The NSX Edge provides routing services and connectivity to networks that are external to the NSX-T Data Center deployment. An NSX Edge is required if you want to deploy a tier-0 router or a tier-1 router with stateful services such as network address translation (NAT), VPN and so on.

Table 1. NSX Edge Deployment, Platforms, and Installation Requirements

Requirements

Description

Supported deployment methods

  • OVA/OVF

  • ISO with PXE

  • ISO without PXE

Supported platforms

NSX Edge is supported only on ESXi or on bare metal.

NSX Edge is not supported on KVM.

PXE installation

The Password string must be encrypted with sha-512 algorithm for the root and admin user password.

NSX-T Data Center appliance password

  • At least eight characters

  • At least one lower-case letter

  • At least one upper-case letter

  • At least one digit

  • At least one special character

  • At least five different characters

  • No dictionary words

  • No palindromes

Hostname

When installing NSX Edge, specify a hostname that does not contain invalid characters such as an underscore. If the hostname contains any invalid character, after deployment the hostname will be set to localhost. For more information about hostname restrictions, see https://tools.ietf.org/html/rfc952 and https://tools.ietf.org/html/rfc1123.

VMware Tools

The NSX Edge VM running on ESXi has VMTools installed. Do not remove or upgrade VMTools.

System

Verify that the system requirements are met. See System Requirements.

NSX Ports

Verify that the required ports are open. See Ports and Protocols.

If you do not already have one, create the target VM port group network. It is recommended to place NSX-T Data Center appliances on a management VM network.

IP Addresses

If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.

Plan your IPv4 IP address scheme. In this release of NSX-T Data Center, IPv6 is not supported.

IPv6 format is not supported.

OVF Template

  • Verify that you have adequate privileges to deploy an OVF template on the ESXi host.

  • Verify that hostnames do not include underscores. Otherwise, the hostname is set to nsx-manager.

  • A management tool that can deploy OVF templates, such as vCenter Server or the vSphere Client.

    The OVF deployment tool must support configuration options to allow for manual configuration.

  • The Client Integration Plug-in must be installed.

NTP Server

The same NTP server must be configured on all NSX Edge servers in an Edge cluster.

NSX Edge Installation Scenarios

Important:

When you install NSX Edge from an OVA or OVF file, either from vSphere Web Client or the command line, OVA/OVF property values such as user names, passwords, or IP addresses are not validated before the VM is powered on.

  • If you specify a user name for the admin or audit user, the name must be unique. If you specify the same name, it is ignored and the default names (admin and audit) is used.

  • If the password for the admin user does not meet the complexity requirements, you must log in to NSX Edge through SSH or at the console as the admin user with the password vmware. You are prompted to change the password.

  • If the password for the audit user does not meet the complexity requirements, the user account is disabled. To enable the account, log in to NSX Edge through SSH or at the console as the admin user and run the command set user audit to set the audit user's password (the current password is an empty string).

  • If the password for the root user does not meet the complexity requirements, you must log in to NSX Edge through SSH or at the console as root with the password vmware. You are prompted to change the password.

  • Do not use root user credentials to perform operations on the product. You must use this access only when requested by the VMware Support team. Using the root user credentials to install daemons or applications will your support contract.

Note:

The core services on the appliance do not start until a password with sufficient complexity has been set.

After you deploy NSX Edge from an OVA file, you cannot change the VM's IP settings by powering off the VM and modifying the OVA settings from vCenter Server.