You can configure an external load balancer to distribute traffic to the NSX Managers in a manager cluster.
- VIP does not perform load balancing across the NSX Managers.
- VIP requires all the NSX Managers to be in the same subnet.
- VIP recovery takes about 1 - 3 minutes in the event of a Manager node failure.
- Load balance across the NSX Managers.
- The NSX Managers can be in different subnets.
- Fast recovery time in the event of a Manager node failure.
Note that an external load balancer will not work with the NSX Manager VIP. Do not configure an NSX Manager VIP if you use an external load balancer.
When accessing NSX Manager from a browser through an external load balancer, session persistence must be enabled on the load balancer.
- HTTP Basic Authentication - Load balancer session persistence is not required.
- Client Certificate Authentication - Load balancer session persistence is not required.
- Authenticating to vIDM - Load balancer session persistence is not required.
- Session-Based Authentication - Load balancer session persistence is required.
- Configure a single IP on the external load balancer for both browser and API access. The load balancer must have session persistence enabled.
- Configure the external load balancer to control traffic to the NSX Manager nodes.
- Configure the external load balancer to use the round robin method and configure source persistence for the load balancer's virtual IP.
- Create or import a signed certificate and apply the same certificate to all the NSX Manager nodes. The certificate must have the FQDN of the virtual IP and each of the nodes in the SAN.