In this post, I will insert a diagram from my NSX LAB environment. A brief description follow thereafter.
(click on picture for hi resolution image)
General LAB environment description:
- All NSX lab components (ESXi servers with NSX loadable modules, NSX manager, Controller Cluster VMs, DLR control VM, etc.) are performed as virtual machines, all running on a single physical server. It is the same physical server used by our students (at DNT) in their lab exercises. Physical server have sufficient capacity to support all of my NSX lab scenarios (in my particular case I had access to 8x 2,9GHz x5570 CPU cores, 64GB RAM, 500GB storage space on 8xHDD 10k RAID10 LUN).
- Physical server resources are controlled by LAB vCenter Server that define a particular vAPP container with minimum reserved resources for each student. My NSX LAB act in such a container. Each student have privileges to manage VMs only in their own container.
- All LAB scenario’s VMs can be connected only to one permitted port group: dvPortGroup-Students. This port group have no uplinks (in other words isolated from physical networks), configured to carry all VLAN numbers and act in promiscuous mode (mandatory for nested ESXi). Students will use a remote access VPN connection to get into this network (via a VPN gateway build as a VM connected at the same time to production and isolated students network). An http proxy server are configured to enable access to Internet http/s resources from isolated student network. Lab vCenter Server, VPN and Proxy Server are all part of ADM-INFRA-VMW vAPP container with restricted access.
NSX lab architecture brief description:
- NSX lab will use IP addresses from 172.16.22.0/24 subnet (all IP allocations are shown in diagram)
- a dedicated vCenter sever is installed (further integrated with NSX manager)
- five nested ESXi are installed and configured. These are grouped in three clusters: two computer clusters and one edge/mgmt cluster.
- two distributed switches are used, one for ESXi in compute clusters and other for edge/mgmt cluster. A single transport zone are configured across all ESXi clusters.
- several VXLAN switches are configured and interconnected via a Distributed Logical Router or NSX Edge. Some test VMs are connected to these VXLAN switches.
- EDGE cluster’s nested ESXi hosts are additionally equipped with dual port physical NIC brought here via DirectPath IO from physical server. Physical ports are connected to external routers and switches (Cisco equipment from our CCNP lab kit).
Image below show the inventory views for LAB vCenter Server (left) and NSX LAB vCenter Server (right):