| Supported deployment methods | |
| Supported platforms | - NSX Manager VM System Requirements
| Appliance Size | Memory | vCPU | Shares | Reservations | Disk Space | VM Hardware Version | | NSX Manager Extra Small (NSX-T Data Center 3.0 onwards) | 8GB | 2 | 8192, Normal | 8192 MB | 300 GB | 10 or later | | NSX Manager Small VM (NSX-T Data Center 2.5.1 onwards | 16GB | 4 | 163840, Normal | 16384 MB | 300 GB | 10 or later | | NSX Manager Medium VM | 24 GB | 6 | 245760, Normal | 24576 MB | 300 GB | 10 or later | | NSX Manager Large VM | 48 GB | 12 | 491520, Normal | 49152 MB | 300 GB | 10 or later | - Host Transport Node System Requirements - Supported Hypervisors for Host Transport Nodes
| Hypervisor | Version | CPU Cores | Memory |
|---|
| vSphere | Supported Version | 4 | 16 GB | CentOS Linux KVM | 7.9, 8.4 | 4 | 16 GB | | Red Hat Enterprise Linux (RHEL) KVM | 7.9, 8.2, 8.4 | 4 | 16 GB | | SUSE Linux Enterprise Server KVM | 12 SP4 | 4 | 16 GB | | Ubuntu KVM | 18.04.2 LTS, 20.04 LTS | 4 | 16 GB |
- On ESXi, it is recommended that the NSX Manager appliance be installed on shared storage
|
| IP address | An NSX Manager must have a static IP address. You can change the IP address after installation. Only IPv4 addresses are supported |
| NSX-T Data Center appliance password | - At least 12 characters
- At least one lower-case letter
- At least one upper-case letter
- At least one digit
- At least one special character
- At least five different characters
- Default password complexity rules are enforced by the following Linux PAM module arguments:
retry=3: The maximum number of times a new password can be entered, for this argument at the most 3 times, before returning with an error.minlen=12: The minimum acceptable size for the new password. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit).difok=0: The minimum number of bytes that must be different in the new password. Indicates similarity between the old and new password. With a value 0 assigned to difok, there is no requirement for any byte of the old and new password to be different. An exact match is allowed.lcredit=1: The maximum credit for having lower case letters in the new password. If you have less than or 1 lower case letter, each letter will count +1 towards meeting the current minlen value.ucredit=1: The maximum credit for having upper case letters in the new password. If you have less than or 1 upper case letter each letter will count +1 towards meeting the current minlen value.dcredit=1: The maximum credit for having digits in the new password. If you have less than or 1 digit, each digit will count +1 towards meeting the current minlen value.ocredit=1: The maximum credit for having other characters in the new password. If you have less than or 1 other characters, each character will count +1 towards meeting the current minlen value.enforce_for_root: The password is set for the root user.
|
| Hostname | When installing NSX Manager, specify a hostname that does not contain invalid characters such as an underscore or special characters such as dot ".". If the hostname contains any invalid character or special characters, after deployment the hostname will be set to nsx-manager.
For more information about hostname restrictions, see rfc952 and rfc1123. |
| VMware Tools | The NSX Manager VM running on ESXi has VMtools installed. Do not remove or upgrade VMtools |
| System | - Verify that the system requirements are met. See System Requirements
Before you install NSX-T Data Center, your environment must meet specific hardware and resource requirements.
Before you configure Gateway Firewall features, make sure that the NSX Edge form factor supports the features. See Supported Gateway Firewall Features on NSX Edge topic in the NSX-T Data Center Administration Guide.
Gateway Firewall features supported on NSX Edge form factor
| Features/NSX Edge Form Factor | Small
2 vCPU, 4GB RAM (POC only) | Medium
4 vCPU, 8 GB RAM | Large
8 vCPU, 32 GB RAM | Extra Large
16 vCPU, 64 GB RAM | Bare Metal |
|---|
| L3-L4 Firewall | Yes | Yes | Yes | Yes | Yes | | User ID-based Access Control | Yes | Yes | Yes | Yes | Yes | | Application Access Control | No | Yes | Yes | Yes | Yes | | URL Filtering | No | Yes | Yes | Yes | Yes | | FQDN Analysis | No | Yes | Yes | Yes | Yes | | IDPS | No | No | Yes | Yes | Yes | | Malware Detection | No | No | No | Yes | Yes | | Sandboxing for unknown Threats | No | No | No | Yes | No | | TLS Inspection | No | No | Yes | Yes | Yes | | L2 and L3 VPN | Yes | Yes | Yes | Yes | Yes | | Static, Dynamic Routing | Yes | Yes | Yes | Yes | Yes |
- Verify that the required ports are open. See Ports and Protocols and refer to VMware Ports and Protocols for more details.
- Verify that a datastore is configured and accessible on the ESXi host.
- Verify that you have the IP address and gateway, DNS server IP addresses, domain search list, and the NTP Server IP or FQDN list for the NSX Manager or Cloud Service Manager to use.
- If you do not already have one, create the target VM port group network. Place the NSX-T Data Center appliances on a management VM network.
If you have multiple management networks, you can add static routes to the other networks from the NSX-T Data Center appliance. - Plan your NSX Manager IPv4 IP addressing scheme.
|