An administrator is deploying NSX to secure the virtual environment. NSX Manager has been deployed and
registered with the vCenter server.
Which additional step is required before the distributed firewall is functional?
A.
Deploy the NSX Controller cluster
B.
Enable Guest Introspection
C.
Perform host preparation on the cluster
D.
Configure VTEPs on each host
Explanation:
https://esxsi.com/2017/01/18/nsx-part1/
I’m not convinced it’s A. See page 28 here:-https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.2/nsx_62_install.pdf
It states that “These VIBs enable the Layer 2 VXLAN functionality, distributed routing, and distributed firewall.”
The answer may be C.
agree with you
C is the right answer. Control cluster is not needed for DFW.
https://communities.vmware.com/thread/496602
Answer A is correct;
see here;
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/com.vmware.nsx.install.doc/GUID-07ED3DD6-BF82-4097-8702-4587FA88CFE2.html
Prerequisites
Register vCenter Server with NSX Manager and deploy NSX controllers.
UNless and Until the NSX controllers are deployed, you can’t do the host preparation
Seems A is right.
But again if you don’t need vxlan and DLR you don’t need control cluster
C is correct.
NSX Controller cluster is for L2/L3 services by NSX.
â– Quote from following URL.
The controller cluster is responsible for managing the distributed switching and routing modules in the hypervisors. The controller does not have any dataplane traffic passing through it. Controller nodes are deployed in a cluster of three members to enable high-availability and scale. Any failure of the controller nodes does not impact any data-plane traffic.
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-4E0FEE83-CF2C-45E0-B0E6-177161C3D67C.html
for Firewall, NSX manager will work as control plane for it.
and all hosts need specific VIB on them. “Host Preparation” is operation to push install VIB files to ESXi hosts.
so, answer is C.