Follow these instructions to deploy PCG in your Microsoft Azure VNet.
The VNet in which you deploy a PCG can act as a Transit VNet to which other VNets can connect (known as Compute VNets). This VNet can also manage VMs and act as a self-managed VNet.
Follow these instructions to deploy a PCG. If you want to link to an existing Transit VNet, see Link to a Transit VPC or VNet.
Prerequisites
- If you have deployed NSX Cloud components on-prem, ensure the VNet is connected with your on-prem NSX. If you have deployed NSX Cloud components in Microsoft Azure, ensure that the VNet is peered with the NSX Cloud Management VNet. See deployment architecture details at Deploy NSX Cloud Components in Microsoft Azure using the NSX Cloud Marketplace Image.
- Verify that your Microsoft Azure subscription is added into CSM.
- Verify that you have the required subnets in the VNet where you are deploying PCG: uplink, downlink, and management. For High Availability, you must have an uplink subnet for the secondary PCG that is different from the primary PCG.
Procedure
- Log in to CSM using an account with the Enterprise Administrator role.
- Click VNets tab. and go to the
- Click a VNet where you want to deploy the PCG.
- Click Deploy Gateways. The Deploy Gateway wizard opens.
- For General Properties, use the following guidelines:
Option Description SSH Public Key Provide an SSH public key that can be validated while deploying PCG. This is required for each PCG deployment. Manage with NSX Tools Leave in the default disabled state to onboard workload VMs in the Native Cloud Enforced Mode. If you want to install NSX Tools on your workload VMs to use the NSX Enforced Mode, enable this option. Quarantine Policy on the Associated VNet You can only change the Quarantine Policy setting if you choose to manage workload VMs using NSX Tools (NSX Enforced Mode). Quarantine Policy is always enabled in the Native Cloud Enforced Mode. Leave this in the default disabled mode when you first deploy PCG. You can change this value after onboarding VMs. See Manage Quarantine Policy in the NSX Administration Guide for details.
Auto-install NSX Tools This is only available when you enable Manage with NSX Tools. If selected, NSX Tools are auto-installed on all workload VMs in the Transit/Self-managed/linked Compute VNet if the tag nsx.network=default is applied to them. Gateway Connectivity Mode The PCG can be accessed from CSM using a public IP address or a private IP address depending on the connectivity mode between your public cloud and your on-prem NSX installation. If you select Auto Detect, they system attempts to connect with CSM over VGW first, and if that fails, over IGW. If the system cannot connect with CSM, the deployment fails.
See Impact of on-prem and public cloud connectivity mode on PCG's discovery of CSM for details.
Use Marketplace Image This option is only available in NSX 3.1.1. It is enabled by default when a compatible marketplace image is available to deploy in Microsoft Azure. See Deploy NSX Cloud Components in Microsoft Azure using the NSX Cloud Marketplace Image for details. Azure Marketplace Terms If you are using the marketplace image to deploy PCG, you must accept Microsoft Azure terms of use. NSX Cloud provides the terms for you to download and read. Select the checkbox to accept the terms to proceed. Local Storage Account When you add a Microsoft Azure subscription to CSM, a list of your Microsoft Azure storage accounts is available to CSM. Select the storage account from the drop-down menu. When proceeding with deploying PCG, CSM copies the publicly available VHD of the PCG into this storage account of the selected region.
Note: If the VHD image has been copied to this storage account in the region already for a previous PCG deployment, then the image is used from this location for subsequent deployments to reduce the overall deployment time.VHD URL If you want to use a different PCG image that is not available from the public VMware repository, you can enter the URL of the PCG’s VHD here. The VHD must be present in the same account and region where this VNet is created. Note: The VHD must be in the correct URL format. We recommend that you use the Click to copy option in Microsoft Azure.Proxy Server Select a proxy server to use for internet-bound traffic from this PCG. The proxy servers are configured in CSM. You can select the same proxy server as CSM if one, or select a different proxy server from CSM, or select No Proxy Server. See (Optional) Configure Proxy Servers for details on how to configure proxy servers in CSM.
- Click Next.
- For Subnets, use the following guidelines:
Option Description Enable HA for NSX Cloud Gateway Select this option to enable High Availability. Subnets Select this option to enable High Availability. Public IP on Mgmt NIC Select Allocate New IP address to provide a public IP address to the management NIC. You can manually provide the public IP address if you want to reuse a free public IP address. Public IP on Uplink NIC Select Allocate New IP address to provide a public IP address to the uplink NIC. You can manually provide the public IP address if you want to reuse a free public IP address.
What to do next
Follow instructions at Using NSX Cloud in the NSX Administration Guide.