A compute manager, for example, vCenter Server, is an application that manages resources such as hosts and VMs.
NSX-T Data Center polls compute managers to collect cluster information from vCenter Server.
For more information about vCenter Server roles and privileges, see the vSphere Security document.
Prerequisites
- Verify that you use the supported vSphere version. See Supported vSphere version.
- IPv6 and IPv4 communication with vCenter Server.
- Verify that you use the recommended number of compute managers. See https://configmax.vmware.com/home.
Note: NSX-T Data Center does not support the same vCenter Server to be registered with more than one NSX Manager.
- When you add a vCenter Server compute manager, you must provide a vCenter Server user's credentials. You can provide the vCenter Server administrator's credentials, or create a role and a user specifically for NSX-T Data Center and provide this user's credentials.
Create an admin role with the following vCenter Server privileges:
Extension.Register extension Extension.Unregister extension Extension.Update extension Sessions.Message Sessions.Validate session Sessions.View and stop sessions Host.Configuration.Maintenance Host.Configuration.NetworkConfiguration Host.Local Operations.Create virtual machine Host.Local Operations.Delete virtual machine Host.Local Operations.Reconfigure virtual machine Tasks Scheduled task Global.Cancel task Permissions.Reassign role permissions Resource.Assign vApp to resource pool Resource.Assign virtual machine to resource pool Virtual Machine.Configuration Virtual Machine.Guest Operations Virtual Machine.Provisioning Virtual Machine.Inventory Network.Assign network vApp To use the NSX-T Data Center license for the vSphere Distributed Switch 7.0 feature, the vCenter Server user must either be an administrator, or the user must have Global.Licenses privileges and be a member of the LicenseService.Administrators group.
-
Before you create a service account on the compute manager, ensure the admin user's role has the following additional vCenter Server privileges:
Service Account Management.Administer Permissions.Modify permission Permissions.Modify role VMware vSphere Lifecycle Manager.ESXi Health Perspectives.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: General Privileges.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Write VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Remediation Privileges.Write VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Write VMware vSphere Lifecycle Manager.Lifecycle Manager: General Privileges.Write
Procedure
Results
It takes some time to register the compute manager with vCenter Server and for the connection status to appear as UP.
You can click the compute manager's name to view the details, edit the compute manager, or to manage tags that apply to the compute manager.
After the vCenter Server is successfully registered, do not power off and delete the NSX Manager VM without deleting the compute manager first. Otherwise, when you deploy a new NSX Manager, you will not be able to register the same vCenter Server again. You will get the error that the vCenter Server is already registered with another NSX Manager.
- Transport nodes are prepared using VDS that is dependent on the VC.
- Service VMs deployed on a host or a cluster in the VC using NSX service insertion.
- You use the NSX Manager UI to deploy Edge VMs, NSX Intelligence VM, or NSX Manager nodes on a host or a cluster in the VC.
If you try to perform any of these actions and you encounter an error (for example, installation failed), you can remove the VC if you have not successfully performed any of the actions listed above.
- Unprepare all transport nodes. If uninstalling a transport node fails, you must force delete the transport node.
- Undeploy all service VMs, any NSX Intelligence VM, all NSX Edge VMs and all NSX Manager nodes. The undeployment must be successful or in a failed state.
- If an NSX Manager cluster consists of nodes deployed from the VC (manual method) and nodes deployed from the NSX Manager UI, and you had to undeploy the manually deployed nodes, then you cannot remove the VC. To sucessfully remove the VC, ensure that you re-deploy an NSX Manager node from the VC.
This restriction applies to a fresh installation of NSX-T Data Center 3.0 as well as an upgrade.