919 お客様のコメント
質問 1:
Enable load balancing for the development environment allowing HTTPS access to the Dev-Web-01a and Dev-Web-02a servers.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected]
Self-signed certificate parameters:
Common Name: 192.168.5.100
Organization Name: ABC Medical
Organization Unit: IT
Locality: Palo Alto
State: CA
Country: United States
Message Algorithm: RSA
Key Size: 2048
Number of Days: 365
Web Servers: Dev-Web-01a, Dev-Web-02a
Use the secondary IP address of 192.168.5.100
New connections should consider current connections among all available members of the pool.
The web servers will not have SSL certificates installed. The web team has indicated that analytics based on source IP should be available.
Ensure all requirements have been met.
HOL LAB for Practice:
Load Balancer and other questions 7, 8, 9
See the explanation part for complete solution.
正解:
SOLUTION:
Create Secondary address on Uplink Interface.
Generate CSR using the give details.
Enable Load-Balancer, create Profile, create Virtual Server.
Dev-Edge -> Manage -> Settings -> Interfaces -> Edit and add secondary IP address: 192.168.5.100
Create CSR as per given details from the question:
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Generate CSR
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Self Sign Certificate: Days = 365
Dev-Edge -> Manage -> Load Balancer -> Global Configuration -> Edit
Enable Load Balancer
Create Application Profile:
Check box for inser-forward-for-httpheader also below
Create new Pool:
Add both Web member servers:
Add Virtual Servers:
質問 2:
The security team has submitted two requests to change or limit access in NSX for Site A's vCenter groups.
Requirements:
NSX Manager: nsxmgr-01a.corp.local
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Grant all members of vCenter group AuditTeam the minimal access necessary to view NSX Data Security policy configurations for all objects in Site A.
Grant all members of vCenter group ScanTeam the minimal access necessary to enable them to start and stop data security scans in Site A.
Ensure that the principles of least privilege are adhered to.
NOTE:
The Active Directory groups associated with the vCenter groups has already been preconfigured.
HOL LAB for Practice:
See the explanation part for complete solution.
正解:
SOLUTION:
select Home. select administrator. select domain vsphere.local. select groups.
click + sign. enter group name AuditTeam click ok. do same for ScanTeam.
[email protected]
[email protected]
select datacenter A.
select manage select permission click on + Sign.
select Assign role read only. select all privileges click on Add
select AuditTeam and select ScanTeam. check propagate to childern. and click ok
Enable load balancing for the development environment allowing HTTPS access to the Dev-Web-01a and Dev-Web-02a servers.
Requirements:
vCenter: vcsa-01a.corp.local
Credentials: [email protected]
Self-signed certificate parameters:
Common Name: 192.168.5.100
Organization Name: ABC Medical
Organization Unit: IT
Locality: Palo Alto
State: CA
Country: United States
Message Algorithm: RSA
Key Size: 2048
Number of Days: 365
Web Servers: Dev-Web-01a, Dev-Web-02a
Use the secondary IP address of 192.168.5.100
New connections should consider current connections among all available members of the pool.
The web servers will not have SSL certificates installed. The web team has indicated that analytics based on source IP should be available.
Ensure all requirements have been met.
HOL LAB for Practice:
Load Balancer and other questions 7, 8, 9
See the explanation part for complete solution.
正解:
SOLUTION:
Create Secondary address on Uplink Interface.
Generate CSR using the give details.
Enable Load-Balancer, create Profile, create Virtual Server.
Dev-Edge -> Manage -> Settings -> Interfaces -> Edit and add secondary IP address: 192.168.5.100
Create CSR as per given details from the question:
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Generate CSR
Dev-Edge -> Manage -> Settings -> Certificate -> Actions -> Self Sign Certificate: Days = 365
Dev-Edge -> Manage -> Load Balancer -> Global Configuration -> Edit
Enable Load Balancer
Create Application Profile:
Check box for inser-forward-for-httpheader also below
Create new Pool:
Add both Web member servers:
Add Virtual Servers:
質問 2:
The security team has submitted two requests to change or limit access in NSX for Site A's vCenter groups.
Requirements:
NSX Manager: nsxmgr-01a.corp.local
vCenter: vcsa-01a.corp.local
Credentials: [email protected] / VMware1!
Grant all members of vCenter group AuditTeam the minimal access necessary to view NSX Data Security policy configurations for all objects in Site A.
Grant all members of vCenter group ScanTeam the minimal access necessary to enable them to start and stop data security scans in Site A.
Ensure that the principles of least privilege are adhered to.
NOTE:
The Active Directory groups associated with the vCenter groups has already been preconfigured.
HOL LAB for Practice:
See the explanation part for complete solution.
正解:
SOLUTION:
select Home. select administrator. select domain vsphere.local. select groups.
click + sign. enter group name AuditTeam click ok. do same for ScanTeam.
[email protected]
[email protected]
select datacenter A.
select manage select permission click on + Sign.
select Assign role read only. select all privileges click on Add
select AuditTeam and select ScanTeam. check propagate to childern. and click ok
Kurosawa -
安心します。余裕で3V0-643に受かりました!!