I need to remove my first NSX-T Manager that I deployed in my test-environment. With other managers, you get the (easy) ability to do so from the GUI: But not for the one that was deployed as the first one in the cluster: (the option is missing). But it is still possible to do this. We need to manually detach the manager from the cluster, which can be done from one of the other managers. We log in to one…
A short post on (part of) the upgrade of NSX-T from within VCF, since this is not the first time I ran into this. It is most likely related to the fact that I run a nested ESXi environment, but someone else might run into the same issue. The biggest problem occurs when upgrading NSX-T as part of the VCF upgrade process. What happens when upgrading NSX-T manually is that you run a PreCheck. This will tell you if everything…
In this blog, I will be documenting the upgrade process of NSX-T to version 2.5. The first step in the upgrade process is to make sure that all versions of other components that I am running are compatible with version 2.5. To find this out, I use: https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&175=&2= This will show me the versions that are compatible. Below vCenter and NSX-T: and the same table is available for ESXi and NSX-T: With the same result, which was to be expected…
Now that we have learned the theory in Microsegmentation with NSX-T (part 1: methodology), we can look at the application of this methodology in practice. Methodology in action So after all this, let’s see a little bit of this methodology in action. First of all, it is important to know which traffic is flowing in the environment. An excellent tool to help in this respect, would be vRealize Network Insight, but not every organization is able to use this, so…
After a number of blogs on network-virtualization, I thought it was time to start writing some blogs on another of the major three use cases: Security, through micro-segmentation. In my line of work most organizations where I implement NSX (first V and now T) are primarily interested in the security aspects of the product. In my presentations on NSX I usually use two pictures to show what security is like in most traditional environments. It looks something like this: (for…
I learned something today, which in hindsight is obvious. Hopefully this helps someone that runs into the same “strange” (but not so strange) behavior. I created the following topology today, to prepare for some NSX-T demo I am giving tomorrow: What I (among other stuff) wanted to show, was that routing between Test-Segments “D” and “E” and “A”, “B” and “C”, is completely distributed. So when VM’s from the different segments live on the same host, no physical hops are…
So after using NSX-T for a while, with the built-in admin account, it is time to look into using RBAC for some granular control over who is allowed to do what, within NSX. So with NSX-T it isn’t as straight forward as it was in NSX-V. Integrating logins with AD requires a bit more work. With NSX-T it becomes necessary to work with the VMware Identity Manager. When looking at the ever-important Interoperability Matrix, we can see that the following version…
So apparently it has been 90 days since the deployment of NSX-T and therefor, time for the admin password to expire ;): Unfortunately, this doesn’t give you the opportunity to login and then change the password (a feature I would really appreciate), but a reset is necessary. In the online documentation (https://docs.vmware.com/en/VMware-NSX-T-Data-Center/2.4/administration/GUID-8816B842-2EC4-40A8-A618-F68DB29FABD2.html) the reset is done through a reboot into single user mode of one of the appliances and reset the password. However, in the online documentation one of the…
So, as you may know, I am from the Netherlands (or Holland, although technically I am not, but that is a different discussion ;)). So within my lab-environment I sometimes use Dutch as the language-setting, for instance within Firefox, the browser I use(d) to configure NSX-T. But this issue also occurs in Chrome. Within IE (although I only used that to test if it was affected by this ;)), the page doesn’t load at all. When I try to open…
So after I looked at the installation, the fabric and routing and switching, it is time to take a look at the higher level networking functions within NSX-T, like Load Balancing. The functionality itself has not changed very much since NSX-T (compared to V), but the way that it is consumed is different.
As described in an earlier blog (Routing with NSX-T (part 1)), NSX-T uses multiple entities within it’s fabric. Two of which being tier-0 and tier-1 gateways and load balancing can only exist on a tier-1 gateway. So when you use Load Balancing within NSX-T you have to deploy both tier-0 and tier-1 components.