You can add up to seven secondary NSX Managers in a cross-vCenter NSX environment. Universal objects configured on the primary NSX Manager are synchronized to the secondary NSX Managers.

Before you begin

  • There should be at least two NSX Managers, one with the primary role and one with the standalone or transit role.

  • The version of the NSX Managers (the primary NSX Manager and NSX Managers that will be assigned the secondary role) must match.

  • The node IDs of the primary NSX Manager and the NSX Managers that will be assigned the secondary role must be present and different. NSX Manager instances deployed from OVA files have unique node IDs. An NSX Manager deployed from a template (as in when you convert a virtual machine to a template) will have the same node ID as the original NSX Manager used to create the template, and these two NSX Managers cannot be used in the same cross-vCenter NSX installation.

  • Each NSX Manager must be registered with a separate and unique vCenter Server.

  • The UDP ports used for VXLAN must be the same for all NSX Managers.

  • When assigning the secondary role to a NSX Manager, the vCenter linked to it must not have any deployed NSX Controllers.

  • The segment ID pool of the NSX Manager being assigned the secondary role must not overlap with the segment ID pools of the primary NSX Manager or the segment ID pool of any other secondary NSX Manager .

  • The NSX Manager being assigned the secondary role must have the standalone or transit role.

Note:

You can view the NSX Manager node ID with the following REST API call:

GET https://NSX-Manager-IP-Address/api/2.0/services/vsmconfig

You can view the UDP ports used for VXLAN with the following REST API call:

GET https://NSX-Manager-IP-Address/api/2.0/vdn/config/vxlan/udp/port 

About this task

NSX Managers can have one of four roles:

  • Primary

  • Secondary

  • Standalone

  • Transit

To view the role of an NSX Manager, log in to the vCenter linked to the NSX Manager, and navigate to Home > Networking & Security > Installation and select the Management tab. The role is displayed in the Role column in the NSX Managers section. If there is no Role column shown, the NSX Manager has the standalone role.

Procedure

  1. Log in to the vCenter linked to the primary NSX Manager.
  2. Navigate to Home > Networking & Security > Installation and select the Management tab.
  3. Click the primary NSX Manager. Then select Actions > Add Secondary NSX Manager.
  4. Enter the IP address, user name, and password of the secondary NSX Manager.
  5. Click OK.
  6. Check that the certificate thumbprint matches the certificate of the vCenter Server.

    If you installed a CA-signed certificate on the CA server, you are presented with the thumbprint of the CA-signed certificate. Otherwise, you are presented with a self-signed certificate.

  7. After successful registration the role changes from Standalone to Secondary.

    If your vCenter Server systems are in Enhanced Linked Mode, you can see the roles of all NSX Managers associated with those vCenter Server systems from the Home > Networking & Security > Installation tab.

    If your environment does not employ Enhanced Linked Mode, log in to the vCenter linked to the secondary NSX Manager to view the NSX Manager's role.

    Note:

    Initially, the controller status will show disconnected. Wait a few seconds and then refresh the vSphere Web Client and the status will change to Normal.

  8. Log out of the vSphere Web Client and back in to ensure that the vSphere Web Client displays the new NSX Manager roles.