After partners register services, as an administrator, you must deploy an instance of the service on member hosts of a cluster.
Deploy partner service VMs that run the partner security engine on all the NSX hosts in a cluster. After you deploy the SVMs, you can create policy rules used by SVM to protect guest VMs.
Prerequisites
-
All hosts are managed by a VMware vCenter.
-
Partner services must be registered with NSX and are ready for deployment.
-
NSX administrators can access partner services and vendor templates.
-
Both the service VM and the partner service manager (console) must be able to communicate with each other at the management network level.
-
Ensure only one overlay transport zone is connected to hosts that are running the partner service.
-
Ensure only one service segment is used to connect partner SVM for network introspection.
- Starting with NSX 3.1, on clusters that span physical servers placed in different racks, you can override the transport node profile applied on a per-host basis.
- Starting with NSX 3.0, you must prepare clusters (cluster-based or host-based deployment methods) by applying a transport node profile.
- With NSX 2.5.x or earlier, before you deploy service VMs on each host using host-based service deployment method, configure each host of the cluster with NSX by applying a transport node profile.
- When upgrading the third-party service, the existing service will continue to be functional even if transport node profile is not applied to the cluster.
Procedure
Results
After service deployment, the partner Service Manager is notified about the update.
What to do next
Know deployment details and heath status about service instances deployed on hosts. See Add a Service Profile for the Partner Service.