You can use the vSphere Web Client or vSphere Client to interactively install an NSX Edge on ESXi.

Note: Starting in NSX-T Data Center 2.5.1, the NSX Edge VM supports vMotion.


See NSX Edge network requirements in NSX Edge Installation Requirements.


  1. Locate the NSX Edge appliance OVA file on the VMware download portal.
    Either copy the download URL or download the OVA file onto your computer.
  2. In the vSphere Client, select the host on which to install NSX Edge appliance.
  3. Right-click and select Deploy OVF template to start the installation wizard.
  4. Enter the download OVA URL or navigate to the saved OVA file.
  5. Enter a name for the NSX Edge VM.

    The name you type appears in the inventory.

  6. Select a compute resource for the NSX Edge appliance.
  7. For an optimal performance, reserve memory for the NSX Edge appliance.

    Set the reservation to ensure that NSX Edge has sufficient memory to run efficiently. See NSX Edge VM System Requirements.

  8. Verify the OVF template details.
  9. Select a datastore to store the NSX Edge appliance files.
  10. Accept the default source and destination network interface.
    You can accept the default network destination for the rest of the networks and change the network configuration after the NSX Edge is deployed.
  11. Select the IP allocation from the drop-down menu.
  12. Enter the NSX Edge system root, CLI admin, and audit passwords.
    Note: In the Customize Template window, ignore the message All properties have valid values that is displayed even before you have entered values in any of the fields. This message is displayed because all parameters are optional. The validation passes as you have not entered values in any of the fields.
    Your passwords must comply with the password strength restrictions.
    • At least 12 characters
    • At least one lower-case letter
    • At least one upper-case letter
    • At least one digit
    • At least one special character
    • At least five different characters
    • Default password complexity rules are enforced by the following Linux PAM module arguments:
      • retry=3: The maximum number of times a new password can be entered, for this argument at the most 3 times, before returning with an error.
      • minlen=12: The minimum acceptable size for the new password. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit).
      • difok=0: The minimum number of bytes that must be different in the new password. Indicates similarity between the old and new password. With a value 0 assigned to difok, there is no requirement for any byte of the old and new password to be different. An exact match is allowed.
      • lcredit=1: The maximum credit for having lower case letters in the new password. If you have less than or 1 lower case letter, each letter will count +1 towards meeting the current minlen value.
      • ucredit=1: The maximum credit for having upper case letters in the new password. If you have less than or 1 upper case letter each letter will count +1 towards meeting the current minlen value.
      • dcredit=1: The maximum credit for having digits in the new password. If you have less than or 1 digit, each digit will count +1 towards meeting the current minlen value.
      • ocredit=1: The maximum credit for having other characters in the new password. If you have less than or 1 other characters, each character will count +1 towards meeting the current minlen value.
      • enforce_for_root: The password is set for the root user.
      Note: For more details on Linux PAM module to check the password against dictionary words, refer to the man page.
  13. (Optional) If you have an available NSX Manager and want to register the NSX Edge with the management plane during the OVA deployment, complete the Manager IP, Thumbprint, and Token fields.
    1. Enter the parent NSX Manager node IP address and thumbprint.
    2. Run the API call POST https://<nsx-manager>/api/v1/aaa/registration-token to retrieve the NSX Manager token.
       "token": "4065a7c0-9658-4058-bb01-c149f20f238a",
       "roles": [
        "user": "admin"
    3. Enter the NSX Manager token.
      Note: The Node UUID field is only for internal use. Leave the field blank.
  14. Enter the hostname of the NSX Edge VM.
  15. Enter the default gateway, management network IPv4, management network netmask, DNS, and NTP IP address.
    Note: Ignore VMC settings. Only enter values for VMC deployments.
  16. (Optional) Do not enable SSH if you prefer to access NSX Edge using the console. However, if you want root SSH login and CLI login to the NSX Edge command line, enable the SSH option.
    By default, SSH access is disabled for security reasons.
  17. Verify that all your custom OVA template specification is accurate and click Finish to initiate the installation.
    The installation might take 7-8 minutes.
  18. Open the console of the NSX Edge to track the boot process.
    If the console window does not open, make sure that pop-ups are allowed.
  19. After the NSX Edge starts, log in to the CLI with admin credentials.
    Note: After NSX Edge starts, if you do not log in with admin credentials for the first time, the data plane service does not automatically start on NSX Edge.
  20. Run the get interface eth0 (without VLAN) or get interface eth0.<vlan_ID> (with a VLAN) command to verify that the IP address was applied as expected .
    nsx-edge-1> get interface eth0.100 
    Interface: eth0.100
      MAC address: 00:50:56:86:62:4d
      MTU: 1500
      Default gateway:
      Broadcast address:
    Note: When bringing up NSX Edge VMs on non-NSX managed host, verify that the MTU setting is set to 1600 (instead of 1500) on the physical host switch for the data NIC.
  21. Run the get managers command to verify that the NSX Edge is registered.
    - Standby 
    - Standby 
    - Connected
  22. If NSX Edge is not registered with the management plane, see Join NSX Edge with the Management Plane.
  23. Verify that the NSX Edge appliance has the required connectivity.

    If you enabled SSH, make sure that you can SSH to your NSX Edge.

    • You can ping your NSX Edge.
    • NSX Edge can ping its default gateway.
    • NSX Edge can ping the hypervisor hosts that are in the same network as the NSX Edge.
    • NSX Edge can ping its DNS server and its NTP server.
  24. Troubleshoot connectivity problems.
    Note: If connectivity is not established, make sure the VM network adapter is in the proper network or VLAN.

    By default, the NSX Edge datapath claims all virtual machine NICs except the management NIC (the one that has an IP address and a default route). If you incorrectly assigned a NIC as the management interface, follow these steps to use DHCP to assign management IP address to the correct NIC.

    1. Log in CLI and type the stop service dataplane command.
    2. Type the set interface interface dhcp plane mgmt command.
    3. Place interface into the DHCP network and wait for an IP address to be assigned to that interface.
    4. Type the start service dataplane command.
      The datapath fp-ethX ports used for the VLAN uplink and the tunnel overlay are shown in the get interfaces and get physical-port commands on the NSX Edge.

What to do next

Configure NSX Edge as a transport node. See Configure an NSX Edge as a Transport Node.