One of the really great new features of NSX-T 3.0 and higher is the introduction of the Global Manager appliance. With the global manager appliance, you have access to the really cool new features in NSX-T 3 such as NSX Federation. In this post, let’s take a quick look at VMware NSX-T global manager appliance install and getting started adding your NSX-T managers to the global manager.

What is NSX-T Data Center Federation?

With NSX-T Data center federation, you can manage multiple NSX-T data center environments from a single dashboard for seamless management. This allows creating gateways and segments that span more than one location as well as creating/enforcing firewall rules across locations. This simple addition to the NSX-T 3.0 release is extremely powerful and gives networking and security admins what they have been asking for quite some time with NSX-T.

A Federation environment includes two types of management systems:

  • Global Manager: a system similar to NSX Manager that federates multiple Local Managers.
  • Local Manager: an NSX Manager system in charge of network and security services for a location.

Regarding configuration, a couple of points to note:

  • Configurations that are created on the Global Manager are read-only on the Local Managers. Configurations on the Local Managers are not synced with the Global Manager.
  • The Global Manager syncs a configuration with a Local Manager only if the configuration is relevant to that location. For example, if you create a tier-0 gateway and add it to Location 1, Location 2, and Location 3, the configuration is synced with all three Local Managers.

To understand more of the specifics with NSX Federation, check out the KB here:

VMware NSX-T Global Manager Appliance Install

What are the steps involved to install the NSX-T Global manager appliance? This is an additional deployment of the Global Manager appliance OVA in your environment and selecting the special global manager role during deployment.

I won’t bore you with screenshots of the rest of the OVA deployment, however, below, step 8 Customize template is where you choose to deploy the NSX Global Manager instead of a normal NSX-T Manager.

Selecting-the-NSX-Global-Manager-rolename-under-the-network-properties-of-the-NSX-T-unified-appliance-OVA VMware NSX-T Global Manager Appliance Install
Selecting the NSX Global Manager rolename under the network properties of the NSX-T unified appliance OVA

Once you have deployed the NSX Global manager, you will need to make it active. This is done by navigating to Local Manager under System and selecting the Make Active link there.

Make-the-global-manager-appliance-active VMware NSX-T Global Manager Appliance Install
Make the global manager appliance active

Once you select o make the NSX Global Manager active, you enter a Global Manager name. Click Save.

Enter-the-global-manager-name VMware NSX-T Global Manager Appliance Install
Enter the global manager name

Adding NSX-T Global Manager locations

The next step is adding NSX-T Global Manager locations. This is done on the same screen as making the Global Manager active under the Location Manager > Add New Location area.

Add-another-location-to-your-NSX-global-manager VMware NSX-T Global Manager Appliance Install
Add another location to your NSX global manager

On the Add New Location screen, you enter the location name, FQDN/IP, username, password, and SHA-256 Thumprint. In case you are wondering how you can get the thumbprint of the existing NSX-T Manager, from one of the NSX-T manager appliances in your cluster, you can type:

get certificate cluster thumbprint

Once you have the information filled in, select the Check Compatibility button. Once compatibility is verified, click the Save button.

Enter-connection-information-for-the-NSX-Manager-and-check-compatibility VMware NSX-T Global Manager Appliance Install
Enter connection information for the NSX Manager and check compatibility

The new location addition will synchronize and should show up as successful after a few moments.

Secondary-NSX-site-is-added-successfully-to-the-NSX-global-manager VMware NSX-T Global Manager Appliance Install
Secondary NSX site is added successfully to the NSX global manager

After adding the secondary location, you will see the locations show up under the system overview. This will include the global manager and the Secondary site. From one dashboard you can see sync status, etc.

System-overview-of-NSX-environment-now-displays-both-locations VMware NSX-T Global Manager Appliance Install
System overview of NSX environment now displays both locations

Under the security overview, you will see under the location dropdown, you will note you can select between all locations as well as your various NSX Manager appliances and their respective locations.

Security-configuration-now-shows-all-locations-or-individually-selected-sites VMware NSX-T Global Manager Appliance Install
Security configuration now shows all locations or individually selected sites

Wrapping Up

The NSX Manager global appliance is easy to spin up and allows quickly getting up and running with adding additional locations to the appliance and beginning to manage your NSX environment under a single-pane-of-glass interface. This will help to simplify environments with multiple sites configured with NSX and keeping a streamlined, consistent policy configured across sites.