Requirements for NSX Data Center for vSphere Deployment

In my previous post I shared NSX Data Center For vSphere Overview and  here I will cover the requirements to deploy NSX Data Center for vSphere . I share the hardware and software requirements and other components also .

To deploy NSX Data Center for vSphere we need to fulfill below requirements

  • NSX Manager Media
  • Compatible version of vCenter and vSphere
  • License for NSX Data Center for vSphere and vSphere Enterprise License
  • vSphere Distributed Switch (VDS)
  • vCenter Login credentials & Necessary resources to deploy NSX manager as per hardware requirements.
  • Static IP address and DNS record for NSX Manager.
  • Working Active Directory Domain , DNS , NTP
  • NTP server and vCenter, ESXi and NSX manager should use this NTP and all are in sync.

System Requirements


Below are the hardware requirements for NSX Data Center for vSphere appliances.

Hardware Requirements for Appliances
Appliance Memory vCPU Disk Space
NSX Manager 16 GB (24 GB for larger NSX Data Center for vSphere deployments) 4 (8 for larger NSX Data Center for vSphere deployments) 60 GB
NSX Controller 4 GB 4 28 GB
NSX Edge Compact: 512 MB Compact: 1 Compact, Large, Quad Large: 1 disk 584MB + 1 disk 512MB
(Distributed logical router is deployed as compact appliance) Large: 1 GB Large: 2 XLarge: 1 disk 584MB + 1 disk 2GB + 1 disk 256MB
Quad Large: 2 GB Quad Large: 4
X-Large: 8 GB X-Large: 6
Guest Introspection 2 GB 2 5 GB (Provisioned space is 6.26 GB)

Network Latency

You should ensure that the network latency between components is at or below the maximum latency described

Components Maximum latency
NSX Manager and NSX Controller nodes 150 ms RTT
NSX Manager and ESXi hosts 150 ms RTT
NSX Manager and vCenter Server system 150 ms RTT
NSX Manager and NSX Manager in a cross-vCenter NSX environment 150 ms RTT

Ports and Protocols Required by NSX Data Center for vSphere

The following ports must be open for NSX Data Center for vSphere to operate properly.

Note: If you have a cross-vCenter NSX environment and your vCenter Server systems are in Enhanced Linked Mode, each NSX Manager appliance must have the required connectivity to each vCenter Server system in the environment to manage any NSX Manager from any vCenter Server system

Source Target Port Protocol Purpose Sensitive TLS Authentication
Client PC NSX Manager 443 TCP NSX Manager Administrative Interface No Yes PAM Authentication
Client PC NSX Manager 443 TCP NSX Manager VIB Access No No PAM Authentication
ESXi Host vCenter Server 443 TCP ESXi Host Preparation No No
vCenter Server ESXi Host 443 TCP ESXi Host Preparation No No
ESXi Host NSX Manager 5671 TCP RabbitMQ No Yes RabbitMQ User/Password
ESXi Host NSX Controller 1234 TCP User World Agent Connection No Yes
NSX Controller NSX Controller 2878, 2888, 3888 TCP Controller Cluster – State Sync No Yes IPsec
NSX Controller NSX Controller 7777 TCP Inter-Controller RPC Port No Yes IPsec
NSX Controller NSX Controller 30865 TCP Controller Cluster – State Sync No Yes IPsec
NSX Manager NSX Controller 443 TCP Controller to Manager Communication No Yes User/Password
NSX Manager vCenter Server 443 TCP vSphere Web Access No Yes
NSX Manager vCenter Server 902 TCP vSphere Web Access No Yes
NSX Manager ESXi Host 443 TCP Management and provisioning connection No Yes
NSX Manager ESXi Host 902 TCP Management and provisioning connection No Yes
NSX Manager DNS Server 53 TCP DNS client connection No No
NSX Manager DNS Server 53 UDP DNS client connection No No
NSX Manager Syslog Server 514 TCP Syslog connection No No
NSX Manager Syslog Server 514 UDP Syslog connection No No
NSX Manager NTP Time Server 123 TCP NTP client connection No Yes
NSX Manager NTP Time Server 123 UDP NTP client connection No Yes
vCenter Server NSX Manager 80 TCP Host Preparation No Yes
REST Client NSX Manager 443 TCP NSX Manager REST API No Yes User/Password
VXLAN Tunnel End Point (VTEP) VXLAN Tunnel End Point (VTEP) 8472 (Before NSX 6.2.3) or 4789 (NSX 6.2.3 and later) UDP Transport network encapsulation between VTEPs No Yes
ESXi Host ESXi Host 6999 UDP ARP on VLAN LIFs No Yes
ESXi Host NSX Manager 8301, 8302 UDP DVS Sync No Yes
NSX Manager ESXi Host 8301, 8302 UDP DVS Sync No Yes
Guest Introspection VM NSX Manager 5671 TCP RabbitMQ No Yes RabbitMQ User/Password
Primary NSX Manager Secondary NSX Manager 443 TCP Cross-vCenter NSX Universal Sync Service No Yes
Primary NSX Manager vCenter Server 443 TCP vSphere API No Yes
Secondary NSX Manager vCenter Server 443 TCP vSphere API No Yes
Primary NSX Manager NSX Universal Controller Cluster 443 TCP NSX Controller REST API No Yes User/Password
Secondary NSX Manager NSX Universal Controller Cluster 443 TCP NSX Controller REST API No Yes User/Password
ESXi Host NSX Universal Controller Cluster 1234 TCP NSX Control Plane Protocol No Yes
ESXi Host Primary NSX Manager 5671 TCP RabbitMQ No Yes RabbitMQ User/Password
ESXi Host Secondary NSX Manager 5671 TCP RabbitMQ No Yes RabbitMQ User/Password

Software’s Required

First you have to check the VMware Product Interoperability Matrices  to know about the compatibility of current and earlier versions of  VMware vSphere components, including ESXi, VMware vCenter Server, and optional VMware products.

Refer release notes of  NSX Data Center for vSphere to understand the version features , known issues and fixes – VMware Docs

For an NSX Manager to participate in a cross-vCenter NSX deployment the following conditions are required:

Component Version
NSX Manager 6.2 or later
NSX Controller 6.2 or later
vCenter Server 6.0 or later
ESXi ESXi 6.0 or later
Host clusters prepared with NSX 6.2 or later VIBs

Client and User Access

The following items are required to manage your NSX Data Center for vSphere environment:

  • Forward and reverse name resolution. This is required if you have added ESXi hosts by name to the vSphere inventory, otherwise NSX Manager cannot resolve the IP addresses.
  • Permissions to add and power on virtual machines
  • Access to the datastore where you store virtual machine files, and the account permissions to copy files to that datastore
  • Cookies must be enabled on your Web browser to access the NSX Manageruser interface.
  • Port 443 must be open between the NSX Managerand the ESXi host, the vCenter Server, and the NSX Data Center for vSphere appliances to be deployed. This port is required to download the OVF file on the ESXi host for deployment.
  • A Web browser that is supported for the version of vSphere Web Clientyou are using. See “Using the vSphere Web Client” in the vCenter Server and Host Management documentation for details.
  • For information about using the vSphere Client(HTML5) on vSphere5 with NSX Data Center for vSphere 6.4, Refer vSphere client functionality support

NSX and vSphere Distributed Switches

In an NSX domain, VMware NSX Virtual Switch is the software that operates in server hypervisors to form a software abstraction layer between servers and the physical network.

NSX Virtual Switch is based on vSphere distributed switches (VDSs), which provide uplinks for host connectivity to the top-of-rack (ToR) physical switches. As a best practice, VMware recommends that you plan and prepare your vSphere Distributed Switches before installing NSX Data Center for vSphere.

NSX services are not supported on vSphere Standard Switch. VM workloads must be connected to vSphere Distributed Switches to use NSX services and features.

A single host can be attached to multiple VDSs. A single VDS can span multiple hosts across multiple clusters. For each host cluster that will participate in NSX, all hosts within the cluster must be attached to a common VDS.