Follow these instructions to deploy PCG in your AWS VPC.

The VPC in which you deploy a PCG can act as a Transit VPC to which other VPCs can connect (known as Compute VPCs). This VPC can also manage VMs and act as a self-managed VPC.

Follow these instructions to deploy a PCG. If you want to link to an existing Transit VPC, see Link to a Transit VPC or VNet.

Prerequisites

  • Your public cloud accounts must be already added into CSM.

  • The VPC on which you are deploying PCG must have the required subnets appropriately adjusted for High Availability: uplink, downlink, and management.

  • The configuration for your VPC's network ACL must include an ALLOW inbound rule.

Procedure

  1. Log in to CSM using an account with the Enterprise Administrator role.
  2. Click Clouds > AWS > <AWS_account_name> and go to the VPCs tab.
  3. In the VPCs tab, select an AWS region name, for example, us-west. The AWS region must be the same where you created the compute VPC.
  4. Select a VPC configured for NSX Cloud.
  5. Click Deploy Gateways.
  6. Complete the general gateway details:
    Option Description
    PEM File

    Select one of your PEM files from the drop-down menu. This file must be in the same region where NSX Cloud was deployed and where you created your compute VPC.

    This uniquely identifies your AWS account.

    Quarantine Policy on the Associated VPC

    You can only change the Quarantine Policy setting if you choose to manage workload VMs using NSX Tools (NSX Enforced Mode). Quarantine Policy is always enabled in the Native Cloud Enforced Mode

    Leave this in the default disabled mode when you first deploy PCG. You can change this value after onboarding VMs. See Manage Quarantine Policy in the NSX-T Data Center Administration Guide for details.
    Manage with NSX Tools Leave in the default disabled state to onboard workload VMs in the Native Cloud Enforced Mode. If you want to install NSX Tools on your workload VMs to use the NSX Enforced Mode, enable this option.
    Proxy Server Select a proxy server to use for internet-bound traffic from this PCG. The proxy servers are configured in CSM. You can select the same proxy server as CSM if one, or select a different proxy server from CSM, or select No Proxy Server.

    See (Optional) Configure Proxy Servers for details on how to configure proxy servers in CSM.

    Advanced The advanced settings provide extra options if required.
    Override AMI ID Use this advanced feature to provide a different AMI ID for the PCG from the one that is available in your AWS account.
    Obtain via Public Cloud Provider's DHCP

    Select this option if you want to use AWS settings. This is the default DNS setting if you do not pick either of the options to override it.

    Override Public Cloud Provider's DNS Server Select this option if you want to manually provide the IP address of one or more DNS servers to resolve NSX-T Data Center appliances as well as the workload VMs in this VPC.
    Use Public Cloud Provider's DNS server only for NSX-T Data Center Appliances

    Select this option if you want to use the AWS DNS server for resolving the NSX-T Data Center management components. With this setting, you can use two DNS servers: one for PCG that resolves NSX-T Data Center appliances; the other for the VPC that resolves your workload VMs in this VPC.

  7. Click Next.
  8. Complete the Subnet details.
    Option Description
    Enable HA for Public Cloud Gateway The recommended setting is Enable, that sets up a High Availability Active/Standby pair to avoid an unscheduled downtime.
    Primary gateway settings

    Select an Availability Zone such as us-west-1a, from the drop-down menu as the primary gateway for HA.

    Assign the uplink, downlink, and management subnets from the drop-down menu.

    Secondary gateway settings

    Select another Availability Zone such as us-west-1b, from the drop-down menu as the secondary gateway for HA.

    The secondary gateway is used when the primary gateway fails.

    Assign the uplink, downlink, and management subnets from the drop-down menu.

    Public IP on Mgmt NIC Select Allocate New IP address to provide a public IP address to the management NIC. You can manually provide the public IP address if you want to reuse a free public IP address.
    Public IP on Uplink NIC Select Allocate New IP address to provide a public IP address to the uplink NIC. You can manually provide the public IP address if you want to reuse a free public IP address.
    Click Deploy.
  9. Monitor the status of the primary (and secondary, if you selected it) PCG deployment. This process can take 10-12 minutes.
  10. Click Finish when PCG is successfully deployed.

What to do next

Follow instructions at "Using NSX Cloud" in the NSX-T Data Center Administration Guide.