Thursday, 19 June 2014

Getting started with NSX

This week I've been on an internal training course with VMware on NSX.  In case you haven't heard of NSX, this is a network virtualisation solution offered by VMware (My Employer).  I've already deployed NSX in a nested lab but this blog post is just going to quickly show you my current setup and how to grant specific user accounts admin rights within NSX and also how to stop accidentally locking yourself out of access to vCenter with the distributed firewall.  Expect more blog posts on NSX as I become more familiar with it and use it in the lab.  Firstly, This is how my physical lab looks like which hosts all my home production VM's:


As you can see I run a nested environment consisting of three virtual ESXi hosts and the vCenter Server Appliance.  The NSX Manager is running outside of the test cluster as I didn't want to consume resourced within the nested environment.  The nested environment simply has a three hosts, an NSX controller and a few simple web servers:


Once you've deployed NSX manager and deployed your first controller your probably going to want to grant your admin account permissions within NSX so you don't have to keep logging is as the local admin of the vCenter Server Appliance (This is just the way I like to work).  To grant your admin account access, simply log into the web client and select Networking & Security from the menu option:


From the NSX menu screen click on NSX Managers:


Click on the NSX manager link that you want to make changes to:


Click on the Manage tab and then the Users tab and simply click the green plus:


Enter the user or group name of the active directory object that you wish to add and click Next:


Select the role for the user or group and click Next:


Set the scope limit and click Finish:


You should now be able to access NSX Manager as the user or the user of the group that you just added.  Another operation that you should probably perform is to exclude vCenter from having any policies being applied to it as you can quite easily lock yourself out.  In my case it shouldn't be an issue as the vCenter Appliance does not reside in the same cluster as the one I'm going to be applying policies to but if yours does then simply browse to the NSX Manager, select Manage and then Exclusion List:


Click on the green plus and then form the drop down menu, select your vCenter server object.  As mentioned, in my case the vCenter does reside in the same cluster so I should be OK.  Once added simply click OK:


So, that's as far as I am at the moment.  I need to make some physical changes to my switch to allow jumbo frames (or MTU of 1600) for the VXLAN traffic and unfortunately I can't do that remotely without taking down the entire lab and my access so I'll be doing that over the weekend.

No comments:

Post a Comment