As a VI admin working in the vSphere environment, you can completely install NSX Manager appliance from the vSphere Client. You do not need to perform any installation operations from the NSX Manager UI. After NSX Manager is installed, NSX appears as a plug-in in VMware vCenter that is ready to install NSX for Virtual Networking or Security-only use cases.

Important: In NSX 3.2, only a single NSX Manager cluster is supported.

Prerequisites

  • Ensure that ESXi host version is compatible with VMware vCenter version v7.0.3.
  • Ensure that VMware vCenter version is v7.0.3 or later.
  • To provision a thick disk, ensure the disk size on host has at least 300GB free space.
  • Configure a vSphere Distributed Switch (VDS) switch on hosts. Only VDS 6.6 or later is supported.
  • Ensure VMware vCenter points to an FQDN address and the DNS server must be able to resolve the address.
  • To ensure time is synchronized, configure NTP server on NSX Manager and ESXi hosts. See the Time Synchronization between NSX Manager, vIDM, and Related Components topic in the NSX Administration Guide.

Procedure

  1. From a browser, log in with admin privileges to an VMware vCenter at https://<vcenter-server-ip-address>.
  2. On the vSphere Client UI, select vSphere Client menu and click NSX.
  3. On the screen, click Install NSX.
  4. Enter the download OVF URL or navigate to the OVF file, and click Next.
    Important: If you enter a URL to download the OVF file, ensure the URL points to a secure HTTPS server. For example, https://<OVF-URL>. There is a separate OVF file available for NSX Manager deployed from vSphere Client. You must select a OVF file name using the following convention: nsx-embedded-unified-appliance-<releaseversion.buildversion>.ova. Do not use the nsx-unified-appliance-<releaseversion.buildversion>.ova file.
  5. To verify the thumbprint of the SSL certificate of the HTTPS server, click Yes.
  6. Enter a name and a location for the NSX Manager VM, and click Next.

    The selected location also indicates the VMware vCenter where the NSX Manager is deployed and which VMware vCenter is managed by the NSX instance.

    The name you enter appears in the vSphere and VMware vCenter inventory.

  7. Select a compute resource for the NSX Manager appliance, and click Next.
  8. Review and verify the OVF template details, and click Next.
  9. Select a form factor to deploy the NSX appliance. You must deploy the NSX Manager in either Medium or Large form factor. If you select any other form factor, then installation fails and NSX appliance is not registered to VMware vCenter.
  10. Specify storage for the configuration and disk files.
    1. Select the virtual disk format.
    2. Select the VM storage policy.
    3. Specify the datastore to store the NSX Manager appliance files.
    4. Click Next.
  11. Select a destination network for each source network.
  12. Select the port group or destination network for the NSX Manager.
  13. Configure IP Allocation settings.
    1. For IP allocation, specify Static - Manual.
    2. For IP protocol, select IPv4 or IPv6.
      Note: You can ignore the IP Allocation settings. You can select either IPv4 or IPv6. It would not impact ingress or egress network traffic of NSX Manager.
  14. Click Next.
  15. In the Application section, enter the System GRUB Root User Password, System GRUB menu timeout, System Root Password, CLI 'admin' User Password, CLI 'audit' User Password, CLI 'admin' username, and CLI 'audit' username. Only the root password and admin password fields are mandatory.
    • At least 12 characters
    • At least one lower-case letter
    • At least one upper-case letter
    • At least one digit
    • At least one special character
    • At least five different characters
    • Default password complexity rules are enforced by the following Linux PAM module arguments:
      • retry=3: The maximum number of times a new password can be entered, for this argument at the most 3 times, before returning with an error.
      • minlen=12: The minimum acceptable size for the new password. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit).
      • difok=0: The minimum number of bytes that must be different in the new password. Indicates similarity between the old and new password. With a value 0 assigned to difok, there is no requirement for any byte of the old and new password to be different. An exact match is allowed.
      • lcredit=1: The maximum credit for having lower case letters in the new password. If you have less than or 1 lower case letter, each letter will count +1 towards meeting the current minlen value.
      • ucredit=1: The maximum credit for having upper case letters in the new password. If you have less than or 1 upper case letter each letter will count +1 towards meeting the current minlen value.
      • dcredit=1: The maximum credit for having digits in the new password. If you have less than or 1 digit, each digit will count +1 towards meeting the current minlen value.
      • ocredit=1: The maximum credit for having other characters in the new password. If you have less than or 1 other characters, each character will count +1 towards meeting the current minlen value.
      • enforce_for_root: The password is set for the root user.
      Note: For more details on Linux PAM module to check the password against dictionary words, refer to the man page.

      For example, avoid simple and systematic passwords such as VMware123!123 or VMware12345. Passwords that meet complexity standards are not simple and systematic but are a combination of letters, alphabets, special characters, and numbers, such as VMware123!45, VMware 1!2345 or VMware@1az23x.

    Important: If the password you set does not meet the password complexity requirements, installation of the NSX Manager fails. If installation fails, you need to redeploy the NSX Manager again.
  16. In the Network Properties section, enter the hostname of the NSX Manager.
    Note: The host name must be a valid domain name. Ensure that each part of the host name (domain/subdomain) that is separated by dot starts with an alphabet character. Also, NSX accepts only latin alphabets that do not have an accent mark, as in í, ó, ú, ý.
    Important: If you plan to install NSX in dual stack (IPv4 and IPv6) and/or if you plan to configure CA-signed certificates, then enter a Hostname with valid domain name to NSX Manager VMs and Cluster VIP (if configured).
  17. Enter a default gateway, management network IP address (required), and management network netmask (required).
  18. In the DNS section, enter DNS Server list and Domain Search list.
  19. In the Services Configuration section, enter NTP Server IP or FQDN.
    Optionally, you can enable SSH service and allow root SSH login. But, it is not recommended to allow root access to SSH service.
  20. Verify that all your custom OVF template specification is accurate and click Finish to begin installation.

    See the installation progress in the Recent Tasks tab.

  21. On the NSX page, you can either click Start NSX Onboarding to load the plugin or skip the onboarding workflow and access the NSX Manager UI from the vSphere Client.

What to do next

Apply NSX license.
  1. Click Go To NSX Getting Started.
  2. In the NSX License Key section, enter the NSX license key and click Apply.
After you successfully apply the NSX license, configure NSX for Virtual Networking or Security use case on the vSphere platform. See Configure NSX for Virtual Networking from vSphere Client.