Caution: Articles written for technical not grammatical accuracy, If poor grammar offends you proceed with caution ;-)
If you are familiar with “Network Scopes” from vCNS then “Transport Zones” should be familiar to you. If not here is some useful information to know regarding these Zones.
Transport Zones dictate which clusters can participate in the use of a particular network. Prior to creating your transport zones some thought should go into your network layout and what you want to be available to each cluster. Below are some different scenarios for transport zones.
In the “MoaC” environment I have three clusters. There is a Management Cluster in which all management servers are hosted included all components of NSX which will include all Logical and Edge routers that we have not yet configured, but this concept is important to know. I will not be placing any routers in any other cluster than my management cluster. I then have a Services cluster which will be hosting all of my provisioned machines that are not part of the core infrastructure, and finally I have a desktop cluster in which I will be hosting VDI desktop instances.
Transport Zone Scenarios
- Global Transport ZoneIn this scenario I would add all of my clusters to the Transport Zone. Doing this will make it so every logical switch that I later create and assign to the Global Transport will become available as a DvSwitch Portgroup on every single cluster. These DvSwitches can then have VM’s attached the them for use. You would want to be very careful with creating a Global Transport Zone that includes all clusters as you may present networks such as DMZ networks or other secured environments to clusters in which you do not want them to be available.
- Services Cluster only Transport ZoneIn this scenario I only want the network to be utilized by my Services Cluster so one might think that when creating the Zone you would only add the services cluster to the Transport Zone. However in my configuration because all my logical and edge routers will be located in my Management Cluster I need to add both the Management and Services cluster to the Transport Zone. This ensures that the Logical Router has access to the Zone. This will make any DvSwitches created as part of the logical switches assigned to this Transport Zone available on both the Management and Services cluster.
- Desktop Cluster Only Transport ZoneVery much like the Services Cluster this Zone as you may have guessed would be available to the Management and Desktop Clusters. This would be just like the Services Cluster example above.
- Management Only Transport Zone
If I wanted the ability to create logical switches only on the Management Cluster I would only need to add the Management Cluster to the Transport Zone because all the logical and edge routers are on the Management Cluster.
The MoaC NSX Transport Zone Configuration
In the MoaC lab we have incorporated all of the above Transport Zones at our Primary Site. At our secondary site we are utilizing the Global Transport Zone Configuration. Below is the Transport Zone Configuration of the Primary Site.
If I didn’t want to have the Services and Desktop network available on the Management clusters due to security reasons you could create transport zones that were isolated to each individual cluster, however you would need to deploy logical and edge routers to each cluster instead of maintaining them each within the Management Cluster. I would only recommend this is very specific situations and it would make your environment very distributed and increase complexity.
Creating Transport Zones
- Under the “Installation” menu in the “Networking & Security” section choose “Logical Network Preparation” and then select “Transport Zone” and click the green “+” to add a “Transport Zone”.
- Give your “Transport Zone” a “Name”, select the appropriate ‘Replication Mode” and then select the “Clusters” that you would like to participate in the “Transport Zone” and then Click “OK”.
Now that we have added “Transport Zones” to our NSX configuration all the “Installation” tasks are “complete” and we can move on to configuring “Logical Switches”, “Logical Routers”, and “Edge Gateways” for the environment.