For network and security purposes, you can create an NSX-T cloud account and associate it with one or more vCenter cloud accounts.
An NSX-T cloud account can be associated to one or more vCenter cloud accounts. However, an NSX-V cloud account can only be associated to one vCenter cloud account.
The association between NSX-T and one or more vCenter cloud accounts must be configured outside of vRealize Automation Cloud, specifically in your NSX application. vRealize Automation doesn't create the association between NSX and vCenter. In vRealize Automation Cloud, you specify one or more configuration associations that already exists in NSX.
When you create an NSX-T cloud account in vRealize Automation Cloud, you specify a manager type and an NSX mode. These selections cannot be changed after you create the cloud account.
You can connect to an NSX-T Global Manager and configure an association between an NSX-T Global Manager and local managers in the context of the NSX-T federation.
For related information about NSX-T options and capabilities in general, see NSX-T Data Center product documentation.
- vRealize Automation Cloud can point to one of the NSX Managers. Using this option, one NSX Manager receives the API calls from vRealize Automation Cloud.
- vRealize Automation Cloud can point to the Virtual IP of the cluster. Using this option, one NSX Manager assumes control of the VIP. That NSX Manager receives the API calls from vRealize Automation Cloud. In case of failure, another node in the cluster assumes control of the VIP and receives the API calls from vRealize Automation Cloud.
For more information about VIP configuration for NSX, see Configure a Virtual IP (VIP) Address for a Cluster in the NSX-T Data Center Installation Guide at VMware NSX-T Data Center Documentation.
- vRealize Automation Cloud can point to a load balancer VIP to load-balance the calls to the three NSX Managers. Using this option, all three NSX Managers receive API calls from vRealize Automation Cloud.
You can configure the VIP on a third-party load balancer or on an NSX-T load balancer.
For large scale environments, consider using this option to split the vRealize Automation Cloud API calls among the three NSX Managers.
For a detailed look at using NSX-T 3.2 with vRealize Automation Cloud, see VMware blog post VMware Network Automation with NSX-T 3.2 and vRealize Automation.
- Verify that you have the required administrator credentials and have enabled HTTPS access on port 443. See Credentials required for working with cloud accounts in vRealize Automation Cloud.
- Verify that you have the cloud administrator user role. See What are the vRealize Automation Cloud user roles.
- Verify that you have a cloud proxy to use with this NSX cloud account. See Add a cloud proxy to a vCenter Server in Cloud Assembly.
- Verify that you have a vCenter cloud account to use with this NSX cloud account. See Create a vCenter cloud account in vRealize Automation Cloud.
- Verify that the cloud proxy VM is on and that the cloud proxy service is connected and running. See Verify that a cloud proxy is running on a target virtual machine.
- Select Add Cloud Account. and click
- Select the NSX-T account type and specify a cloud account name and description.
- Enter the host IP address for the NSX-T Manager instance or VIP (see above for information about the expected behavior that pertains to the NSX Manager and VIP options).
- Select an existing cloud proxy from the drop-down menu.
You can also create a new cloud proxy for this cloud account. See Add a cloud proxy to a vCenter Server in Cloud Assembly.
- Enter your NSX user name and password administrator credentials.
- For Manager type, select either Global or Local (default).
- Global Manager
The Global Manager setting is only available for use with the Policy NSX mode setting. It is not available when using the Manager NSX mode setting.
The Global setting refers to the NSX-T federation capabilities, including global network segments. Only NSX-T cloud accounts with the Global setting support NSX-T federation.
When using the Global Manager setting, you are prompted to identify a Local Manager NSX-T cloud account and an associated vCenter Server cloud account.
You cannot associate a Global Manger NSX-T cloud account with vCenter cloud account, as you can with an Local Manager NSX-T cloud account. Similar to how a Local Manager NSX-T cloud account can be associated to multiple vCenter cloud accounts, a Global Manager NSX-T cloud account can be associated to multiple Local Manager NSX-T cloud accounts.
- Local Manager
Use the Local setting to define a traditional NSX-T cloud account, which can be associated to one or more vSphere cloud accounts. You can associate a Global manager NSX-T cloud account with a Local NSX-T cloud accounts. Note that this is also the setting to use if you are creating a new and empty target NSX-T cloud account for the purposes of NSX-V to NSX-T migration.
You cannot change the Manager type setting after you create the cloud account.
- Global Manager
- For NSX mode, select either Policy or Manager.
- Policy mode (default)
The Policy mode is available for NSX-T 3.0 and NSX-T 3.1 forward. This option enables vRealize Automation Cloud to use the additional capabilities available in the NSX-T Policy API.
If you are using NSX-T with a VMware Cloud on AWS cloud account in a cloud template, the NSX-T cloud account must use the Policy NSX mode.
The Policy setting refers to the NSX-T Policy API form of NSX-T.
- Manager mode
Existing NSX-T cloud accounts that were created in an earlier version of vRealize Automation Cloud are treated as Manager mode NSX-T cloud accounts.
The Manager mode is supported for NSX-T 2.4, NSX-T 3.0, and NSX-T 3.1 forward.
If you specify Manager mode, use the Manager mode option for other NSX-T cloud accounts until vRealize Automation Cloud introduces a Manager mode to Policy mode migration path.
Some vRealize Automation Cloud options for NSX-T require NSX-T 3.0 or greater, including adding tags to virtual machine NIC components in the cloud template.
The Manager setting refers to the NSX-T Manager API form of NSX-T.
If you have existing NSX-T cloud accounts that were created prior to the introduction of the Policy method in vRealize Automation Cloud August 2020, they use the Manager method. It is recommended that you wait until the Manager mode to Policy mode migration capability is made available in vRealize Automation Cloud. If you prefer not to wait, you should replace your existing NSX-T cloud accounts with new NSX-T cloud accounts that specify the Policy method.
You cannot change the NSX mode value after you create the cloud account.
- Policy mode (default)
- Click Validate to confirm the credentials in relation to the selected NSX Manager type and NSX mode.
The assets associated with the account are collected.
If the NSX host IP address is not available, or if the cloud proxy is not associated with the NSX host IP address in the vCenter Server on which the cloud proxy is deployed, validation fails.
- In Associations, add one or more vCenter cloud accounts to associate with this NSX-T cloud account. You can also remove existing vCenter cloud account associations.
Only vCenter cloud accounts that are not currently associated in vRealize Automation Cloud to an NSX-T or NSX-V cloud account are available for selection.
For information about making association changes after you have deployed a cloud template, or about deleting the cloud account after you have deployed a cloud template, see What happens if I remove an NSX cloud account association in vRealize Automation Cloud.
- If you want to add tags to support a tagging strategy, enter capability tags.
You can add or remove capability tags later. See How do I use tags to manage Cloud Assembly resources and deployments.
For more information about how capability tags and constraint tags help control deployment placements, see the Constraint Tags and Placement video tutorial.
- Click Save.
What to do next
You can create or edit a vCenter cloud account to associate with this NSX cloud account. See Create a vCenter cloud account in vRealize Automation Cloud.
Create and configure one or more cloud zones for use with the data centers that are used by this cloud account. See Learn more about Cloud Assembly cloud zones.
Configure infrastructure resources for this cloud account. See Building your Cloud Assembly resource infrastructure.
For samples of using NSX-T options in vRealize Automation Cloud cloud templates, see Networks, security resources, and load balancers in vRealize Automation Cloud.