When migrated Security Policies in NSX use a third-party partner service only for Network Introspection, deploy an instance of the partner service either by using a clustered service deployment or a host-based service deployment approach.

Prerequisites

For a clustered service deployment approach:
  • At least one host in the first cluster is migrated to NSX.
For a host-based service deployment approach:
  • All the hosts in a cluster are migrated to NSX.
  • A transport node profile is applied to the cluster.

Procedure

  1. From your browser, log in with admin privileges to an NSX Manager at https://nsx-manager-ip-address.
  2. Navigate to System > Service Deployments > Deployment.
  3. In the Partner Service drop-down menu, select the partner service to be deployed, and click Deploy Service.
  4. Enter the service deployment name.
  5. Select the vCenter Server that is registered as a compute manager in NSX.
  6. Select a deployment type: Host-Based or Clustered.
  7. Select the cluster where you want to deploy the partner service.
  8. (Clustered deployment only): In the Host drop-down menu, select a host, or select Any to allow the NSX NSX Manager to select a host.
  9. In the Data Store drop-down menu, select a data store as the repository for the partner service virtual machine (SVM).
    • Clustered deployment: If you selected Any for the host, select a shared data store. If you specified a particular host, select a local data store.
    • Host-based deployment: Select a specific datastore or select Specified on Host. The Specified on Host option means that you do not need to select a datastore and network on the Deploy Service page. Before deploying the partner service, you must configure Agent VM settings on each ESXi host to point to a specific datastore and network.

      To know more about configuring Agent VM settings, see the vSphere product documentation.

  10. Under Networks, click Set and select the NICs you want to use for deployment.
    1. Select the network for the Management interface.

      In a host-based deployment, if you set the datastore as Specified on Host, you must set the network also as Specified on Host.

    2. Set the Network type to DHCP or Static IP Pool. If you set the network type to a Static IP Pool, select from the list of available IP pools.
  11. In the Deployment Template drop-down menu, select the required template.
    Typically, the deployment specification and the deployment template fields are automatically selected with the information that is pushed from the Partner Console as part of the service definition.
  12. In the Service Segment drop-down menu, select the service segment that the migration coordinator has created in the overlay transport zone.
  13. (Clustered deployment only): In the Clustered Deployment Count text box, specify the number of service VMs to deploy in the cluster, and click Save.
  14. Check the deployment status on the Deployment page. Wait until the status changes to Up.

    You might have to refresh the Deployment page a few times to retrieve the latest status.

    If the Status column shows Down, click the icon next to Down. All deployment errors are displayed. Take the required actions to fix the errors, and click Resolve. The status changes to In Progress. Wait until the status changes to Up.