In this blog post we will be deploying the NSX manager appliance. This is the first step in beginning to deploy NSX in your VMware environment. First things first, after downloading the NSX OVA file, right click on the cluster you want to deploy the appliance in and click Deploy OVF Template. Browse to and select the NSX OVA file and click Next.
The NSX service composer is one of my favorite features of NSX. I’ve never really considered myself to be lazy when it comes to doing something the right way…but I’ve never been one to overwork myself to do that. Dad always said “Work smarter, not harder”. The service composer is a combination of both. It’s a way to create multiple rules in your virtual infrastructure for items that are alike or that need to have the same type of services allowed or denied. For you Cisco guys, this is a familiar concept. Think objects and object groups on a ASA. For example, say I have a group of 6 web servers that I want to block ICMP traffic. Well that would normally mean that I would have to create 6 individual rules, one for each web server, to block this. With the service composer, however, I can create one rule. With the use of security groups and security policies, service composer makes life easy…and that doesn’t mean that you’re lazy 🙂
In this blog post, I will show you how to use the service composer to create a security policy and apply it to multiple servers.
First navigate to Networking & Security > Service Composer
Picking up from where we left off, in our last post, we deployed the NSX Edge Appliance and created interfaces to connect to each of our logical switches to allow for communication between the VMs on each logical switch. In this post we will configure OSPF as our dynamic routing protocol between the edge appliance and the logical router.
Navigate to Networking & Security>NSX Edges. Double click the Edge Router. Under Manage>Routing>Global Configuration click Edit by Dynamic Routing Configuration.
In this post we will be deploying an additional Edge Services Gateway (ESG) so that we can take advantage of Equal-Cost Multipath (ECMP) from the distributed logical router to the ESG. The advantage of using ECMP is that you can split the traffic from VMs evenly between the ESGs and have multiple bidirectional links. Let’s get started configuring!
Navigate to Networking & Security > NSX Edges and click the green + to begin deploying a new ESG.
Picking up from where we left off in our last post, we will be configuring routing between the physical network and the virtual network by means of the NSX Edge Services Gateway appliance.
A little backgroud about the NSX Edge:
NSX Edge provides network edge security and gateway services to isolate a virtualized network. The NSX Edge gateway connects isolated, stub networks to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, dynamic routing, and Load Balancing. Common deployments of NSX Edge include in the DMZ, VPN Extranets, and multi-tenant Cloud environments where the NSX Edge creates virtual boundaries for each tenant.
So to begin, we need to deploy a NSX edge appliance. We do this by navigating to Networking & Security > NSX Edges and clicking the green +
In our last post, we deployed our logical switches and tested L2 connectivity between VMs on the same logical switch. As mentioned in that post, in order to allow communication between logical switches, we will need to deploy and configure a distributed logical router. That’s what we will be going over in this post.
First navigate to Networking & Security > NSX Edges and make sure the correct NSX manager is selected. Click the green +.
Continuing from where we left off with deploying NSX controllers and preparing our hosts for NSX, now its time to deploy a logical switch and add virtual machines to it. A logical switch can be looked at as a logical broadcast domain to which virtual machines can be connected to. The segment IDs that are associated with them can be looked at as VLAN tags for logical switches. Each logical switch will have its own segment ID or VXLAN Network Identifier (VNI) assigned to it from the segment ID pool that was created under the Host Preparation tab.
To deploy a logical switch, navigate to Networking & Security > Logical Switches and click the green + symbol.