NSX Archives - ElasticSky

26. October 202326. October 2023

NSX Manager – Changing Certificates

After installing NSX-T Data Center, the NSX managers and cluster use self-signed certificates. These can and should be replaced with trusted certificates from an enterprise CA. The new certificates can be imported into the UI of the NSX Manager. Unfortunately, replacement is done exclusively via an API call. This can usually be done nicely with utilities such as Postman. However, there are environments that are very restrictive and in which neither an application such as Postman is available nor any other Linux system from which the API calls could be issued.

We will outline how we can do this without any special utilities using only the CURL command directly from the NSX Manager appliance.

24. June 202224. June 2022

VMware NSX Legacy Load Balancing is Going Away – Migrate to Avi

VMware will be sunsetting the NSX native load balancers. Customers should be migrating to the currently supported NSX Advanced Load Balancer (Avi) which simplifies operations today while getting you ready for your multi-cloud and container strategies tomorrow. Avi works across all environments beyond the NSX framework, expanding use cases to public cloud, containers and app security while adding capabilities for GSLB, WAF and analytics. A migration tool will be available to make the migration of your existing configuration to the current technology easy and painless.

28. November 202115. March 2024

ESXi Configuration Restore fails with blank DCUI

Backing up and restoring an ESXi host configuration is a standard procedure that can be used when performing maintenance on the host. Not only host name, IP address and passwords are backed up, but also NIC and vSwitch configuration, Object ID and many other properties. Even after a complete reinstallation of a host, it can recover all the properties of the original installation.

Recently I wanted to reformat the bootdisk of a host in my homelab and had to fresh install ESXi for this. The reboot with the clean installation worked fine and the host got a new IP via DHCP.

Now the original configuration was to be restored via PowerCLI. To do this, first put the host into maintenance mode.

Set-VMhost -VMhost <Host-IP> -State "Maintenance"

Now the host configuration can be retored.

Set-VMHostFirmware -VMHost <Host-IP> -Restore -Sourcepath <Pfad_zum_Konfigfile>

The command prompts for a root login and then automatically reboots. At the end of the boot process, an empty DCUI was welcoming me.

I haven’t seen this before. I was able to log in (with the original password), but all network connections were gone. The management network configuration was also not available for selection (grayed out). The host was both blind and deaf.

15. November 202115. March 2024

NSX-T vSphere-Client Integration

One of the new features of vSphere 7.0 Update 3 is that you can now manage NSX-T directly from the vSphere Client. In the new menu of the vSphere client UI, you will now find a section dedicated to NSX.

Opening this section currently brings up an NSX-T status information page. At this current stage, we are able to deploy new NSX-T instances, but existing NSX-T installations won’t be discovered.

Why is that?

As usual, a look at the Release Notes helps. There you’ll find the following statement for vCenter 7 Update 3:

You can see the vSphere Client NSX-T home page that enables the feature, but it does not work with NSX-T Data Center 3.1.x or earlier.

The most recent NSX-T version is 3.1.3 [as of 11/15/2021]. This means we have to wait for NSX-T version 3.2 until the integration works.