To make all configurations from the Global Manager, use policy mode. The manager mode is not available in NSX Federation.
Refer to NSX Manager for more information about the two modes.
Configuration Maximums
-
For most configurations, the Local Manager cluster has the same configuration maximums as an NSX Manager cluster. Go to VMware Configuration Maximums tool and select NSX.
Select the NSX Federation category for NSX in the VMware Configuration Maximums tool for exceptions and other NSX Federation-specific values.
-
For a given location, the following configurations contribute to the configuration maximum:
- Objects that were created on the Local Manager.
- Objects that were created on the Global Manager and include the location in its span.
You can view the capacity and usage on each Local Manager. See View the Usage and Capacity of Categories of Objects.
Feature Support
- All service-insertion related configuration such as partner service registration, deployment and consumption, is done from a Local Manager (LM).
- Only objects configured on the LM are used with service insertion. This includes groups, segments, and any other constructs. Service insertion cannot be applied to workloads connected to a stretched/global segment defined from the GM, or any segment connected to a logical router created from the GM. Groups created from the Global Manager should not be used within service insertion redirection polices.
- NSX Federation locations must run on environments where administrators have full control of the underlay fabric.
- NSX Federation does not support Local Manager or Global Manager hosted on VMware Cloud on AWS (VMC on AWS), Azure VMware Solution (AVS), Google Cloud VMware Engine (GCVE), Oracle Cloud VMware Solution (OCVS), or Alibaba Cloud VMware Service (ACVS).
Feature | Details | Related Links |
---|---|---|
Tier-0 Gateway |
|
Add a Tier-0 Gateway from Global Manager |
Tier-1 Gateway | Add a Tier-1 Gateway from Global Manager | |
Segments | Includes Layer 2 bridge configuration from Global Manager. | Add a Segment from Global Managerand Configure Bridging on Global Manager |
Groups | Some limitations. See Security in NSX Federation. | Create Groups from Global Manager |
Distributed Firewall | Draft of the security policies are available on Global Manager. This includes support for auto and manual drafts. | Create Drafts In Global Manager |
Firewall Exclusion List | Available in 4.0.1.1 and later. | Manage a Firewall Exclusion List |
Time Based Firewall Rules | Available in 4.0.1.1 and later. | Time-Based Firewall Policy |
Gateway Firewall | Only Layer 3 and 4 rules are supported. | Create Gateway Policies and Rules from Global Manager |
Network Address Translation (NAT) |
|
Configure NAT/DNAT/No SNAT/No DNAT/Reflexive NAT |
DNS | See Add a DNS Forwarder Service | |
DHCP and SLAAC |
|
|
Using objects created on Global Manager in a Local Manager configuration |
|
|
Network Monitoring |
|
|
LDAP | Authenticate Global Managerusers using a directory service such as Active Directory over LDAP or OpenLDAP. | Integration with LDAP |
Backup and Restore |
|
Backup and Restore in NSX Federation |
vMotion between locations |
|