If you prefer an interactive DNE Key Manager installation, you can use a UI-based VM management tool, such as the vSphere Client connected to the vCenter Server.


  • Verify that the system requirements are met. See System Requirements.

  • Verify that the required ports are open. See Ports and Protocols.

  • Most deployments place NSX-T appliances on a management VM network. You can also create a new VM port group for the DNE Key Manager appliance.

    If you have multiple management networks, you can add static routes to the other networks from the NSX-T appliance.

  • Plan your IPv4 IP address scheme. In this release of NSX-T, IPv6 is not supported.

  • Verify that you have adequate privileges to deploy an OVF template on the ESXi host.

  • Verify that hostnames do not include underscores. Otherwise, the hostname is set to localhost.

  • A management tool that can deploy OVF templates, such as vCenter Server or the vSphere Client.

    The OVF deployment tool must support configuration options to allow for manual configuration.

  • The Client Integration Plug-in must be installed.


  1. Locate the DNE Key Manager OVA or OVF file.

    In the vSphere client, launch the Deploy OVF template wizard and navigate or link to the .ova or ovf file.

  2. Enter a name for the DNE Key Manager, and select a folder or vCenter Server datacenter.

    The name you type appears in the inventory.

    The folder you select is used to apply permissions to the DNE Key Manager.

  3. Select a datastore to store the DNE Key Manager virtual appliance files.
  4. If you are installing in vCenter Server, select a host or cluster on which to deploy the DNE Key Manager appliance.
  5. Select the networks on which to place the NSX Edge interfaces.

    You can change the networks after the NSX Edge is deployed.

  6. Select the port group or destination network for the DNE Key Manager.

    For example, if you are using vSphere distributed switches, you might place DNE Key Manager on a port group called Mgmt_VDS - Mgmt.

  7. Specify the DNE Key Manager password and IP settings.
  8. (Optional) For optimal performance, reserve memory for the NSX-T component.

    A memory reservation is a guaranteed lower bound on the amount of physical memory that the host reserves for a virtual machine, even when memory is overcommitted. Set the reservation to a level that ensures the NSX-T component has sufficient memory to run efficiently. See System Requirements.

  9. Open the console of the NSX Edge to track the boot process.
  10. After the DNE Key Manager is completely booted, log in to the CLI as root and run the ifconfig command.

    For example, run ifconfig eth0 or the interface you use to connect to the management switch to verify that the IP address was applied as expected.

  11. Verify that the NSX Edge appliance has the required connectivity.

    If you enabled SSH, make sure that you can SSH to your NSX Edge.

    • You can ping your NSX Edge.

    • NSX Edge can ping its default gateway.

    • NSX Edge can ping the hypervisor hosts that are in the same network as the NSX Edge.

    • NSX Edge can ping its DNS server and its NTP server.

What to do next

Join the DNE Key Manager with the management plane. See Join DNE Key Manager with the Management Plane.