You can use the vSphere Client to deploy NSX Manager or the Cloud Service Manager as a virtual appliance.

Cloud Service Manager is a virtual appliance that uses NSX-T Data Center components and integrates them with your public cloud.

Prerequisites

  • Verify that the system requirements are met. See System Requirements.
  • Verify that the required ports are open. See Ports and Protocols.
  • Verify that a datastore is configured and accessible on the ESXi host.
  • Verify that you have the IP address and gateway, DNS server IP addresses, domain search list, and the NTP server IP address for the NSX Manager to use.
  • If you do not already have one, create the target VM port group network. Place the NSX-T Data Center appliances on a management VM network.

    If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.

  • Plan your NSX Manager IPv4 IP addressing scheme.

Procedure

  1. Locate the NSX-T Data Center OVA file on the VMware download portal.

    Either copy the download URL or download the OVA file.

  2. Right-click and select Deploy OVF template to start the installation wizard.
  3. Enter the download OVA URL or navigate to the OVA file, and click Next.
  4. Enter a name and a location for the NSX Manager VM, and click Next.

    The name you enter appears in the vSphere and vCenter Server inventory.

  5. Select a compute resource for the NSX Manager appliance, and click Next.
    • To install on a ESXi host managed by vCenter, select a host on which to deploy the NSX Manager appliance.
    • To install on a standalone ESXi host, select the host on which to deploy the NSX Manager appliance.
  6. Review and verify the OVF template details, and click Next.
  7. Specify the deployment configuration size, and click Next.
    The Description panel on the right side of the wizard shows the details of selected configuration.
  8. Specify storage for the configuration and disk files.
    1. Select the virtual disk format.
    2. Select the VM storage policy.
    3. Specify the datastore to store the NSX Manager appliance files.
    4. Click Next.
  9. Select a destination network for each source network.
  10. Select the port group or destination network for the NSX Manager.
  11. Configure IP Allocation settings.
    1. For IP allocation, specify Static - Manual.
    2. For IP protocol, select IPv4.
  12. Click Next.
    The following steps are all located in the Customize Template section of the Deploy OVF Template wizard.
  13. In the Application section, enter the system root, CLI admin, and audit passwords for the NSX Manager. The root and admin credentials are mandatory fields.
    Your passwords must comply with the password strength restrictions.
    • At least 12 characters
    • At least one lower-case letter
    • At least one upper-case letter
    • At least one digit
    • At least one special character
    • At least five different characters
    • Default password complexity rules are enforced by the following Linux PAM module arguments:
      • retry=3: The maximum number of times a new password can be entered, for this argument at the most 3 times, before returning with an error.
      • minlen=12: The minimum acceptable size for the new password. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit).
      • difok=0: The minimum number of bytes that must be different in the new password. Indicates similarity between the old and new password. With a value 0 assigned to difok, there is no requirement for any byte of the old and new password to be different. An exact match is allowed.
      • lcredit=1: The maximum credit for having lower case letters in the new password. If you have less than or 1 lower case letter, each letter will count +1 towards meeting the current minlen value.
      • ucredit=1: The maximum credit for having upper case letters in the new password. If you have less than or 1 upper case letter each letter will count +1 towards meeting the current minlen value.
      • dcredit=1: The maximum credit for having digits in the new password. If you have less than or 1 digit, each digit will count +1 towards meeting the current minlen value.
      • ocredit=1: The maximum credit for having other characters in the new password. If you have less than or 1 other characters, each character will count +1 towards meeting the current minlen value.
      • enforce_for_root: The password is set for the root user.
      Note: For more details on Linux PAM module to check the password against dictionary words, refer to the man page.
  14. In the Optional parameters section, leave the password fields blank. It is to avoid the risk of compromising passwords set for VMC roles by a user who has access to the vCenter Server. When deploying VMC for NSX-T Data Center, this field is used internally to set passwords for the Cloud Admin and Cloud Audit roles.
  15. In the Network Properties section, enter the hostname of the NSX Manager.
    Note: The host name must be a valid domain name. Ensure that each part of the host name (domain/subdomain) that is separated by dot starts with an alphabet character.
  16. Select a Rolename for the appliance. The default role is NSX Manager.
    • To install an NSX Manager appliance, select the NSX Manager role.
    • To install a Cloud Service Manager (CSM) appliance for an NSX Cloud deployment, select the nsx-cloud-service-manager role.

      See Overview of Deploying NSX Cloud for details.

  17. (Required fields) Enter the default gateway, management network IPv4, and management network netmask.
    Important: If you leave the Management Network IPv4 field blank without entering a static IP address, no IP address is assigned to the NSX Manager during deployment of the appliance. You cannot access the NSX Manager when it powers on. The workaround is to re-deploy the NSX Manager appliance.
  18. In the DNS section, enter the DNS Server list and Domain Search list.
  19. In the Services Configuration section, enter the NTP Server List.
    Optionally, you can enable SSH service and allow root SSH login. (Not recommended.)
  20. Verify that all your custom OVF template specification is accurate and click Finish to initiate the installation.
    The installation might take 7-8 minutes.
  21. For an optimal performance, reserve memory for the NSX Manager appliance.

    Set the reservation to ensure that NSX Manager has sufficient memory to run efficiently. See NSX Manager VM and Host Transport Node System Requirements.

  22. From the vSphere Client, open NSX Manager VM console to track the boot process.
  23. After the NSX Manager boots, log in to the CLI as admin and run the get interface eth0 command to verify that the IP address was applied as expected.
  24. Enter the get services command to verify that all the services are running.
    If the services are not running, wait for all the services to start running.
    Note: The following services are not running by default: liagent, migration-coordinator, and snmp. You can start them as follows:
    • start service liagent
    • start service migration-coordinator
      Note: Start this service on only one NSX Manager node. See the NSX-T Data Center Migration Coordinator Guide.
    • For SNMPv1/SNMPv2:
      set snmp community <community-string>
      start service snmp
      The maximum character limit for community-string is 64.
    • For SNMPv3
      set snmp v3-users <user_name> auth-password <auth_password> priv-password <priv_password>
      The maximum character limit for user_name is 32. Ensure that your passwords meet PAM constraints. If you want to change the default engine id, use the following command:
      set snmp v3-engine-id <v3-engine-id>
      
      start service snmp
      v3-engine-id is a hexadecimal string that is 10 to 64 characters long.

      NSX-T Data Center supports SHA1 and AES128 as the authentication and privacy protocols. You can also use API calls to set up SNMPv3. For more information, see the NSX-T Data Center API Guide.

  25. Verify that your NSX Manager has the required connectivity.
    Make sure that you can perform the following tasks.
    • Ping your NSX Manager from another machine.
    • The NSX Manager can ping its default gateway.
    • The NSX Manager can ping the hypervisor hosts that are in the same network as the NSX Manager using the management interface.
    • The NSX Manager can ping its DNS server and its NTP server.
    • If you enabled SSH, make sure that you can SSH to your NSX Manager.

    If connectivity is not established, make sure that the network adapter of the virtual appliance is in the proper network or VLAN.

What to do next

Log in to the NSX Manager from a supported web browser. See Log In to the Newly Created NSX Manager.