If you prefer to automate or use CLI for the NSX Manager installation, you can use the VMware OVF Tool, which is a command-line utility.

By default, nsx_isSSHEnabled and nsx_allowSSHRootLogin are both disabled for security reasons. When they are disabled, you cannot SSH or log in to the NSX Manager command line. If you enable nsx_isSSHEnabled but not nsx_allowSSHRootLogin, you can SSH to NSX Manager but you cannot log in as root.

Prerequisites

  • You can download the latest OVF tool from the Customer Connect Portal.
  • Verify that the system requirements are met. See System Requirements.
  • Verify that the required ports are open. See Ports and Protocols.
  • Verify that a datastore is configured and accessible on the ESXi host.
  • Verify that you have the IP address and gateway, DNS server IP addresses, domain search list, and the NTP Server IP or FQDN list for the NSX Manager or Cloud Service Manager to use.
  • If you do not already have one, create the target VM port group network. Place the NSX-T Data Center appliances on a management VM network.

    If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.

  • Plan your NSX Manager IPv4 IP addressing scheme.

Procedure

  1. Run the ovftool command with the appropriate parameters.
    The process depends on whether the host is standalone or managed by vCenter Server.
    • For a standalone host:
      Note: On a standalone host, if you enter an incorrect role in the nsx_role property, then the appliance is deployed in the NSX Manager role.
      • Windows example: 
        C:\Program Files\VMware\VMware OVF Tool>ovftool \
--name=<nsxmanager> 
--X:injectOvfEnv 
--X:logFile=ovftool.log 
--sourceType=OVA 
--vmFolder='Folder-in-VC' 
--allowExtraConfig 
--datastore=<datastore>
--net:"<network-name-of-OVF>=<network-name>" 
--acceptAllEulas 
--skipManifestCheck 
--noSSLVerify 
--diskMode=thin 
--quiet 
--hideEula 
--powerOn 
--prop:nsx_ip_0=10.196.176.81 
--prop:nsx_netmask_0=255.255.252.0 
--prop:nsx_gateway_0=10.196.179.253 
--prop:nsx_dns1_0=10.142.7.1 
--prop:nsx_domain_0=eng.vmware.com 
--prop:nsx_ntp_0=10.128.243.14 
--prop:nsx_isSSHEnabled=True 
--prop:"nsx_passwd_0=<password>" 
--prop:"nsx_cli_passwd_0=<password-cli>" 
--prop:"nsx_cli_audit_passwd_0=<password-cli-audit>" 
--prop:nsx_hostname=<hostname> 
--prop:mgrhostname01="[email protected]" 
--prop:nsx_allowSSHRootLogin=True 
--prop:nsx_role="NSX Manager" 
--X:logFile=/root/ovftool/<ovf-folder>.log 
--X:logLevel=trivia 
--ipProtocol=IPv4 
--ipAllocationPolicy="fixedPolicy" 
<nsx-unified-applicance>.ova 
'vi://[email protected]:[email protected]/<datacenter>/host/Install/10.196.6.78/'
        Note: The above Windows code block uses the backslash (\) to indicate the continuation of the command line. In actual use, omit the backslash and put the entire command in a single line.
        Note: In the above example, 10.168.110.51 is the IP address of the host machine where NSX Manager is to be deployed.
        Note: In the above example, --deploymentOption is set to the default size Medium. To know the other supported sizes, see NSX Manager VM and Host Transport Node System Requirements.
      • Linux example: 
        mgrformfactor="small"
ipAllocationPolicy="fixedPolicy"
mgrdatastore="QNAP-Share-VMs"
mgrnetwork="Management-VLAN-210"

mgrname01="nsx-manager-01"
mgrhostname01="nsx-manager-01"
mgrip01="192.168.210.121"

mgrnetmask="255.255.255.0"
mgrgw="192.168.210.254"
mgrdns="192.168.110.10"
mgrntp="192.168.210.254"
mgrpasswd="<password>"
mgrssh="<True|False>"
mgrroot="<True|False>"
logLevel="trivia"

mgresxhost01="192.168.110.113"

ovftool 
--name=<nsxmanager> 
--X:injectOvfEnv 
--X:logFile=ovftool.log 
--sourceType=OVA 
--vmFolder='Folder-in-VC' 
--allowExtraConfig 
--datastore=<datastore>
--net:"<network-name-of-OVF>=<network-name>" 
--acceptAllEulas 
--skipManifestCheck 
--noSSLVerify 
--diskMode=thin 
--quiet 
--hideEula 
--powerOn 
--prop:nsx_ip_0=10.196.176.81 
--prop:nsx_netmask_0=255.255.252.0 
--prop:nsx_gateway_0=10.196.179.253 
--prop:nsx_dns1_0=10.142.7.1 
--prop:nsx_domain_0=eng.vmware.com 
--prop:nsx_ntp_0=10.128.243.14 
--prop:nsx_isSSHEnabled=True 
--prop:"nsx_passwd_0=<password>" 
--prop:"nsx_cli_passwd_0=<password-cli>" 
--prop:"nsx_cli_audit_passwd_0=<password-cli-audit>" 
--prop:nsx_hostname=<hostname> 
--prop:mgrhostname01="[email protected]" 
--prop:nsx_allowSSHRootLogin=True 
--prop:nsx_role="NSX Manager" 
--X:logFile=/root/ovftool/<ovf-folder>.log 
--X:logLevel=trivia 
--ipProtocol=IPv4 
--ipAllocationPolicy="fixedPolicy" 
<nsx-unified-applicance>.ova 
'vi://[email protected]:[email protected]/<datacenter>/host/Install/10.196.6.78/'
      The result should look something like this: 
      Opening OVA source: nsx-<component>.ova
The manifest validates
Source is signed and the certificate validates
Opening VI target: vi://root:<password>@<esxi-IP-address>
Deploying to VI: vi://root:<password>@<esxi-IP-address>
Transfer Completed
Powering on VM: NSX Manager
Task Completed
Completed successfully
    • For a host managed by vCenter Server:
      • Windows example: 
        C:\Users\Administrator\Downloads>ovftool 
--name=<nsxmanager> 
--X:injectOvfEnv 
--X:logFile=ovftool.log 
--sourceType=OVA 
--vmFolder='Folder-in-VC' 
--allowExtraConfig 
--datastore=<datastore>
--net:"<network-name-of-OVF>=<network-name>" 
--acceptAllEulas 
--skipManifestCheck 
--noSSLVerify 
--diskMode=thin 
--quiet 
--hideEula 
--powerOn 
--prop:nsx_ip_0=10.196.176.81 
--prop:nsx_netmask_0=255.255.252.0 
--prop:nsx_gateway_0=10.196.179.253 
--prop:nsx_dns1_0=10.142.7.1 
--prop:nsx_domain_0=eng.vmware.com 
--prop:nsx_ntp_0=10.128.243.14 
--prop:nsx_isSSHEnabled=True 
--prop:"nsx_passwd_0=<password>" 
--prop:"nsx_cli_passwd_0=<password-cli>" 
--prop:"nsx_cli_audit_passwd_0=<password-cli-audit>" 
--prop:nsx_hostname=<hostname> 
--prop:mgrhostname01="[email protected]" 
--prop:nsx_allowSSHRootLogin=True 
--prop:nsx_role="NSX Manager" 
--X:logFile=/root/ovftool/<ovf-folder>.log 
--X:logLevel=trivia 
--ipProtocol=IPv4 
--ipAllocationPolicy="fixedPolicy" <nsx-unified-applicance>.ova 
'vi://[email protected]:[email protected]/<datacenter>/host/Install/10.196.6.78/'
        Note: The above Windows code block uses the backslash (\) to indicate the continuation of the command line. In actual use, omit the backslash and put the entire command in a single line.
        Note: In the above example, --deploymentOption is set to the default size Medium. To know the other supported sizes, see NSX Manager VM and Host Transport Node System Requirements.
      • Linux example: 
        mgrformfactor="small"
ipAllocationPolicy="fixedPolicy"
mgrdatastore="QNAP-Share-VMs"
mgrnetwork="Management-VLAN-210"

mgrname01="nsx-manager-01"
mgrhostname01="nsx-manager-01"
mgrip01="192.168.210.121"

mgrnetmask="255.255.255.0"
mgrgw="192.168.210.254"
mgrdns="192.168.110.10"
mgrntp="192.168.210.254"
mgrpasswd="<password>"
mgrssh="<True|False>"
mgrroot="<True|False>"
logLevel="trivia"

vcadmin="[email protected]"
vcpass="<password>"
vcip="192.168.110.151"
mgresxhost01="192.168.110.113"

ovftool
--name=<nsxmanager> 
--X:injectOvfEnv 
--X:logFile=ovftool.log 
--sourceType=OVA 
--vmFolder='Folder-in-VC' 
--allowExtraConfig 
--datastore=<datastore>
--net:"<network-name-of-OVF>=<network-name>" 
--acceptAllEulas 
--skipManifestCheck 
--noSSLVerify 
--diskMode=thin 
--quiet 
--hideEula 
--powerOn 
--prop:nsx_ip_0=10.196.176.81 
--prop:nsx_netmask_0=255.255.252.0 
--prop:nsx_gateway_0=10.196.179.253 
--prop:nsx_dns1_0=10.142.7.1 
--prop:nsx_domain_0=eng.vmware.com 
--prop:nsx_ntp_0=10.128.243.14 
--prop:nsx_isSSHEnabled=True 
--prop:"nsx_passwd_0=<password>" 
--prop:"nsx_cli_passwd_0=<password-cli>" 
--prop:"nsx_cli_audit_passwd_0=<password-cli-audit>" 
--prop:nsx_hostname=<hostname> 
--prop:mgrhostname01="[email protected]" 
--prop:nsx_allowSSHRootLogin=True 
--prop:nsx_role="NSX Manager" 
--X:logFile=/root/ovftool/<ovf-folder>.log 
--X:logLevel=trivia 
--ipProtocol=IPv4 
--ipAllocationPolicy="fixedPolicy" <nsx-unified-applicance>.ova 
'vi://[email protected]:[email protected]/<datacenter>/host/Install/10.196.6.78/'
      The result should look something like this: 
      Opening OVA source: nsx-<component>.ova
The manifest validates
Source is signed and the certificate validates
Opening VI target: vi://[email protected]@<esxi-IP-address:port>/
Deploying to VI: vi://[email protected]@<esxi-IP-address:port>/
Transfer Completed
Powering on VM: NSX Manager
Task Completed
Completed successfully
  2. You can also run the OVF tool in Probe mode to view contents of a source. OVA and OVF packages can be probed among a list of other supported source types. You can use the information returned by the Probe mode to configure deployments.
    $> \ovftool --allowExtraConfig <OVA path or URL>
    Where, --allowExtraConfig is the supported appliance type for Cloud Service Manager (CSM).
  3. For an optimal performance, reserve memory for the appliance.

    Set the reservation to ensure that NSX Manager has sufficient memory to run efficiently. See NSX Manager VM and Host Transport Node System Requirements.

  4. From the vSphere Client, open the VM console to track the boot process of the node.
  5. After the node boots, log in to the CLI as admin and run the get interface eth0 command to verify that the IP address was applied as expected.
  6. Enter the get services command to verify that all default services are running.
    The following services are not required by default and do not start automatically.
    • liagent
    • migration-coordinator: This service is used only when running migration coordinator. See the NSX-T Data Center Migration Guide before starting this service.
    • snmp: For information on starting SNMP see Simple Network Management Protocol in the NSX-T Data Center Administration Guide.
    • nsx-message-bus: This service is not used in NSX-T Data Center 3.0.
  7. After deployment, verify that the NSX ManagerNSX Manager UI comes up by accessing the following URL, https://nsx-manager-ip or https://nsx-manager-fqdn.
  8. Verify that your NSX Manager, Cloud Service Manager or Global Manager node has the required connectivity.
    Make sure that you can perform the following tasks.
    • Ping your node from another machine.
    • The node can ping its default gateway.
    • The node can ping the hypervisor hosts that are in the same network using the management interface.
    • The node can ping its DNS server and its NTP Server IP or FQDN list.
    • If you enabled SSH, make sure that you can SSH to your node.

    If connectivity is not established, make sure that the network adapter of the virtual appliance is in the proper network or VLAN.

What to do next

  • Log in to the NSX Manager from a supported web browser. See Log In to the Newly Created NSX Manager.
    Note: NSX Manager nodes that are removed from the cluster should be powered off or deleted. Do not reuse the same NSX Manager again in your environment.
  • If deploying second and third NSX Manager nodes as OVA/OVF, join the manager nodes to first deployed manager node to create NSX Manager Cluster. see Form an NSX Manager Cluster Using the CLI.