If you prefer to automate NSX Controller installation, you can use the VMware OVF Tool, which is a command-line utility.

By default, nsx_isSSHEnabled and nsx_allowSSHRootLogin are both disabled for security reasons. When they are disabled, you cannot SSH or log in to the NSX Controller command line. If you enable nsx_isSSHEnabled but not nsx_allowSSHRootLogin, you can SSH to NSX Controller but you cannot log in as root.

Prerequisites

  • Verify that the system requirements are met. See System Requirements.

  • Verify that the required ports are open. See Ports and Protocols.

  • If you do not already have one, create the target VM port group network. It is recommended to place NSX-T Data Center appliances on a management VM network.

    If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.

  • Plan your IPv4 IP address scheme. In this release of NSX-T Data Center, IPv6 is not supported.

  • OVF Tool version 4.0 or later.

Procedure

  • For a standalone host, run the ovftool command with the appropriate parameters.
    C:\Users\Administrator\Downloads>ovftool 
    --name=nsx-controller 
    --X:injectOvfEnv 
    --X:logFile=ovftool.log 
    --allowExtraConfig 
    --datastore=ds1 
    --network="management" 
    --noSSLVerify 
    --diskMode=thin 
    --powerOn 
    --prop:nsx_ip_0=192.168.110.210 
    --prop:nsx_netmask_0=255.255.255.0 
    --prop:nsx_gateway_0=192.168.110.1 
    --prop:nsx_dns1_0=192.168.110.10 
    --prop:nsx_domain_0=corp.local 
    --prop:nsx_ntp_0=192.168.110.10 
    --prop:nsx_isSSHEnabled=<True|False> 
    --prop:nsx_allowSSHRootLogin=<True|False> 
    --prop:nsx_passwd_0=<password> 
    --prop:nsx_cli_passwd_0=<password>
    --prop:nsx_cli_audit_passwd_0=<password> 
    --prop:nsx_hostname=nsx-controller 
    <path/url to nsx component ova> 
    vi://root:<password>@192.168.110.51
    
  • For a host managed by vCenter Server, run the ovftool command with the appropriate parameters.
    C:\Users\Administrator\Downloads>ovftool 
    --name=nsx-controller 
    --X:injectOvfEnv 
    --X:logFile=ovftool.log 
    --allowExtraConfig 
    --datastore=ds1 
    --network="management" 
    --noSSLVerify 
    --diskMode=thin 
    --powerOn 
    --prop:nsx_ip_0=192.168.110.210 
    --prop:nsx_netmask_0=255.255.255.0 
    --prop:nsx_gateway_0=192.168.110.1 
    --prop:nsx_dns1_0=192.168.110.10 
    --prop:nsx_domain_0=corp.local 
    --prop:nsx_ntp_0=192.168.110.10 
    --prop:nsx_isSSHEnabled=<True|False> 
    --prop:nsx_allowSSHRootLogin=<True|False> 
    --prop:nsx_passwd_0=<password> 
    --prop:nsx_cli_passwd_0=<password> 
    --prop:nsx_cli_audit_passwd_0=<password>
    --prop:nsx_hostname=nsx-controller 
    <path/url to nsx component ova> 
    vi://administrator@vsphere.local:<vcenter_password>@192.168.110.24/?ip=192.168.110.51
    
  • (Optional) For optimal performance, reserve memory for the NSX-T Data Center component.

    A memory reservation is a guaranteed lower bound on the amount of physical memory that the host reserves for a virtual machine, even when memory is overcommitted. Set the reservation to a level that ensures the NSX-T Data Center component has sufficient memory to run efficiently. See System Requirements.

  • Open the console of the NSX-T Data Center component to track the boot process.
  • After the NSX-T Data Center component boots, log in to the CLI as admin and run the get interface eth0 command to verify that the IP address was applied as expected.
    nsx-component> get interface eth0
    Interface: eth0
      Address: 192.168.110.25/24
      MAC address: 00:50:56:86:7b:1b
      MTU: 1500
      Default gateway: 192.168.110.1
      Broadcast address: 192.168.110.255
      ...
    
  • Verify that your NSX-T Data Center component has the required connectivity.

    Make sure that you can perform the following tasks.

    • Ping your NSX-T Data Center component from another machine.

    • The NSX-T Data Center component can ping its default gateway.

    • The NSX-T Data Center component can ping the hypervisor hosts that are in the same network as the NSX-T Data Center component using the management interface.

    • The NSX-T Data Center component can ping its DNS server and its NTP server.

    • If you enabled SSH, make sure that you can SSH to your NSX-T Data Center component.

    If connectivity is not established, make sure the network adapter of the virtual appliance is in the proper network or VLAN.

What to do next

Join the NSX Controller with the management plane. See Join NSX Controllers with the NSX Manager.