Begin the implementation of the Intelligent Network Visibility for VMware Cloud Foundation solution by preparing your VMware Cloud Foundation instance for connecting to VMware Aria Operations for Networks.

Define a Custom Role in vSphere for Intelligent Network Visibility for VMware Cloud Foundation

To integrate VMware Aria Operations for Networks with vSphere, you create a custom vSphere role with the required privileges in the vSphere Client.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select Administration.
  3. In the left pane, select Access control > Roles.
  4. From the Roles provider drop-down menu, select vsphere.local.
  5. Create a role for VMware Aria Operations for Networks.
    1. Click New.
    2. In the Role name text box, enter VMware Aria Operations for Networks to vSphere Integration.
    3. Configure the privileges and click Create.

      Category

      Privilege

      Distributed switch

      Modify

      Port configuration operation

      dvPort group

      Modify

      Policy operation

      Global

      Settings
  6. Repeat the procedure for each management domain vCenter Server in each VMware Cloud Foundation instance.

Configure Service Account Permissions for vSphere Integration for Intelligent Network Visibility for VMware Cloud Foundation

To provide the necessary privileges to the service account for VMware Aria Operations for Networks to vSphere integration, you assign the custom role to the integration service accounts in vCenter Server.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. From the vSphere Client Menu, select Administration.

  3. In the left pane, select Access control > Global permissions, and click the Add permissions icon.

  4. In the Add permissions dialog box, configure the values for the VMware Aria Operations for Networks service account from your VMware Cloud Foundation Planning and Preparation Workbook, select the Propagate to children check box, and click OK.

Create Virtual Machine and Template Folders for the Platform and Collector Nodes for Intelligent Network Visibility for VMware Cloud Foundation

Create folders in the management domain to group objects of the same type for easier management. You create two virtual machine folder on the management domain vCenter Server to manage the VMware Aria Operations for Networks components.

Procedure

  1. Log in to the management domain vCenter Server at https://<management_vcenter_server_fqdn>/ui by using an account with Administrator privileges.
  2. In the VMs and templates inventory, expand the management domain vCenter Server tree.
  3. In the VMs and templates inventory, navigate to the default management data center, right-click the data center, and select New folder > New VM and template folder.

  4. In the New folder dialog box, enter the folder name according to the VMware Cloud Foundation Planning and Preparation Workbook, and click OK.

  5. Repeat this procedure for the any remaining folders according to the VMware Cloud Foundation Planning and Preparation Workbook.

Prepare NSX for VMware Aria Operations for Networks Integration for Intelligent Network Visibility for VMware Cloud Foundation

To integrate NSX with VMware Aria Operations for Networks, you create a certificate and private key and use them to configure a principal identity in NSX Manager.

Procedure

  1. Log in to SDDC Manager at <sddc_manager_fqdn>:22 as the vcf user by using a Secure Shell (SSH) client.
  2. Switch to the super user.
    su
  3. Create the certificate and private key.
    openssl req -newkey rsa:2048 -sha256 -x509 -days 365 -subj "/CN=nsx_local_manager_cluster_hostname" -extensions usr_cert -nodes -keyout nsx_local_manager_cluster_hostname.key -out nsx_local_manager_cluster_hostname.cer
    Note: You use the nsx_local_manager_cluster_hostname.key and nsx_local_manager_cluster_hostname.cer contents to create a principal identity in NSX Manager and create a credential in VMware Aria Operations for Networks.
  4. Log in to NSX Manager at https://<nsx_manager_fqdn>/login.jsp?local=true as admin.
  5. On the main navigation bar, click System.
  6. In the left pane, navigate to Settings > User management.
  7. For NSX 4.1 or later, on the User management page, click Add principal identity.
  8. For NSX 3.2 or earlier, on the User management page, from the Add drop-down menu, select Principal identity with role.
  9. In the Certificate PEM text box, paste the contents of the nsx_local_manager_cluster_hostname.cer certificate file.
  10. Configure the remaining settings according to the values in your VMware Cloud Foundation Planning and Preparation Workbook and click Save.
  11. Repeat this procedure for each VI workload domain in the VMware Cloud Foundation instance.