After you register a service, you must deploy an instance of the service for the service to start processing network traffic.
Deploy partner service VMs that run the partner security engine on all the NSX-T Data Center hosts in a cluster. The vSphere ESX Agency Manager (EAM) service is used to deploy the partner service VMs on each host. After you deploy the SVMs, you can create policy rules used by SVM to protect guest VMs.
Prerequisites
-
All hosts are managed by a vCenter Server.
-
Partner services are registered with NSX-T Data Center and are ready for deployment.
-
NSX-T Data Center administrators can access partner services and vendor templates.
-
Both the service VM and the partner Service Manager (console) must be able to communicate with each other at the management network level.
- Prepare cluster for NSX-T Data Center networking:
- Create a transport zone.
- Create an IP pool for tunnel endpoint IP addresses.
- Create an uplink profile.
- Apply transport node profile on a cluster to auto-deploy NSX-T Data Center on each host of the cluster.
- Starting with NSX-T Data Center 3.1, on clusters that span physical servers placed in different racks, you can override the transport node profile applied on a per-host basis.
- Starting with NSX-T Data Center 3.0, before you deploy endpoint protection service on hosts, prepare clusters by applying transport node profile.
- With NSX-T Data Center 2.5.x or earlier, you only need to apply transport node profile on a cluster deployed using the host-based deployment method.
- When upgrading endpoint protection service, the existing service will continue to be functional even if transport node profile is not applied to the cluster.
Procedure
Results
To remove host from a cluster, first move it into maintenance mode. Then, select the option to migrate the guest VMs to another host to complete migration.
What to do next
Know deployment details and heath status about service instances deployed on hosts. See View Service Instance Details.