NSX-T

Overview

VMware NSX-T offers network virtualization allowing for creation and management of software-based virtual networks in an efficient and programmatic way. Morpheus offers a full-featured integration with NSX-T, exposing its networking abstractions in the following sections of the Morpheus NSX-T integration:

  • SUMMARY
  • TRANSPORT ZONES
  • SEGMENTS
  • FIREWALL
  • TIER-1 GATEWAYS
  • TIER-0 GATEWAYS

This guide goes through the process of integrating an existing NSX-T installation with Morpheus and working with the associated objects synced in with the integration. For more on installing NSX-T and an overview of its concepts, please review the NSX-T overview documentation provided by VMware.

Add NSX-T Integration to Morpheus

  1. Navigate to Infrastructure > Network > Integrations
  2. Select Select + ADD > VMWare NSX-T
  3. Enter the following:
    • NAME: Name for the NSX Integration in Morpheus
    • API HOST: URL of the NSX Manager (ex. https://x.x.x.x/api)
    • USERNAME: NSX Manager Admin Username
    • PASSWORD: NSX Manager Admin password
    • VMWARE CLOUD: Select the existing VMware cloud associated with this NSX integration
  4. Select ADD NETWORK INTEGRATION

Once the NSX Integration is added Morpheus will sync in existing Transport Zones, Segments, firewall groups and rules, and Gateways. We can also manage these synced items from within Morpheus UI, including the ability to create, edit, and delete them.

Summary View

The SUMMARY tab contains the default view when accessing an NSX-T integration. From the summary view we can see the health status of the NSX-T server, and details about interfaces and group status.

Transport Zones

Access Transport Zones by navigating to Infrastructure > Networks > Integrations > (Your NSX-T Integration) > Transport Zones tab. We can delete Transport Zones by clicking on the trash can icon to the far right of each list item. The default view lists each Transport Zone and provides the following information about them:

  • NAME: The given name for the Transport Zone
  • DESCRIPTION: A given description value (if available)
  • TRAFFIC TYPE: “Overlay” or “VLAN”
  • N-VDS NAME: The name of the NSX-managed virtual distributed switch
  • STATUS: An icon indicating the current status of the Transport Zone
  • HOST MEMBERSHIP CRITERIA: “Standard” or “Enhanced Datapath”

Creating NSX-T Transport Zones

  1. Navigate to Infrastructure -> Network
  2. Select the Integrations tab
  3. Select the name of NSX-T integration
  4. Select the Transport Zones tab
  5. Select + CREATE NSX-T TRANSPORT ZONE
  6. After completing the required fields and any desired optional fields, click + CREATE

Segments

Access Segments by navigating to Infrastructure > Networks > Integrations > (Your NSX-T Integration) > Segments tab. We can delete Segments by clicking on the trash can icon to the far right of each list item or edit them by clicking on the pencil icon. The default view lists each Segment and provides the following information about them:

  • STATUS: An icon indicating the current status of the Transport Zone
  • NAME: The given name for the Segment
  • TRAFFIC TYPE: “Overlay” or “VLAN”
  • N-VDS NAME: The name of the NSX-managed virtual distributed switch
  • STATUS: An icon indicating the current status of the Transport Zone
  • HOST MEMBERSHIP CRITERIA: “Standard” or “Enhanced Datapath”

Creating NSX-T Segments

  1. Navigate to Infrastructure -> Network
  2. Select the Integrations tab
  3. Select the name of NSX-T integration
  4. Select the Segments tab
  5. Select + CREATE NSX-T SEGMENT
  6. Complete the fields in the CREATE NETWORK modal
  7. Click SAVE CHANGES

Note

NSX-T Segments can be scoped to specific Groups and Tenants when creating or editing the Segment.

Firewall

Access firewalls by navigating to Infrastructure > Networks > Integrations > (Your NSX-T Integration) > Firewall tab. We can delete firewall groups by clicking on the trash can item at the end of each row. Additionally each group can be expanded (when applicable) to reveal the firewall rules within the group. Individual rules can be edited or deleted by clicking on pencil or trash can icon at the end of the row. The default view lists each Segment and provides the following information about them:

  • NAME: The name of the rule or group within Morpheus
  • CATEGORY: “Ethernet”, “Emergency”, “Infrastructure”, “Environment”, or “Application”
  • ENABLED: Applies only to rules, the rule is enabled when the check mark is present
  • POLICY: Applies only to rules, “Allow”, “Drop”, or “Reject”
  • DIRECTION: Applies only to rules, “In”, “Out”, or “In-Out”
  • SOURCE: Applies only to rules, “Any”, by default
  • DESTINATION: Applies only to rules, “Any”, by default
  • APPLICATION: Applies only to rules, “Any”, by default

Creating NSX-T Firewall Groups

  1. Navigate to Infrastructure -> Network
  2. Select the Integrations tab
  3. Select the name of NSX-T integration
  4. Select the Firewall tab
  5. Select ACTIONS
  6. Select Create Group
  7. Complete the fields in the CREATE GROUP modal:
    • NAME: The name of the rule or group within Morpheus
    • DESCRIPTION: An optional description value for the group
    • CATEGORY: “Ethernet”, “Emergency”, “Infrastructure”, “Environment”, or “Application”
  8. Click SAVE CHANGES

Creating NSX-T Firewall Rules

  1. Navigate to Infrastructure -> Network
  2. Select the Integrations tab
  3. Select the name of NSX-T integration
  4. Select the Firewall tab
  5. Select ACTIONS
  6. Select Create Rule
  7. Complete the fields in the CREATE RULE modal:
    • NAME: The name of the rule or group within Morpheus
    • DESCRIPTION: An optional description value for the rules
    • ENABLED: Rule is enforced when checked
    • DIRECTION: “In”, “Out”, or “In-Out”
    • SOURCES: “Any”, by default
    • DESTINATIONS: “Any”, by default
    • SERVICES: “Any”, by default
    • PROFILES: “Any”, by default
    • SCOPES: “Any”, by default
    • POLICY: “Allow”, “Drop”, or “Reject”
  8. Click + CREATE

Tier-1 Gateways

Access Tier-1 Gateways by navigating to Infrastructure > Networks > Integrations > (Your NSX-T Integration) > Tier-1 Gateways tab. We can edit a Gateway by clicking the pencil icon in each row or delete the Gateway by clicking on the trash can icon. The default page for Tier-1 Gateways displays the following information on each:

  • STATUS: An icon indicating the status of each gateway
  • NAME: The given name of the gateway
  • DESCRIPTION: An optional description value for the gateway

Creating Tier-1 Gateways

  1. Navigate to Infrastructure -> Network
  2. Select the Integrations tab
  3. Select the name of NSX-T integration
  4. Select the Tier-1 Gateways tab
  5. Select + CREATE NSX-T TIER-1 GATEWAY
  6. Complete the fields in the ADD NETWORK ROUTER modal:
    • GROUP: If desired, scope the Tier-1 Gateway to a Morpheus Group
    • NAME: The name of the Tier-1 Gateway within Morpheus
    • ENABLED: Tier-1 Gateway is available for use when checked
    • TIER-0 Gateway: Select an existing and enabled Tier-0 Gateway
    • EDGE CLUSTER: Select an existing Edge Cluster
  7. Make selections as needed in the “Route Advertisement” section
  8. Click ADD NETWORK ROUTER

Tier-0 Gateways

Access Tier-0 Gateways by navigating to Infrastructure > Networks > Integrations > (Your NSX-T Integration) > Tier-0 Gateways tab. We can edit a Gateway by clicking the pencil icon in each row or delete the Gateway by clicking on the trash can icon. The default page for Tier-0 Gateways displays the following information on each:

  • STATUS: An icon indicating the status of each gateway
  • NAME: The given name of the gateway
  • DESCRIPTION: An optional description value for the gateway

Creating Tier-0 Gateways

  1. Navigate to Infrastructure -> Network
  2. Select the Integrations tab
  3. Select the name of NSX-T integration
  4. Select the Tier-0 Gateways tab
  5. Select + CREATE NSX-T TIER-0 GATEWAY
  6. Complete the fields in the ADD NETWORK ROUTER modal:
    • GROUP: If desired, scope the Tier-0 Gateway to a Morpheus Group
    • NAME: The name of the Tier-0 Gateway within Morpheus
    • ENABLED: Tier-1 Gateway is available for use when checked
    • HA MODE: “Active Active” or “Active Standby”
    • EDGE CLUSTER: Select an existing Edge Cluster
  7. Make selections as needed in the routing and BGP sections
  8. Click ADD NETWORK ROUTER