Deploy and Configure NSX Manager

You can use the vSphere Client to deploy the NSX Manager to the vSphere cluster and use it with vSphere IaaS control plane.

To deploy the NSX Manager using the OVA file, perform the steps in this procedure.

For information about deploying the NSX Manager through the user interface or CLI, see the NSX Installation Guide.

Prerequisites

Verify that your environment meets the networking requirements. For information about requirements, see Requirements for a Three-Zone Supervisor with NSX Advanced Load Balancer and Requirements for Enabling a Single Cluster Supervisor with NSX Advanced Load Balancer in vSphere IaaS Control Plane Concepts and Planning.
Verify that the required ports are open. For information about port and protocols, see the NSX Installation Guide.

Procedure

Locate the NSX OVA file on the VMware download portal.
Either copy the download URL or download the OVA file.
Right-click and select Deploy OVF template to start the installation wizard.
In the Select an OVF template tab, enter the download OVA URL or navigate to the OVA file.
In the Select a name and folder tab, enter a name for the NSX Manager virtual machine (VM).
In the Select a compute resource tab, select the vSphere cluster on which to deploy the NSX Manager.
Click Next to review details.
In the Configuration tab, select the NSX deployment size.
The recommended minimum deployment size is Medium.
In the Select storage tab, select the shared storage for deployment.
Enable thin provisioning by selecting the Thin Provision in Select virtual disk format.
The virtual disks are thick provisioned by default.
In the Select networks tab, select the management port group or destination network for the NSX Manager in Destination Network.
For example, DPortGroup-MGMT.
In the Customize template tab, enter the system root, CLI admin, and audit passwords for the NSX Manager. Your passwords must comply with the password strength restrictions.
- At least 12 characters.
- At least one lower-case letter.
- At least one upper-case letter.
- At least one digit.
- At least one special character.
- At least five different characters.
- Default password complexity rules are enforced by the Linux PAM module.
Enter the default IPv4 gateway, management network IPv4, management network netmask, DNS server, domain search list, and NTP IP address.
Enable SSH and allow root SSH login to the NSX Manager command line.
By default, the SSH options are disabled for security reasons.
Verify that your custom OVF template specification is accurate, and click Finish to initiate the installation.
After the NSX Manager boots, log in to the CLI as admin and run the get interface eth0 command to verify that the IP address was applied as expected.
Enter the get services command to verify that all the services are running.

Deploy NSX Manager Nodes to Form a Cluster

An NSX Manager cluster provides high availability. You can deploy NSX Manager nodes using the user interface only on ESXi hosts managed by vCenter Server. To create an NSX Manager cluster, deploy two additional nodes to form a cluster of three nodes total. When you deploy a new node from the UI, the node connects to the first deployed node to form a cluster. All the repository details and the password of the first deployed node are synchronized with the newly deployed node.

Prerequisites

Verify that an NSX Manager node is installed.
Verify that a compute manager is configured.
Verify that the required ports are open.
Verify that a datastore is configured on the ESXi host.
Verify that you have the IP address and gateway, DNS server IP addresses, domain search list, and the NTP server IP address for the NSX Manager to use.
Verify that you have a target VM port group network. Place the NSX appliances on a management VM network.

Procedure

From a browser, log in with admin privileges to the NSX Manager at https://<manager-ip-address>.
To deploy an appliance, select System > Appliances > Add NSX Appliance.

Enter the appliance details.

Option	Description
Hostname	Enter the host name or FQDN to use for the node.
Management IP/Netmask	Enter an IP address to be assigned to the node.
Management Gateway	Enter a gateway IP address to be used by the node.
DNS servers	Enter the list of DNS server IP addresses to be used by the node.
NTP server	Enter the list of NTP server IP addresses
Node Size	Select Medium (6 vCPU, 24 GB RAM, 300 GB storage) form factor from the options.

Enter the appliance configuration details

Option	Description
Compute Manager	Select the vCenter Server that you configured as compute manager.
Compute Cluster	Select the cluster that the node must join.
Datastore	Select a datastore for the node files.
Virtual Disk Format	Select Thin Provision format.
Network	Click Select Network to select the management network for the node.

Enter the access and credentials details.

Option	Description
Enable SSH	Toggle the button to allow SSH login to the new node.
Enable Root Access	Toggle the button to allow root access to the new node.
System Root Credentials	Set and confirm the root password for tne new node. Your password must comply with the password strength restrictions. At least 12 characters. At least one lower-case letter. At least one upper-case letter. At least one digit. At least one special character. At least five different characters. Default password complexity rules are enforced by the Linux PAM module.
Admin CLI Credentials and Audit CLI Credentials	Select the Same as root password check box to use the same password that you configured for root, or deselect the check box and set a different password.

Click Install Appliance.
The new node is deployed. You can track the deployment process in the System> > Appliances page. Do not add additional nodes until the installation is finished and the cluster is stable.
Wait for the deployment, cluster formation, and repository synchronization to finish.
The joining and cluster stabilizing process might take from 10 to 15 minutes. Verify that the status for every cluster service group is UP before making any other cluster changes.
After the node boots, log in to the CLI as admin and run the get interface eth0 command to verify that the IP address was applied as expected.
If your cluster has only two nodes, add another appliance. Select System > Appliances > Add NSX Appliance and repeat the configuration steps.

Add a License

Add a license using the NSX Manager.

Prerequisites

Obtain an NSX Advanced or higher license.

Procedure

Log in to the NSX Manager.
Select System > Licenses > Add.
Enter the license key.
Click Add.

Add a Compute Manager

A compute manager is an application that manages resources such as hosts and virtual machines. Configure the vCenter Server that is associated with the NSX as a compute manager in the NSX Manager.

For more information see the NSX Administration Guide.

Procedure

Log in to the NSX Manager.
Select System > Fabric > Compute Managers > Add

Enter the compute manager details.

Option	Description
Name and Description	Enter the name and description of the vCenter Server.
Type	The default type is VMware vCenter.
Multi NSX	Leave this option unselected. Multi NSX option allows you to register the same vCenter Server with multiple NSX Managers. This option is not supported on Supervisor and vSphere Lifecycle Manager clusters.
FQDN or IP Address	Enter the FQDN or the IP address of the vCenter Server.
HTTPS Port of Reverse Proxy	The default port is 443. If you use another port, verify that the port is open on all the NSX Manager appliances. Set the reverse proxy port to register the compute manager in NSX.
User name and Password	Enter the vCenter Server login credentials.
SHA-256 Thumbprint	Enter the vCenter Server SHA-256 thumbprint algorithm value.

You can leave the defaults for the other settings.

If you left the thumbprint value blank, you are prompted to accept the server provided thumbprint. After you accept the thumbprint, it takes a few seconds for NSX to discover and register the vCenter resources.

Select Enable Trust to allow vCenter Server to communicate with NSX.
If you did not provide a thumbprint value for NSX Manager, the system identifies the thumbprint and displays it.
Click Add to accept the thumbprint.

Results

After some time, the compute manager is registered with vCenter Server and the connection status changes to Up. If the FQDN/PNID of vCenter Server changes, you must re-register it with the NSX Manager. For more information, see Register vCenter Server with NSX Manager.

Note: After the vCenter Server is successfully registered, do not power off and delete the NSX Manager VM without deleting the compute manager first. Otherwise, when you deploy a new NSX Manager, you will not be able to register the same vCenter Server again. You will get an error stating that the vCenter Server is already registered with another NSX Manager.

You can click the compute manager name to view the details, edit the compute manager, or to manage tags that apply to the compute manager.