This topic describes how to install and configure NSX Managers on vSphere in a clustered arrangement for high-availability for VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).

Prerequisites

Before completing this section, make sure you have completed the following sections:

Deploy NSX Manager 1

Deploy the NSX Manager OVA in vSphere. Download the OVA from the VMware software download site.

  1. Using the vSphere Client, right-click the vCenter cluster and select Deploy OVF Template.
  2. At the Select an OVF Template screen, browse to and select the NSX Unified Appliance OVA file.
  3. At the Select a name and folder screen, select the target Datacenter object.
  4. At the Select a compute resource screen, select the target vCenter cluster.
  5. Review the details.
  6. At the Configuration screen, select at least Medium for the configuration size.
  7. At the Select storage screen, choose Thin Provision and the desired datastore.
  8. For Network1, enter the VLAN management network, such as PG-MGMT-VLAN-1548.
  9. Enter strong passwords for all user types.
  10. Enter the hostname, such as nsx-manager-1.
  11. Enter the rolename, such as NSX Manager.
  12. Enter the Gateway IP address, such as 10.173.62.253.
  13. Enter a public IP address for the VM, such as 10.173.62.44.
  14. Enter the Netmask, such as 255.255.255.0.
  15. Enter the DNS server, such as 10.172.40.1.
  16. Enter the NTP server, such as 10.113.60.176.
  17. Enable the Enable SSH check box.
  18. Enable the Allow SSH root logins check box.
  19. Click Finish, and NSX Manager 1 starts deploying.
  20. Monitor the deployment using the Recent Tasks pane.
  21. When the deployment completes, select the VM and power it on.
  22. Access the NSX Manager 1 web console by navigating to the URL, such as: https://10.173.62.44/.
  23. Log in and verify the installation. Note the system message that a “3 node cluster” is recommended.

Add vCenter as the Compute Manager

A compute manager is required for NSX environments with multiple NSX Manager nodes. A compute manager is an application that manages resources such as hosts and VMs. For TKGI we use the vCenter Server as the compute manager.

Complete the following steps to add vCenter as the Compute Manager. For additional guidance, refer to the NSX-T documentation.

  1. In the NSX Management console, navigate to System > Appliances.
  2. Select Compute Managers.
  3. Click Add.
  4. Enter a Name, such as vCenter.
  5. Enter an IP address, such as 10.173.62.43.
  6. Enter the vCenter user name, such as [email protected].
  7. Set the Enable Trust toggle to Yes.
  8. Click Add.
  9. Click Add again at the thumbprint warning.
  10. Verify that the Compute Manager is added and registered.

Deploy NSX Manager 2

Use the NSX Management Console to deploy an additional NSX Manager node as part of the NSX Management layer. For more information, refer to the NSX-T documentation.

  1. In the NSX Management Console, navigate to System > Appliances.
  2. Select Add NSX Appliance.
  3. Enter a hostname, such as nsx-manager-2.
  4. Enter the Management IP/netmask, such as 10.173.62.45/24.
  5. Enter the Gateway, such as 10.173.62.253.
  6. For the Node size, choose medium.
  7. For the Compute Manager, select vCenter.
  8. For the Compute Cluster, enter MANAGEMENT-cluster.
  9. For the Datastore, select the datastore, such as datastore2.
  10. For the Virtual Disk Format, select thin provision.
  11. For the Network, select the VLAN management network, such as PG-MGMT-VLAN-1548.
  12. Select Enable SSH.
  13. Select Enable root access.
  14. Enter a strong password.
  15. Click Install Appliance.
  16. Verify that the NSX Manager 2 appliance is added.

Deploy NSX Manager 3

Use the NSX Management Console to deploy a third NSX Manager node as part of the NSX Management layer. For more information, refer to the NSX-T documentation.

  1. In the NSX Management Console, navigate to System > Appliances.
  2. Select Add NSX Appliance.
  3. Enter a hostname, such as nsx-manager-3.
  4. Enter the Management IP/netmask, such as 10.173.62.46/24.
  5. Enter the Gateway, such as 10.173.62.253.
  6. For the Node size, choose medium.
  7. For the Compute Manager, select vCenter.
  8. For the Compute Cluster, enter MANAGEMENT-cluster.
  9. For the Datastore, select the datastore, such as datastore2.
  10. For the Virtual Disk Format, select thin provision.
  11. For the Network, select the VLAN management network, such as PG-MGMT-VLAN-1548.
  12. Select Enable SSH.
  13. Select Enable root access.
  14. Enter a strong password.
  15. Click Install Appliance.
  16. Verify that the NSX Manager 3 appliance is added.

Configure the NSX Management VIP

The NSX Management layer includes three NSX Manager nodes. To support a single access point, assign a virtual IP Address (VIP) to the NSX Management layer. Once the VIP is assigned, any UI and API requests to NSX are redirected to the virtual IP address of the cluster, which is owned by the leader node. The leader node then routes the request forward to the other components of the appliance.

Using a VIP makes the NSX Management Cluster highly-available. If you need to scale, an alternative to the VIP is to provision a load balancer for the NSX Management Cluster. Provisioning a load balancer requires that NSX be fully installed and configured. It is recommended that you configure the VIP now, then install a load balancer after NSX is installed and configured, and only if needed.

Complete the following instructions to create a VIP for the NSX Management Cluster. The IP address you use for the VIP must be part of the same subnet as the NSX Management nodes.

  1. In the NSX Management Console, navigate to System > Appliances.
  2. Click the Set Virtual IP button.
  3. Enter a Virtual IP address, such as 10.173.62.47.
  4. Verify that the VIP is added.

  5. Access the NSX Management console using the VIP, such as https://10.173.62.47/login.jsp.

Add the NSX Manager License

If you do not add the proper NSX license, you will receive an error when you try to deploy an Edge Node VM.

  1. In the NSX Manager console, navigate to System > Licenses.
  2. Add the NSX Data Center Advanced (CPU) license.
  3. Verify that the license is added.

Enable the NSX Manager Interface (if necessary)

The NSX Management Console provides two user interfaces: Policy and Manager. TKGI supports both.

The Policy interface is the default. If you are using the Manager interface for configuring the networking and security objects, you need to enable the Manager interface.

  1. In the NSX Manager console, navigate to System > User Interface Settings.
  2. Click Edit.
  3. For the Toggle Visibility field, select Visible to all Users.
  4. For the Default Mode field, select Manager.
  5. Click Save.
  6. Refresh the NSX Manager Console and navigate to an area of the console that is not listed under System.
  7. In the upper-right area of the console, verify that the Manager option is enabled.
check-circle-line exclamation-circle-line close-line
Scroll to top icon