To install the NSX Application Platform successfully and to activate the NSX features that it hosts, you must prepare the deployment environment so that it meets the minimum required resources.
Requirements List
The following tables lists the prerequisites that you must satisfy before you start deploying the NSX Application Platform.
Requirement |
Details |
---|---|
NSX-T Data Center 3.2 or later, with a valid license |
|
Valid NSX-T or NSX Data Center license |
To deploy the NSX Application Platform, the current NSX Manager session in use must have a valid license in effect during the NSX Application Platform deployment. See License Requirement for NSX Application Platform Deployment for the list of valid licenses. |
Valid NSX-T Data Center user role |
To deploy the NSX Application Platform, you must have Enterprise Admin role privileges. |
Certificate |
|
Resources for TKG Cluster on Supervisor or upstream Kubernetes cluster |
|
Internet access | Ensure that your NSX-T Data Center system can access the public VMware-hosted registry and repository where you can obtain the packaged NSX Application Platform Helm chart and Docker images. The direct Internet access is only required during the installation and upgrade operations. This access is limited to the outbound access on TCP Port 443 (HTTPS) to https://projects.registry.vmware.com for the purpose of accessing the NSX Application Platform installation Helm charts and Docker images. No inbound access or permanent outbound access is required. The outbound Internet access is required for both the NSX-T Data Center Unified Appliance VMs and NSX Application Platform guest cluster worker nodes. If you configured your NSX-T Data Center environment to use an Internet proxy server using the tab, note that the NSX Application Platform can not be deployed using an Internet proxy server. If your Kubernetes cluster does not have access to the Internet or you have security restrictions, see the next optional requirement for an optional Private container registry with chart repository service. |
(Optional) Private container registry with chart repository service |
To simplify the NSX Application Platform deployment process, use the VMware-hosted registry and repository. This deployment process uses an outbound connection only and does not retain customer data. (Optional) If your Kubernetes cluster does not have access to the Internet or you have security restrictions, your infrastructure administrator must set up a private container registry with a chart repository service. Use this private container registry to upload the NSX Application Platform Helm charts and Docker images required to deploy the NSX Application Platform. VMware used Harbor to validate the deployment process that uses a private container registry, however, the NSX Application Platform deployment is standards-based. See Upload the NSX Application Platform Docker Images and Helm Charts to a Private Container Registry for details. |
(Optional) URL for a private container registry |
If you are using a private container registry, obtain from your infrastructure administrator the URL for that registry. You use this URL during the deployment process. |
Kubernetes configuration file |
You must also obtain the Kubernetes configuration file from your infrastructure administrator. You need the kubeconfig file during the NSX Application Platform deployment for the NSX Manager to securely access your TKG Cluster on Supervisor or upstream Kubernetes cluster. The kubeconfig file must have all the privileges to access all the resources of the TKG Cluster on Supervisor or upstream Kubernetes cluster.
Important:
The default kubeconfig file in a VMware vSphere® with Tanzu Kubernetes Guest Cluster contains a token which expires after ten hours by default. While this expired token does not impact functionality, it results in a warning message regarding out-of-date credentials. To avoid the warning, before you deploy the NSX Application Platform on a TKG Cluster on Supervisor, work with your infrastructure administrator to create a long-lived token you can use during the platform deployment. See Generate a TKG Cluster on Supervisor Configuration File with a Non-Expiring Token for details on how to extract the token. |
Service Name or Interface Service Name (FQDN) |
During the NSX Application Platform deployment, you provide a fully qualified domain name (FQDN) for the Service Name text box in an NSX-T 3.2.0 deployment or for the Interface Service Name text box in an NSX-T 3.2.1 or later deployment. The Service Name or Interface Service Name is used as the HTTPS endpoint to connect to the NSX Application Platform. Use one of the following workflows to obtain the FQDN value.
|
Messaging Service Name (for NSX-T 3.2.1 or later deployments) |
The Messaging Service Name value is an FQDN for the HTTPS endpoint that is used to receive the streamlined data from the NSX data sources. |
Ports and Protocols |
Verify that the required ports on your TKG Cluster on Supervisor or upstream Kubernetes cluster host are open for the NSX Application Platform to access. See https://ports.esp.vmware.com/. |
Communication from your TKG Cluster on Supervisor or upstream Kubernetes cluster nodes |
Confirm that the TKG Cluster on Supervisor or upstream Kubernetes cluster nodes are able to reach the NSX Manager appliance. |
System times synchronization |
Synchronize the system times on the TKG Cluster on Supervisor or upstream Kubernetes cluster nodes and the NSX Manager appliance. |