Breadcrumb Build – Region A VVD Virtual Infrastructure on VxRail Part 4: Installing NSX for the Management VxRail

Welcome to Part 4 of my VVD on VxRail Breadcrumb Build Series

VMware NSX is not part of a standard VxRail deployment, but its an integral part of VVD, and potentially anything you want to do on top of VVD. In this section, I’m going to walk through the deployment and tweaking of NSX basic infrastructure before moving onto the Logical Network configuration in the 5th post of the series.

Anything in the format [input_value] represents a value from your preparation that you should insert (without the square brackets of course)

Deploy and Configure the NSX Instance for the Management Cluster

  • Assign Permissions to NSX Account
    • Log into [mgmt-vcenter-fqdn]
    • Administration -> Single Sign On -> Users and Groups -> Groups
      • Add [ad-domain]\[svc-nsxmanager] to LicenseService.Administrators
  • Administration -> Global Permissions
    • Add [ad-domain]\[svc-nsxmanager] as Administrator
  • Deploy NSX Manager to Management Cluster
    • Name: [mgmt-nsx-manager-vmname]
    • Storage
      • Thin provision
      • vSAN Default Storage Policy
    • Network: [mgmt-portgroup]
    • DNS Server list: [dns-server]
    • Domain Search List: [ad-domain]
    • Default IPv4 Gateway: [mgmt-gateway]
    • Hostname: [mgmt-nsx-manager-fqdn]
    • Network 1 IPv4 Address: [mgmt-nsx-manager-ip]
    • Network 1 Netmask: [mgmt-mask]
    • Enable SSH = True
    • NTP Server List = [ntp-ip]
    • Default Password = [mgmt-nsx-manager-admin-password]
    • CEIP = True
  • Power on NSX Manager

Replace the Certificate of NSX Manager

  • Log into [mgmt-nsx-manager-fqdn]
  • Home -> Manage Appliance Settings -> Manage -> SSL Certificates -> Upload PKCS#12 Keystore.
  • Upload [mgmt-nsx-manager-hostname].4.p12
  • Reboot NSX Manager

Connect NSX Manager to vCenter

  • Log into [mgmt-nsx-manager-fqdn]
  • Manage vCenter Registration -> Lookup Service URL -> Edit
    • URL: [psc-lb-virtual-fqdn]
    • Port: 443
    • Username: administrator@vsphere.local
    • Password: [sso-admin-password]
  • Accept Certificate Thumbprint
  • vCenter Server -> Edit
    • URL: [mgmt-vcenter-fqdn]
    • Username: [nsx-admin]@[ad-domain] / [nsx-admin-password]
  • Accept Certificate Thumbprint

Assign Administrative Access to NSX

  • Log into [mgmt-vcenter-fqdn] as [nsx-admin]@[ad-domain]
  • Networking & Security -> Users and Domains -> Add -> Specify a vCenter User
    • administrator@vsphere.local as Enterprise Administrator

Deploy the Management NSX Controllers

  • Log into [mgmt-vcenter-fqdn]
  • Assign NSX Primary Role
    • Networking & Security -> Installation and Upgrade -> Management -> Actions -> Assign Primary Role
  • Create IP Pool
    • Groups & Tags -> IP Pools-Add
    • Name: mgmt-nsx-controllers
    • Gateway: [mgmt-gateway]
    • Prefix Length: [mgmt-prefix-length]
    • Primary DNS: [dns-server]
    • DNS Suffix: [ad-domain]
    • Add Range: [mgmt-nsx-controller-ip-range]
  • Deploy Controllers (1 at a time)
    • Installation and Upgrade -> Management -> NSX Controller Nodes -> Add -> Choose Manager
    • Complex Password: [mgmt-nsx-controller-complex-password]
    • Name: [mgmt-nsx-controller01-name]
    • Datacenter: [mgmt-datacenter]
    • Cluster/ResourcePool: [mgmt-cluster]
    • Datastore: [mgmt-vsan-datastore]
    • Connected to: [mgmt-network]
    • Select IP Pool: mgmt-nsx-controllers
    • Repeat for
      • [mgmt-nsx-controller02-name]
      • [mgmt-nsx-controller03-name]
  • Enable CDO Mode
    • Installation and Upgrade -> Management -> Select Manager -> Actions -> Enable CDO Mode
  • DRS affinity rules for Controllers
    • Select [mgmt-cluster] -> Configure -> VM/Host Rules -> Add
    • Rule name: anti-affinity-rule-nsxc
    • Separate Virtual Machines
    • Select all Controllers

Licensing for NSX

  • Log into [mgmt-vcenter-fqdn]
  • Administration -> Licenses -> Add License
  • Assets -> Solutions -> Assign License

Prepare the ESXi Hosts

  • Networking & Security -> Installation and Upgrade -> Host Preparation -> Actions -> Install

Finishing the NSX Basic Configuration

  • Segment ID Allocation
    • Networking & Security -> Installation and Upgrade -> Logical Network Settings -> VXLAN Settings -> Segment IDs -> Edit
      • Segment ID Pools: [mgmt-nsx-segment-id-pools]
      • Enable Multicast addressing: Selected
      • Multicast Addresses: [mgmt-nsx-multicast-addresses]
      • Universal Segment ID Pool: [mgmt-nsx-universal-segment-id-pool]
      • Enable Universal Multicast addressing: Selected
      • Universal Multicast Addresses: [mgmt-nsx-universal-multicast-addresses]
  • VXLAN networking
    • Networking & Security -> Installation and Upgrade -> Host Preparation -> Actions -> Configure VXLAN
      • Switch: [mgmt-vds]
      • VLAN: [mgmt-vxlan-vlan]
      • MTU: 9000
      • VMKNic IP Addressing: Use DHCP**
      • VMKNic Teaming Policy: Load Balance – SRCID
      • VTEP: 2
  • Transport Zone
    • Networking & Security -> Installation and Upgrade -> Logical Network Settings -> Transport Zones -> Add
      • Name: Mgmt Universal Transport Zone
      • Mark this object for Universal Synchronization: On
      • Replication Mode: Hybrid
      • Select clusters to be part of the Transport Zone: [mgmt-cluster]

** The VVD documentation wants you to use DHCP for VXLAN. This is so that you can place hosts on different subnets (and potentially different sites) and have the networks DHCP environment provide them with IP addresses that are suitable for the network segments they are actually on. If you are building a LAB test environment, you can use an NSX IP Pool here, and it will work, but just be advised that if you want to change down it the line then its a bit disruptive to the NSX configuration. Stick with the DHCP configuration if you have grander plans.

With the above complete, you should have a functioning NSX configuration thats looks a bit like the below, which is ready for you to create a set of logical networks for use by your vSphere and ultimately your vRealize configuration. I’ll pick that up in the next post in the series.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: