vRealize Automation 7.2 Lab – vSphere 6.0 and NSX 6.2.4 Preparation
As mentioned in the previous blog, I am setting up a vRealize Automation 7.2 environment for lab testing in order to test out the new features in the version 7.2. But as mentioned before, currently there are no supported NSX version which can be working with vSphere 6.5 yet. This is why I am testing the vRA 7.2 + vSphere 6.0 + NSX 6.2.4 in my lab. And following guide provide a quick high light steps on how you can prepare your vSphere 6.0 + NSX 6.2.4 environment. We would proceed to the vRA 7.2 initial setup in the next Blog Post.
Yet, I’m not going to do a step by step configuration for the vCenter Server and ESXi Hosts. I think those are more than trivial for you to perform it, especially when the vCenter Server Appliance provides such a simple way for deployment. I assume you have already done the following things:
- Install a vCenter Server
- Setup at least two ESXi Hosts (for NSX VXLAN testing)
- Shared Storage between the ESXi
I can confirm you that all of the above can actually build on Nested environment. So you don’t really need a physical storage to be shared among hosts. You can just use freenas, open filer…etc stuffs.
vSphere and NSX preparation
Assuming you’ve already deployed the above stuffs. First and foremost, you have to add the ESXi Hosts into the vCenter. It’s important that if you are using cluster to groups your ESXi hosts, do enable DRS and ensure it’s in Fully Automated Mode. I do hit some issue before, if the mode is manual or partial automated.
Afterwards, you have to create a vDS for the ESXi hosts to connect to. This is needed for NSX VXLAN deployment. You may worry about doesn’t this mean only vSphere Enterprise Plus Edition can use NSX? NO, VMware Support vSphere Standard and Enterprise Edition to use vDS if and only if you are using NSX on top. This is tricky in configuration, as if you are familiar with the vDS creation and deployment, you should know we actually needed to:
- Create vDS on the vCenter
- Add Host into the vDS
So the 1st step is always okay, as vDS is a vCenter object but NOT ESXi one. So you can actually create as many as vDS you like. But the problem is in 2nd Step, you need to add ESXi hosts into the vDS for management. And this is the step where vSphere (Web) Client would check your ESXi license, if you are using Standard or Enterprise Licenses, actually you cannot add in those hosts. So… how can you use Standard Edition vSphere with NSX?! Well, you need an extra step in-between as following:
- Create vDS on the vCenter
- Configure NSX and “prepare” the Hosts with Standard Edition Licenses
- Add Host into the vDS
You will notice that after preparing your hosts with NSX, you would be allowed when trying to add the host into the vDS. DO NOT underestimate the difference in configuration order. As i DID… I got a really painful experience in it. So let’s recap what have I done “wrongly”.
NSX support vSphere Enterprise and Standard Edition Licenses
Well I was adhere to the message above, SO I think i could ignore the setup steps by using trial licenses on vSphere first which allow me using vDS and adding Hosts with trial license into the vDS. And I happily configure the NSX stuffs on top using the vDS, including all the transport zone, logical switches, routers… etc. And afterwards, I tried to CHANGE the license attaching to the ESXi. Well, and this is the Step I failed…
When I tried to Assign Standard Licenese
Even I click 2000 times… it still fails
You will find the above warning. You cannot by pass it and add the Std or Enterprise Edition License. So what (You) I have to do. I need to revert everything to detach the vDS from the host in order to change the licenses. Everything, I mean all the Edge Gateways, Logical Routers, Switches, Transport Zone, NSX Agent… etc.
THUS CAUTION! So If you are using Standard, Advance or Enterprise Licenses, DO assign the licenses before you are configuring the NSX stuffs.
Step by Step Configuration of vSphere and NSX
Let’s get back to the vSphere preparation and NSX Deployment for VRA integration. As said, we need to create vDS for NSX to run VXLAN on it. So you would need to setup a VDS at vSphere level.
Login the vSphere Client and Create a new vDS
Then choose “Add and Manage Hosts” to “Add hosts” under the management with vDS
Select the two hosts you would like the NSX to cover
You would just need to manage the Physical Adapters of the hosts, but not other options
Here, I use two uplinks of each hosts.
Well, you are all done and ready for the NSX deployment. So let’s start working on the NSX deployment and configuration. NSX deployment is not that difficult, you would need to deploy the NSX Manager OVA into the vCenter first and boot it up.
After boot up the deployed OVA, you can go to the http://<NSX-MGR> to perform the vCenter Registration. Click the “Manage vCenter Registration” after login.
Click Edit to configure the Lookup Service URL which is the SSO server. And input all the necessary credential for bot the Upper and Lower sessions.
Confirm the SSL certificate warnings
On successful registration, you can see the following screen. Remember that the Lookup service URL is using 443 in vSphere 6.X but 7443 in 5.X
So after the initial configuration, we need to go back to the vSphere Client to continue the setup
Go back to vSphere Web Client
You definitely need to log out and log in again the web client to discover the new icon “Networking and security” in the Web Client. That’s the entry point for manage and configure NSX.
On clicking the “Networking and Security” Icon, you will enter the NSX configuration page. While “Dashboard” is a new tab since version 6.2.3 (deprecated) to let you having an overview of NSX healthiness
To begin the initial setup. Go to Installation > Management. You need to deploy the NSX Controller Nodes IF you are using unicast VXLAN. Yes, if you are using multicast VXLAN, you don’t need it. Anyway, as VMware recommends using unicast. Thus just deploy it.
You got to define the IP Pool and Deployment location. This IP Pool should be in a subnet that communicable to the management network of the ESXi hosts for the agent communication.
Click OK to confirm the deployment
Wait for the completion of controller
Then you can proceed to the “Host Preparation” tab. This is the step you need to do before adding the host into the vDS if you are using Standard, Advance or Enterprise Edition vSphere. You can click the gear icon and choose install.
Confirm the setup by click “Yes”
Likely, if you really following my instruction, you can see nothing. As your NSX is not yet licensed. So… Go back to the licensing icon to give your NSX a Valid License
Return to the Host Preparation tab and Install the agent. After the installation, only Firewall and Installation Status is ticked. But VXLAN is yet configured and this is why you need to proceed by clicking the “Not Configured” link under the VXLAN column.
Here, we define the VTEP IP for the ESXi. VTEP IP is used for building the underlaying network communication while VXLAN is the overlying network. So if VTEP IP are communicable thru’ Layer 2 or Layer 3, we can build a new Layer 2 over the underlaying network. And this is how VXLAN works like. So we need to choose “Use IP Pool” to define the IP we use for VTEP IP.
This can be an isolated subnet as said, we just need the hosts communicating thru’ the VTEP IP in between. So Layer 2 or Layer 3 are both good.
But you need to be careful on selecting VMKNic Teaming Policy. Using “Fail Over” will let you having 1 VTEP IP per host and this is a easy approach but if you are equipping 4 uplinks… then only one will be in use. So, I would use “Load Balance – SRCID” to let the ESXi having one VTEP IP on each of the Uplinks. This let your traffic load balanced in all the uplinks you have but simplify the LACP configuration.
Click OK to confirm the setup and you can see the VXLAN is ticked too
You can proceed to the “Logical Network Preparation” tab and review the VXLAN configuration and VTEP IP Assigned.
VXLAN is like VLAN, we need Network IDs for them. For VXLAN we recommend to start from 5000 which is > 4096 (max of VXLAN) to denote the different, yet this is not necessary as they are two different tagging which will not be conflicting.
So here, I just simply define VXLAN 5000-15000 and this give me 10001 network I could create already.
Finally, we need to click the Transport Zone to create a Zone which define the scope of the VXLAN, i.e. how wide the VXLAN can span across
GREAT! The NSX configuration is all done. You can then create a Layer 2 Network with VXLAN to test for the connectivity.
You can do this by clicking the “Logical Switches” on the left hand side and create a new Logical Network. In create the Logical Switch which is a Layer 2 network, you need to define the Transport zone.
After creation, click the Logical Switch. You can test the connectivity easily by going to “Monitor” and do the Ping Test across hosts
Or by Broadcast, which is useful for a large cluster testing
Finally, we are ready. vCenter 6.0 and NSX 6.2.4 are configured and integrated for the vRealize Automation 7.2 consumption. In the Next Blog, I will go back to the vRealize Automation 7.2 to setup the integration. Stay tune.