Integrating ReSTNSX 3.x + with VMware NSX and vCenter
First Published: 12/05/2019, Edited 4/16/2020
This document provides step-by-step instructions and tips on the initial setup of the ReSTNSX virtual appliance. If you require further assistance, please visit our blog or open a trouble ticket
OVA Deployment
The ReSTNSX deployment is performed in vCenter using the Deploy OVF Template option. During the Customize Template step, please note the following:
- Multiple DNS entries to be separated by spaces
- Hostname limited to 15 characters
- Leave Network IP/Mask empty for DHCP
The following procedure assume the ReSTNSX Appliance is deployed and powered on with a valid IP address that is accessible by HTTPS, port 443
Browse to the ReSTNSX Virtual Appliance via https://<ReSTNSX-IP> using Chrome. Firefox is in Feature Preview mode and is not currently supported.
On the login screen, enter the following credentials. Note that the password is case sensitive:
Username: admin
Password: default
Once logged in, the system will forward you to the licensing page to apply a ReSTNSX provided license. Click the Licensing drop-down section and paste in the license(s).
Required:
- NSX Manager already deployed and configured with API login credentials.
- HTTPS, port 443, open inbound to NSX Manager from the ReSTNSX Appliance IP.
- NSX Admin or service account credentials setup with read/write privileges.
This step enables ReSTNSX to access these resources over the ReST API for object and system configuration over HTTPS port 443. To add a data source navigate to Admin > Datasources to add NSX Manager and vCenter pairs.
Click + Add Data Source button in the top right of the Data Sources page and complete the following steps:
- Select data source type (NSX-v, NSX-T, vRNI, etc...) from the drop-down menu
- Enter a Display Name. This name is locally significant only and is an easy way to reference different NSX Managers that are defined as data sources
- Enter a Group Name. This name is locally significant only and is an easy way to group different NSX Managers (Optional)
- Enter IP Address or Hostname of the NSX-v Manager
- Enter the Username for the Enterprise Admin or role with sufficient NSX Manager privileges
- Enter the Password for the Enterprise Admin or role with sufficient NSX Manager privileges
- Ensure Ignore Certificate Errors is selected
- Click Next. By clicking Next, ReSTSNX attempts to validate the credentials against NSX Manager while retrieving the vCenter IP address and username.
Note: If an invalid username or password is entered, you may proceed to the next step by clicking the Proceed with Errors checkbox
Note: If a Hostname is selected in Step 4, a valid DNS server must have been entered during the appliance installation process
Adding VMCoAWS Cloud NSX & vCenter - Automatic mode with token (Recommended mode)
This approach will leverage a direct connect to the VMware Cloud in AWS and CSP token for authentication to NSX. The NSX and vCenter IP/hostnames are dynamically discovered.
- Generate AWS user token with a NSX and Cloud Admin role
- The token authentication is performed using the public VMC IP/domain . WARNING: If ReSTNSX cannot reach the following URL on port 443, adding the data source will fail: POST https://console.cloud.vmware.
com/csp/gateway/am/api/auth/ api-tokens/authorize?refresh_ token= - ReSTNSX will then get a list of SDDCs to manage via GET vmc.vmware.com/vmc/api/orgs
- If ReSTNSX cannot reach the above URLs via HTTPS (due to DNS or firewall blocking), you can configure ReSTNSX to use a proxy server under the Admin page
- ReSTNSX should have access to the VMC NSX management cluster for each SDDC to be added
- Ensure MGW gateway rules are configured in each SDDC to allow ReSTNSX to communicate with NSX and vCenter via HTTPS
Adding VMCoAWS Cloud NSX & vCenter - Manual mode with token
This approach is similar to Automatic mode with the main difference of the NSX and vCenter IPs being manually entered by the user. We recommend this approach only for troubleshooting purposes.
Required:
- vCenter already deployed and configured with API login credentials.
- HTTPS, port 443, open inbound to vCenter from the ReSTNSX Appliance IP.
- vCenter Admin or service account credentials setup with read/write privileges. Note: the user must also belong to the SystemConfiguration.Administrator group for proper detection of the vCenter version
To enable querying vCenter objects for association with NSX Manager policies, a vCenter must be added to ReSTNSX. For NSX-v, ReSTNSX automatically detects the associated vCenter in the previous step.
- Enter the vCenter Password for the Enterprise Admin or role with sufficient NSX Manager privileges
- Select data source to be Active or Inactive. Enable or Disable the slider button for this data source to be active or not. This option allows Administrators to define the resources for future use but not have them accessible for configuring and polling once added to the system.
- Click Next. By clicking Next, ReSTSNX attempts to validate the credentials against vCenter if selected as an Active data source.
Note: If an invalid username or password is entered, you may proceed to the next step by clicking the Proceed with Errors checkbox
NSX and vCenter Data Sources are now visible to ReSTNSX. You may switch between them using the drop-down in the top-right corner of the screen.
To test basic NSX and vCenter functionality, click the ReSTNSX logo located in the top left screen to reset your session cookie with the new data sources. This will also navigate you back to the home screen.
Once at the home screen, click the search icon on the right side of the screen to pull out the Query window. Within this tab, you may query NSX inventory to validate connectivity and basic permissions.
Users and Passwords
The default Admin password may be changed to a complex password by selecting Change Password in the top right corner user the Admin username.
Non-default passwords must be at least 8 characters and include one upper case letter, one lower case letter, one number, and one special character.
Additional users may also be added under Admin > Users and Policy.
Login Banner
As an Administrator, a login banner may be set for all users accessing the system. Enable the banner by clicking the slider to YES and enter a banner up to 2000 characters. The banner is enforced upon all subsequent logins for all users.
After successfully completing these steps, your ReSTNSX Appliance is ready for use. For additional system configuration items, such as adding users and a login banner, navigate to Admin > Users and Policy.