Onboard a local NSX Manager to NSX+

Before you can onboard your local NSX Manger to NSX+, you need to make sure that you have a local user created with the NSX+ Onboarding role assigned (a new role in NSX 4.1.1, the first supported NSX version with NSX+). You cannot use the built-in admin account for onboarding.

In the NSX Manager’s UI, navigate to System Settings User Management > Local Users and click Add > Local User.

Set the username (nsxplususer in this example).

Click Save.

Click the three vertical dots next to the new user.

Select Activate User.

Set an appropriate password and click the Save button.

Click on the User Role Assignment tab.

Click the three vertical dots next to the new user.

Select Edit.

Click the 1 in the Roles column.

Click the Add Role button.

Click the Select Role dropdown.

Select the NSX+ Onboarding role.

Click the Add button.

Click the Apply button.

Click the Save button.

It is also worth noting that if you plan to onboard your local NSX Manager by FQDN, the FQDN of the NSX cluster VIP must be resolvable by the VCGW appliance.

With the local NSX manager configured, you need to go back to CSP to complete the onboarding.

In CSP, click the Launch Service link on the NSXPlus tile.

You should see a page similar to the following which shows an instance created with 0 LMs or SDDCs onboarded.

If you click on the instance, you will see more details. From this page, click on the Actions dropdown menu.

Select Add New Sites.

As long a you’re not onboarding an SDDC via VMC on AWS, click the Next button.

Enter a meaningful name for the site under Site Name. Enter the FQDN or IP address for the VIP of the LM cluster under FQDN/IP. Enter the username and password that were configured for NSX+ onboarding in the Username and Password fields. Select the appropriate VCGW and geographic location in the Cloud Gateway and Location fields.

Click the Next button.

You will see the status change from Prepare for Onboarding to Certificate fetch in progress.

You should eventually see the status change to Accept Certificate.

Click the Accept Certificate button.

If the certificate information looks accurate, click the Accept button.

The status will change to Registration in progress.

While this is happening, you should see two new containers running on the VCGW appliance, specifically related to NSX+.

docker ps | grep nsx
CONTAINER ID   IMAGE                                           COMMAND                  CREATED          STAT
US          PORTS                NAMES
c7aed2bb0191   a24c8db885c1                                    "/start-scripts/entr"    2 minutes ago    Up 2
minutes     8080/tcp             atlas-nsx-agent-a24c8db885c1
72fdba263f29   b8164133bb85                                    "./start.sh"             5 minutes ago    Up 5
 minutes    8080/tcp             nsx-discovery-agent-b8164133bb85

Eventually, the status will change to Compatible, To be Onboarded.

You can choose to onboard more than one local NSX Manager at a time here via the Add NSX Manager button if you like (I only did one at a time).

Click the Next button.

This is a very important warning as its letting you know that there is no going back to non-NSX+-managed local NSX manager after they are onboarded. Click Continue to proceed if you’re okay with this.

Click the Save button.

Initially, there is not much indication that onboarding is happening but after a short while you will see the Deployment State change to In Progress.

You should see the On-premises count go to 1 and the Deployment State change to Success after a short while.

If you click the 1 next to Subscriptions, you will see more detailed information about how many sites are using the Applied Subscription (one in this example as we have only onboarded a single local NSX manager).

At the top of the NSX+ UI, under the Global dropdown, you should now see an entry for the Instance that was deployed and a count of 1 On-Prem local NSX manager onboarded.

Select the NSX+ Instance (EPSG Pre-Prod Trial Instance in this example) to get access to it.

If you go to the Networking tab, you will see nearly the same interface as when using the local NSX manager UI.

Note that the View is showing NSX+ Tier-0 Gateways. Since none have been created yet, there are none displayed. If you change the View to EPSG-Site-A, you will see the details for a Tier-0 Gateway that was created on the local NSX manager prior to onboarding to NSX+

Leave a Comment

Your email address will not be published. Required fields are marked *