VMware NSX Setup

Posted on 13th December 2018 in VMware

This tutorial will explain how to setup VMware NSX. NSX 6.4.0 was used for this tutorial, other NSX versions follow the same setup but you may notice some differences as you go along.

1. Deploy the NSX Manager ova using vCenter (it doesn’t have to be deployed in the same vCenter you will be using it in).

Select the usual compute (folder and cluster), storage & network (for management of NSX Manager) settings for the VM.

The “Customize template” step will require relevant required info to be input such as Hostname, IP, DNS, NTP & Password for the NSX Manager.

2. Once deployed open the NSX Manager web page (FQDN of appliance) to configure vCenter relationship

Username is admin and the password is the password you specified in step 1 above.

NSX Manager and vCenter have a 1:1 relationship.

Use the vCenter Server that has the vDS and VMs you want to benefit from NSX

The “Lookup Service URL” should be configured: https://{vCenter_FQDN}:443/lookupservice/sdk E.G. https://vc01.company.net:443/lookupservice/sdk

The “vCenter Server” should be configured: {vCenter_FQDN} E.G. vc01.company.net

Both the “Lookup Service URL” & “vCenter Server” should authenticate with the administrator@vsphere.local credentials

Once done the NSX Manager vCenter connection should look like below:
NSX Manager vCenter Connection

3. Login to vCenter with administrator@vsphere.local credentials

You will now see the “Networking & Security” menu option like below:
vCenter Home Screen

4. Configure NSX user permissions

Under “System -> Users and Domains” you can add a user or group that exists in vCenter (can be local or domain user/group) and assign an NSX role.

5. Build NSX Controller Cluster

Under “Networking & Security -> Installation and Upgrade -> Management” you can add a controller node.

You need to create 3 controller nodes (ideally built on separate hosts).

Clicking the + button brings up the below settings box:
Add NSX Controller

Enter a unique friendly name & select the relevant datacenter/cluster/host/datastore.

“Connected To” should be the network you want the controllers to use to communicate, usually this is the same as the NSX Manager management network.

“IP Pool” should be a unique pool of IP addresses just for the NSX Controllers to be assigned. You can create the IP Pool when creating the first controller.

When creating the first controller you will also be asked for a password, this password will be for the controller cluster.

You can only build one controller at a time so prepare yourself for some waiting ;)

Once all 3 controllers have been built the “Management” tab should look like below:
NSX Controllers

6. Prepare Clusters & Hosts for NSX

Under “Networking & Security -> Installation and Upgrade -> Host Preparation” select the cluster (rather than a host) you want to enable for NSX and click “Install”.

The vSphere hosts do NOT need to be in Maintenance mode for this installation.

During this installation the vSphere hosts will have the NSX VIBs installed to handle VXLAN (Virtual Extensible LAN), DLR (Distributed Logical Router) and DFW (Distributed Firewall).

Once complete the “Installation Status” will change to show the NSX version installed and “Firewall” will have status “Enabled”.

Click “Configure” under “VXLAN” (Virtual Extensible LAN).

Select the required vDS (Virtual Distributed Switch), enter the VLAN ID to use for VXLAN VMkernel interface and set MTU to 1600.

“VMKNic IP Addressing” should use a unique pool of IP addresses for the specified VLAN ID (just like the NSX Controllers). Usually this network/VLAN is different to the NSX Manager/vSphere hosts management network(s).

Specify the required “VMKNic Teaming Policy” and click “OK”.

During this configuration the vSphere hosts will get a new VMkernel port for VTEP (VXLAN Tunnel Endpoint).

Once complete the “VXLAN” will change to status “Enabled”.

Once complete the “Host Preparation” tab should look like below:
Host Preparation

7. Logical Network Preparation

Under “Networking & Security -> Installation and Upgrade -> Logical Network Preparation” another 3 tabs will be exposed.

“VXLAN Transport”: This tab will just show the VXLAN configuration you created in previous step.

“Segment ID”: Edit to specify a range of IDs e.g. 5000-8000.

A Logical Switch (virtual wire) will use the Segment ID as the VNI (VXLAN Network Identifier). Therefore you must specify enough IDs for the Logical Switches you want to be able to create.

“Transport Zones”: Create a transport zone for Logical Switches (virtual wires) to be part of.

A Transport Zone defines which clusters of hosts will be able to see and use the Logical Switches within the zone.

When creating a Transport Zone specify a name, optional description and clusters to be part of the zone. Specify “Unicast” for “Replication Mode” to make the NSX Controllers responsible for replication.

That concludes the “Setup” for NSX. The next jobs are to create NSX Edges – both ESGs (Edge Services Gateways) and DLRs (Distributed Logical Routers), Logical Switches (virtual wires) and DFW (Distributed Firewall) rules.

Check out my other blog posts on these topics:
NSX Edges
Logical Switches
DFW Rules

comments: 0 »

vRealize Automation (vRA) 7.x NSX XaaS Resource Actions Issue

Posted on 15th November 2018 in VMware

I experienced this issue when working on a particular platform, it was a weird one and took some trial and error to fix so thought I would document it.

The issue:
When trying to view an NSX Resource Action item that had been provisioned it would just display a blank white page. Also if a day 2 action was attempted on the item a red ‘internal error’ box would be displayed and so the day 2 action wouldn’t load.

The fix:
The fix was a couple stage process…

1. Go to the vRO Endpoint in vRA portal, test connectivity and save
2. In vRO Control Center
(a) Disable NSX Plugin
(b) Restart vRO Service
(c) Enable NSX Plugin
(d) Restart vRO Service
3. You may also need to Reboot vRO appliance too

After that you should find that you can view the provisioned NSX Resource Action item details and the day 2 actions will load again as normal.

I would be interested in hearing if anything else has experienced this issue (please write a comment). I would also be curious to hear if anyone has experienced and found the root cause?

comments: 0 »

vRA 7.2 Fix Icons vRO Package

Posted on 9th November 2018 in vRO Packages

This vRO (vRealize Orchestrator) package contains a workflow which will run a postgres query on the vRA appliance to fix the vRA (vRealize Automation) 7.2 XaaS Resource Action issue outlined in VMware KB2149050.

Usage:
Download this: postgresiconsfix zip file
Extract the zip file to find the “org.cis.postgresiconsfix.package” file
Import this “.package” file into vRO (vRealize Orchestrator)

Note: This package was exported from vRO (vRealize Orchestrator) v7.3 but should work on any version of vRO

comments: 0 »

Hide Domain Dropdown vRO Package

Posted on 9th November 2018 in vRO Packages

This vRO (vRealize Orchestrator) package contains a workflow which will run a postgres query on the vRA appliance to hide the domain dropdown for a tenant login page.

vRA (vRealize Automation) tenant login page before:
tenant login page before

vRA (vRealize Automation) tenant login page after:
tenant login page after

Usage:
Download this: domaindropdown zip file
Extract the zip file to find the “org.cis.domaindropdown.package” file
Import this “.package” file into vRO (vRealize Orchestrator)

Note: This package was exported from vRO (vRealize Orchestrator) v7.3 but should work on any version of vRO

comments: 0 »

Generate Password vRO Package

Posted on 25th October 2018 in vRO Packages

This vRO (vRealize Orchestrator) package contains an action which will generate a random secure password.

Usage:
Download this: generatepassword zip file
Extract the zip file to find the “org.cis.generatepassword.package” file
Import this “.package” file into vRO (vRealize Orchestrator)

Note: This package was exported from vRO (vRealize Orchestrator) v7.3 but should work on any version of vRO

comments: 0 »

vRealize Orchestrator Packages

Posted on 25th October 2018 in vRO Packages

I have added a “vRO Packages” category to my blog so I can start to share some vRO (vRealize Orchestrator) packages containing useful code and features.

comments: 0 »

Sysprep Fails on Windows 2008 R2 with PowerShell 5.0 Installed

Posted on 29th December 2017 in VMware, Windows OS

I experienced this issue when working on a particular platform, it was a weird one so thought I would document it.

The issue:
I tried to deploy a VMware VM from a Windows 2008 R2 Template which had PowerShell 5.1 installed – Windows Management Framework (WMF) 5.0, however OS customisation would not complete. I tried to manually run sysprep within Windows too but that failed. Looking at the sysprep logs showed the error…

“Sysprep_Generalize_MiStreamProv: **** [gle=0x00000002]“

Thanks goes out to Ioan Popovici at sccm-zone.com for finding and documenting:
Fix Sysprep Error on Windows 2008 R2

The fix:
The fix was adding a registry entry to the Windows 2008 R2 Template.

Open regedit and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\StreamProvider.

Create a DWORD named LastFullPayloadTime and with the value 0.

comments: 0 »

vRealize Automation (vRA) 7.x Remote Console Issue

Posted on 10th July 2017 in VMware

I experienced this issue when working on a particular platform, it was a weird one so thought I would document it.

The issue:
When trying to remote console to a VM using the vRealize Automation (vRA) web portal it would fail with the message…

Cannot establish a remote console connection , verify that the machine is powered on if the server has self-signed certificate, you might need to accept certificate, then close and retry the connection.

This was a weird one as it was not an issue in any of the lab environments I was running on the same version, nor was it an issue on the existing vRealize Automation (vRA) 6.x in the same environment. It appears to affect any vRealize Automation (vRA) 7 version such as vRealize Automation (vRA) 7.0, vRealize Automation (vRA) 7.1, vRealize Automation (vRA) 7.2 and vRealize Automation (vRA) 7.3.

Multiple steps had been taken to diagnose, including putting everything on the same vlan as the vSphere hosts (bypassing firewalls & load balancers etc) but no matter what I did the issue remained.

The fix:
The fix was an undocumented timeout setting provided by the VMware engineering team. The default timeout setting is 10 secs (10000 ms).

Edit the /etc/vcac/security.properties file on the vRealize Automation appliance(s).

Add the below line to the end of the file and save.

consoleproxy.timeout.connectionInitMs=20000

Then restart the vcac service: service vcac-server start

comments: 0 »