Now that we have installed and configured NSX I think it’s time we connected it to vCAC. In version 6.1 there are some changes to the integration with NSX and vCAC. When I say changes I should say there are some great new changes. The integration now utilizes a vCO Plug-in that handles all the interactions between NSX and vCAC.
Benefits of vCO plug-in for NSX to vCAC integration
The benefits of the vCO plug-in are huge. These workflows that now exist in vCO are there for you to use in your own customization giving you the ability to interact with NSX in a custom way without having to code against it’s api. Personally I await the day for all integrations to be this way.
As most of you know the vCAC appliance has vCO built in and the built in vCO server already has the NSX plug-in installed for. If you want to use an external vCO you will have to deploy the plug-in to that appliance before trying to connect vCAC to NSX.
Installing the NSX plug-in into the vCO appliance
*Note – If you are using the vCO instance that is built into the vCAC virtual appliance you can skip this section.
First you will need to get the NSX vCO Plug-in. You can get in one of two ways:
- Download it from VMware at https://my.vmware.com/group/vmware/details?productId=417&downloadGroup=NSX-V-610-TOOLS#
- Pull it off the vCAC Virtual Appliance. You will need to SFTP to the appliance and navigate to /usr/lib/vco/app-server/plugins and download o11nplugin-nsx.dar.The first method would be the official method, but in case you can’t get online or just want to make sure you are running the same version on the vCO appliance or whatever your reason you can pull it off the appliance.
- To install the plug-in you will need to go to the vCO Configuration interface at https://vcoFQDN:8283, then click on plug-ins on the left menu and scroll down on the right plug-ins pane until you see the upload dialog. Click the magnifying glass.
- Once you have selected plug-in package click upload and install.
- Then agree to the License Agreement.
- Once the installation completes scroll down and you will see the NSX plug-in installed. You will see a message that says “WIll perform installation at the next server startup”.
- Select Startup Options from the left menu and then restart the vCO server, and then restart the vCO Configuration Server.
- Log back in once the configuration server restarts, go to Plug-Ins and scroll down and you should see Installation OK
next to the NSX Plug-in.
- If you login to the vCO Java Client and go to workflows and expand Library –> NSX you will see the NSX workflows. You don’t need to create the endpoint using the workflows. vCAC will handle that for us when we configure vCAC for NSX.
Configuring vCAC for NSX
If you don’t already have vRealize Automation installed (vCAC) you can find step-by-step instructions at http://dailyhypervisor.com/vcac-6-0/. These were mostly written against 6.0 however 6.1 is mostly the same and you should have no issues following the installation.
- Login to vCAC and navigate to Infrastructure –> Enpoints –> Endpoints. You need to have a vCenter Endpoint as well as a vCO endpoint already created. If you do not have them created and tested already you can click the linked text to review my posts on how to create them.
- Edit your vCenter Endpoint and check the box that say “Specify manager for network and security platform” and then input the https://FQDN of your NSX Manager. Then select or create the credentials to use for authentication.
- Once you add the NSX Manager to the vCenter Endpoint navigate to Infrastructure –> Compute Ressource –>Compute Resources. The hover over a cluster managed by the vCenter and select data collection.
- Once the data collection page loads scroll down until you see Network and Security Inventory and select Request Now. Refresh the page until it finishes and make sure the status is Succeeded.
- Launch the vCO Java Client and Navigate to Inventory. You will now see an NSX endpoint that you can navigate and view your NSX inventory.
- Your vCAC and NSX servers are now connected. We now need to run the Enable Security Policy Support for Overlapping Subnets workflow in Orchestrator.
- On the Workflow Tab navigate to NSX -> NSX Workflows for vCAC and run Enable security policy for overlapping subnets.
- Select the NSX Endpoint and run the workflow. (After you run this workflow, the Distributed Firewall rules defined in the security policy are applied only to the vNICs of the security group members to which the security policy is applied.) More about this when we cover Security Policies.