After partners register services, as an administrator, you must deploy an instance of the service on member hosts of a cluster.

Deploy partner service VMs that run the partner security engine on all the NSX hosts in a cluster. After you deploy the SVMs, you can create policy rules used by SVM to protect guest VMs.

Prerequisites

  • All hosts are managed by a VMware vCenter.

  • Partner services must be registered with NSX and are ready for deployment.

  • NSX administrators can access partner services and vendor templates.

  • Both the service VM and the partner service manager (console) must be able to communicate with each other at the management network level.

  • Ensure only one overlay transport zone is connected to hosts that are running the partner service.

  • Ensure only one service segment is used to connect partner SVM for network introspection.

  • Starting with NSX 3.1, on clusters that span physical servers placed in different racks, you can override the transport node profile applied on a per-host basis.
  • Starting with NSX 3.0, you must prepare clusters (cluster-based or host-based deployment methods) by applying a transport node profile.
  • With NSX 2.5.x or earlier, before you deploy service VMs on each host using host-based service deployment method, configure each host of the cluster with NSX by applying a transport node profile.
  • When upgrading the third-party service, the existing service will continue to be functional even if transport node profile is not applied to the cluster.

Procedure

  1. With admin privileges, log in to NSX Manager.
  2. Select System > Service Deployments > Deployment > Deploy Service.
  3. From the Partner Service field, select the partner service.
  4. Enter the service deployment name.
  5. In the Compute Manager field, select the VMware vCenter to deploy the service.
  6. In the Cluster field, select the cluster where the services need to be deployed.
  7. In the Data Store drop-down menu, select a data store as the repository for the service virtual machine.
  8. In the Network column, click Set and enter the Management Network interface by choosing DHCP or static IP address type, and data network.
  9. In the Service Segments field, select a service segment from the list or click the Action icon to add or edit a service segment. For every service, you can only add one service segment per overlay zone.
    A service segment is used as a service plane overlay segment where packets from guest VMs that match the classifier are sent to this service plane overlay segment and forwarded to the third-party VM for traffic introspection.
    To create a service segment:
    1. Click the + icon next to the Service Segment field.
    2. In the Service Segment dialog box, click Add Service Segment.
    3. Enter a name, select a Transport Zone Overlay from the drop-down menu, and if applicable, select a gateway under Applied to Gateway.
    4. Click Save.
  10. In the Deployment Type field, select from one of the following deployment options. Depending upon the services registered by the partner, multiple services can be deployed as part of a single service VM.
    • Clustered: Deploys service VM on a host or hosts on one of the following types of cluster:
      • A dedicated cluster to run only service VMs.
      • A cluster that is running workload VMs. After deployment, service VMs co-exist with workload VMs.
      • An NSX Edge cluster.
      Note: In a clustered deployment, do not perform vMotion of an SVM as this action might result in loss of traffic.
    • Host Based: Deploys the service on all the hosts within a cluster.
  11. In the Deployment Template field, select the template that provides attributes to protect the workload you want to run on guest VMs groups.
  12. (Cluster-based deployment only) In the Clustered Deployment Count, enter the number of service VMs to deploy on the cluster.
    The VMware vCenter decides on which host to deploy the service VMs.
  13. Click Save.

Results

After service deployment, the partner Service Manager is notified about the update.

What to do next

Know deployment details and heath status about service instances deployed on hosts. See Add a Service Profile for the Partner Service.