For network and security purposes, you can create an NSX-T cloud account and associate it with one or more vCenter cloud accounts.

An NSX-T cloud account can be associated to one or more vCenter cloud accounts. However, an NSX-V cloud account can only be associated to one vCenter cloud account.

The association between NSX-T and one or more vCenter cloud accounts must be configured outside of VMware Aria Automation, specifically in your NSX application. VMware Aria Automation doesn't create the association between NSX and vCenter. In VMware Aria Automation, you specify one or more configuration associations that already exists in NSX.

When you create an NSX cloud account in VMware Aria Automation, you specify a manager type and an NSX mode. These selections cannot be changed after you create the cloud account.

You can connect to an NSX Global Manager and configure an association between an NSX Global Manager and local managers in the context of the NSX federation.

For related information about NSX options and capabilities in general, see VMware NSX Documentation.

To facilitate fault tolerance and high availability in deployments, each NSX endpoint represents a cluster of three NSX Managers.
  • VMware Aria Automation can point to one of the NSX Managers. Using this option, one NSX Manager receives the API calls from VMware Aria Automation.
  • VMware Aria Automation can point to the Virtual IP of the cluster. Using this option, one NSX Manager assumes control of the VIP. That NSX Manager receives the API calls from VMware Aria Automation. In case of failure, another node in the cluster assumes control of the VIP and receives the API calls from VMware Aria Automation.

    For more information about VIP configuration for NSX, see Configure a Virtual IP (VIP) Address for a Cluster in the NSX Installation Guide at VMware NSX Documentation.

  • VMware Aria Automation can point to a load balancer VIP to load-balance the calls to the three NSX Managers. Using this option, all three NSX Managers receive API calls from VMware Aria Automation.

    You can configure the VIP on a third-party load balancer or on an NSX-T load balancer.

    For large scale environments, consider using this option to split the VMware Aria Automation API calls among the three NSX Managers.

Prerequisites

For related information, see VMware NSX Documentation.

Procedure

  1. Select Infrastructure > Connections > Cloud Accounts and click Add Cloud Account.
  2. Select the NSX-T account type and specify a cloud account name and description.
  3. Enter the host IP address for the NSX-T Manager instance or VIP (see above for information about the expected behavior that pertains to the NSX Manager and VIP options).
  4. Select an existing cloud proxy from the drop-down menu.

    You can also create a new cloud proxy for this cloud account. See Add a cloud proxy to a vCenter in Automation Assembler.

  5. Enter your NSX user name and password administrator credentials.
  6. For Manager type, select either Global or Local (default).
    • Global Manager

      The Global Manager setting is only available for use with the Policy NSX mode setting. It is not available when using the Manager NSX mode setting.

      The Global setting refers to the NSX-T federation capabilities, including global network segments. Only NSX-T cloud accounts with the Global setting support NSX-T federation.

      When using the Global Manager setting, you are prompted to identify a Local Manager NSX-T cloud account and an associated vCenter cloud account.

      You cannot associate a Global Manger NSX-T cloud account with vCenter cloud account, as you can with an Local Manager NSX-T cloud account. Similar to how a Local Manager NSX-T cloud account can be associated to multiple vCenter cloud accounts, a Global Manager NSX-T cloud account can be associated to multiple Local Manager NSX-T cloud accounts.

    • Local Manager

      Use the Local setting to define a traditional NSX-T cloud account, which can be associated to one or more vSphere cloud accounts. You can associate a Global manager NSX-T cloud account with a Local NSX-T cloud accounts. Note that this is also the setting to use if you are creating a new and empty target NSX-T cloud account for the purposes of NSX-V to NSX-T migration.

    You cannot change the Manager type setting after you create the cloud account.

  7. For NSX mode, select either Policy or Manager.
    • Policy mode (default)

      The Policy mode is available for NSX-T 3.0 and NSX-T 3.1 forward. This option enables VMware Aria Automation to use the additional capabilities available in the NSX-T Policy API.

      If you are using NSX-T with a VMware Cloud on AWS cloud account in a cloud template, the NSX-T cloud account must use the Policy NSX mode.

      The Policy setting refers to the NSX-T Policy API form of NSX-T.

    • Manager mode

      Existing NSX-T cloud accounts that were created in an earlier version of VMware Aria Automation are treated as Manager mode NSX-T cloud accounts.

      The Manager mode is supported for NSX-T 2.4, NSX-T 3.0, and NSX-T 3.1 forward.

      If you specify Manager mode, use the Manager mode option for other NSX-T cloud accounts until VMware Aria Automation introduces a Manager mode to Policy mode migration path.

      Some VMware Aria Automation options for NSX-T require NSX-T 3.0 or greater, including adding tags to virtual machine NIC components in the cloud template.

      The Manager setting refers to the NSX-T Manager API form of NSX-T.

    If you have existing NSX-T cloud accounts that were created prior to the introduction of the Policy method in VMware Aria Automation August 2020, they use the Manager method. It is recommended that you replace your existing NSX-T cloud accounts with new NSX-T cloud accounts that specify the Policy method.

    You cannot change the NSX mode value after you create the cloud account.

  8. Click Validate to confirm the credentials in relation to the selected NSX Manager type and NSX mode.

    The assets associated with the account are collected.

    If the NSX host IP address is not available, or if the cloud proxy is not associated with the NSX host IP address in the vCenter on which the cloud proxy is deployed, validation fails.

  9. In Associations, add one or more vCenter cloud accounts to associate with this NSX-T cloud account. You can also remove existing vCenter cloud account associations.

    Only vCenter cloud accounts that are not currently associated in VMware Aria Automation to an NSX-T or NSX-V cloud account are available for selection.

    See What can I do with NSX-T mapping to multiple vCenters in VMware Aria Automation.

    For information about making association changes after you have deployed a cloud template, or about deleting the cloud account after you have deployed a cloud template, see What happens if I remove an NSX cloud account association in VMware Aria Automation.

  10. If you want to add tags to support a tagging strategy, enter capability tags.

    You can add or remove capability tags later. See How do I use tags to manage Automation Assembler resources and deployments.

    video symbolFor more information about how capability tags and constraint tags help control deployment placements, see the Constraint Tags and Placement video tutorial.

  11. Click Save.

What to do next

You can create or edit a vCenter cloud account to associate with this NSX cloud account. See Create a basic vCenter cloud account in VMware Aria Automation.

Create and configure one or more cloud zones for use with the data centers that are used by this cloud account. See Learn more about Automation Assembler cloud zones.

Configure infrastructure resources for this cloud account. See Building your Automation Assembler resource infrastructure.

For samples of using NSX-T options in VMware Aria Automation cloud templates, see Network, security group, and load balancer resource examples in Automation Assembler.