Today we are working on NSX! Not NSX-V (the older NSX for vSphere environments) but the “new” NSX-T, which since version 4.0 is just called NSX. Lately I have been working a lot with this and have made some internal posts about this. I figured why not share this in some blog posts on my own website. I will not entirely go deep into the workings of NSX. If you have reached this page, I estimate that you have some knowledge on what this piece of software does and what it allows you as the end-user to do. But a very short summary is the following: NSX is the Software Defined Networking stack for VMware and physical environments. By running NSX you will be able to essentially virtualize your networking environment and bring on a lot of efficiency in your SDDC stack which you might already be running.

To do anything with NSX we need to have a so called Manager. A NSX Manager is one (of clustered 3) appliances which you need to you guessed it, manage your NSX environment. This NSX Manager provides you with the GUI and API tools that you need to manage your NSX Fabric. Without this, there is no NSX. So without further explanation let’s go ahead and deploy these managers!

NSX Manager VM requirements

If you wish to deploy your NSX Managers you will have to fulfill some prerequisites which I will discuss about shortly below:

  • You have to have a working ESXi host on which you can deploy the NSX Managers.
  • Make sure you have 1 (or 3 depending if you are going to deploy a cluster (Required for production)) IP adresses ready to use.
  • Make sure your DNS records (A and PTR) are in place.
  • If you are deploying this for production, make sure the latency between appliances is below 10ms.
  • Once you are deploying more than one appliance, make sure you spread them evenly across ESXi hosts to create a failure domain.
  • If you are deploying a cluster you need 1 more IP for the Virtual IP (To provide Cluster High Availability and fault tolerance).
  • Make sure the maximum network latency between NSX Managers and Transport nodes is less than 150ms.
  • Make sure the disk latency is less than 10ms.
  • Make sure you choose the correct sizing. The Extra Small and Small sizes are not usable for the Local NSX-T Manager role. Have a look at the official documentation to find your best sizing here.

Deploying the first NSX Manager

  1. Download the NSX Manager bits on the following link: LINK. Make sure you download the “NSX Manager/ NSX Global Manager / NSX Cloud Service Manager for VMware ESXi” package. The other downloads are not required initially with a standard NSX Setup.
  2. Use the vCenter Server / ESXi host to deploy the downloaded .ova from step 1. Pick a name for the appliance and choose a folder.
NSX-T Manager Appliance deploy .ova
NSX-T Manager Appliance deploy .ova folder selection
  1. Pick a ResourcePool te deploy the appliance in.
NSX-T Manager Appliance deploy .ova Resourcepool selection
NSX-T Manager Appliance deploy .ova Resourcepool selection
  1. Choose the size for the appliance. As mentioned before in this post you should choose Medium or higher for a local NSX-T Manager appliance.
NSX-T Manager Appliance deploy .ova Size selection
NSX-T Manager Appliance deploy .ova Size selection
  1. Pick the datastore cluster.
NSX-T Manager Appliance deploy .ova Datastore selection
NSX-T Manager Appliance deploy .ova Datastore selection
  1. Choose the network the NSX-T Manager appliance will run in.
NSX-T Manager Appliance deploy .ova Network selection
NSX-T Manager Appliance deploy .ova Network selection
  1. In the last screen you can enter the following information:
    1. System GRUB Root User password
    2. System GRUB menu timeout
    3. System Root user password
    4. CLI “admin” password.
    5. CLI “audit” password.
    6. (Optional) Change the CLI “admin” and “audit” user usernames.
    7. Enter the NSX-T Manager hostname.
    8. Choose the NSX-T Manager Role. This can be NSX Manager, Cloud Service Manager (CSM) or Global NSX Manager.
    9. Enter the management IPv4 address information.
    10. Enter the DNS servers
    11. Enter the Domain Search List.
    12. Enter the NTP servers.
    13. (Optional) Enable SSH and SSH root user logins.
    14. (Optional) Software Integrity Checker
NSX-T Manager Appliance deploy .ova Role selection
NSX-T Manager Appliance deploy .ova Role selection
NSX-T Manager Appliance deploy .ova Final screen
NSX-T Manager Appliance deploy .ova Final screen

At this point the appliance will deploy and once done you can login to the appliance. The first thing you have to do is accept the EULA and choose to join the VMware CEIP once you login. After this you will be greeted with a warm welcome:

NSX-T Manager warm welcome
NSX-T Manager warm welcome

Now there are a couple of steps you want to verify after continuing:

  1. Check if the configured IP is picked up on correctly on the NSX-T Manager. Go to System -> Appliances and check the IP on the first node:
Check NSX-T Manager IP configuration
Check NSX-T Manager IP configuration
  1. Check if all services are running.
    1. Login to the NSX-T Manager through SSH and execute the following command get services. All services should be in the “running” state except liagent, migration-coordinator, snmp and nsx-message-bus.

The last part in this blogpost we will do is enter the license that is required for NSX-T Manager to run. Once logged in to the NSX-T Manager follow the next couple of steps:

  1. Login to the NSX-T manager on the FQDN defined in the .ova deployment.
  2. You should see a blue banner in the screen stating the license is not OK. Click on it. It will take you to System -> Settings -> Licenses.
NSX-T Manager Blue banner with License message
  1. Click on the Add license bullet and enter the license key and press “Add”.
NSX-T Manager adding the license
NSX-T Manager adding the license

The license should now be working! At this point you have deployed your first NSX-T Manager appliance. The next installement of this series will show you how to deploy the rest (it’s easier ;)) and how to set the Virtual IP the NSX-T Manager environment receives High Availabilty and Fault Tolerance.

Categories: NSX

Bryan van Eeden

Bryan is an ambitious and seasoned IT professional with almost a decade of experience in designing, building and operating complex (virtual) IT environments. In his current role he tackles customers, complex issues and design questions on a daily basis. Bryan holds several certifications such as VCIX-DCV, VCAP-DCA, VCAP-DCD, V(T)SP and vSAN and vCloud Specialist badges.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *