Starting with version 10.5, VMware Cloud Director supports NSX federation. As an organization administrator in the in the VMware Cloud Director Tenant Portal, you can leverage the NSX federation functionality to configure and enforce firewall rules, and manage networking and security across data centers through a single pane of glass view.

Note: You can use NSX federation only with routed organization VDC networks.

When you use NSX federation, you can group together multiple NSX Manager instances in a universal NSX VDC group. Universal edge gateways and networks are separate from local edge gateways and networks. VDCs can be part of more than one group, and any vCenter Server instance can support multiple VDCs that are included in the same data center group.

When you use NSX federation, you can group together multiple NSX Manager instances in a universal NSX VDC group. VDCs can be part of more than one group, and any vCenter Server instance can support multiple VDCs being included in the same data center group.

Prerequisites

  • Verify that you are an organization administrator.
  • Verify that the provider gateway that your service provider dedicated to your organization is global. You can check if a provider gateway is global by viewing the details of its associated NSX Manager. See Working with Provider Gateways.

Procedure

  1. Create a universal data center group. See Create a Data Center Group with an NSX Network Provider Type in the VMware Cloud Director Tenant Portal.
  2. Add an edge gateway to the universal data center group that you created.
    1. Click the universal data center group that you created.
    2. Click Edge Gateway, and, on the right, click New Edge.
      You cannot add an existing VMware Cloud Director edge gateway to the universal edge gateway group.
    3. Enter a name and, optionally, a description for the new edge gateway
    4. Select a global provider gateway to which to associate the new edge gateway, and click Next.
      The global provider gateway must span all the locations for the participating VDCs in the VDC group.
    5. Review your settings and click Finish.
  3. Create a routed group VDC network. See Create a Routed Data Center Group Network Backed by NSX in the VMware Cloud Director Tenant Portal.
    Note: The network includes all the VDCs in the data center group. You cannot remove VDCs from the network.

Results

You can now use edge gateway services, configure and enforce firewall rules, manage networking and security across the data centers in the data center group network through a single pane of glass view. See Managing NSX Edge Gateways in VMware Cloud Director Tenant Portal.

NSX Federation Edge Services Caveats and Limitations

When using NSX federation with VMware Cloud Director, you can configure and use most of the standard edge gateway services with the following caveats and limitations.

Edge Service Notes
Edge Cluster By default, the edge cluster configuration matches that of the provider gateway. You can select a different edge cluster. You can select only one edge cluster per location.
Rate Limiting You can use only global profiles when you configure ingress and egress traffic QoS profiles.
External Networks Connecting an universal edge gateway to an external network is not supported.
DHCP Only DHCP relay is supported.
IPSec and L2 VPN Not supported.
Dedicated Routing Services BGP must be configured on the provider gateway by the system administrator in NSX.

Static routes are not supported.