 | ssh: connect to host 10.16.1.12 port 22: Connection refused
275 | ```
276 | 
277 | 
278 | </details>
279 | 
280 | ---
281 | 
282 | [***Back to main NSX Evaluation page for other tests : 3. NSX Evaluation***](/docs/3-NSX-Evaluation.md)
283 | 
284 | 
285 | 


--------------------------------------------------------------------------------
/docs/3.2-LogicalNetwork-Security.md:
--------------------------------------------------------------------------------
  1 | 
  2 | ## 3.2. Logical Network + Security
  3 | 
  4 | In this section, you'll configure Logical Networks for Tenants Green and Blue (Logical Routers = "Tier1" and Logical Switches = "Segments").  
  5 | Those Tenants Logical Networks will have access to the physical fabric via a Logical Router ("Tier0").  
  6 | Routing between the Tier0 and physical router will be done via "static routing" or "BGP".
  7 | 
  8 | *Important Note: In this section, the internal Tenant routing (East/West) is done in "Logical Space" by NSX.  
  9 | The physical router provides the routing between the "logical space" and the "physical world" (North/South).*
 10 | 
 11 | <p align="center">
 12 |   <img width=50% height=50% src="/docs/assets/Graphics/3.2.LogicalView.jpg"><br>
 13 |   Logical View<br>
 14 |   <img width=75% height=75% src="/docs/assets/Graphics/3.2.PhysicalView.jpg"><br>
 15 |   Physical View<br>
 16 | </p>  
 17 | 
 18 | *The Network evaluation done in this chapter is focusing on NSX Switching and Routing capabilities.  
 19 | NSX-T offers more than Switching and Routing capabilities, such as NAT, Load Balancing, VPN.  
 20 | The Security evaluation done in this chapter is focusing on NSX L4 Stateful North/South and East/West firewalling capabilities.  
 21 | NSX-T offers more than L4 Stateful firewal capabilities, such as Layer7 Firewalling, Intrusion Detection System (IDS), eco-system with Security Vendors like Checkpoint, Fortinet, or Palo Alto Networks.  
 22 | More information on https://www.vmware.com/products/nsx.html and https://nsx.techzone.vmware.com/.*
 23 | 
 24 | ---
 25 | 
 26 | ### 3.2.1. Create Tenants Logical Networks
 27 | 
 28 | <details>
 29 | <summary>"Click to expand"</summary>
 30 | 
 31 | - **Log on NSX-T Manager UI.**  
 32 | In a browser: https://192.168.50.5/.  
 33 |   <p align="center">
 34 |     <img width=85% height=85% src="/docs/assets/Graphics/2.3.step1.jpg">
 35 |   </p>  
 36 | 
 37 | - **Create new Logical Routers "T1-xxx".**  
 38 | Under "Networking - Connectivity - Tier-1 Gateways", click "Add Tier-1 Gateway".  
 39 | *For this lab, see on top of the page for the T1 name (T1-Tenant1, and T1-Tenant2).*  
 40 | *Configure the T1 Name.*  
 41 |   <p align="center">
 42 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.1.step1.jpg">
 43 |   </p>  
 44 | 
 45 | - **Create new Overlay Segments "LSxxx".**  
 46 | Under "Networking - Segments", click "Add Segment".  
 47 | *For this lab, see on top of the page for the Segment name (LS1.1, LS1.2, and LS2.1).*  
 48 | *Select Connectivity = "T1-xxx" ("LS1.1 + LS1.2 on T1-Tenant1" and "LS2.1 on T1-Tenant2"),  
 49 | Transport Zone = "nsx-overlay-transportzone" (Default TZ for Overlay traffic),  
 50 | Subnets = 10.x.x.1/24"*  
 51 |   <p align="center">
 52 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.1.step2.jpg">
 53 |   </p>  
 54 | 
 55 | - **Validate new Overlay Segments "LSxxx" is available on vCenter.**  
 56 | From vCenter, under "Networking", validate "LSxxx" is under VDS-NSX. 
 57 |   <p align="center">
 58 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.1.step3.jpg">
 59 |   </p>  
 60 | 
 61 | - **Create 2 Web VMs in each Overlay Segment "LSxxx".**  
 62 | From vCenter, under "Host and Clusters", validate VMs are well created and connected to "LSxxx" 
 63 | *For this lab, see on top of the page for the VM IP addresses.*  
 64 |   <p align="center">
 65 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.1.step4.jpg">
 66 |   </p>  
 67 | 
 68 | 
 69 | </details>
 70 | 
 71 | 
 72 | ---
 73 | 
 74 | ### 3.2.2. Configure North/South Communication (T0 / Physical Router)
 75 | 
 76 | <details>
 77 | <summary>"Click to expand"</summary>
 78 | 
 79 | #### 3.2.2.1. Configure physical router + Create T0-Provider + Connect T1s to T0-Provider
 80 | 
 81 | <details>
 82 | <summary>"Click to expand"</summary>
 83 | 
 84 | - **Create new VLAN External + interface on physical router.**  
 85 | *For this lab, see on top of the page for the physical router interface + VLAN information.  
 86 | There is no steps described in this document, as it varies per physical router.*  
 87 | 
 88 | - **Create VLAN Segment "External".**  
 89 | Under "Networking - Segments", click "Add Segment".  
 90 | *For this lab, see on top of the page for the VLAN number (3103).*  
 91 | *Select Transport Zone = "nsx-vlan-transportzone" (Default TZ for VLAN traffic),  
 92 |   VLAN = "3103"*  
 93 |   <p align="center">
 94 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.2.1.step1.jpg">
 95 |   </p>  
 96 | 
 97 | - **Create new Logical Routers "T0-Provider".**  
 98 | Under "Networking - Connectivity - Tier-0 Gateways", click "Add Gateway Tier-0".  
 99 | *For this lab, see on top of the page for the T0 settings.*  
100 | *Select Edge Cluster = ""EdgeCluster1",  
101 | and the following settings:  
102 | Interface "20.20.20.2/24" on Segment "External" on Edge Node "EdgeNode1".*  
103 |   <p align="center">
104 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.2.1.step2.jpg">
105 |   </p>  
106 |   <p align="center">
107 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.2.1.step3.jpg">
108 |   </p>  
109 | 
110 | - **Connect the different T1 to the Provider-T0.**  
111 | For each T1, under "Networking - Connectivity - Tier-1 Gateways", edit T1 and link it to "T0-Provider".   
112 |   <p align="center">
113 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.2.1.step4.jpg">
114 |   </p>  
115 | 
116 | </details>  
117 | 
118 | 
119 | **Then configure "3.2.2.2. Static Routing." *OR* "3.2.2.3. Dynamic Routing."**
120 | 
121 | 
122 | #### 3.2.2.2. Configure North/South Routing Static
123 | 
124 | <details>
125 | <summary>"Click to expand"</summary>
126 | 
127 | <p align="center">
128 |   <img width=50% height=50% src="/docs/assets/Graphics/3.2.2.2.LogicalView.jpg">
129 | </p>  
130 | 
131 | - **Configure static route on physical router.**  
132 | Subnets "10.1.1.0/24" + "10.1.2.0/24" + "10.2.1.0/24" have a static route via "20.20.20.2".
133 | *There is no steps described in this document, as it varies per physical router.  
134 | Just showing the routing table of the physical router*  
135 | ```
136 | physical-router@lab3:~$ show ip route
137 | Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
138 |        I - ISIS, B - BGP, > - selected route, * - FIB route
139 | 
140 | S>* 10.1.1.0/24 [1/0] via 20.20.20.2, eth3
141 | S>* 10.1.2.0/24 [1/0] via 20.20.20.2, eth3
142 | S>* 10.2.1.0/24 [1/0] via 20.20.20.2, eth3
143 | ```
144 | 
145 | - **Configure static route on T0-Provider.**  
146 | Default gateway via "20.20.20.1".  
147 | Under "Networking - Connectivity - Tier-0 Gateways", edit the "T0-Provider" and under "Routing - Static Routes", set a "Static Route".  
148 |   <p align="center">
149 |     <img width=65% height=65% src="/docs/assets/Graphics/3.2.2.2.step1.jpg">
150 |   </p>  
151 | And Configure the "Set Next Hops" = "20.20.20.1"  
152 |   <p align="center">
153 |     <img width=65% height=65% src="/docs/assets/Graphics/3.2.2.2.step2.jpg">
154 |   </p>  
155 | </details>
156 | 
157 | 
158 | #### 3.2.2.3. Configure North/South Routing Dynamic with BGP
159 | 
160 | <details>
161 | <summary>"Click to expand"</summary>
162 | 
163 | <p align="center">
164 |   <img width=50% height=50% src="/docs/assets/Graphics/3.2.2.3.LogicalView.jpg">
165 | </p>  
166 | 
167 | - **Configure BGP on physical router.**  
168 | *There is no steps described in this document, as it varies per physical router.  
169 | Just showing the BGP configuration of the physical router*  
170 | ```
171 | physical-router@lab3:~$ show configuration commands | grep bgp
172 | set protocols bgp 2 neighbor 20.20.20.2 'default-originate'     <-- Advertise itself for default gateway
173 | set protocols bgp 2 neighbor 20.20.20.2 remote-as '1'
174 | ```
175 | 
176 | - **Configure BGP on T0-Provider.**  
177 | Under "Networking - Connectivity - Tier-0 Gateways", edit the "T0-Provider" and under "BGP", configure the "Local AS" = "1".  
178 |   <p align="center">
179 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.2.3.step1.jpg">
180 |   </p>  
181 | And configure the "BGP Neighbors" = "20.20.20.1", with "Remote AS number" = "2", and with "Source Addresses" = "20.20.20.1".  
182 |   <p align="center">
183 |     <img width=65% height=65% src="/docs/assets/Graphics/3.2.2.3.step2.jpg">
184 |   </p>  
185 | 
186 | - **Configure T0-Provider "Route Distribution".**  
187 | Under "Networking - Connectivity - Tier-0 Gateways", edit the "T0-Provider" and under "Route Redistribution", add redistribution of T1 Subnets.  
188 |   <p align="center">
189 |     <img width=65% height=65% src="/docs/assets/Graphics/3.2.2.3.step3.jpg">
190 |   </p>  
191 | And configure the "T1 Connected Interfaces & Segments".  
192 |   <p align="center">
193 |     <img width=65% height=65% src="/docs/assets/Graphics/3.2.2.3.step4.jpg">
194 |   </p>  
195 | 
196 | - **Configure T1-xxx "Route Distribution".**  
197 | Under "Networking - Connectivity - Tier-1 Gateways", edit each "T1-xxx" and under "Route Advertisement", select "All Connected Segments & Service Ports".  
198 |   <p align="center">
199 |     <img width=85% height=85% src="/docs/assets/Graphics/3.2.2.3.step5.jpg">
200 |   </p>  
201 | 
202 | - **Validate learned BGP routes on physical router.**  
203 | ```
204 | physical-router@lab3:~$ show ip bgp neighbors 20.20.20.2 
205 | BGP neighbor is 20.20.20.2, remote AS 1, local AS 2, external link
206 |   BGP version 4, remote router ID 20.20.20.2
207 |   BGP state = Established, up for 00:00:16
208 |   <snip>
209 | 
210 | physical-router@lab3:~$ show ip bgp neighbors 20.20.20.2 routes 
211 | BGP table version is 0, local router ID is 192.168.52.1
212 | Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
213 |               r RIB-failure, S Stale, R Removed
214 | Origin codes: i - IGP, e - EGP, ? - incomplete
215 | 
216 |    Network          Next Hop            Metric LocPrf Weight Path
217 | *> 10.1.1.0/24      20.20.20.2               0             0 1 ?
218 | *> 10.1.2.0/24      20.20.20.2               0             0 1 ?
219 | *> 10.2.1.0/24      20.20.20.2               0             0 1 ?
220 | 
221 | Total number of prefixes 3
222 | ```
223 | 
224 | - **Validate BGP status of T0-Provider.**  
225 | Under "Networking - Connectivity - Tier-0 Gateways", expand "BGP", and click on "BGP Neighbors".  
226 | And click on the "i" next to "Status" ("Connection State" should be "ESTABLISHED").  
227 |   <p align="center">
228 |     <img width=50% height=50% src="/docs/assets/Graphics/3.2.2.3.step6.jpg">
229 |   </p>  
230 | 
231 | </details>
232 | 
233 | </details>
234 | 
235 | ---
236 | 
237 | 
238 | ### 3.2.3. Validate Networking
239 | 
240 | <details>
241 | <summary>"Click to expand"</summary>
242 | 
243 | - **Validate North/South connectivity from external to those VMs.**  
244 | From external client, validate communication to VMs  
245 | ```
246 | root@lab3-jumphost:~# ping 10.1.1.11
247 | PING 10.1.1.11 (10.1.1.11) 56(84) bytes of data.
248 | 64 bytes from 10.1.1.11: icmp_seq=1 ttl=61 time=1.64 ms
249 | 64 bytes from 10.1.1.11: icmp_seq=2 ttl=61 time=1.20 ms
250 | ^C
251 | --- 10.1.1.11 ping statistics ---
252 | 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
253 | rtt min/avg/max/mdev = 1.202/1.424/1.646/0.222 ms
254 | ```
255 | ```
256 | root@lab3-jumphost:~# ping 10.2.1.11
257 | PING 10.2.1.11 (10.2.1.11) 56(84) bytes of data.
258 | 64 bytes from 10.2.1.11: icmp_seq=1 ttl=61 time=8.01 ms
259 | 64 bytes from 10.2.1.11: icmp_seq=2 ttl=61 time=1.67 ms
260 | 
261 | --- 10.2.1.11 ping statistics ---
262 | 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
263 | rtt min/avg/max/mdev = 1.672/4.845/8.019/3.174 ms
264 | ```
265 | 
266 | - **Validate East/West connectivity from VMs to VMs.**  
267 | From VM3, validate communication to VM4, VM5, and VM7.
268 | ```
269 | root@LS1-1-VM3:~# ping 10.1.1.12
270 | PING 10.1.1.12 (10.1.1.12) 56(84) bytes of data.
271 | 64 bytes from 10.1.1.12: icmp_seq=1 ttl=64 time=1.82 ms
272 | 64 bytes from 10.1.1.12: icmp_seq=2 ttl=64 time=0.828 ms
273 | ^C
274 | --- 10.1.1.12 ping statistics ---
275 | 2 packets transmitted, 2 received, 0% packet loss, time 1002ms
276 | rtt min/avg/max/mdev = 0.828/1.325/1.822/0.497 ms
277 | ```
278 | ```
279 | root@LS1-1-VM3:~# ping 10.1.2.11
280 | PING 10.1.2.11 (10.1.2.11) 56(84) bytes of data.
281 | 64 bytes from 10.1.2.11: icmp_seq=1 ttl=63 time=3.00 ms
282 | 64 bytes from 10.1.2.11: icmp_seq=2 ttl=63 time=0.469 ms
283 | ^C
284 | --- 10.1.2.11 ping statistics ---
285 | 2 packets transmitted, 2 received, 0% packet loss, time 1001ms
286 | rtt min/avg/max/mdev = 0.469/1.735/3.002/1.267 ms
287 | ```
288 | ```
289 | root@LS1-1-VM3:~# ping 10.2.1.11
290 | PING 10.2.1.11 (10.2.1.11) 56(84) bytes of data.
291 | 64 bytes from 10.2.1.11: icmp_seq=1 ttl=61 time=0.482 ms
292 | 64 bytes from 10.2.1.11: icmp_seq=2 ttl=61 time=0.596 ms
293 | ^C
294 | --- 10.2.1.11 ping statistics ---
295 | 2 packets transmitted, 2 received, 0% packet loss, time 999ms
296 | rtt min/avg/max/mdev = 0.482/0.539/0.596/0.057 ms
297 | ```
298 | 
299 | </details>
300 | 
301 | ---
302 | 
303 | ### 3.2.4. Configure + Validate Security (Micro-Segmentation)
304 | 
305 | <details>
306 | <summary>"Click to expand"</summary>
307 | 
308 | Follow the procedure detailed in [3.1.3. Configure Microsegmentation](/docs/3.1-Security-Only.md#313-configure-microsegmentation)  
309 | to implement the following Micro-Segmentation:  
310 | 
311 | <p align="center">
312 |   <img width=50% height=50% src="/docs/assets/Graphics/3.2.4.LogicalView.jpg">
313 | </p>  
314 | 
315 | To simplify the configuration of micro-segmentation, NSX offers the ability to Group Workload into static or dynamic membership, such as VM name, tags, segment, etc.  
316 | 
317 | | Groups              |                  Members                  |
318 | |:--------------------|:-----------------------------------------:|
319 | | Group-Tenant1-LS1.1 |               Segment LS1.1               |
320 | | Group-Tenant1-LS1.2 |               Segment LS1.2               |
321 | | Group-Tenant1       | Group-Tenant1-LS1.1 + Group-Tenant1-LS1.2 |
322 | | Group-Tenant2       |               Segment LS2.1               |
323 | | Group-AllTenants    |       Group-Tenant1 + Group-Tenant2       |
324 | 
325 | 
326 | Micro-segmentation is defined in "Categories" (Emergency, Infrastructure, Environment, Application), with security "Sections" + "Rules" in each.
327 | The security rules in the different sections will be pushed to the relevant VMs vNics based on the "Apply To" defined in the Section and/or Rule. 
328 | 
329 | 
330 | | Section                    | Rule-Name            |       Sources       |    Destinations     |  Services   | Profiles | Applied To | Action |
331 | |:---------------------------|:---------------------|:-------------------:|:-------------------:|:-----------:|:--------:|:----------:|:------:|
332 | | Tenant1                    |                      |                     |                     |             |          |            |        |
333 | | ApplyTo = Group-Tenant1    |                      |                     |                     |             |          |            |        |
334 | |                            | Internal-LS1.1 Deny  | Group-Tenant1-LS1.1 | Group-Tenant1-LS1.1 |     Any     |   None   |    DFW     | Reject |
335 | |                            | Internal-LS1.2 Deny  | Group-Tenant1-LS1.2 | Group-Tenant1-LS1.2 |     Any     |   None   |    DFW     | Reject |
336 | |                            | L3 East/West Allow   | Group-Tenant1-LS1.1 | Group-Tenant1-LS1.2 | HTTP + ICMP |   None   |    DFW     | Allow  |
337 | |                            | L3 East/West Deny    | Group-Tenant1-LS1.1 | Group-Tenant1-LS1.2 |     Any     |   None   |    DFW     | Reject |
338 | |                            |                      |                     |                     |             |          |            |        |
339 | | Tenant2                    |                      |                     |                     |             |          |            |        |
340 | | ApplyTo = Group-Tenant2    |                      |                     |                     |             |          |            |        |
341 | |                            | Internal allow       |    Group-Tenant2    |    Group-Tenant2    |     Any     |   None   |    DFW     | Allow  |
342 | |                            |                      |                     |                     |             |          |            |        |
343 | | Cross-Tenants              |                      |                     |                     |             |          |            |        |
344 | | ApplyTo = Group-AllTenants |                      |                     |                     |             |          |            |        |
345 | |                            | Cross-Tenants Allow1 |    Group-Tenant1    |    Group-Tenant2    |    HTTP     |   None   |    DFW     | Allow  |
346 | |                            | Cross-Tenants Allow2 |    Group-Tenant2    |    Group-Tenant1    |    HTTP     |   None   |    DFW     | Allow  |
347 | |                            | Cross-Tenants Deny1  |    Group-Tenant1    |    Group-Tenant2    |     Any     |   None   |    DFW     | Reject |
348 | |                            | Cross-Tenants Deny2  |    Group-Tenant2    |    Group-Tenant1    |     Any     |   None   |    DFW     | Reject |
349 | |                            |                      |                     |                     |             |          |            |        |
350 | | External                   |                      |                     |                     |             |          |            |        |
351 | | ApplyTo = Group-AllTenants |                      |                     |                     |             |          |            |        |
352 | |                            | External Allow       |         Any         |  Group-AllTenants   |    HTTP     |   None   |    DFW     | Allow  |
353 | |                            | External Deny        |         Any         |  Group-AllTenants   |     Any     |   None   |    DFW     | Reject |
354 | 
355 | 
356 | Here is a partial configuration view:  
357 | <p align="center">
358 |   <img width=85% height=85% src="/docs/assets/Graphics/3.2.4.step1.jpg">
359 | </p>  
360 | 
361 | </details>
362 | 
363 | ---
364 | 
365 | [***Back to main NSX Evaluation page for other tests : 3. NSX Evaluation***](/docs/3-NSX-Evaluation.md)
366 | 
367 | 
368 | 


--------------------------------------------------------------------------------
/docs/3.3-Operation-Tools.md:
--------------------------------------------------------------------------------
  1 | 
  2 | ## 3.3. Operation Tools
  3 | 
  4 | In this section, you'll use 2 popular Operation tools which greatly facilitate Network and Security admins:
  5 |   - Network Topology
  6 |   - Traceflow
  7 | 
  8 | *The Operation evaluation done in this chapter is focusing on those 2 tools.  
  9 | NSX-T offers more than those tools, such as Port Mirroring, IPFIX, Syslog, advanced status and statistics on its different services.*
 10 | 
 11 | 
 12 | ---
 13 | 
 14 | ### 3.3.1. Network Topology
 15 | 
 16 | <details>
 17 | <summary>"Click to expand"</summary>
 18 | 
 19 | What has been created so far is the following logical topology:
 20 | <p align="center">
 21 |   <img width=50% height=50% src="/docs/assets/Graphics/3.3.LogicalView.jpg"><br>
 22 | </p>  
 23 | 
 24 | NSX offers a graphical representation of its network topology.
 25 | - **Log on NSX-T Manager UI.**  
 26 | In a browser: https://192.168.50.5/.  
 27 |   <p align="center">
 28 |     <img width=85% height=85% src="/docs/assets/Graphics/2.3.step1.jpg">
 29 |   </p>  
 30 | 
 31 | - **Display the NSX Network Topology.**  
 32 | Under "Networking - Network Topology".  
 33 | <p align="center">
 34 |   <img width=85% height=85% src="/docs/assets/Graphics/3.3.1.step1.jpg"><br>
 35 | </p>  
 36 | 
 37 | - **And specific Network elements, such as T0 information.**  
 38 |   <p align="center">
 39 |     <img width=85% height=85% src="/docs/assets/Graphics/3.3.1.step2.jpg"><br>
 40 |   </p>  
 41 | 
 42 | </details>
 43 | 
 44 | 
 45 | ---
 46 | 
 47 | ### 3.3.2. Traceflow
 48 | 
 49 | <details>
 50 | <summary>"Click to expand"</summary>
 51 | 
 52 | Traceflow allows you to inject a packet into the network and monitor its flow across the network.  
 53 | Traceflow allows you to identify the path a packet takes to reach its destination or, conversely, where a packet is dropped along the way.  
 54 | Each entity reports the packet handling on input and output, so you can determine whether issues occur when receiving a packet or when forwarding the packet.
 55 | 
 56 | - **Check the Traceflow from VM3 HTTP to VM7.**  
 57 | <details>
 58 | <summary>"Click to expand"</summary>  
 59 | 
 60 | Under "Plan & Troubleshoot - Traceflow",  
 61 | select the Source "LS1.1-VM3",  
 62 | to Destination "LS2.1-VM7",  
 63 | Protocol Type "TCP" with Source Port = "5000" to Destination Port = "80".   
 64 | <p align="center">
 65 |   <img width=85% height=85% src="/docs/assets/Graphics/3.3.2.step1.jpg"><br>
 66 | </p>  
 67 | And click "Trace".  
 68 | 
 69 | You can follow the path through the different Logical NSX Routing + Security elements on the top half of the screen.  
 70 | <p align="center">
 71 |   <img width=85% height=85% src="/docs/assets/Graphics/3.3.2.step2.jpg"><br>
 72 | </p>  
 73 |   
 74 | You can also follow each step of the different NSX elements on the bottom half of the screen (and on which device it's running).  
 75 | <p align="center">
 76 |   <img width=85% height=85% src="/docs/assets/Graphics/3.3.2.step3.jpg"><br>
 77 | </p>  
 78 |   
 79 | *Note: Worth nothing even if that traffic is routed, it actually does not leave the ESXi1 (192.168.50.21) thanks to the power of NSX service distribution :-)*
 80 | 
 81 | </details>
 82 | 
 83 | 
 84 | - **Check the Traceflow from VM3 HTTP to VM1.**  
 85 | <details>
 86 | <summary>"Click to expand"</summary>  
 87 | 
 88 | Under "Plan & Troubleshoot - Traceflow",  
 89 | select the Source "LS1.1-VM3",  
 90 | to Destination "VLANWeb-VM1",  
 91 | Protocol Type "TCP" with Source Port = "5000" to Destination Port = "80".  
 92 | <p align="center">
 93 |   <img width=85% height=85% src="/docs/assets/Graphics/3.3.2.step4.jpg"><br>
 94 | </p>  
 95 | And click "Trace".  
 96 |   
 97 | You can follow the path through the different Logical NSX Routing + Security elements on the top half of the screen.  
 98 | <p align="center">
 99 |   <img width=85% height=85% src="/docs/assets/Graphics/3.3.2.step2.jpg"><br>
100 | </p>  
101 |   
102 | You can also follow each step of the different NSX elements on the bottom half of the screen (and on which device it's running).  
103 | <p align="center">
104 |   <img width=85% height=85% src="/docs/assets/Graphics/3.3.2.step3.jpg"><br>
105 | </p>  
106 |   
107 | *Note: The traceflow tracks the different NSX elements up to it reaches the physical fabric, and ends there.*
108 | 
109 | </details>
110 | 
111 | </details>
112 | 
113 | ---
114 | 
115 | [***Back to main NSX Evaluation page for other tests : 3. NSX Evaluation***](/docs/3-NSX-Evaluation.md)
116 | 
117 | 
118 | 


--------------------------------------------------------------------------------
/docs/3.4 Security-Identity-Firewall.md:
--------------------------------------------------------------------------------
  1 | # Security - Identity Firewall 
  2 | 
  3 | ## Introduction
  4 | 
  5 | In this section, we will go through how to configure and test the NSX
  6 | Identity Firewall (IDFW) capabilities for micro-segmentation. Identity Firewall with NSX-T Data Center, just like Distributed Firewall, does not require Overlay networking and can be done on a VLAN-backed
  7 | Segment. The following example will use Overlay networking but note this
  8 | is not a requirement.
  9 | 
 10 | NSX-T IDFW works for both single user and multi-user (Microsoft Remote Desktop Server Host) use cases. 
 11 | 
 12 | ## Security - Identity Firewall Requirements
 13 | 
 14 | The following items are required before the Identity Firewalling functionality can be utilized. 
 15 | 
 16 | 1. [NSX Requirements](/docs/1-Requirements.md)
 17 | 2. [NSX Installation](/docs/2-Installation.md)
 18 | 3. [Microsoft Active Directory supported version](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-9CD3FC21-9ED4-4FB3-9E19-67A7C4D1F53E.html#GUID-9CD3FC21-9ED4-4FB3-9E19-67A7C4D1F53E)
 19 |     - Active Directory with 2016 Functional Level is used in this example
 20 | 4.  LDAP User account with read access to the Active Directory
 21 | 5.  Base DN of the domain
 22 |     - Domain = **Corp.local** | Base DN = **dc=corp,dc=local**
 23 | 4.  Two (2) User accounts in Active Directory that can be used to test IDFW Security Policy configurations
 24 |     - HR User - **Corp\Bob** 
 25 |     - Engineering User - **Corp\Alice**
 26 | 6.  [Virtual Machine with supported Windows Operating System](https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-9CD3FC21-9ED4-4FB3-9E19-67A7C4D1F53E.html#GUID-9CD3FC21-9ED4-4FB3-9E19-67A7C4D1F53E)
 27 |     - If using Windows Server 2012R2 or 2016 for RDSH, [RDSH role needs to be installed and properly licensed](https://support.microsoft.com/en-us/help/2833839/guidelines-for-installing-the-remote-desktop-session-host-role-service)
 28 |     - Windows Server 2016 with Remote Desktop Services Host Role is used in this example
 29 | 7.  [VMware Tools version supported](https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&175=&139=)
 30 |     - VMware Tools requires: (Easier to do a 'Complete' installation of VMware Tools, which includes the below drivers)
 31 |         - VMCI Driver Installed
 32 |         - NSX File Introspection Driver Installed
 33 |         - NSX Network Introspection Driver Installed
 34 | 8.  SSH Client to check IDFW in the ESXi data plane
 35 |     - **Putty** will be used in this example
 36 | 9.  PowerShell with Active Directory plugin to check Active Directory Group SID
 37 | 10.  Destination server to test connectivity allow and drop with IDFW based on user
 38 |     - SSH Access to a Web server will be used in this example
 39 | 
 40 | ## Security - Identity Firewall Proof of Concept Use Cases Demonstrated
 41 | 
 42 | **Single-User IDFW Use Case**
 43 | - Alice, from the Engineering department, will use Remote Desktop Protocol to access the RDSH Server
 44 | - Alice and will be granted access to the Web Server to be able to access SSH and perform administrative tasks
 45 | - Alice will attempt access to the HR Web Site and be denied
 46 | 
 47 | **Multi-User IDFW Use Case**
 48 | - Bob, from the HR department, will use Remote Desktop Protocol to access the same RDSH Server Alice is logged into
 49 | - Bob will be allowed to access the HR Web Application hosted on a Web Server
 50 | - Bob will attempt access to SSH to the Web Server hosting the HR Web Application and be denied
 51 | 
 52 | <p align="center">
 53 |     <img src=/docs/assets/Graphics/IDFW/IDFW_topology.png>
 54 | </p>
 55 | 
 56 | ## Security - Identity Firewall Configuration
 57 | 
 58 | ### Add Active Directory to NSX-T Manager
 59 | 
 60 | The NSX-T IDFW needs to connect to Microsoft Active Directory to pull in AD Security Group information for use in NSX-T Security Policy configurations.
 61 | 
 62 | 1. Log into the NSX-T Manager and navigate to **System > Identity Firewall AD > Active Directory** and click **ADD ACTIVE DIRECTORY**
 63 | 2. Name - **CORP.LOCAL**
 64 | 3. NetBIOS Name - **CORP**
 65 | 4. Base Distinguished Name - **dc=corp,dc=local**
 66 | 5. Click on **LDAP Server Set**
 67 | 
 68 | <p align="center">
 69 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step1.png>
 70 | </p>
 71 | 
 72 | 
 73 | 6. Host - **192.168.110.10** (IP Address or FQDN of Active Directory Domain Controller)
 74 | 7. Protocol - **LDAP** or **LDAPS** depending on your configuration
 75 | 8. Port - **389** or **636** depending on LDAP or LDAPS
 76 | 9. Username - **admin** (LDAP Read-Only Account from requirements)
 77 | 10. Password - **REDACTED** (LDAP Read-Only Account password from requirements)
 78 | 11. Click **ADD**
 79 | 12. Click **APPLY**
 80 | 
 81 | <p align="center">
 82 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step2.png>
 83 | </p>
 84 | 
 85 | ### Enable IDFW
 86 | 
 87 | The NSX-T IDFW needs to be enabled on either a standalone VMware ESXi host or cluster of ESXi hosts where the VMs where the users will login will reside.
 88 | 
 89 | 1. Navigate in the NSX-T Manager user interface to **Security > Distributed Firewall**
 90 | 2. Notice the yellow banner mentioning that the Identity Firewall is disabled
 91 | 3. Click on the **Enable** link on the banner.  If this banner is not shown, click on the **Actions > General Settings** and this will take you to the same location as the banner link
 92 | 
 93 | <p align="center">
 94 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step3.png>
 95 | </p>
 96 | 
 97 | 4. Click the slider to set **Identity Firewall Status** to **Enable**
 98 | 5. Click on **Identity Firewall Settings**
 99 | 
100 | <p align="center">
101 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step4.png>
102 | </p>
103 | 
104 | 6. Click on the slider for the cluster where IDFW will be **Enabled**
105 | 7. Save
106 | 
107 | <p align="center">
108 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step5.png>
109 | </p>
110 | 
111 | ### Install VMware Tools and Enable Necessary IDFW Drivers
112 | 
113 | 1. Download the appropriate version of VMware Tools for the version of NSX-T
114 |     - We're using NSX-T 3.0 and Windows Server 2016 so we'll use the latest VMware Tools version which is 11.1.5 at the time of writing this guide
115 | 2. Install VMware Tools on Windows Server 2016 machine
116 |     - A complete installation takes care of all the necessary driver files needed for IDFW.  If a complete installation is not wanted, the following drivers need enabled
117 |         - VMCI Driver Installed
118 |         - NSX File Introspection Driver Installed
119 |         - NSX Network Introspection Driver Installed
120 | 
121 | <p align="center">
122 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step6.png>
123 | </p>
124 | 
125 | ### Create Groups for IDFW Users and Workloads
126 | 
127 | We will now create Groups in NSX for the Active Directory Users, the RDSH Server, and the destination Web Server workload.  These Groups will be used in the NSX DFW Security Policy we'll create.
128 | 
129 | 1. Navigate in the NSX-T Manager user interface to **Inventory > Groups > Add Group**
130 |     1. Name - **ENG-User-Group**
131 |     2. Set Members
132 |     3. AD Groups - **ENG**
133 |     4. Apply
134 |     5. Save
135 | 
136 | <p align="center">
137 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step7.png>
138 | </p>
139 | 
140 | 2. Add Another Group
141 |     1. Name - **HR-User-Group**
142 |     2. Set Members
143 |     3. AD Groups - **HR**
144 |     4. Apply
145 |     5. Save
146 | 
147 | <p align="center">
148 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step8.png>
149 | </p>
150 | 
151 | 3. Add Another Group
152 |     1. Name - **RDSH-VM-Group**
153 |     2. Set Members
154 |     3. Members
155 |     4. Category - Virtual Machines
156 |     5. Check - **rdsh-01a**
157 |     6. Apply
158 |     7. Save
159 | 
160 | <p align="center">
161 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step9.png>
162 | </p>
163 | 
164 | 4. Add Another Group
165 |     1. Name - **Web-VM-Group**
166 |     2. Set Members
167 |     3. Members
168 |     4. Category - Virtual Machines
169 |     5. Check - **web-01a**
170 |     6. Apply
171 |     7. Save
172 | 
173 | <p align="center">
174 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step10.png>
175 | </p>
176 | 
177 | ### Create NSX IDFW Security Policies and Rules
178 | 
179 | The NSX IDFW processes user context information at the Source of the traffic.  We need to create a few rules to meet the tests stated in **Security - Identity Firewall Proof of Concept Use Cases Demonstrated** section above.
180 | 
181 | 1. Navigate in the NSX-T Manager user interface to **Security > Distributed Firewall > Category Specific Rules > Application > Add Policy**
182 |     1. Name - IDFW
183 |     2. Add Rule - This rule will allow only the HR Users, Bob, access to HR Web Application from the RDSH Server VM over HTTPS
184 |         1. Name - **Allow HR to HR App**
185 |         2. Sources - Click on pencil icon and add **HR-User-Group**
186 |         3. Destinations - Click on pencil icon and add **Web-VM-Group**
187 |         4. Services - Click on pencil icon and add **HTTPS**
188 |         5. Applied To - Click on pencil icon and add **RDSH-VM-Group**
189 |         6. Action - **Allow**
190 | 
191 |     3. Add Rule - This rule will allow only the ENG Users, Alice, access to the HR Web Application from the RDSH Server VM over SSH
192 |         1. Name - **Allow ENG SSH MGMT**
193 |         2. Sources - Click on pencil icon and add **ENG-User-Group**
194 |         3. Destinations - Click on pencil icon and add **Web-VM-Group**
195 |         4. Services - Click on pencil icon and add **SSH**
196 |         5. Applied To - Click on pencil icon and add **RDSH-VM-Group**
197 |         6. Action - **Allow**
198 | 
199 |     4. Add Rule - This rule will disllow any other type of communication from the RDSH Server or from any other user from the RDSH Server VM to the HR Web Application unless it was explicitly allowed above. 
200 |         1. Name - **Block all Other RDSH**
201 |         2. Sources - **Any**
202 |         3. Destinations - Click on pencil icon and add **Web-VM-Group**
203 |         4. Services - **Any**
204 |         5. Applied To - Click on pencil icon and add **RDSH-VM-Group**
205 |         6. Action - **Drop**
206 | 
207 |      5. Add Rule - This rule will allow inbound SSH and HTTPS Access from the RDSH Server.  
208 |         1. Name - **SSH/HTTPS to Web**
209 |         2. Sources - **RDSH-VM-Group**
210 |         3. Destinations - Click on pencil icon and add **Web-VM-Group**
211 |         4. Services - **SSH** **HTTPS**
212 |         5. Applied To - Click on pencil icon and add **Web-VM-Group**
213 |         6. Action - **Allow**
214 | 
215 | Once configured, the rules should look similar to the following:
216 | 
217 | <p align="center">
218 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step11.png>
219 | </p>
220 | 
221 | ### Verify NSX IDFW Security Policies and Rules are working as intended for each user from Remote Sessions
222 | 
223 | Now that we have the rules and groups in place, we can verify our user cases
224 | 
225 | **Single-User IDFW Use Case**
226 | - Alice, from the Engineering department, will use Remote Desktop Protocol to access the RDSH Server
227 | - Alice and will be granted access to the Web Server to be able to access SSH and perform administrative tasks
228 | - Alice will attempt access to the HR Web Site and be denied
229 | 
230 | <p align="center">
231 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step12.png>
232 | </p>
233 | 
234 | **Multi-User IDFW Use Case**
235 | - Bob, from the HR department, will use Remote Desktop Protocol to access the same RDSH Server Alice is logged into
236 | - Bob will be allowed to access the HR Web Application hosted on a Web Server
237 | - Bob will attempt access to SSH to the Web Server hosting the HR Web Application and be denied
238 | 
239 | <p align="center">
240 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step13.png>
241 | </p>
242 | 
243 | ### Verify NSX IDFW Security Policies and Rules are working as intended from PowerShell and the NSX Data Plane
244 | 
245 | We just verified from each of the Remote Desktop sessions the Single-User and Multi-User use cases for both Bob and Alice.  Now we will take a deeper look to show the verification at the NSX Data Plane level and show how the functionality actually worked.
246 | 
247 | 1. Navigate to the vCenter Server and to the **rdsh-01a** VM to see which ESXi host this machine runs on, **esxcomp-02a.corp.local**
248 | 
249 | <p align="center">
250 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step14.png>
251 | </p>
252 | 
253 | 2. Open the Putty client and SSH to **esxcomp-02a.corp.local**
254 | 3. Run the following command **summarize-dvfilter | grep rdsh-01a -i A 2**
255 |     - This will pull up the NSX DFW Filter for the **rdsh-01a** VM
256 | 4. Copy the DFW filter name, in this case it's **nic-927825-eth0-vmware-sfw.2**
257 |     - This will vary depending on your environment.  This is an example
258 | 5. Run teh following command **vsipioctl getsidcache -f nic-927825-eth0-vmware-sfw.2**
259 | 
260 | This will display the realized Active Directory User account SIDs that have logged into the RDSH Server.  In this case we see the following SIDs:
261 | 
262 | - **S-1-5-21-4442515-1634369418-872054540-28106**
263 | - **S-1-5-21-4442515-1634369418-872054540-28107**
264 | 
265 | <p align="center">
266 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step15.png>
267 | </p>
268 | 
269 | We will use these SIDs to verify using PowerShell against Active Directory.  
270 | 
271 | 1. Open the PowerShell Application
272 | 2. Run the following command **Get-AdUser -Identity bob-hr**
273 | 3. Run the following command **Get-AdUser -Identity alice-eng**
274 | 
275 | The output confirms the Active Directory User SIDs in both Active Directory and in the NSX Data Plane for how IDFW identifies user accounts.  
276 | 
277 | <p align="center">
278 |     <img src=/docs/assets/Graphics/IDFW/IDFW.step16.png>
279 | </p>
280 | 
281 | ---
282 | 
283 | [***Back to main NSX Evaluation page for other tests : 3. NSX Evaluation***](/docs/3-NSX-Evaluation.md)
284 | 
285 | 


--------------------------------------------------------------------------------
/docs/assets/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/.DS_Store


--------------------------------------------------------------------------------
/docs/assets/Graphics/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/.DS_Store


--------------------------------------------------------------------------------
/docs/assets/Graphics/1.1.Pre-Req Compute.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/1.1.Pre-Req Compute.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/1.2.Pre-Req Networking.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/1.2.Pre-Req Networking.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.0.Installation-Design-1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.0.Installation-Design-1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.0.Installation-Design-2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.0.Installation-Design-2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step10.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step10.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step11.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step11.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step5.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step6.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step7.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step8.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.2.step9.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.2.step9.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.3.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.3.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.3.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.3.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.3.step3a.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.3.step3a.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.3.step3b.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.3.step3b.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.3.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.3.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step10.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step10.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step11.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step11.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step12.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step12.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step13.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step13.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step14.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step14.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step5.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step6.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step7.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step8.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step8.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.1.step9.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.1.step9.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.2.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.2.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.3.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.3.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.3.step2a.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.3.step2a.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.3.step2b.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.3.step2b.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.4.3.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.4.3.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.1.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.1.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.1.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.1.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.1.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.1.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.2.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.2.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.2.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.2.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.2.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.2.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.2.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.2.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.2.step5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.2.step5.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.2.step6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.2.step6.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.2.step7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.2.step7.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.3.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.3.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/2.5.3.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/2.5.3.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.1.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.1.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.1.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.1.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.2.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.2.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.3.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.3.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.3.1.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.3.1.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.3.1.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.3.1.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.3.1.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.3.1.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.3.2.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.3.2.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.3.2.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.3.2.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.3.2.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.3.2.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.LogicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.LogicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.1.PhysicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.1.PhysicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.1.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.1.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.1.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.1.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.1.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.1.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.1.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.1.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.1.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.1.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.1.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.1.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.2.LogicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.2.LogicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.2.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.2.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.2.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.2.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.3.LogicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.3.LogicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.3.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.3.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.3.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.3.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.3.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.3.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.3.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.3.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.3.step5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.3.step5.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.2.3.step6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.2.3.step6.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.4.LogicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.4.LogicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.4.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.4.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.LogicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.LogicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.2.PhysicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.2.PhysicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.1.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.1.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.1.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.1.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.2.step1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.2.step1.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.2.step2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.2.step2.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.2.step3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.2.step3.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.2.step4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.2.step4.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.2.step5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.2.step5.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.2.step6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.2.step6.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/3.3.LogicalView.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/3.3.LogicalView.jpg


--------------------------------------------------------------------------------
/docs/assets/Graphics/Graphics-v0.1.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/Graphics-v0.1.pptx


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/.DS_Store:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/.DS_Store


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step1.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step10.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step10.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step11.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step11.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step12.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step13.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step14.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step14.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step15.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step15.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step16.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step16.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step2.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step3.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step4.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step5.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step6.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step7.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step8.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step8.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW.step9.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW.step9.png


--------------------------------------------------------------------------------
/docs/assets/Graphics/IDFW/IDFW_topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/Graphics/IDFW/IDFW_topology.png


--------------------------------------------------------------------------------
/docs/assets/logo/NSX_Logo.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/vmware-nsx/eval-docs/ab335dba2dc8e797e2be0a09facfc83ef31650ff/docs/assets/logo/NSX_Logo.jpeg


--------------------------------------------------------------------------------