You can configure DNS, NTP, and syslog servers for the NSX Controller cluster. The same settings apply to all NSX Controller nodes in the cluster.

Starting in NSX Data Center for vSphere 6.4.2, you can make these changes using the vSphere Web Client or vSphere Client. In earlier 6.4 versions, you can change NTP, and syslog settings using the API only. See the NSX API Guide for more information.

Important: If you have an invalid configuration (for example, unreachable NTP servers), and then deploy a controller, the controller node deployment fails. Verify and correct the configuration and deploy the controller node again.

The NSX Controller cluster DNS settings override any DNS settings configured on the controller IP pool.

Procedure

  1. Navigate to Networking & Security > Installation and Upgrade > Management > NSX Controller Nodes.
  2. Select the NSX Manager that manages the NSX Controller nodes you want to modify.
  3. Click the Common Controller Attributes EDIT link.
  4. (Optional) Enter a comma-separated list of DNS servers, and optionally DNS suffixes.
    DNS Setting Example Values
    DNS Servers 192.168.110.10, 192.168.110.11
    DNS Suffixes eng.example.com, corp.example.com, example.com
  5. (Optional) Enter a comma-separated list of NTP servers.
    You can enter the NTP servers as IPv4 addresses or fully qualified domain names (FQDN). If an FQDN is used, you must configure DNS so that the names can be resolved.
  6. (Optional) Configure one or more syslog servers.
    1. In the Syslog Servers panel, click ADD.
    2. Enter the syslog server name or address.
      You can enter the syslog servers as IPv4 addresses or fully qualified domain names (FQDN). If an FQDN is used, you must configure DNS so that the names can be resolved.
    3. Select the protocol.
      If you select TLS, you must provide a PEM-encoded X.509 certificate.
      Important: Selecting TCP or TLS might result in extra consumption of memory for buffering that could negatively impact the performance of the controller. In extreme cases, this can stop controller processing until the buffered network log calls are drained.
      Note:
      • If the syslog server is using a self-signed certificate, paste the contents of the syslog self-signed certificate in the Certificate text box.
      • If the syslog server is using a CA-signed certificate, paste the contents of the intermediary certificates and the root certificate. In the certificate chain, the order of certificates must be as follows:
        • Any number of intermediate CA certificates
        • Root CA certificate
        Each certificate must include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, as shown in the following example: 
        -----BEGIN CERTIFICATE-----
    Intermediate cert
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
    Root cert
-----END CERTIFICATE-----
    4. (Optional) Edit the port.
      The default port for TCP and UDP syslog is 514. For TLS syslog, the default port is 6514.
    5. (Optional) Select the log level.
      INFO is selected by default.