This content is part of the Essential Guide: Choose the right VMware certification to boost your career

Navigating the challenges to obtain NSX certification

People in IT who want to obtain NSX certification will need to surmount a few barriers to learning about this relatively new offering from VMware.

VMware has evolved from a server virtualization company to one with a flag planted in end-user computing, network virtualization and the cloud just in the last few years. As VMware has expanded, so have the certification courses designed to show users have the expertise to handle these products.

At VMworld 2014, VMware announced a new NSX certification track. It had an interesting wrinkle. Where the VCAP normally would land after the VCP was something called the VMware Certified Implementation Expert (VCIX). In February, this change rolled out to replace the VCAP in the other three certification tracks.

Chris McCain, director of training and certification for networking and security at VMware, helped develop the track for network virtualization through something called the NSX Ninja program. This program brought in experts in various spaces, such as networking, security and server virtualization, who provided feedback over several months, which McCain compiled and refined to formulate the track.

SearchVMware spoke to McCain about his work to create this track and the challenges people in IT face when attempting to get a certification with a new product.

People who obtain a VCIX are given what VMware is calling "elite implementer" status. Can you explain that?

Chris McCain: To help promote this idea of software-defined data center, we need people to understand the software-defined data center has multiple pillars. There's the data center virtualization. There's the cloud piece. There's the networking piece, and there's the storage piece. Now, we don't have certification tracks for storage, but those other three, we have very strong stacks.

A lot of people are getting multiple certifications across disciplines because their companies are looking at software-defined data center as the future of the way they run IT.

The elite implementer is kind of a moniker to show that people are cross-disciplinary individuals that understand the different pillars of software-defined data center.

There's a price to certifications beyond the cost of the exam. There's an investment of time, which can be difficult for someone with a full-time job and a family. What's your elevator pitch to a person in that situation?

McCain: If you're not certification driven because you feel comfortable, that's fine. But you have to realize that you work in an area where things are constantly changing. And how long your comfort lasts depends on the technology you're in.

There's a lot of guys who have made a phenomenal living off of managing physical networking. That skill set is still extremely relevant, but as more and more companies start looking at alternate data center architectures, like say, a spine-leaf. When you start reducing the VLAN sprawl, when you start minimizing spanning tree across the data center, you're starting to reduce some of the daily things that an administrator or a network engineer would deal with.

Do we need that many network engineers if our network design is eliminating some of the things that they work to do? Your comfort level is only as secure as the technology that you're working in.

For me, I think the skills that people have managing physical networks are never going to go away. It's just going to be a transition of those skills into software-defined networking. I don't want people to think that [software-defined networking] is jeopardizing their jobs, because the skills that they have are still very relevant. It's just a different application of those skills.

What are some ways for someone to get up to speed for NSX certification?

McCain: If you have a strong networking background, then your ramp is going to be mainly into the network side of the house: understanding the components vSphere gives you, understanding the role of the hypervisor and the virtual network adapters and stuff like that. Because you'll already have an understanding of routing, switching, VLANs, packet loss, ARPs, ARP requests, ARP replies, etc., those things will be solid, so you won't be learning those things from scratch.

If you are a vSphere person, then you will have familiarity with all of the hypervisor space stuff. Your ramp will be more along the lines of dynamic routing protocols and VLANs.

[If] you understand security, then you understand application architectures, communications and things like that. Then your ramp is going to be in the other aspects to it.

With these different audiences, we knew that when we developed classes, we had to address skills gaps from any of these audiences. So, our courses do a very good job of bringing people up to a certain baseline across all three of those areas and then giving you NSX on top.

And one of the better ways for people to learn NSX is through the Hands-On Lab (HOL)?

McCain: Oh, absolutely. There's three hours of eLearning [modules], I believe, for network virtualization fundamentals. Anybody can sign up for the free Hands-On Lab, which just takes you through a guided tour of creating switches, distributed logical routing, firewalling -- a lot of the core features around NSX.

Is it feasible for someone to build their own home lab for NSX certification purposes, so they can work through advanced troubleshooting scenarios? It's my understanding with a Hands-On Lab that you can't really break things.

McCain: You can definitely break things. It's a live lab. The problem is: If you break it and don't fix it within the four hours, then your lab expires and you start all over again anyway. That's the downside to the HOL. A lot of folks say, 'Oh, well, if you take the HOL, all you get is the steps of what to do.' And that's true, you do get steps. But you can go outside those steps.

So, is it possible to build a home lab? That's a little bit trickier of a question because, right now, there is no evaluation copy of NSX. The only way to get access to the software is by attending a course. If you attend the NSX install/configure/manage course and you work for a partner or a customer, then you have the ability to get the not-for-resale NSX installation disc. At that point, yes, you could build a lab.

How do you persuade someone to spend the time and money to work toward a certification when the technology is still relatively fluid and it may not come to your neck of the data center for a few more years?

McCain: Even though the technology may not be into their environment just yet, I think people see there's a wave of this coming. If you can develop your skill set now, then you can ride that wave early on.

I think there's a very internalized personal aspect to this for people. A certification implicates its benefits in organization. In some cases, it benefits a partner company. But for many of the people who get certified, it's more of an internal thing. It's more of a, how do I solidify my career? Or maybe I'm looking for a job. How do I prove I'm worth something?

VMware has been changing certifications quite a bit recently, and there have been some complaints that it's hard to keep up. Some people with CCIE certifications didn't know they qualified for a VCIX-NV if they got in before the deadline. How can someone with a VMware NSX certification stay on top of the changes?

McCain: Well, again, this is probably better suited for VMware Education because I'm only the networking and security arena. But I can certainly talk to the CCIE-VCIX; we do have right now the opportunity for any CCNA or higher to take the VCP with no prerequisites. For those with the CCIE, we have the ability to take the VCIX with no prerequisites. It's just a means of saying, 'Hey, we understand you have this solid foundation at networking at a certain level at associate professional or expert, and to facilitate your transition into network virtualization, you can take these courses.'

As far as the recertification goes, all I know is that you now have to take an exam every two years in order to recertify. I can't really talk too much about that.

Some people who've taken the VCIX exam said they needed every minute of the exam because there were latency issues with the vSphere Web Client. Is that an issue you're aware of?

McCain: [VMware is] aware of it and part of it is because of the security requirements around the way that it's offered. In that, we own the lab environment, but we don't own the front-end interface.

While Pearson can set requirements on all of their facilities, those requirements aren't necessarily ideal for every type of exam. If you look at what it takes to do a multiple-choice exam, those requirements are not the same as what it takes to do a lab exam. It's something that VMware knows about. It's something that they're working on. They try to be as accommodating as they can to individuals that have the problem. I know a lot of times Pearson will give them another retake of the exam or something like that.

Next Steps

Are you ready for VMware NSX to change the role of network admins?

Common VMware NSX platform questions -- answered

How the NSX platform will impact network virtualization security

Dig Deeper on VMware Certified Professional (VCP and VCAP)