Install and Configure NSX Manager

I’m starting to become a bit of a fan of VMware NSX and getting excited with all the new features that came out of VMworld 2017. I recently rebuilt my lab and one of the parts I need to install is, you guessed it, NSX. So I figured I would write a series of basic “Getting Started” guides.  To start with, we will go through installing the NSX Manager, the brain of the solution. Now for the install, I just attached the NSX Manager Appliance to a vSwitch for the moment, but you will need to ensure that you have a Distributed Virtual Switch configured to utilise NSX as it is a required component. I will be installing NSX Manager 6.3.3 (The latest as of this post)

NSX is more than just networking, it is also part of the endpoint services that was previously vShield in the vCloud Networking and Security Suite (vCNS). Implementing NSX allows you to extend the feature set taking you to the next level of virtual networking.

I will be going over the install and configuration of some of the other components in the next few posts following this one.

Installing NSX Manager:

The NSX Manager OVA can be downloaded from my.vmware.com
Once downloaded, ensure the Client Integration tools are installed and then open up the VMware Webclient. (For Client Integration Tools SSL FireFox issue  see this post)

Right click cluster and select “Deploy OVF Template” à Navigate to the NSX Manager OVF file à Accept the configuration

Accept the EULA

Input details for configuration

-Password
– IPv4/IPv6 details
– DNS
– NTP
– SSH
– VMware Customer Experience Improvement Program

 

 

 

 

 

 

 

Accept all and deploy

 

 

 

Once deployed. Open up a web browser and navigate to the IP/hostname that you set for your NSX Manager.

Login with admin and the password you set for deployment.

Navigate to “General” and edit the time settings à set your timezone à Save and log off and back on again for settings to take affect

Navigate down to “NSX Management Service” àSelect Edit on “Lookup Service URL:” and enter your PSC FQDN. (Enter vCenter if using embedded PSC) Enter SSO username and password and click OK

Select edit on “vCenter Server” and enter your vCenter server address followed by vCenter Service account or SSO.

Once all lights are green, log off and log into vCenter with the account used to attached NSX to vCenter.

If you log in as another accout, you will not be able to see the Network and Security tab as you will not have been granted permission to it. (Note that my SSO is vSphere.local for this lab)

Log in as the account that You will see the Networking and Security section available in the Action menu, Home screen and the left hand Navigation menu. Select Network and Security -> click on NSX Managers -> select NSX Manager you wish to adjust -> Manage -> Users.

Click the green Plus sign -> Choose either to add a group or individual user (Suggest making an NSX Group to make control easier) -> Select the Level of Access and click OK.

Log off and log in as the user you jut granted permission to.  (Note that I am using readysetvirtual.local for my lab domain and standard user)

Advertisements

VMware Client Integration – FireFox SSL Popup

I’ve been having this issue for a little while now, I hadn’t found any successful posts on how to allow the VMware Client integration plug-in to run on FireFox. This occur in my last lab environment and my current.  Unfortunately, without this integration tool, OVF deployments and various other functions are unavailable in the WebClient.

Error Msg: “The VMware Client Integration Plugin has updated its SSL Certificate in FireFox.”

Since Firefox ver. 52, plugins have been disabled by default and started to behave differently. We found this out the hardware when some of our customers were starting to open their SaaS Citrix environment with HTML5 instead of the thick client.

To fix this, I found a KB article that outlines the solution. (KBA 2112076)

As you can see, the integration tool is currently installed and in Firefox 56 the message is displaying after log on to the WebClient.

Screen Shot 2017-09-06 at 10.28.31 amScreen Shot 2017-09-06 at 10.27.43 am

Go ahead and uninstall the Integration Tool as you will need to reinstall it again.

Screen Shot 2017-09-06 at 10.31.15 am

 

Uninstall your current version of FireFox and download and install FireFox Extended Support Release
Screen Shot 2017-09-06 at 10.30.17 am

Once installed, reinstall the VMware Client Integration Plug-in and launch FireFox. The Plugin should then popup once you access your venter WebClient login page. -> Select “Remember my choice for vmware-csd links” and click “Open Link”

Screen Shot 2017-09-06 at 10.40.55 am

Head over to a host and attempt an OVF deployment.  A second pop will request for Access Control -> select “Allow” and untick “Always ask before allowing this site” (Unless security reasons)

Screen Shot 2017-09-06 at 10.42.08 am

You should now not see any error messages when you attempt an OVF deployment.

Screen Shot 2017-09-06 at 10.42.21 am

Free NSX books at VMworld and Digital Download

If you are VMworld, go pick yourself up the most recent series of NSX books.

If you are NOT at VMworld, you can also download the books from the below links.

VMware NSX Micro-segmentation Day 1  – Wade Homes

VMware NSX Micro-segmentation Day 2 – Geoff Wilmington

Operationalizing VMware NSX – Kevin Lees

Automating NSX for vSphere with PowerNSX – Anthony Burke

 

More information here. 

vSphere 6.5 Host Resources Deep Dive – First thoughts

Today I was fortunate to receive my copy of VMware vSphere 6.5 Host resources. I was quite excited to be ordering this book once it became available. I had been reading all the snippets that were popping up on twitter from @hostdeepdive and the information and whiteboard photos were really building up the excitement. This book is a collaboration between @FrankDenneman and @NHagoort – the combined intelligence and knowledge that these two have is far beyond where any book will take you, but in this particular book, they cram so much detail in that you will not want to put it down.  If you want to get the best out of your infrastructure, and become a great architect and get the best for your customers/users, then this is the book you need to read.

Not the only excited it has arrived!

I decided that I would read from the very first page and go through the book, just in the foreword by @KitColbert, VP & CTO of Cloud Platform Business Unit @ VMware, my mind was going places I hadn’t placed it before. Kit talks about how something as simple as typing a linux command and what occurs before the result can be a discussion that can last for hours. In the 4 and a half pages for the foreword, Kit breaks this down and for me, that got me thinking in a whole new light of detail that I would not usually have gone to. This has set me up to accept the challenge of the level of detail that has gone into this book.

I am only a few pages in, but I know for sure that this is going to be a ride worth taking and opening up for the level of detail that will be exposed.

I look forward to reading the rest of this great book and hope you may get the chance too!

You can purchase the book here.
https://www.amazon.com/VMware-vSphere-Host-Resources-Deep/dp/1540873064/ref=sr_1_1?ie=UTF8&qid=1499174386&sr=8-1&keywords=host+deep+dive

Guest Introspection Service – NSX

Continuing on from my last post, I thought I would get in and talk about the Guest Introspection service before I roll back and redeploy my NSX lab.

In prior versions to vSphere 6.x, part of the VMware vCloud Networking and Security (vCNS) was vShield Endpoint that was installed onto each host to allow for agentless security products to interact with virtual machines through VMTools. This was a two component setup, you would first have the vShield Manager that was connected to your vCenter which then added an installation option on each host for vShield Endpoint. Once vShield Endpoint was installed and vShield Driver (Part of VMTools install), your antivirus/anti-malware software could then protect inside your virtual machines that have been set up.

Fast forward to vSphere 6.x and the release of NSX taking over the networking and security side of things for vSphere environments. vShield was partially removed in vSphere 6.0, but completely removed by vSphere 6.5. Replacing vShield is now the NSX Guest Introspection Service (GIS) that still gets deployed to each host, but the difference is instead of having a separate vShield manager, it is included with the NSX Manager.
The GIS is free (Depending on vCloud licensing you may need to double check with your reseller) with the default licensing that comes with NSX Manager. There is a default key that is automatically deployed with NSX Manager giving you this access.

To set up your Guest Introspection Services, follow the below steps:

Pre-requisites:
IP Pool (If you do not have one configured, then you can set up during GIS deployment)

  1. Open up your Network and Security Tab –> Click on Installation –> Select Service Deployments.
  2. Click on the + sign –> Select Guest Introspection –> Choose when you want to deploy Now or Schedule –> click next.
  3. Select your Datacenter and cluster you want to install your Guest Introspection to –>  click next
  4. Choose your storage device and network you want to –> Decide to use DHCP or IP Pool, click Change –> Select IP Pool and Click the + sign to create the Pool.


  5. Confirm and click Finish.

The process will run through and migrate VMs between hosts if required. Once installed, your security software should detect the hosts and their current state and either require install a filter driver to the hosts and then the appliance (Third party components may vary between vendors).

This is a very straight forward service setup, but very powerful for the service it provides to your environment.

Thank you for reading. Please let a comment if you would like to.