- Configure Single Sign On
- Specify a Syslog Server
Deploy the NSX Manager virtual appliance
- Working vSphere 5.5 environment (vCenter appliance, ESXi, Management VM network).
- NSX Manager Appliance.
- In the vSphere Web client, right click your cluster and select “Deploy OVF Template”. Select the local file that you just downloaded.
- The “Review details” gives you an overview of the VM requirements and requires you to tick “Accept extra configuration options”.
- Accept the EULA (or not and continue to use legacy networking).
- Select the destination VM name, vCenter folder, datastore, management network portgroup.
- Customise the NSX Manager settings and enter a password, hostname, IP details, DNS servers and NTP servers.
- Review configuration and click “Finish”.
Integrate the NSX Manager with vCenter Server
- NSX Manager deployed and running.
- Connect to the NSX Manager web interface via https://your.nsxmanager
- Click on “Manage vCenter Registration”.
- Click on the “Edit” button of the Lookup Service.
- Fill out your SSO server details. Accept the certificate when asked.
- After registering with SSO, click the “Edit” button for the vCenter Server.
- Enter your vCenter server details. The tick “Modify plugin download location” is only required when the NSX Manager is behind a firewall type of masking device (don’t do that though). Also accept the SSL certificate when proceeding.
When that’s done, the Lookup Service and vCenter Server status should say “Connected” and you should have the “Networking & Security” plugin registered in your vCenter (the last one might require logging out and back in again).
- Log into the NSX Manager appliance webpage with the Admin account.
- Click the Manage Appliance Settings tab.
- Under Syslog Server click the Edit button and enter the specific details for your Syslog Server, enter the 514 as the port and UDP as the protocol.
- Click OK.
Implement and Configure NSX Controllers
- NSX Manager registered to vCenter server.
- NSX IP Pool for NSX Controllers created.
Deploy the NSX Controllers always in an odd number to avoid split-brain situations. Deploy either 1 (only in a lab!), 3 (recommended), 5, etc., based on scale. Current scaling of NSX can be handled by 3 NSX Controllers. After deploying manually set up DRS anti-affinity rules to keep the controllers running on different ESXi nodes.
- Navigate to Networking & Security and then the “Installation” menu.
- Click on the “+” icon in the “NSX Controller Nodes” view to start the deployment procedure.
- Fill out the required details; which vCenter datacenter, cluster, datastore you want to deploy on. Select the VM management network portgroup, the IP
- Pool and the password of the controller.
- Click “OK” when satisfied with your settings to start deployment.
- Repeat step for the remaining NSX Controllers you would like to deploy.
The settings for deploying a NSX Controller might look like this:
Exclude virtual machines from firewall protection according to a deployment plan
- Log into the vSphere Web Client.
- Click the Networking and Security icon, then click NSX Managers
- Select your NSX Manager and then click the Manage tab
- Click the Exclusion List tab
- Click the + sign to add a virtual machine to exclude, select your VMs and then click OK
Note: After excluding a VM should you add an additional vNIC to the VM it will automatically be protected by the DFW. To exclude the vNIC you need to remove the entire VM from the Exclusions list and re-add. (or you can reboot the VM).