NSX

Overview

VMware NSX offers network virtualization allowing for creation and management of software-based virtual networks in an efficient and programmatic way. Morpheus offers a full-featured integration with NSX, including Project scoping for NSX 4+ integrations. Morpheus will ingest and expose its networking abstractions in the following sections of the Morpheus NSX integration:

  • SUMMARY

  • TRANSPORT ZONES

  • DHCP

  • SEGMENTS

  • FIREWALL

  • TIER-1 GATEWAYS

  • TIER-0 GATEWAYS

  • EDGE CLUSTERS

  • GROUPS

This guide goes through the process of integrating an existing NSX installation with Morpheus and working with the associated objects synced in with the integration. For more on installing NSX and an overview of its concepts, please review the NSX overview documentation provided by VMware.

NSX Projects

Projects in NSX are analogous to tenants in other products and are a part of NSX version 4+. Projects allow for the isolation of networking abstractions into individual tenants within a single NSX appliance. If your organization is already utilizing NSX Projects, you are probably very familiar with their concept and execution but others can find high-level details about them here.

Morpheus supports a full-featured integration with NSX, including the ability to scope the Morpheus integration to a specific Project the service user can access. Using Project-scoped integrations allows multiple NSX integrations to be made to the same NSX appliance and ensures Morpheus users are siloed to only the NSX Projects they can access.

Add NSX Integration to Morpheus

  1. Navigate to Infrastructure > Network > Integrations

  2. Select Select + ADD > VMWare NSX

  3. Enter the following:

    • NAME: Name for the NSX Integration in Morpheus

    • VISIBILITY: Public (available to all Morpheus Tenants) or Private (available only to the current Tenant). This option is shown only in the Morpheus Master Tenant

    • API HOST: URL of the NSX Manager (ex. https://x.x.x.x/api)

    • CREDENTIALS: A pre-stored credential set can be used to create this integration. If “Local Credentials” is selected, USERNAME and PASSWORD fields are presented and must be filled

    • USERNAME: NSX service account username. Prior to NSX version 4, this is likely an admin account with access to all networking constructs. In NSX version 4 and higher, this could be an admin for access to default space constructs or it could be a Project-specific user depending on the access needs of the integration being created

    • PASSWORD: The password for the NSX service account entered above

    • PROJECT: As soon as an API HOST and credentials are provided, Morpheus will attempt to authenticate with the NSX appliance. When authentication is successful and a NSX 4+ appliance is detected, a PROJECT field will appear and the dropdown will be pre-populated with Projects accessible to the service user account

    • VMWARE CLOUD: Select the existing VMware cloud associated with this NSX integration

  4. Select ADD NETWORK INTEGRATION

Once the NSX Integration is added Morpheus will sync in existing Transport Zones, DHCP servers and relays, Segments, firewall groups and rules, Gateways, Edge Clusters, and Groups. We can manage these synced items from within Morpheus UI, including the ability to create, edit, and delete them.

Note

The available tabs on the integration detail page will be dependent on the Project selected when the integration was created. Just like in NSX, the default view (and thus integrations scoped to the default Project) will have access to all constructs whereas individual Projects will not. Integrations scoped to individual Projects can view the DHCP, Segments, Firewall, Tier-1 Gateways, and Groups tabs but not the other tabs described here. These limitations are identical to those in the NSX console UI. More information on NSX Projects is available here.

Summary View

The SUMMARY tab contains the default view when accessing an NSX integration. From the summary view we can see the status of the NSX server, and details about interfaces and group status.

Transport Zones

Access Transport Zones by selecting the Transport Zones tab. The default view of the Transport Zones tab lists Transport zones and presents some detail about them such as name, traffic type, status, and more. The integration allows for creation of new Transport Zones, editing and deleting.

../../_images/1tz.png

DHCP

DHCP servers and relays are displayed on the DHCP tab. View information such as names and server addresses. The integration allows for creation of new servers and relays, editing and deleting.

../../_images/1dhcp.png

Segments

Access Segments by from the Segments tab. The summary view includes high-level information such as status, name, network name and CIDR. The integration allows for creating, editing and deleting NSX Segments

../../_images/1segments.png

Firewall

Firewall Groups and Rules are accessible from the Firewall tab. From the summary view, Groups can be expanded to view Rules within. From the ACTIONS menu, create new Groups by selecting “Create Group”. When a Group has been expanded, the “Create Rule” selection within the ACTIONS menu will also be accessible and a new rule can be created within the selcted Group. The integration allows for viewing, creating, editing and deleting Firewall Groups and Rules.

../../_images/1firewall.png

Tier-0 Gateways

Access Tier-0 Gateways from the Tier-0 Gateways tab. The integration allows creating, editing and deleting Tier-0 Gateways.

../../_images/1t0.png

Tier-1 Gateways

Access Tier-1 Gateways from the Tier-1 Gateways tab. The integration allows creating, editing and deleting Tier-1 Gateways.

../../_images/1t1.png

Edge Clusters

View Edge Clusters from the Edge Clusters tab. The default view lists each Edge Cluster with name, member type, cluster profile, and more. The integration allows viewing and limited editing of Edge Clusters.

../../_images/1edgeclusters.png

Groups

NSX Groups are viewed from the Groups tab. The default view lists each Group alone with member details. The Morpheus NSX integration allows for creating, editing and deleting Groups.

../../_images/1groups.png