NSX Manager provides a graphical user interface (GUI) and REST APIs for creating, configuring, and monitoring NSX-T Data Center components such as logical switches, logical routers, and firewalls.
NSX Manager provides a system view and is the management component of NSX-T Data Center.
For high availability, NSX-T Data Center supports a management cluster of three NSX Managers. For a production environment, deploying a management cluster is recommended. Starting with NSX-T Data Center 3.1, a single NSX Manager cluster deployment is supported.
- vCenter Server can use the vMotion function to live migrate NSX Manager across hosts and clusters.
- vCenter Server can use the Storage vMotion function to live migrate file system of an NSX Manager across hosts and clusters.
- vCenter Server can use the Distributed Resource Scheduler function to rebalance NSX Manager across hosts and clusters.
- vCenter Server can use the Anti-affinity function to manage NSX Manager across hosts and clusters.
NSX Manager Deployment, Platform, and Installation Requirements
The following table details the NSX Manager deployment, platform, and installation requirements
Requirements | Description |
---|---|
Supported deployment methods |
|
Supported platforms | See NSX Manager VM and Host Transport Node System Requirements. On ESXi, it is recommended that the NSX Manager appliance be installed on shared storage. |
IP address | An NSX Manager must have a static IP address. You can change the IP address after installation. Only IPv4 addresses are supported. |
NSX-T Data Center appliance password |
|
Hostname | When installing NSX Manager, specify a hostname that does not contain invalid characters such as an underscore or special characters such as dot ".". If the hostname contains any invalid character or special characters, after deployment the hostname will be set to nsx-manager. For more information about hostname restrictions, see https://tools.ietf.org/html/rfc952 and https://tools.ietf.org/html/rfc1123. |
VMware Tools | The NSX Manager VM running on ESXi has VMTools installed. Do not remove or upgrade VMTools. |
System |
|
OVF Privileges | Verify that you have adequate privileges to deploy an OVF template on the ESXi host. A management tool that can deploy OVF templates, such as vCenter Server or the vSphere Client. The OVF deployment tool must support configuration options to allow for manual configuration. OVF tool version must be 4.0 or later. |
Client Plug-in | The Client Integration Plug-in must be installed. |
Certificates | If you plan to configure internal VIP on a NSX Manager cluster, you can apply a different certificate to each NSX Manager node of the cluster. See Configure a Virtual IP Address for a Cluster. If you plan to configure an external load balancer, ensure only a single certificate is applied to all NSX Manager cluster nodes. See Configuring an External Load Balancer. |
NSX Manager Installation Scenarios
- If you specify a user name for any local user, the name must be unique. If you specify the same name, it is ignored and the default names (for example, admin and audit) are used.
- If the password for the root or admin user does not meet the complexity requirements, you must log in to NSX Manager through SSH or at the console as root with password vmware and admin with password default. You are prompted to change the password.
- If the password for other local users (for example, audit) does not meet the complexity requirements, the user account is disabled. To enable the account, log in to NSX Manager through SSH or at the console as the admin user and run the command set user local_user_name to set the local user's password (the current password is an empty string). You can also reset passwords in the UI using System > User Management > Local Users.
After you deploy NSX Manager from an OVA file, you cannot change the VM's IP settings by powering off the VM and modifying the OVA settings from vCenter Server.
Configuring NSX Manager for Access by the DNS Server
By default, transport nodes access NSX Managers based on their IP addresses. However, this can be based also on the DNS names of the NSX Managers.
You enable FQDN usage by publishing the FQDNs of the NSX Managers.
Publishing the FQDNs of the NSX Managers
After installing the NSX-T Data Center core components, to enable NAT using FQDN, you must set up the forward and reverse lookup entries for the manager nodes on the DNS server.
In addition, you must also enable publishing the NSX Manager FQDNs using the NSX-T Data Center API.
Example request: PUT https://<nsx-mgr>/api/v1/configs/management
{ "publish_fqdns": true, "_revision": 0 }
Example response:
{ "publish_fqdns": true, "_revision": 1 }
See the NSX-T Data Center API Guide for details.
Validating Access via FQDN by Transport Nodes
After publishing the FQDNs of the NSX Managers, verify that the transport nodes are successfully accessing the NSX Managers.
Using SSH, log into a transport node such as a hypervisor or Edge node, and run the get controllers
CLI command.
Controller IP Port SSL Status Is Physical Master Session State Controller FQDN 192.168.60.5 1235 enabled connected true up nsxmgr.corp.com