For network and security purposes, you can create an NSX-T cloud account and associate it with one or more vCenter cloud accounts.

An NSX-T cloud account can be associated to one or more vCenter cloud accounts. However, an NSX-V cloud account can only be associated to one vCenter cloud account.

The association between NSX-T and one or more vCenter cloud accounts must be configured outside of vRealize Automation, specifically in your NSX application. vRealize Automation doesn't create the association between NSX and vCenter. In vRealize Automation, you specify one or more configuration associations that already exists in NSX.

When you create an NSX-T cloud account in vRealize Automation, you specify a manager type and an NSX mode. These selections cannot be changed after you create the cloud account.

You can connect to an NSX-T Global Manager and configure an association between an NSX-T Global Manager and local managers in the context of the NSX-T federation.

For related information about NSX-T options and capabilities in general, see NSX-T Data Center product documentation.

To facilitate fault tolerance and high availability in deployments, each NSX-T data center endpoint represents a cluster of three NSX Managers.
  • vRealize Automation can point to one of the NSX Managers. Using this option, one NSX Manager receives the API calls from vRealize Automation.
  • vRealize Automation can point to the Virtual IP of the cluster. Using this option, one NSX Manager assumes control of the VIP. That NSX Manager receives the API calls from vRealize Automation. In case of failure, another node in the cluster assumes control of the VIP and receives the API calls from vRealize Automation.

    For more information about VIP configuration for NSX, see Configure a Virtual IP (VIP) Address for a Cluster in the NSX-T Data Center Installation Guide at VMware NSX-T Data Center Documentation.

  • vRealize Automation can point to a load balancer VIP to load-balance the calls to the three NSX Managers. Using this option, all three NSX Managers receive API calls from vRealize Automation.

    You can configure the VIP on a third-party load balancer or on an NSX-T load balancer.

    For large scale environments, consider using this option to split the vRealize Automation API calls among the three NSX Managers.

For a detailed look at using NSX-T 3.2 with vRealize Automation, see VMware blog post VMware Network Automation with NSX-T 3.2 and vRealize Automation.

Prerequisites

Procedure

  1. Select Infrastructure > Connections > Cloud Accounts and click Add Cloud Account.
  2. Select the NSX-T account type and specify a cloud account name and description.
  3. Enter the host IP address for the NSX-T Manager instance or VIP (see above for information about the expected behavior that pertains to the NSX Manager and VIP options).
  4. Enter your NSX user name and password administrator credentials.
  5. For Manager type, select either Global or Local (default).
    • Global Manager

      The Global Manager setting is only available for use with the Policy NSX mode setting. It is not available when using the Manager NSX mode setting.

      The Global setting refers to the NSX-T federation capabilities, including global network segments. Only NSX-T cloud accounts with the Global setting support NSX-T federation.

      When using the Global Manager setting, you are prompted to identify a Local Manager NSX-T cloud account and an associated vCenter Server cloud account.

      You cannot associate a Global Manger NSX-T cloud account with vCenter cloud account, as you can with an Local Manager NSX-T cloud account. Similar to how a Local Manager NSX-T cloud account can be associated to multiple vCenter cloud accounts, a Global Manager NSX-T cloud account can be associated to multiple Local Manager NSX-T cloud accounts.

    • Local Manager

      Use the Local setting to define a traditional NSX-T cloud account, which can be associated to one or more vSphere cloud accounts. You can associate a Global manager NSX-T cloud account with a Local NSX-T cloud accounts. Note that this is also the setting to use if you are creating a new and empty target NSX-T cloud account for the purposes of NSX-V to NSX-T migration.

    You cannot change the Manager type setting after you create the cloud account.

  6. For NSX mode, select either Policy or Manager.
    • Policy mode (default)

      The Policy mode is available for NSX-T 3.0 and NSX-T 3.1 forward. This option enables vRealize Automation to use the additional capabilities available in the NSX-T Policy API.

      If you are using NSX-T with a VMware Cloud on AWS cloud account in a cloud template, the NSX-T cloud account must use the Policy NSX mode.

      The Policy setting refers to the NSX-T Policy API form of NSX-T.

    • Manager mode

      Existing NSX-T endpoints or cloud accounts that are upgraded from an earlier version of vRealize Automation that did not provide a Policy option are treated as Manager mode NSX-T cloud accounts.

      The Manager mode is supported for NSX-T 2.4, NSX-T 3.0, and NSX-T 3.1 forward.

      If you specify Manager mode, use the Manager mode option for other NSX-T cloud accounts until vRealize Automation introduces a Manager mode to Policy mode migration path.

      Some vRealize Automation options for NSX-T require NSX-T 3.0 or greater, including adding tags to virtual machine NIC components in the cloud template.

      The Manager setting refers to the NSX-T Manager API form of NSX-T.

    If you have existing NSX-T cloud accounts that were created prior to the introduction of the Policy mode in vRealize Automation 8.2, they use the Manager API method. It is recommended that you replace your existing NSX-T cloud accounts with new NSX-T cloud accounts that specify the Policy API method.

    You cannot change the NSX mode value after you create the cloud account.

  7. Click Validate to confirm the credentials in relation to the selected NSX Manager type and NSX mode.

    The assets associated with the account are collected.

    If the NSX host IP address is not available, validation fails.

  8. In Associations, add one or more vCenter cloud accounts to associate with this NSX-T cloud account. You can also remove existing vCenter cloud account associations.

    Only vCenter cloud accounts that are not currently associated in vRealize Automation to an NSX-T or NSX-V cloud account are available for selection.

    See What can I do with NSX-T mapping to multiple vCenters in vRealize Automation.

    For information about making association changes after you have deployed a cloud template, or about deleting the cloud account after you have deployed a cloud template, see What happens if I remove an NSX cloud account association in vRealize Automation.

  9. If you want to add tags to support a tagging strategy, enter capability tags.

    You can add or remove capability tags later. See How do I use tags to manage Cloud Assembly resources and deployments.

    video symbolFor more information about how capability tags and constraint tags help control deployment placements, see the Constraint Tags and Placement video tutorial.

  10. Click Save.

What to do next

You can create or edit a vCenter cloud account to associate with this NSX cloud account. See Create a vCenter cloud account in vRealize Automation.

Create and configure one or more cloud zones for use with the data centers that are used by this cloud account. See Learn more about Cloud Assembly cloud zones.

Configure infrastructure resources for this cloud account. See Building your Cloud Assembly resource infrastructure.

For samples of using NSX-T options in vRealize Automation cloud templates, see Networks, security resources, and load balancers in vRealize Automation.