Deploy the NSX Manager virtual appliance
Integrate the NSX Manager with vCenter Server
  • Configure Single Sign On
  • Specify a Syslog Server
Implement and Configure NSX Controllers
Exclude virtual machines from firewall protection according to a deployment plan
Deploy the NSX Manager virtual appliance
  • Working vSphere 5.5 environment (vCenter appliance, ESXi, Management VM network).
  • NSX Manager Appliance.
Deploy the NSX Manager OVF:
  • In the vSphere Web client, right click your cluster and select “Deploy OVF Template”. Select the local file that you just downloaded.
  • The “Review details” gives you an overview of the VM requirements and requires you to tick “Accept extra configuration options”.
  • Accept the EULA (or not and continue to use legacy networking).
  • Select the destination VM name, vCenter folder, datastore, management network portgroup.
  • Customise the NSX Manager settings and enter a password, hostname, IP details, DNS servers and NTP servers.
  • Review configuration and click “Finish”.
Integrate the NSX Manager with vCenter Server
  • NSX Manager deployed and running.
Register NSX Manager to vCenter:
  • Connect to the NSX Manager web interface via https://your.nsxmanager
  • Click on “Manage vCenter Registration”.
  • Click on the “Edit” button of the Lookup Service.
  • Fill out your SSO server details. Accept the certificate when asked.
  • After registering with SSO, click the “Edit” button for the vCenter Server.
  • Enter your vCenter server details. The tick “Modify plugin download location” is only required when the NSX Manager is behind a firewall type of masking device (don’t do that though). Also accept the SSL certificate when proceeding.

When that’s done, the Lookup Service and vCenter Server status should say “Connected” and you should have the “Networking & Security” plugin registered in your vCenter (the last one might require logging out and back in again).


You want to configure a Syslog server so the NSX Manager can push its audit logs and events to a central logging repository.
I am utilising vRealize Log Insight.
  • Log into the NSX Manager appliance webpage with the Admin account.
  • Click the Manage Appliance Settings tab.
  • Under Syslog Server click the Edit button and enter the specific details for your Syslog Server, enter the 514 as the port and UDP as the protocol. 
  • Click OK.
Implement and Configure NSX Controllers
  • NSX Manager registered to vCenter server.
  • NSX IP Pool for NSX Controllers created.

Deploy the NSX Controllers always in an odd number to avoid split-brain situations. Deploy either 1 (only in a lab!), 3 (recommended), 5, etc., based on scale. Current scaling of NSX can be handled by 3 NSX Controllers. After deploying manually set up DRS anti-affinity rules to keep the controllers running on different ESXi nodes.

Deploy NSX Controller(s):
  • Navigate to Networking & Security and then the “Installation” menu.
  • Click on the “+” icon in the “NSX Controller Nodes” view to start the deployment procedure.
  • Fill out the required details; which vCenter datacenter, cluster, datastore you want to deploy on. Select the VM management network portgroup, the IP
  • Pool and the password of the controller.
  • Click “OK” when satisfied with your settings to start deployment.
  • Repeat step for the remaining NSX Controllers you would like to deploy.

The settings for deploying a NSX Controller might look like this:

When deployed successfully, your “NSX Controller nodes” view will look like this:

Exclude virtual machines from firewall protection according to a deployment plan
By default, the NSX Manager and NSX Controllers are automatically excluded from the Distributed Firewall (DFW). Any Edge Service Gateways (ESG) are also excluded when they are deployed.
To add the vCenter Server and the external PSC to the exclusions list:
  • Log into the vSphere Web Client.
  • Click the Networking and Security icon, then click NSX Managers
  • Select your NSX Manager and then click the Manage tab
  • Click the Exclusion List tab
  • Click the + sign to add a virtual machine to exclude, select your VMs and then click OK

Note: After excluding a VM should you add an additional vNIC to the VM it will automatically be protected by the DFW. To exclude the vNIC you need to remove the entire VM from the Exclusions list and re-add. (or you can reboot the VM).

Google AdSence

AUST IT - Computer help out of hours, when you need it most.

Find out why we do it for less.


AUST IT will help you resolve any technical support issues you are facing onsite or remotely via remote desktop 24/7. More...


Reservoir, Melbourne,
3073, VIC, Australia

Phone: 0422 348 882

This email address is being protected from spambots. You need JavaScript enabled to view it.

Sydney: 0481 837 077


Join us in social networks to be in touch.


Complete the form below, and we'll send you our emails with all the latest AUST IT news.