NSX Installation

NSX Installation

July 14, 2020 2 By Eric Shanks

This post will focus on getting the NSX-T Manager deployed and minimally configured in the lab. NSX-T is a pre-requisite for configuring vSphere 7 with Kubernetes as of the time of this writing.

Deploy the NSX Manager

The first step in our build is to deploy the NSX Manager from an OVA template into our lab. The NSX Manager is the brains of the solution and what you’ll be interacting with as a user. Each time you configure a route, segment, firewall rule, etc., you’ll be communicating with the NSX Manager. Download and deploy the OVA into your vSphere lab.

As you deploy the template you’ll need to specify the size of the deployment. This is important, but for a lab environment less so. I’ve found that the Small size works well for my lab and doesn’t take up too many resources.

Fill out the rest of the deployment information. The configurations that I used are listed below, customized for my lab environment. I deployed the NSX-T Manager in the management VLAN outlined in the previous post.

  • Hostname: nsx
  • Rolename: NSX Manager
  • NSX Site Name: HollowLab
  • Default IPv4 Gateway:
  • Management Network IPv4 Address:
  • Management Network Netmask:
  • DNS Server list:,
  • Domain Search List: hollow.local
  • NTP Server List: pool.ntp.org
  • Enable SSH: no
  • Allow root logins: no

Finish the installation and when complete, power on the NSX vm that was just deployed.

Initialize NSX Manager

Once your NSX Manager appliance has been deployed and powered on, its time to do some basic initialization. The first thing you’ll do is open a web browser and navigate to the FQDN of your NSX Manager appliance you just deployed. Once you authenticate to the appliance using the credentials specified in your OVA deployment from above, you’ll probably see some pop-up screens asking you to accept a EULA, join the CEIP program, etc. Check the boxes and close any getting started windows. We don’t need that stuff. 🙂

You will also need to apply a license to your NSX Manager. Navigate to the System tab and click +ADD to add a license and fill out the details. vSphere 7 with Kubernetes requires a NSX-T Data Center Advanced or higher license to be applied.

The next step in setting up our lab involves connecting a compute manager. This is a fancy name for vCenter in our case. NSX-T will use this compute manager connection to query objects and create objects as necessary. To setup the computer manager, you’ll need a service account for NSX Manager to talk to vCenter. In my case, I’m using an administrative role (Remember this is a lab), but if you want to be specific about your permissions, and of course you should, you can apply the following privileges to a service account.

Extension.Register extension
Extension.Unregister extension
Extension.Update extension
Sessions.Validate session
Sessions.View and stop sessions
Host.Local Operations.Create virtual machine
Host.Local Operations.Delete virtual machine
Host.Local Operations.Reconfigure virtual machine
Scheduled task
Global.Cancel task
Permissions.Reassign role permissions
Resource.Assign vApp to resource pool
Resource.Assign virtual machine to resource pool
Virtual Machine.Configuration
Virtual Machine.Guest Operations
Virtual Machine.Provisioning
Virtual Machine.Inventory
Network.Assign network

From within the NSX Manager console, go to System –> Fabric –> Compute Managers and click +ADD.

In the next screen, enter your vCenter information and login credentials. Then click the Add button. When you do this for the first time you’ll be presented with a SHA-256 thumbprint and you’ll need to accept that its valid before continuing. Lastly, click the “Enable Trust” button so that it’s in the Yes position. This last step is important as it allows NSX to trust vCenter for authentication.

You will be asked to add a thumbprint. Click Add. When you’re done you’ll have a vCenter configured and registered as a compute manager.


In this post we deployed the NSX Manager which is the brains of the NSX-T product and have configured licenses and connected it to our vCenter server. In the next post we’ll start configuring NSX-T so that we can start routing some traffic to some virtual machines.