After you register a service, you must deploy an instance of the service for the service to start processing network traffic.

Deploy partner service VMs that run the partner security engine on all the NSX-T Data Center hosts in a cluster. The vSphere ESX Agency Manager (EAM) service is used to deploy the partner service VMs on each host. After you deploy the SVMs, you can create policy rules used by SVM to protect guest VMs.

Prerequisites

  • All hosts are managed by a vCenter Server.

  • Partner services are registered with NSX-T Data Center and are ready for deployment.

  • NSX-T Data Center administrators can access partner services and vendor templates.

  • Both the service VM and the partner Service Manager (console) must be able to communicate with each other at the management network level.

  • Prepare hosts as NSX-T Data Center transport nodes:
    • Create a transport zone.
    • Create an IP pool for tunnel endpoint IP addresses.
    • Create an uplink profile.
    • Add a transport node profile to prepare a cluster for auto deployment of NSX-T Data Center transport nodes.
    • Configure a standalone or managed host.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Go to the System tab and click Service Deployment.
  3. From the Partner Service drop-down, select the service to be deployed.
  4. Click Deployment and click Deploy Service.
  5. Enter the service deployment name.
  6. In the Compute Manager field, select the compute resource on the vCenter Server to deploy the service.
  7. In the Cluster field, select the cluster where the services need to be deployed.
  8. In the Data Store drop-down menu, you can:
    1. Select a datastore as the repository for the service virtual machine.
    2. Select Specified on Host. This setting means that you do not need to select a datastore and port group on this wizard. You can directly configure agent settings on EAM in vCenter Server to point to a specific datastore and port group to be used for service deployment.

    To know how to configure EAM, refer to the vSphere documentation.

  9. In the Network column, click Set.
  10. Set the Management Network interface to Specified on Host or DVPG.
  11. Set the network type to DHCP or Static IP pool. If you set the network type to Static IP pool, select from the list of available IP pools.
  12. In the Deployment Specification field, select host-based deployment to deploy service on all hosts. Depending upon the services registered by the partner, multiple services can be deployed as part of a single service VM.
  13. In the Deployment Template field, select the registered deployment template.
  14. Click Save.

Results

When a new host is added to the cluster, EAM automatically deploys the service VM on the new host. The deployment process might take some time, depending on the vendor's implementation. You can view the status in the NSX Manager user interface. The service is successfully deployed on the host when the status turns Deployment Successful.

To remove host from a cluster, first move it into maintenance mode. Then, select the option to migrate the guest VMs to another host to complete migration.

What to do next

Know deployment details and heath status about service instances deployed on hosts. See View Service Instance Details.