NSX Bytes: Deploying vShield Endpoint with NSX Manager
I recently had to deploy a solution into our Labs that required the installation of vShield Endpoint VMs to facilitate a 3rd Party service. No worries there…but when I logged into the Lab I was faced with an updated vShield Manager instance which was now NSX Manager…Where the heck do you deploy Endpoints? Where is the option to select a host and deploy an Endpoint in NSX?
The process below is for installing VMware EndPoints with the NSX 6.x GUI.
In the Networking and Security Section of the vSphere Web Client, go to NSX Managers -> IP Address of Manager. Click on the Manage and then Grouping Objects Tabs. Go to IP Pools and Add a new Pool for the vShield Endpoint.
Go back to the Networking and Security Section and go to Service Deployments under Installation. Click on Add and you are presented with the Deploy Network & Security Services Wizard. Select VMware Endpoint and click next.
Select the Cluster you want to deploy the Endpoints to and click next. Note you can not select individual hosts.
Select the datastore you you want to use for the the Endpoint…Shared storage is recommended…once selected hit next. There is a Specified on Host option…have a read of the online doco to understand what that’s in relation to.
You can now select the Management Network for the Endpoint. Ensure that the IP Pool Created matches the Network PortGroup and click next.
At this point the Wizard begins to deploy the Endpoints. If you take a look at the vCenter Task Console you should see tasks similar to below. The Endpoint Agent is installed on the hosts and the actual Endpoints are deployed via OVF Templates exactly the same as vShield Endpoints where.
Once the Installation Status has changed from In progress to Succeeded your Endpoints have deployed. At this stage you are done…you can’t do anything with the deployed service accept remove it. Nothing to edit, nothing to worry about…3rd party Services should now be able to work just as if these where vShield Endpoints.
The NSX Endpoints are named simply VMware Endpoint (1), VMware Endpoint (2) and so on and are deployed to a new Resource Pool called ESX Agents.
The NSX Online Documentation is about the only searchable location up to this point that goes through the process. As mentioned above, there is a caveat that I have not been able to find further info on…That is, you can not deploy Endpoints to individual hosts…only to a cluster and all hosts in that cluster. I’ve searched for the API calls which may or may not have a mechanism to select hosts without luck. Feel free to comment below if you know this is possible.