A compute manager, for example, vCenter Server, is an application that manages resources such as hosts and VMs.
NSX-T Data Center polls compute managers to collect cluster information from vCenter Server.
For more information about vCenter Server roles and privileges, see the vSphere Security document.
Prerequisites
- Verify that you use the supported vSphere version. See Supported vSphere version.
- IPv4 communication with vCenter Server.
- Verify that you use the recommended number of compute managers. See https://configmax.vmware.com/home.
- Provide credentials of a vCenter Server user. You can provide the credentials of vCenter Server administrator, or create a role and a user specifically for NSX-T Data Center and provide this user's credentials. Add global permissions to the newly created user and role and select Propogate to Children.
Create an admin role with the following vCenter Server privileges:
Extension.Register extension Extension.Unregister extension Extension.Update extension Sessions.Message Sessions.Validate session Sessions.View and stop sessions Host.Configuration.Maintenance Host.Configuration.NetworkConfiguration Host.Local Operations.Create virtual machine Host.Local Operations.Delete virtual machine Host.Local Operations.Reconfigure virtual machine Tasks Scheduled task Global.Cancel task Permissions.Reassign role permissions Resource.Assign vApp to resource pool Resource.Assign virtual machine to resource pool Virtual Machine.Configuration Virtual Machine.Guest Operations Virtual Machine.Provisioning Virtual Machine.Inventory Network.Assign network vApp To use the NSX-T Data Center license for the vSphere Distributed Switch 7.0 feature, the vCenter Server user must either be an administrator, or the user must have Global.Licenses privileges and be a member of the LicenseService.Administrators group.
-
Before you create a service account for the compute manager, add these additional vCenter Server privileges to the admin user role:
Service Account Management.Administer Permissions.Modify permission Permissions.Modify role VMware vSphere Lifecycle Manager.ESXi Health Perspectives.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: General Privileges.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Privileges.Write VMware vSphere Lifecycle Manager.Lifecycle Manager: Image Remediation Privileges.Write VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Read VMware vSphere Lifecycle Manager.Lifecycle Manager: Settings Privileges.Write VMware vSphere Lifecycle Manager.Lifecycle Manager: General Privileges.Write
Procedure
Results
It takes some time to register the compute manager with vCenter Server and for the connection status to appear as UP.
You can click the compute manager's name to view the details, edit the compute manager, or to manage tags that apply to the compute manager.
After the vCenter Server is successfully registered, do not power off and delete the NSX Manager VM without deleting the compute manager first. Otherwise, when you deploy a new NSX Manager, you will not be able to register the same vCenter Server again. You will get the error that the vCenter Server is already registered with another NSX Manager.
- Transport nodes are prepared using VDS that is dependent on the VC.
- Service VMs deployed on a host or a cluster in the VC using NSX service insertion.
- You use the NSX Manager UI to deploy Edge VMs or NSX Manager nodes on a host or a cluster in the VC.
If you try to perform any of these actions and you encounter an error (for example, installation failed), you can remove the VC if you have not successfully performed any of the actions listed above.
- Unprepare all transport nodes. If uninstalling a transport node fails, you must force delete the transport node.
- Undeploy all service VMs, all NSX Edge VMs, and all NSX Manager nodes. The undeployment must be successful or in a failed state.
- If an NSX Manager cluster consists of nodes deployed from the VC (manual method) and nodes deployed from the NSX Manager UI, and you had to undeploy the manually deployed nodes, then you cannot remove the VC. To successfully remove the VC, ensure that you re-deploy an NSX Manager node from the VC.
This restriction applies to a fresh installation of NSX-T Data Center as well as an upgrade.