NSX vCloud Retrofit: NSX Manager Configuration and vCD VSE Deployment Validation
This blog series extends my NSX Bytes Blog Posts to include a more detailed look at how to deploy NSX 6.1.x into an existing vCloud Director Environment. Initially we will be working with vCD 5.5.x which is the non SP Fork of vCD, but as soon as an upgrade path for 5.5.2 -> 5.6.x is released I’ll be including the NSX related improvements in that release.
- Part 1 : Intro and VSM to NSX Manager Upgrade
Part 2 – NSX Manager Configuration and vCD VSE Deployment Validation
Once you have updated the VSM to the NSX Manager there are a number of configuration items to work through…some of which would have been carried over from the vCNS upgrade. For user and group management you can reference this post where I go through the configuration of the Management Services to allow users and groups to administor NSX through the vCenter Web Client.
Once you have a Green Connected Button for the Lookup Service and vCenter Service as seen above you can configure the rest of the settings. Clicking on the home Icon will give you the menu below:
Go to Manage Appliance Settings -> General and configure the Time Settings, Syslog Server and keep the Locale that is relevant to you installation. Ensure the NTP Server is set and is consistent with other NTP servers referenced in vCloud, vCenter and ESXi (Time Sync is Critical between NSX Manager, Hosts and other Management Systems)
Configure a SYSLOG or point the NSX Manager at Log Insight which has a newly released Content Pack for NSX.
Go to Network Settings and enter in new Host Name Details without the Domain Name specified (those are put of the search domains) and double check the IP and DNS Settings
Note 1: Create a DNS entry (if not already created) for the Host Name ensuring there is a reverse lookup in place for internal name resolution of the Manager.
Go to Backup and Restore and (re)configure the Backup Settings to include an FTP location and an additional Pass Phrase for NSX Manager Restores.
Once done, perform a test backup
vShield Edge Deployment and Validation:
With that done we can now move onto to testing vCloud Director initiated deployments of the VSE 5.5.3 Edges that are deployed as legacy Appliances out of the NSX Manager. If you take a look under the covers of the NSX Manager you will see that it’s DNA is vShield and more to the point…the NSX portion has been itself retrofitted ontop of the vCNS VSM which has allowed for quick integration with vCenter and legacy interoperability with current versions of vCD.
vCloud Director will call vShield APIs (not NSX) to deploy edges for use with Virtual Datacenter Networking and all current functionality in the edges up to 5.5.3 are maintained. vCD will not be able to understand an NSX 6.1 ESG and if you upgrade (the option is there as shown below) you will have a fully functional Edge with all settings and config carried over…but not manageable by the vCloud GUI.
To ensure that all previous vCloud Director Deployment mechanisms and Edge Management is still functional deploy an Edge Gateway from the vCloud Director GUI checking to make sure that the OVF is deployed correctly…the service account will now be service.nsx (or the account you chose)
Validate the vShield Version at 5.5.3, Test Internal/External Access and IP Connectivity, Service Configurations by adding rules, disabling/enabling Firewall and Create and attaching a vORG Network and Check Port Group Status
If you are interested in what the 5.5.3 VSE Management looks like under the Network & Security Section of the Web Client, click on Edges and the Name of the Edge…what you see here is similar to what you would see for the 6.1 ESGs but with less functionality and features. What’s managed in the vCD GUI is what you see here.
With that validated you have ensured that vCloud Director will continue to do it’s thing and work as expected with NSX Manager in play…at this point we are not using any VXLAN Virtualwires or NSX Transport Zones Network Pools…that’s still to come!