If Security Policies in your NSX-V environment use third-party Network Introspection services provided by partners, partner services must be registered with NSX-T before you start the migration.

You might need to upgrade the Partner Console to ensure that the partner service is registered with the version of NSX-T that is used for this migration. For more information, see the partner documentation.

The following types of east-west network introspection services are supported for migration:
  • Intrusion detection services (IDS)
  • Intrusion protection services (IPS)
  • Network monitoring services
  • Next-generation firewall services

A partner registers the service, vendor template, and the Partner Management Console/Partner Service Manager. Then, either you or the partner can create the service profile. It can vary from one partner to another. See the partner documentation.

In the following procedure, step 2 is required when your NSX-V environment uses only Network Introspection service.

If your environment uses a combination of both Guest Introspection and Network Introspection services from a single partner (partner A), partner does step 1. Step 2 is not required.

If your environment uses Guest Introspection service from one partner (partner A) and Network Introspection service from another partner (partner B), then:
  • Use the Partner Console of partner A to register the Guest Introspection service. See the partner documentation for help on registering the service.
  • Partner B registers the Network Introspection service (step 1 of the procedure). Either you or the partner can create the service profile, as explained in step 2.

Procedure

  1. Partner registers the partner service, vendor template, and the partner Service Manager using NSX-T APIs.
  2. Create a service profile to specify attributes of a vendor template for a given partner service.

    For a network introspection service, multiple service profiles can be associated with a single vendor template.

    You can create a service profile either by using the NSX-T API or the NSX Manager UI. For detailed steps on creating the service profile by using the NSX Manager UI, see the NSX-T Data Center Administration Guide.

    When you use the NSX Manager UI to create a service profile, the service reference is internally created, if it is not already present.

    If you decide to use the NSX-T APIs to create a service profile, do the following steps:

    1. Create a service reference.
      PATCH https://{policy-mgr-ip}/policy/api/v1/infra/service-references/{service-reference-id}
    2. Use the service-reference-id from the previous step to create the service profile.
      PATCH https://{policy-mgr-ip}/policy/api/v1/infra/service-references/{service-reference-id}/service-profiles/{service-profile-id}

      For a detailed information about these APIs, see the NSX-T Data Center API Guide.