Follow these steps to manually deploy NSX Cloud components in Microsoft Azure using the Microsoft Azure marketplace image, without using Terraform scripts provided by NSX Cloud.

The following steps are performed in your Microsoft Azure subscription:

  1. Create a resource group for NSX Cloud management resources with a descriptive name, for example, nsx-mgmt-rg.
  2. In this resource group, create an availability set in which you will deploy three NSX Manager nodes.
  3. In this resource group, create a VNet where you will deploy NSX Cloud management components.
  4. In this VNet, create a subnet for NSX Cloud management components.
  5. Create Security groups for NSX Manager and CSM appliances.
    • Security groups for NSX Manager named like nsx-mgr-sg:
      Table 1. Inbound Rules for NSX Manager
      Priority Name Port Protocol Source Destination Action
      1000 AllowInboundRuleAPI 443 TCP Any Any Allow
      Table 2. Outbound Rules for NSX Manager
      Priority Name Port Protocol Source Destination Action
      100 AllowOutboundRuleAPI Any TCP Any Any Allow
    • Security groups for CSM named like nsx-csm-sg:
      Table 3. Inbound Rules for CSM
      Priority Name Port Protocol Source Destination Action
      1000 AllowInboundRuleAPI 443 TCP Any Any Allow
      Table 4. Outbound Rules for CSM
      Priority Name Port Protocol Source Destination Action
      100 AllowOutboundRuleAPI 80,443 TCP Any Any Allow
  6. Deploy one CSM VM using the CSM marketplace image URN with a public IP address. Use the following configurations as specified. For all other configurations you can select the default values or the best options for your requirements.
    Parameter Value
    Basic
    Virtual machine name Any descriptive name.
    Size The minimum requirement is: Standard_D4s_v3-4vcpus, 16 GB memory.
    Authentication type SSH
    Username Enter the default NSX Manager username: nsxadmin.
    SSH Public Key Source Provide the public key of the SSH key-pair you will use to log in to the appliance over SSH.
    Networking
    Public IP Click Create new and select Static for the Assignment option.
    NIC network security group Select Advanced
    Configure network security group Select the network security group created for CSM, for example, nsx-csm-sg as described in an earlier step.
    Advanced
    Custom data Copy-paste the following, ensuring that you use your deployment's username and password:
    #cloud-config
    hostname: <hostname>
    chpasswd:
     expire: false
     list:
      - nsxadmin:<admin_password>
      - root:<root_password>
    For example:
    #cloud-config
    hostname: nsx-datacenter1-csm
    chpasswd: 
        expire: false 
        list: 
            - nsxadmin:MySecretNsxAdminPassword 
            - root:MySecretNsxRootPassword
  7. Deploy three NSX Manager VMs using the NSX Manager marketplace image URN with a public IP address. Use the following configurations as specified. For all other configurations you can select the default values or the best options for your requirements.
    Parameter Value
    Basic
    Virtual machine name Any descriptive name.
    Size The minimum requirement is: Standard_D4s_v3-4vcpus, 16 GB memory.
    Authentication type SSH
    Username Enter the default NSX Manager username: nsxadmin.
    SSH Public Key Source Provide the public key of the SSH key-pair you will use to log in to the appliance over SSH.
    Disks
    OS Disk type Standard HDD
    Data disks Click Create and attach a new disk and select Standard HDD. for Disk SKU with a custom size of 100 GiB.
    Note: Ensure that the data disk host caching is set to read/write.
    Networking
    Public IP Click Create new and select Static for the Assignment option.
    NIC network security group Select Advanced
    Configure network security group Select the network security group created in a previous step, from the example in this topic: nsx-mgr-sg
    Advanced
    Custom data Copy-paste the following, ensuring that you use your deployment's username and password:
    #cloud-config
    hostname: <hostname>
    bootcmd:
    - [cloud-init-per, instance, lvmdiskscan, lvmdiskscan]
    - [cloud-init-per, instance, secondary_partition, /opt/vmware/nsx-node-api/bin/set_secondary_partition.sh]
    chpasswd:
     expire: false
     list:
     - nsxadmin:<admin_password>
     - root:<root_password>
     
  8. Configure a Microsoft Azure Recovery Service Vault with a vault policy to perform a recurring backup of all three NSX Manager nodes and the CSM appliance. For example, you could use this policy named nsx-vault and the default backup schedule set to daily recurring at 11PM UTC.

    See Managing Backup and Restore of NSX Manager and CSM in Microsoft Azure in the NSX Administration Guide for details on restore options.

  9. Add a temporary network security group to allow SSH access for NSX Manager and CSM.
    Table 5. Temporary rule for both NSX Manager and CSM to allow SSH access
    Priority Name Port Protocol Source Destination Action
    1010 AllowInboundRuleSSH 22 TCP Any Any Allow
  10. Log in to the NSX Manager and CSM appliances using your private key and the passwords you provided in user data when launching the VMs.
  11. Create an NSX Manager cluster with the three NSX Manager nodes deployed. See Form an NSX Manager Cluster Using the CLI.
  12. Add an NSX license:
    1. From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
    2. Select System > Licenses > Add License.
    3. Enter a license key. You must have the NSX Enterprise Plus license.
  13. Log in to the CSM appliance and run the following NSX CLI command to join CSM with the NSX Manager cluster:
    join <nsx-manager-ip-address & port(optional)> cluster-id <nsx-manager-ip-address> username <username> password <password> thumbprint <nsx-manager-api-thumbprint> 

    It takes a few minutes for CSM UI to appear. Run the get cluster status command on the CSM appliance CLI. If the status is stable, then continue to the next step.

    You can run the NSX CLI command get cluster status from any NSX Manager node to get the cluster-id. You can get the NSX Manager thumbprint by running the get certificate api thumbprint command on the specified NSX Manager. See the NSX Command-Line Interface Reference for details on CLI commands and Obtain Thumbprint of NSX Manager.

  14. To connect CSM with NSX Manager, add details in the NSX Manager Credentials screen as described in Join CSM with NSX Manager.