After partners register services, as an administrator, you must deploy an instance of the service on member hosts of a cluster.

Deploy partner service VMs that run the partner security engine on all the NSX-T Data Center hosts in a cluster. After you deploy the SVMs, you can create policy rules used by SVM to protect guest VMs.

Prerequisites

  • All hosts are managed by a vCenter Server.

  • Partner services must be registered with NSX-T Data Center and are ready for deployment.

  • NSX-T Data Center administrators can access partner services and vendor templates.

  • Both the service VM and the partner service manager (console) must be able to communicate with each other at the management network level.

  • Ensure only one overlay transport zone is connected to hosts that are running the partner service.

  • Ensure only one service segment is used to connect guest VMs for network introspection.

  • Starting with NSX-T Data Center 3.1, on clusters that span physical servers placed in different racks, you can override the transport node profile applied on a per-host basis.
  • Starting with NSX-T Data Center 3.0, you must prepare clusters (cluster-based or host-based deployment methods) by applying a transport node profile.
  • With NSX-T Data Center 2.5.x or earlier, before you deploy service VMs on each host using host-based service deployment method, configure each host of the cluster with NSX-T Data Center by applying a transport node profile.
  • When upgrading the third-party service, the existing service will continue to be functional even if transport node profile is not applied to the cluster.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select System > Service Deployments > Deployment > Deploy Service.
  3. From the Partner Service field, select the partner service.
  4. Enter the service deployment name.
  5. In the Compute Manager field, select the vCenter Server to deploy the service.
  6. In the Cluster field, select the cluster where the services need to be deployed.
  7. In the Data Store drop-down menu, select a data store as the repository for the service virtual machine.
  8. In the Network column, click Set and enter the Management Network interface by choosing DHCP or static IP address type, and data network.
  9. In the Service Segments field, select a service segment from the list or click the Action icon to add or edit a service segment.
    Guest VMs connected to a service segment are provided east-west network traffic protection.
    To create a service segment:
    1. Click the + icon next to the Service Segment field.
    2. In the Service Segment dialog box, click Add Service Segment.
    3. Enter a name, select a Transport Zone Overlay from the drop-down menu, and if applicable, select a gateway under Applied to Gateway.
    4. Click Save.
  10. In the Deployment Type field, select from one of the following deployment options. Depending upon the services registered by the partner, multiple services can be deployed as part of a single service VM.
    • Clustered: Deploys the service on a host or hosts belonging to a cluster that is dedicated to host service VMs.
    • Host Based: Deploys the service on all the hosts within a cluster.
  11. In the Deployment Template field, select the template that provides attributes to protect the workload you want to run on guest VMs groups.
  12. (Cluster-based deployment only) In the Clustered Deployment Count, enter the number of service VMs to deploy on the cluster.
    The vCenter Server decides on which host to deploy the service VMs.
  13. Click Save.

Results

After service deployment, the partner Service Manager is notified about the update.

What to do next

Know deployment details and heath status about service instances deployed on hosts. See Add a Service Profile.