Welcome to Part 3 of the NSX-T 3.0 Lab Federation Series.
In my Last Post I deployed a new NSX Manager appliance configured as the Global Manager to allow me to setup NSX-T Federation, in this post I’ll do the initial configuration and add in my two locations of DCA and DCB.
First up make sure the Global Manager is powered on 🙂
Then go ahead and login to the web console.
The first thing is to accept the license agreement at which point you’ll be prompted to add an NSX License. NSX-T Federation requires an Enterprise Plus license.
Either click on the MANAGER LICENSES link in the info box at the top or navigate to System, Licenses Then click + ADD
Enter a valid license key and click ADD you’ll then see the license appear in the list.
Next we need to make our Global Manager active and add our locations.
If you go to the System, System Overview page you will see the below message.
Click on the LOCATION MANAGER link or you can get to the same place from the System, Location Manager menu.
Click MAKE ACTIVE
Give the Global Manager a name and click SAVE
Wait for the status to read Active and the cluster to read STABLE.
This next part is only applicable if you have not yet set a VIP on your NSX Managers, to add the NSX Managers at each location we need to connect to the VIP FQDN or IP and not directly to an NSX Manager.
I covered the details on how to deploy a cluster and add a VIP in my 2.5 lab build post HERE But I’ll cover adding a VIP here as well.
Login to your local NSX Manager and navigate to System, Appliances then click SET VIRTUAL IP
Enter the VIP and click SAVE. It will take a few minutes to update the configuration.
Make sure to also add the VIP to DNS.
After a while the screen will refresh and the new VIP will be shown.
You can test it by connecting to the VIP or FQDN and logging in, repeat the process for your other local manager clusters in the other locations.
OK back to the Global NSX Manager.
Click on ADD ON-PREM LOCATION
Enter the Location Name, the FQDN or IP of the local NSX Manager VIP, the Username and Password. Next you will need the Thumbprint.
To get the thumbprint login to the NSX manager and run the command ‘get certificate cluster thumbprint’
NSXTMan01> get certificate cluster thumbprint ab9872ca9a663952b65012ea3eecb6fa42fd3aff447f994db55e1e8d3bfcba46
Copy the output and paste it into the SHA-256 Thumbprint box, then click CHECK COMPATIBILITY. You should see the correct NSX version of your local NSX Manager and a nice green tick. Click SAVE
If instead you see the error below then you have probably entered the FQDN/IP of the NSX Manager instead of the VIP so go ahead and correct that now.
Wait for the location Sync Status to say ‘Success’
Then repeat the process to add the other locations.
If we jump back to our local NSX Manager and refresh the page we will see a new menu option. Go to System, Location Manager and we can see the Synch status and details on our remote sites.
We can also reach the local NSX Managers UI from the Global Manager by using the drop-down menu at the top.
If we want to deploy the Global Managers as a cluster of three which we should for production we need to add the local vCenter Server as a Compute Manager on the Global Manager so that it can push out the ova and deploy the VM’s.
On the Global Manager navigate to System, Fabric, Compute Managers then click +ADD
Give it a Name, enter the FQDN or IP, change the Port if you need to, enter the Username and Password, you can leave the Thumbprint empty for now.
You can also Enable Trust, which trusts the compute manager for authentication, vCenter 7.0 is required for this.
Finally click ADD
Click ADD on the Thumbprint message
With that we are done. we can view of our Regions by going to Inventory, Regions we can see that we now have three Regions the DCA Region containing the DCA Location, the DCB Region containing the DCB location and also the Global region that consists of the DCA and DCB Locations.
In the next part we will start configuring our networking starting with the RTEPs.
NSX-T 3.0 Lab: Federation RTEP Configuration