top of page
CloudControl Quick Start Guide

Integrating CloudControl with VMware NSX

On-premise or VMware Cloud

​

First Published: 12/05/2019, Edited 10/1/2023

This document provides step-by-step instructions and tips on the initial setup of the CloudControl virtual appliance.

​

OVA Deployment

The CloudControl deployment is performed in vCenter using the Deploy OVF Template option.  During the Customize Template step, please note the following:

  • Multiple DNS entries to be separated by spaces

  • Hostname limited to 15 characters

  • Leave Network IP/Mask empty for DHCP

Step1-1.png

The following procedure assume the CloudControl Appliance is deployed and powered on with a valid IP address that is accessible by HTTPS, port 443

​

Notes:

  1. SSH is disabled by default. To enable, navigate to Administration > System Settings > Diagnostics > Appliance Settings

  2. Console access is typically not needed and limited to ReSTNSX support.  If you cannot connect the appliance, please verify and/or change your settings in vCenter under the virtual machine's vApp options. 

​

​

Step 1: Access Virtual Appliance

Browse to the CloudControl Virtual Appliance via https://<CloudControl-IP> using Chrome. Firefox is in Feature Preview mode and is not currently supported.

On the login screen, enter the following credentials. Note that the password is case sensitive:

Username: admin

Password:  default

​

Step 2: Apply License

Once logged in, the system will forward you to the licensing page to apply a CloudControl provided license.  Click the Licensing drop-down section and paste in the license(s).

​

Step 3a: Add NSX Manager as a Datasource

Required:

  • NSX Manager already deployed and configured with API login credentials.

  • HTTPS, port 443, open inbound to NSX Manager from the CloudControl Appliance IP.

  • NSX Admin or service account credentials setup with read/write privileges.

​​

This step enables CloudControl to access these resources over the ReST API for object and system configuration over HTTPS port 443.  To add a data source navigate to Admin > Datasources to add NSX Manager and vCenter pairs.

Screen Shot 2024-10-16 at 7.39.48 PM.png

Click + Add Data Source button in the top right of the Data Sources page and complete the following steps:

  1. Select data source type (NSX-v, NSX-T, vRNI, etc...)  from the drop-down menu

  2. Enter a Display Name.  This name is locally significant only and is an easy way to reference different NSX Managers that are defined as data sources

  3. Enter a Group Name. This name is locally significant only and is an easy way to group different NSX Managers (Optional) 

  4. Enter IP Address or Hostname of the NSX-v Manager

  5. Enter the Username for the Enterprise Admin or role with sufficient NSX Manager privileges

  6. Enter the Password for the Enterprise Admin or role with sufficient NSX Manager privileges

  7. Ensure Ignore Certificate Errors is selected

  8. Click Next.  By clicking Next, ReSTSNX attempts to validate the credentials against NSX Manager while retrieving the vCenter IP address and username.

 

Note: If an invalid username or password is entered, you may proceed to the next step by clicking the Proceed with Errors checkbox

​

Note: If a Hostname is selected in Step 4, a valid DNS server must have been entered during the appliance installation process

​

 

VMware Cloud on AWS (VMCoAWS) Considerations

Adding VMCoAWS Cloud NSX & vCenter - Automatic mode with token (Recommended mode)

This approach will leverage a direct connect to the VMware Cloud in AWS and CSP token for authentication to NSX.  The NSX and vCenter IP/hostnames are dynamically discovered.

  1. Generate AWS user token with a NSX and Cloud Admin role

  2. The token authentication is performed using the public VMC IP/domain . WARNING: If CloudControl cannot reach the following URL on port 443, adding the data source will fail: POST https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?refresh_token=

  3. CloudControl will then get a list of SDDCs to manage via GET vmc.vmware.com/vmc/api/orgs

  4. If CloudControl cannot reach the above URLs via HTTPS (due to DNS or firewall blocking), you can configure CloudControl to use a proxy server under the Admin page

  5. CloudControl should have access to the VMC NSX management cluster for each SDDC to be added

  6. Ensure MGW gateway rules are configured in each SDDC to allow CloudControl to communicate with NSX and vCenter via HTTPS

 

Adding VMCoAWS Cloud NSX & vCenter - Manual mode with token 

This approach is similar to Automatic mode with the main difference of the NSX and vCenter IPs being manually entered by the user.  We recommend this approach only for troubleshooting purposes.

​

 

Step 3b: Add vCenter as a Datasource

Required:

  • vCenter already deployed and configured with API login credentials.

  • HTTPS, port 443, open inbound to vCenter from the CloudControl Appliance IP.

  • vCenter Admin or service account credentials setup with read/write privileges. Note: the user must also belong to the SystemConfiguration.Administrator group for proper detection of the vCenter version

 

To enable querying vCenter objects for association with NSX Manager policies, a vCenter must be added to CloudControl.  For NSX-v, CloudControl automatically detects the associated vCenter in the previous step.

  1. Enter the vCenter Password for the Enterprise Admin or role with sufficient NSX Manager privileges

  2. Select data source to be Active or Inactive.  Enable or Disable the slider button for this data source to be active or not. This option allows Administrators to define the resources for future use but not have them accessible for configuring and polling once added to the system.

  3. Click Next.  By clicking Next, CloudControl attempts to validate the credentials against vCenter if selected as an Active data source.

Note: If an invalid username or password is entered, you may proceed to the next step by clicking the Proceed with Errors checkbox

​

Step 4: Verify Connectivity

NSX and vCenter Data Sources are now visible to CloudControl.  You may switch between them using the drop-down in the top-right corner of the screen.

To test basic NSX and vCenter functionality, click the CloudControl/RESTNSX logo located in the top left screen to reset your session cookie with the new data sources.  This will also navigate you back to the home screen.

Screen Shot 2024-10-16 at 7.41.10 PM.png

Once at the home screen, click the search icon on the top right side of the screen to pull out the Query window.  Within this tab, you may query NSX inventory to validate connectivity and basic permissions.

​

Step 1: Verify Data source has green check mark as shown below.

Step 2: Click the magnifying glass to open the Query window

Step 3: Select one or more objects to list. If the list does not populate, there may be a permission issue with NSX and/or vCenter. 

Password Change and Users

Users and Passwords

The default Admin password may be changed to a complex password by selecting Change Password in the top right corner user the Admin username.

Non-default passwords must be at least 8 characters and include one upper case letter, one lower case letter, one number, and one special character.

Additional users may also be added under Admin > Users and Policy.

​

Login Banner

As an Administrator, a login banner may be set for all users accessing the system.  Enable the banner by clicking the slider to YES and enter a banner up to 2000 characters.  The banner is enforced upon all subsequent logins for all users.

 

System Ready

After successfully completing these steps, your CloudControl Appliance is ready for use.  For additional system configuration items, such as adding users and a login banner, navigate to Admin > Users and Policy.

bottom of page