Starting with version 10.5, VMware Cloud Director supports NSX federation.

As a service provider, you can leverage the NSX federation functionality to create edge gateways and segments that span one or more NSX locations, configure and enforce firewall rules consistently, and manage networking and security across NSX Manager instances within your VMware Cloud Director environment through a single pane of glass view.

You can also enable tenants to configure and enforce firewall rules across NSX Manager instances.

When you use NSX federation, you can group together multiple NSX Manager instances in a universal NSX VDC group. Universal edge gateways and networks are separate from local edge gateways and networks. VDCs can be part of more than one group, and any vCenter Server instance can support multiple VDCs that are included in the same data center group.

When you use NSX federation, you can group together multiple NSX Manager instances in a universal NSX VDC group. VDCs can be part of more than one group, and any vCenter Server instance can support multiple VDCs being included in the same data center group.
Note: In VMware Cloud Director 10.5, NSX federation for multisite deployments is not supported. This means that you can have multiple NSX Manager instances that are federated and manage them through a single global instance only if they are registered to the same VMware Cloud Director site.

Workflow

  1. Familiarize yourself with the NSX Federation documentation. See Getting Started with NSX Federation in the NSX Installation Guide and NSX Federation in the NSX Administration Guide.
  2. In NSX, install the Global Manager, configure the Global Manager as active, and add locations.
  3. Register the global NSX Manager instance to VMware Cloud Director. See Register an NSX Manager Instance with VMware Cloud Director.
    The global NSX Manager instance details include all local NSX Manager instances that are under its domain. You can view the registered NSX location names in the VMware Cloud Director Service Provider UI.
    Note: You must configure at least one edge cluster per location for each local NSX Manager instance.
  4. Import a provider gateway that is associated with your global NSX Manager instance. See Add a Provider Gateway to Your VMware Cloud Director.
  5. Configure custom segment profile templates in the global NSX Manager instance. See Segment Profiles in the NSX Administration Guide and Using NSX Manager Segment Profile Templates in VMware Cloud Director.

    When you create custom segment profiles and profile templates by using the global NSX Manager instance, they are synced across all NSX Manager instances in the federation.

Caveats and Limitations

There are some caveats and limitations to consider when using NSX federation with VMware Cloud Director.

  • A data center group can be either local or global, and once you create it, it cannot be changed.
  • NSX federation for multisite deployments is not supported. This means that you can have multiple NSX Manager instances that are federated and manage them through a single global instance only if they are registered to the same VMware Cloud Director site.
  • You can include up to 4 NSX Manager instances in a data center group.
  • Each NSX Manager supports up to 16 vCenter instances.
  • The provider gateway that is associated with your global NSX Manager instance and with a data center group defines the boundaries of the data center group.
  • NSX federation in VMware Cloud Director supports only routed data center networks. All data center group networks span the full scope of the egress point for the data center group.
  • You can use global custom segment profile templates in global data center groups.
  • VMware Cloud Director service does not support NSX federation.