This blog series will cover the installation and configuration of VMware NSX 6.1.3 in a lab environment. As such, there are certain design considerations I am overlooking because this is not a production deployment and lab resources are somewhat limited. It goes without saying a production deployment may and should look a little different 😉
An example of this would be to distribute the vSphere and NSX infrastructure into multiple clusters – a “Management” cluster which might house vCenter, NSX Manager, and the NSX Controllers; an “Edge” cluster which might house things like the NSX Edge Services Gateway and the Distributed Logical Router (DLR) / DLR Control VM, which control the flow of L2 (NSX Bridging) or L3 traffic (NSX Logical Routing) into and out of the NSX logical networking environment; and a “Compute” cluster where the bulk of your server and/or desktop virtualization workload would live. In a production deployment, these clusters may even span two or more racks to provide resiliency of all workloads in the event of a rack loss.
Example of “dispersed clusters” courtesy of VMware Hands on Labs (Management/Edge cluster + Compute cluster):
However, my purpose for deploying NSX in my lab is to get more hands on exposure to the product and as a “proof of concept” for the various capabilities of NSX. While important to know all the design considerations, it’s not particularly important in THIS instance.
I highly recommend familiarizing yourself with the NSX Design Guide – it’s a great piece of reference material. I read it start to finish as part of studying for the VCP-NV exam and largely attribute its content, in combination with the VMware Hands on Labs, for passing the exam. The NSX Design Guide can be found HERE.
The Lab Environment
I will also not be covering the installation and configuration of the various vSphere 6.0 infrastructure that all the NSX components ride upon. There are many great blogs and white papers covering this, and let’s be honest – if you’re looking to lab out NSX, you probably already have vSphere configuration down pat.
This NSX lab environment exists on a nested ESXi cluster running vSphere 6.0. There are three ESXi 6.0 virtual machines, each with 24 GB of RAM, 4 vCPU, and ~200 GB of “local” storage across multiple datastores (a couple of which will be used for VSAN at a later date). A vCenter Server Appliance 6.0 was imported into the nested environment and runs on top of the virtualized ESXi hosts. Running a nested hypervisor gives you a lot of flexibility on the hardware which it runs on (and flexibility for isolation if desired, to avoid screwing important stuff up 😛 ), so this could just as easily run on top of a couple “home lab” type boxes without issue.
William Lam (@lamw on Twitter) has a GREAT series of posts on his blog virtuallyGhetto.com detailing the requirements and configuration for running nested ESXi – I highly recommend checking it out. In fact, the 3-node ESXi cluster I am using for this blog post was deployed from an .OVF file he’s made available to the community. Check out his Nested ESXi Series here and VSAN .OVF Template series here. I’ve configured this lab environment to be 100% isolated to the outside world from a network, storage, and hardware perspective…which gives me some freedom to make changes and mistakes without breaking anything I care about.
There’s probably many (and better) blogs covering this same subject, but hey, I need the blogging practice anyway so maybe someone will find it useful…so thanks in advance for reading.
And without further ado, importing and configuring NSX Manager.
Import the NSX Manager
The first step in getting NSX running in your environment is to install and configure the NSX Manager. The NSX Manager is a virtual appliance that is responsible for deploying all the other components of NSX such as the NSX Controllers, Edge Gateways, etc.
There is a 1:1 relationship between a NSX Manager and a vCenter server – one NSX Manager serves a single vCenter Server environment.
** As stated in the NSX Installation Guide, the NSX Manager virtual machine installation includes VMware Tools. Do not attempt to upgrade or install VMware Tools on the NSX Manager. One of the first things I noticed (and felt compelled to do) once the NSX Manager was running is to get rid of the angry yellow “VMware Tools is outdated on this virtual machine” warning on the NSX Manager VM Summary tab. Fight the urge and leave it at the included VMware Tools level.
1. Deploying the NSX Manager must be done through the vSphere Web Client instead of the C# client due to some “extra configuration options” that are only present in the Web Client. Right click on your vCenter Server and select “Deploy OVF Template”.
** You must have the Client Integration Plugin installed in order to deploy an OVF through the vSphere Web Client. I’ve had issues with the plugin and Internet Explorer 11, so I recommend running this through Chrome or Firefox until/if those issues are resolved.
2. Browse to your .OVA file. Mine is on an .ISO mounted in the virtual DVD drive of the virtual “jump box” workstation I access my lab environment from. Click “Next”.
3. On the “Review details” screen, select the “Accept extra configuration options” check box (this option wouldn’t be presented in the C# client, and then you’d have issues with your NSX Manager).
4. Accept the EULA, blah blah blah, then click “Next”.
5. Select a name for the NSX Manager – I got super creative with mine and left it “NSX Manager” – select a folder/location, then click “Next”.
6. Select a cluster or host, then click “Next”.
7. Select a disk format. I chose “Thin Provision” since this is a lab and storage is at a premium right now. If necessary, change your VM Storage Policy. While this lab will have VSAN configured in it eventually, it does not now, and I’m installing on “local” storage (in quotes because it’s actually a .VMDK file on a SAN LUN) of my ESXi host, so I’ve left it at “Datastore Default”. Click “Next” once you’ve selected the appropriate storage settings for your environment.
8. Now it’s time to select a network for your NSX Manager. Right now I’m using the default “VM Network” that was created when I installed ESXi, but I’m essentially treating it as my management network for management/vMotion VMkernel interfaces. I’ll have some other network interfaces for VXLAN traffic etc. which will be setup at a later time. Once you have selected the appropriate network, click “Next”.
9. The “Customize template” window has quite a bit for you to fill in – there are some passwords for various purposes on the NSX Manager, IP/DNS/network settings, etc. Fill in the info as it applies to your environment, then click “Next”.
10. On the “Ready to complete” screen, verify all your information is correct before clicking finish. If everything looks good, click “Finish”. The NSX Manager virtual appliance will now be deployed and powered on automatically (if selected).
Configure the NSX Manager
1. Once the NSX Manager appliance has finished booting and is online, log into the NSX Manager appliance to resume configuration. You will have specified this IP address in Step 9. Example https://172.16.99.150. The credentials used for login will also have been specified in Step 9. Username: admin Password: [user defined]. If you did not define a password during installation, it should be “default”.
2. The first thing to do is check that all the necessary services are running…if they’re not…you won’t get much further. Click the “View Summary” button to be taken to the appliance summary page. All services should show “Running”, with possibly exception to the “SSH Service”.
3. Now we will register NSX Manager with your vCenter Server. Click the , click “Manage” tab, and then click “NSX Management Service” under the “Components” menu section.
Click “Edit” to enter your vCenter Server details
4. Enter the appropriate credentials to connect to your vCenter Server. Yeah yeah yeah, I used my personal lab account instead of a service account…so what?! Click “OK” and you should be prompted to trust the vCenter Server certificate. Click “Yes” on this window.
I ended up ditching using my “personal” lab account for the vCenter connection…not exactly sure why yet, but whenever I logged into vCenter it showed a “No NSX Managers available” error. I switched to a new “service” account that also has Administrator rights in vCenter and the NSX Manager populated correctly. It even showed my “personal” account listed as an NSX Enterprise Administrator but I could not see anything. After logging into vCenter with the “nsxservice” service account, I went to Networking and Security > NSX Managers > Manage > Users and deleted my personal account and re-added it as an Enterprise Administrator. Once I did that, I was able to log into vCenter with my personal account and see the NSX Manager fine. Who knows…perhaps I did something wrong during the initial vCenter linking. So just a heads up in case you run into a similar issue.
5. If the connection to your vCenter Server was successful, you should see a green circle next to the “Status” field.
6. Next, the Lookup Service will be configured. Click the “Edit” button in the “Lookup Service” area.
Enter your Lookup Service details – it’s worth noting that in vSphere 6.0, the Lookup Service port is now 443. I had assumed it was still 7444 and ran into some errors applying the configuration. Luckily I ran across Chris Wahl’s (@ChrisWahl) blog with a quick explanation.
As when linking your vCenter server, trust the certificate.
And you should now see a “Connected” status under the lookup service.
7. The final step for configuring NSX Manager in the lab is to make a backup of the configuration. It is recommended to do a backup while NSX Manager is in a “clean state” so that it can be rolled back to in the event of an issue during subsequent changes.
Click “Backup and Restore” in the “Settings” menu.
Click “Change” next to “FTP Server Settings”, then enter your FTP/SFTP server details here. I actually don’t have an FTP server in my lab yet, so I’m going to forego a backup at this point. I like to live on the edge anyway. If you’d like to setup scheduled backups, there is an option to do so on this page as well…probably recommended for a production deployment.
8. At this point, configuration of NSX Manager is complete and it has been linked to your vCenter Server. You should now be able to log into the vSphere Web Client and continue with deployment of the remaining NSX infrastructure pieces.
If you’re currently logged into the Web Client, log out and then log back in and you should see a new “Networking and Security” panel. Click on “Networking and Security”.
It is from here that most of the NSX configuration will be managed and further NSX services and components deployed from. The next post in this series will cover deploying and configuring the NSX Controllers. Stay tuned and thanks for reading!