Joining NSX Managerand the DNE Key Manager allows these components to communicate with each other.

Prerequisites

Verify that the NSX Manager is installed.

Procedure

  1. Open an SSH session to the NSX Manager appliance as admin to log into the CLI.
  2. Open an SSH session to the DNE Key Manager appliance as admin to log into the CLI.
  3. On the NSX Manager appliance, run the get certificate api thumbprint command.

    For example:

    NSX-Manager1> get certificate api thumbprint
    ...
    

    The command output is a string of numbers unique to this NSX Manager.

  4. On the DNE Key Manager appliance, run the join management-plane command.

    When prompted, provide the following information:

    • Hostname or IP address of the NSX Manager with an optional port number

    • Username of the NSX Manager

    • Certificate thumbprint of the NSX Manager

    • Password of the NSX Manager

    • Interface name. The default interface is eth0.

    NSX-Key-Manager1> join management-plane <NSX-Manager1-IP-Address> username admin thumbprint <NSX-Manager1-thumbprint>
    Password for API user: <NSX-Manager1-password>
    Restarting the KeyManager service. This may take a while ...
    Restart Done.
    KeyManager node successfully registered and service restarted
    
    
  5. Verify that the DNE Key Manager is configured properly using either a GUI or API call.
    • From your browser, log in to NSX Manager https://nsx-manager-ip-address. Select Encryption and navigate to the Keys tab.

      Key Manager Status: Connected with a green dot appears.

    • Invoke the API call, /api/v1/network-encryption/key-managers .

What to do next

Enable the DNE configuration. See Enabling and Disabling DNE.