In my previous post I shared NSX Data Center For vSphere Overview and here I will cover the requirements to deploy NSX Data Center for vSphere . I share the hardware and software requirements and other components also .
To deploy NSX Data Center for vSphere we need to fulfill below requirements
- NSX Manager Media
- Compatible version of vCenter and vSphere
- License for NSX Data Center for vSphere and vSphere Enterprise License
- vSphere Distributed Switch (VDS)
- vCenter Login credentials & Necessary resources to deploy NSX manager as per hardware requirements.
- Static IP address and DNS record for NSX Manager.
- Working Active Directory Domain , DNS , NTP
- NTP server and vCenter, ESXi and NSX manager should use this NTP and all are in sync.
System Requirements
Below are the hardware requirements for NSX Data Center for vSphere appliances.
| Hardware Requirements for Appliances | |||
| Appliance | Memory | vCPU | Disk Space |
| NSX Manager | 16 GB (24 GB for larger NSX Data Center for vSphere deployments) | 4 (8 for larger NSX Data Center for vSphere deployments) | 60 GB |
| NSX Controller | 4 GB | 4 | 28 GB |
| NSX Edge | Compact: 512 MB | Compact: 1 | Compact, Large, Quad Large: 1 disk 584MB + 1 disk 512MB |
| (Distributed logical router is deployed as compact appliance) | Large: 1 GB | Large: 2 | XLarge: 1 disk 584MB + 1 disk 2GB + 1 disk 256MB |
| Quad Large: 2 GB | Quad Large: 4 | ||
| X-Large: 8 GB | X-Large: 6 | ||
| Guest Introspection | 2 GB | 2 | 5 GB (Provisioned space is 6.26 GB) |
Network Latency
You should ensure that the network latency between components is at or below the maximum latency described
| Components | Maximum latency |
| NSX Manager and NSX Controller nodes | 150 ms RTT |
| NSX Manager and ESXi hosts | 150 ms RTT |
| NSX Manager and vCenter Server system | 150 ms RTT |
| NSX Manager and NSX Manager in a cross-vCenter NSX environment | 150 ms RTT |
Ports and Protocols Required by NSX Data Center for vSphere
The following ports must be open for NSX Data Center for vSphere to operate properly.
Note: If you have a cross-vCenter NSX environment and your vCenter Server systems are in Enhanced Linked Mode, each NSX Manager appliance must have the required connectivity to each vCenter Server system in the environment to manage any NSX Manager from any vCenter Server system
| Source | Target | Port | Protocol | Purpose | Sensitive | TLS | Authentication |
| Client PC | NSX Manager | 443 | TCP | NSX Manager Administrative Interface | No | Yes | PAM Authentication |
| Client PC | NSX Manager | 443 | TCP | NSX Manager VIB Access | No | No | PAM Authentication |
| ESXi Host | vCenter Server | 443 | TCP | ESXi Host Preparation | No | No | |
| vCenter Server | ESXi Host | 443 | TCP | ESXi Host Preparation | No | No | |
| ESXi Host | NSX Manager | 5671 | TCP | RabbitMQ | No | Yes | RabbitMQ User/Password |
| ESXi Host | NSX Controller | 1234 | TCP | User World Agent Connection | No | Yes | |
| NSX Controller | NSX Controller | 2878, 2888, 3888 | TCP | Controller Cluster – State Sync | No | Yes | IPsec |
| NSX Controller | NSX Controller | 7777 | TCP | Inter-Controller RPC Port | No | Yes | IPsec |
| NSX Controller | NSX Controller | 30865 | TCP | Controller Cluster – State Sync | No | Yes | IPsec |
| NSX Manager | NSX Controller | 443 | TCP | Controller to Manager Communication | No | Yes | User/Password |
| NSX Manager | vCenter Server | 443 | TCP | vSphere Web Access | No | Yes | |
| NSX Manager | vCenter Server | 902 | TCP | vSphere Web Access | No | Yes | |
| NSX Manager | ESXi Host | 443 | TCP | Management and provisioning connection | No | Yes | |
| NSX Manager | ESXi Host | 902 | TCP | Management and provisioning connection | No | Yes | |
| NSX Manager | DNS Server | 53 | TCP | DNS client connection | No | No | |
| NSX Manager | DNS Server | 53 | UDP | DNS client connection | No | No | |
| NSX Manager | Syslog Server | 514 | TCP | Syslog connection | No | No | |
| NSX Manager | Syslog Server | 514 | UDP | Syslog connection | No | No | |
| NSX Manager | NTP Time Server | 123 | TCP | NTP client connection | No | Yes | |
| NSX Manager | NTP Time Server | 123 | UDP | NTP client connection | No | Yes | |
| vCenter Server | NSX Manager | 80 | TCP | Host Preparation | No | Yes | |
| REST Client | NSX Manager | 443 | TCP | NSX Manager REST API | No | Yes | User/Password |
| VXLAN Tunnel End Point (VTEP) | VXLAN Tunnel End Point (VTEP) | 8472 (Before NSX 6.2.3) or 4789 (NSX 6.2.3 and later) | UDP | Transport network encapsulation between VTEPs | No | Yes | |
| ESXi Host | ESXi Host | 6999 | UDP | ARP on VLAN LIFs | No | Yes | |
| ESXi Host | NSX Manager | 8301, 8302 | UDP | DVS Sync | No | Yes | |
| NSX Manager | ESXi Host | 8301, 8302 | UDP | DVS Sync | No | Yes | |
| Guest Introspection VM | NSX Manager | 5671 | TCP | RabbitMQ | No | Yes | RabbitMQ User/Password |
| Primary NSX Manager | Secondary NSX Manager | 443 | TCP | Cross-vCenter NSX Universal Sync Service | No | Yes | |
| Primary NSX Manager | vCenter Server | 443 | TCP | vSphere API | No | Yes | |
| Secondary NSX Manager | vCenter Server | 443 | TCP | vSphere API | No | Yes | |
| Primary NSX Manager | NSX Universal Controller Cluster | 443 | TCP | NSX Controller REST API | No | Yes | User/Password |
| Secondary NSX Manager | NSX Universal Controller Cluster | 443 | TCP | NSX Controller REST API | No | Yes | User/Password |
| ESXi Host | NSX Universal Controller Cluster | 1234 | TCP | NSX Control Plane Protocol | No | Yes | |
| ESXi Host | Primary NSX Manager | 5671 | TCP | RabbitMQ | No | Yes | RabbitMQ User/Password |
| ESXi Host | Secondary NSX Manager | 5671 | TCP | RabbitMQ | No | Yes | RabbitMQ User/Password |
Software’s Required
First you have to check the VMware Product Interoperability Matrices to know about the compatibility of current and earlier versions of VMware vSphere components, including ESXi, VMware vCenter Server, and optional VMware products.
Refer release notes of NSX Data Center for vSphere to understand the version features , known issues and fixes – VMware Docs
For an NSX Manager to participate in a cross-vCenter NSX deployment the following conditions are required:
| Component | Version |
| NSX Manager | 6.2 or later |
| NSX Controller | 6.2 or later |
| vCenter Server | 6.0 or later |
| ESXi | ESXi 6.0 or later |
| Host clusters prepared with NSX 6.2 or later VIBs |
Client and User Access
The following items are required to manage your NSX Data Center for vSphere environment:
- Forward and reverse name resolution. This is required if you have added ESXi hosts by name to the vSphere inventory, otherwise NSX Manager cannot resolve the IP addresses.
- Permissions to add and power on virtual machines
- Access to the datastore where you store virtual machine files, and the account permissions to copy files to that datastore
- Cookies must be enabled on your Web browser to access the NSX Manageruser interface.
- Port 443 must be open between the NSX Managerand the ESXi host, the vCenter Server, and the NSX Data Center for vSphere appliances to be deployed. This port is required to download the OVF file on the ESXi host for deployment.
- A Web browser that is supported for the version of vSphere Web Clientyou are using. See “Using the vSphere Web Client” in the vCenter Server and Host Management documentation for details.
- For information about using the vSphere Client(HTML5) on vSphere5 with NSX Data Center for vSphere 6.4, Refer vSphere client functionality support
NSX and vSphere Distributed Switches
In an NSX domain, VMware NSX Virtual Switch is the software that operates in server hypervisors to form a software abstraction layer between servers and the physical network.
NSX Virtual Switch is based on vSphere distributed switches (VDSs), which provide uplinks for host connectivity to the top-of-rack (ToR) physical switches. As a best practice, VMware recommends that you plan and prepare your vSphere Distributed Switches before installing NSX Data Center for vSphere.
NSX services are not supported on vSphere Standard Switch. VM workloads must be connected to vSphere Distributed Switches to use NSX services and features.
A single host can be attached to multiple VDSs. A single VDS can span multiple hosts across multiple clusters. For each host cluster that will participate in NSX, all hosts within the cluster must be attached to a common VDS.
