You can use the vSphere Client to deploy NSX Manager virtual appliances. The same OVF file can used to deploy three different types of appliances: NSX Manager, NSX Cloud Service Manager for NSX Cloud, and Global Manager for NSX Federation.

Cloud Service Manager is a virtual appliance that uses NSX-T Data Center components and integrates them with your public cloud.

Prerequisites

  • Verify that the system requirements are met. See System Requirements.
  • Verify that the required ports are open. See Ports and Protocols.
  • Verify that a datastore is configured and accessible on the ESXi host.
  • Verify that you have the IP address and gateway, DNS server IP addresses, domain search list, and the NTP Server IP or FQDN list for the NSX Manager or Cloud Service Manager to use.
  • If you do not already have one, create the target VM port group network. Place the NSX-T Data Center appliances on a management VM network.

    If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance.

  • Plan your NSX Manager IPv4 IP addressing scheme.

Procedure

  1. Locate the NSX-T Data Center OVA file on the VMware download portal.

    Either copy the download URL or download the OVA file.

  2. In the vSphere Client, select the host or host cluster on which to install NSX-T Data Center.
  3. Right-click and select Deploy OVF template to start the installation wizard.
  4. Enter the download OVA URL or navigate to the OVA file, and click Next.
  5. Enter a name and a location for the NSX Manager VM, and click Next.

    The name you enter appears in the vSphere and vCenter Server inventory.

  6. Select a compute resource for the NSX Manager appliance, and click Next.
    • To install on a ESXi host managed by vCenter, select a host on which to deploy the NSX Manager appliance.
    • To install on a standalone ESXi host, select the host on which to deploy the NSX Manager appliance.
  7. Review and verify the OVF template details, and click Next.
  8. Specify the deployment configuration size, and click Next.
    The Description panel on the right side of the wizard shows the details of selected configuration.
  9. Specify storage for the configuration and disk files.
    1. Select the virtual disk format.
    2. Select the VM storage policy.
    3. Specify the datastore to store the NSX Manager appliance files.
    4. Click Next.
  10. Select a destination network for each source network.
  11. Select the port group or destination network for the NSX Manager.
  12. Configure IP Allocation settings.
    1. For IP allocation, specify Static - Manual.
    2. For IP protocol, select IPv4 or IPv6.
      Note: You can ignore the IP Allocation settings. You can select either IPv4 or IPv6. It would not impact ingress or egress network traffic of NSX Manager.
  13. Click Next.
    The following steps are all located in the Customize Template section of the Deploy OVF Template wizard.
  14. In the Application section, enter the system root, CLI admin, and audit passwords for the NSX Manager. The root and admin credentials are mandatory fields.
    Your passwords must comply with the password strength restrictions.
    • At least 12 characters
    • At least one lower-case letter
    • At least one upper-case letter
    • At least one digit
    • At least one special character
    • At least five different characters
    • Default password complexity rules are enforced by the following Linux PAM module arguments:
      • retry=3: The maximum number of times a new password can be entered, for this argument at the most 3 times, before returning with an error.
      • minlen=12: The minimum acceptable size for the new password. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit).
      • difok=0: The minimum number of bytes that must be different in the new password. Indicates similarity between the old and new password. With a value 0 assigned to difok, there is no requirement for any byte of the old and new password to be different. An exact match is allowed.
      • lcredit=1: The maximum credit for having lower case letters in the new password. If you have less than or 1 lower case letter, each letter will count +1 towards meeting the current minlen value.
      • ucredit=1: The maximum credit for having upper case letters in the new password. If you have less than or 1 upper case letter each letter will count +1 towards meeting the current minlen value.
      • dcredit=1: The maximum credit for having digits in the new password. If you have less than or 1 digit, each digit will count +1 towards meeting the current minlen value.
      • ocredit=1: The maximum credit for having other characters in the new password. If you have less than or 1 other characters, each character will count +1 towards meeting the current minlen value.
      • enforce_for_root: The password is set for the root user.
      Note: For more details on Linux PAM module to check the password against dictionary words, refer to the man page.

      For example, avoid simple and systematic passwords such as VMware123!123 or VMware12345. Passwords that meet complexity standards are not simple and systematic but are a combination of letters, alpahabets, special characters, and numbers, such as VMware123!45, VMware 1!2345 or VMware@1az23x.

  15. In the Optional parameters section, leave the password fields blank. It is to avoid the risk of compromising passwords set for VMC roles by a user who has access to the vCenter Server. When deploying VMC for NSX-T Data Center, this field is used internally to set passwords for the Cloud Admin and Cloud Operator roles.
  16. In the Network Properties section, enter the hostname of the NSX Manager.
    Note: The host name must be a valid domain name. Ensure that each part of the host name (domain/subdomain) that is separated by dot starts with an alphabet character. Also, NSX-T Data Center accepts only latin alphabets that do not have an accent mark, as in í, ó, ú, ý.
  17. Select a Rolename for the appliance. The default role is NSX Manager.
    • To install an NSX Manager appliance, select the NSX Manager role.
    • To install a Global Manager appliance for a NSX Federation deployment, select the NSX Global Manager role.

      See Getting Started with NSX Federation for details.

    • To install a Cloud Service Manager (CSM) appliance for an NSX Cloud deployment, select the nsx-cloud-service-manager role.

      See Overview of Deploying NSX Cloud for details.

  18. (Required fields) Enter the default gateway, management network IPv4, and management network netmask.
  19. In the DNS section, enter the DNS Server list and Domain Search list.
  20. In the Services Configuration section, enter the NTP Server IP or FQDN list.
    Optionally, you can enable SSH service and allow root SSH login. But, it is not recommended to allow root access to SSH service.
  21. Verify that all your custom OVF template specification is accurate and click Finish to initiate the installation.
    The installation might take 7-8 minutes.
  22. From the vSphere Client, open the VM console to track the boot process of the node.
  23. After the node boots, log in to the CLI as admin and run the get interface eth0 command to verify that the IP address was applied as expected.
  24. Enter the get services command to verify that all default services are running.
    The following services are not required by default and do not start automatically.
    • liagent
    • migration-coordinator: This service is used only when running migration coordinator. See the NSX-T Data Center Migration Guide before starting this service.
    • snmp: For information on starting SNMP see Simple Network Management Protocol in the NSX-T Data Center Administration Guide.
    • nsx-message-bus: This service is not used in NSX-T Data Center 3.0.
  25. Verify that your NSX Manager, Cloud Service Manager or Global Manager node has the required connectivity.
    Make sure that you can perform the following tasks.
    • Ping your node from another machine.
    • The node can ping its default gateway.
    • The node can ping the hypervisor hosts that are in the same network using the management interface.
    • The node can ping its DNS server and its NTP Server IP or FQDN list.
    • If you enabled SSH, make sure that you can SSH to your node.

    If connectivity is not established, make sure that the network adapter of the virtual appliance is in the proper network or VLAN.

What to do next

Log in to the NSX Manager from a supported web browser. See Log In to the Newly Created NSX Manager.