All configurations made from the Global Manager are made in Policy mode. Manager mode is not available in NSX Federation.
See NSX Manager for more information about the two modes.
Configuration Maximums
-
For most configurations, the Local Manager cluster has the same configuration maximums as an NSX Manager cluster. Go to VMware Configuration Maximums tool and select NSX.
Select the NSX Federation category for NSX in the VMware Configuration Maximums tool for exceptions and other NSX Federation-specific values.
-
For a given location, the following configurations contribute to the configuration maximum:
- Objects that were created on the Local Manager.
- Objects that were created on the Global Manager and include the location in its span.
You can view the capacity and usage on each Local Manager. See View the Usage and Capacity of Categories of Objects in the NSX Administration Guide.
Feature Support
- All service-insertion related configuration such as partner service registration, deployment and consumption, is done from a Local Manager (LM).
- Only objects configured on the LM are used with service insertion. This includes groups, segments, and any other constructs. Service insertion cannot be applied to workloads connected to a stretched/global segment defined from the GM, or any segment connected to a logical router created from the GM. Groups created from the Global Manager should not be used within service insertion redirection polices.
- NSX Federation locations must run on environments where administrators have full control of the underlay fabric.
- NSX Federation does not currently support Global Manager and Local Manager hosted on VMware Cloud on AWS, VMware Cloud on Dell, Azure VMware Solution, Google Cloud VMware Engine, Oracle Cloud VMware Solution, or Alibaba VMware Cloud Service.
- You can continue to configure on Local Manager. For more details, refer to Understanding NSX Federation.
- Some objects configured from Local Manager can have options/settings that are Global Manager objects. For example, you can plug in an LM_created-t1 to a GM_created-t0.
- Some objects configured from Local Manager cannot be configured with options/settings that are Global Manager objects. For example, you cannot plug in an LM_created-segment to a GM_created-t0. Note that you can only edit those LM-objects from Local Manager; Global Manager does not see those object. For more information, refer to "Logical Configuration Ownership" in the NSX-T Multi-Location Design Guide for your release.
The Features Supported in NSX Federation table describe the features available in Global Manager.
Feature | Details | Related Links |
---|---|---|
Tier-0 Gateway |
|
Add a Tier-0 Gateway from Global Manager |
Tier-1 Gateway | Add a Tier-1 Gateway from Global Manager | |
Segments | You can include Layer 2 bridge configuration from Global Manager. | Add a Segment from Global Manager and Configure Bridging on Global Manager |
Groups | Some limitations. See Security in NSX Federation. | Create Groups from Global Manager |
Distributed Firewall | Drafts of the security policies are now available on Global Manager. This includes support for auto and manual drafts. | Create Drafts In Global Manager |
Firewall Exclusion List | Available. | Manage a Firewall Exclusion List |
Time Based Firewall Rules | Available. | Time-Based Firewall Policy |
Gateway Firewall | Only Layer 3 and 4 rules are supported. | Create Gateway Policies and Rules from Global Manager |
Network Address Translation (NAT) |
|
Configure an NSX NAT/DNAT/No SNAT/No DNAT/Reflexive NAT |
DNS | See Add an NSX DNS Forwarder Service | |
DHCP and SLAAC |
|
|
Distributed Malware Detection and Prevention | Starting with NSX 4.1.2:
|
NSX IDS/IPS and NSX Malware Prevention |
Network Detection and Response | Starting with NSX 4.1.2:
|
NSX Network Detection and Response |
Using objects created on Global Manager in a Local Manager configuration |
|
|
Network Monitoring |
|
|
Certificates | Starting with NSX 4.1, Local Manager self-signed certificates generate only when the Local Manager is in the NSX Federation environment. That same certificate gets deleted if Local Manager moves out of the NSX Federation environment. | Certificates for NSX and NSX Federation |
LDAP | Authenticate Global Manager users using a directory service such as Active Directory over LDAP or OpenLDAP. | Integration with LDAP |
Backup and Restore | Backup with FQDN or IP is supported. | Backup and Restore in NSX Federation |
Users | Starting with NSX 4.1, you can add new local users and remove audit and guest users. | Manage Local User Accounts |
vMotion between locations | Tag replication across locations is supported. |