Follow these steps to manually deploy NSX Cloud components in Microsoft Azure using the Microsoft Azure marketplace image, without using Terraform scripts provided by NSX Cloud.
The following steps are performed in your Microsoft Azure subscription:
- Create a resource group for NSX Cloud management resources with a descriptive name, for example, nsx-mgmt-rg.
- In this resource group, create an availability set in which you will deploy three NSX Manager nodes.
- In this resource group, create a VNet where you will deploy NSX Cloud management components.
- In this VNet, create a subnet for NSX Cloud management components.
- Create Security groups for NSX Manager and CSM appliances.
- Security groups for NSX Manager named like nsx-mgr-sg:
Table 1. Inbound Rules for NSX Manager Priority Name Port Protocol Source Destination Action 1000 AllowInboundRuleAPI 443 TCP Any Any Allow Table 2. Outbound Rules for NSX Manager Priority Name Port Protocol Source Destination Action 100 AllowOutboundRuleAPI Any TCP Any Any Allow - Security groups for CSM named like nsx-csm-sg:
Table 3. Inbound Rules for CSM Priority Name Port Protocol Source Destination Action 1000 AllowInboundRuleAPI 443 TCP Any Any Allow Table 4. Outbound Rules for CSM Priority Name Port Protocol Source Destination Action 100 AllowOutboundRuleAPI 80,443 TCP Any Any Allow
- Security groups for NSX Manager named like nsx-mgr-sg:
- Deploy one CSM VM using the CSM marketplace image URN with a public IP address. Use the following configurations as specified. For all other configurations you can select the default values or the best options for your requirements.
Parameter Value Basic Virtual machine name Any descriptive name. Size The minimum requirement is: Standard_D4s_v3-4vcpus, 16 GB memory. Authentication type SSH Username Enter the default NSX Manager username: nsxadmin. SSH Public Key Source Provide the public key of the SSH key-pair you will use to log in to the appliance over SSH. Networking Public IP Click Create new and select Static for the Assignment option. NIC network security group Select Advanced Configure network security group Select the network security group created for CSM, for example, nsx-csm-sg as described in an earlier step. Advanced Custom data Copy-paste the following, ensuring that you use your deployment's username and password: #cloud-config hostname: <hostname> chpasswd: expire: false list: - nsxadmin:<admin_password> - root:<root_password>
For example:#cloud-config hostname: nsx-datacenter1-csm chpasswd: expire: false list: - nsxadmin:MySecretNsxAdminPassword - root:MySecretNsxRootPassword - Deploy three NSX Manager VMs using the NSX Manager marketplace image URN with a public IP address. Use the following configurations as specified. For all other configurations you can select the default values or the best options for your requirements.
Parameter Value Basic Virtual machine name Any descriptive name. Size The minimum requirement is: Standard_D4s_v3-4vcpus, 16 GB memory. Authentication type SSH Username Enter the default NSX Manager username: nsxadmin. SSH Public Key Source Provide the public key of the SSH key-pair you will use to log in to the appliance over SSH. Disks OS Disk type Standard HDD Data disks Click Create and attach a new disk and select Standard HDD. for Disk SKU with a custom size of 100 GiB. Note: Ensure that the data disk host caching is set to read/write.Networking Public IP Click Create new and select Static for the Assignment option. NIC network security group Select Advanced Configure network security group Select the network security group created in a previous step, from the example in this topic: nsx-mgr-sg Advanced Custom data Copy-paste the following, ensuring that you use your deployment's username and password: #cloud-config hostname: <hostname> bootcmd: - [cloud-init-per, instance, lvmdiskscan, lvmdiskscan] - [cloud-init-per, instance, secondary_partition, /opt/vmware/nsx-node-api/bin/set_secondary_partition.sh] chpasswd: expire: false list: - nsxadmin:<admin_password> - root:<root_password>
- Configure a Microsoft Azure Recovery Service Vault with a vault policy to perform a recurring backup of all three NSX Manager nodes and the CSM appliance. For example, you could use this policy named nsx-vault and the default backup schedule set to daily recurring at 11PM UTC.
See Managing Backup and Restore of NSX Manager and CSM in Microsoft Azure in the NSX Administration Guide for details on restore options.
- Add a temporary network security group to allow SSH access for NSX Manager and CSM.
Table 5. Temporary rule for both NSX Manager and CSM to allow SSH access Priority Name Port Protocol Source Destination Action 1010 AllowInboundRuleSSH 22 TCP Any Any Allow - Log in to the NSX Manager and CSM appliances using your private key and the passwords you provided in user data when launching the VMs.
- Create an NSX Manager cluster with the three NSX Manager nodes deployed. See Form an NSX Manager Cluster Using the CLI.
- Add an NSX license:
- From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Select .
- Enter a license key. You must have the NSX Enterprise Plus license.
- Log in to the CSM appliance and run the following NSX CLI command to join CSM with the NSX Manager cluster:
join <nsx-manager-ip-address & port(optional)> cluster-id <nsx-manager-ip-address> username <username> password <password> thumbprint <nsx-manager-api-thumbprint>
It takes a few minutes for CSM UI to appear. Run the get cluster status command on the CSM appliance CLI. If the status is stable, then continue to the next step.
You can run the NSX CLI command get cluster status from any NSX Manager node to get the cluster-id. You can get the NSX Manager thumbprint by running the get certificate api thumbprint command on the specified NSX Manager. See the NSX Command-Line Interface Reference for details on CLI commands and Obtain Thumbprint of NSX Manager.
- To connect CSM with NSX Manager, add details in the NSX Manager Credentials screen as described in Join CSM with NSX Manager.
