An administrator is deploying NSX to secure the virtual environment. NSX Manager has been deployed and registered with the vCenter server.
Which additional step is required before the distributed firewall is functional?
A. Deploy the NSX Controller cluster
B. Enable Guest Introspection
C. Perform host preparation on the cluster
D. Configure VTEPs on each host
The answer is C
I took me a while but I found this document that describes the DFW
https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmw-nsx-network-virtualization-design-guide.pdf
The DFW system architecture is based on 3 distinct entities, vCenter, NSX Manager, ESXi Hosts. So the NSX Controllers are not included.
The documents also states “DFW is activated as soon as the host preparation process is completed”
C without a doubt
You can’t do host preparation without deploying the NSX controllers.
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.3/com.vmware.nsx.install.doc/GUID-07ED3DD6-BF82-4097-8702-4587FA88CFE2.html
Correct answer is A.
Upon further research and most votings are for “C”
Correct answer should be: C
The controller cluster is responsible for managing the distributed switching and routing modules in the hypervisors. The controller does not have any dataplane traffic passing through it. Controller nodes are deployed in a cluster of three members to enable high-availability and scale. Any failure of the controller nodes does not impact any data-plane traffic.
https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.2/com.vmware.nsx.admin.doc/GUID-4E0FEE83-CF2C-45E0-B0E6-177161C3D67C.html
“C” is correct
i’d go with C. I think DFW doesn’t use Controllers