VMware Networking Community
MrVmware9423
Expert
Expert
‎08-30-2023 11:24 AM
Jump to solution

ClusterComputeResource' is not supported in NSX-T. "

Dear Team,

During V2T getting below message

 

ClusterComputeResource' is not supported in NSX-T. On few DFW rules Cluster is selected, how to mitigate the same. Please assist.

 

thank you in advance

Reply
0 Kudos
1 Solution

Accepted Solutions
andrewassis
Contributor
Contributor
‎09-10-2023 01:27 PM
Jump to solution

The error message "ClusterComputeResource' is not supported in NSX-T" typically indicates that there are Distributed Firewall (DFW) rules in your VMware environment that reference a compute cluster. NSX-T does not support using compute clusters in DFW rules as you would in a traditional vSphere environment. To mitigate this issue and make your DFW rules compatible with NSX-T, you should update these rules. Here's how you can proceed:

1. **Identify DFW Rules with Cluster References:**
- First, identify the specific DFW rules that reference the "ClusterComputeResource." These rules may have been created in your vSphere environment.

2. **Understand the Intent of Cluster Rules:**
- Understand the purpose of these rules. In traditional vSphere environments, it's common to use clusters for grouping VMs, but in NSX-T, segmentation and security are typically achieved differently.

3. **Update DFW Rules:**
- For each rule that references a cluster, you'll need to update it to work with NSX-T. The exact changes will depend on the intent of the rule. Here are some considerations:

a. **Replace Cluster References:** If the cluster was used to group VMs for security purposes, you'll need to replace the cluster reference with references to the specific VMs or security groups in NSX-T. This means redefining the source and destination objects of the rule.

b. **Redesign Rules:** If the rules were using cluster-based logic that's not directly translatable to NSX-T, you may need to redesign the rules to fit the NSX-T security model. This could involve creating new security groups, tags, or policies as needed.

c. **Review Policies:** Reevaluate the policies that these cluster-based rules were a part of. NSX-T has a different way of managing security policies, so you may need to create new policies to replace the old ones.

4. **Test and Validate:** Before making any changes in a production environment, thoroughly test the updated DFW rules in a test or staging environment. Ensure that the new rules achieve the desired security outcomes without any unintended consequences.

5. **Apply Changes:** Once you're confident that the updated rules are working correctly, apply them in your NSX-T environment.

6. **Documentation:** Document the changes you've made to the DFW rules for future reference and auditing.

7. **Review Other Configuration:** Review your overall NSX-T configuration to ensure it aligns with your security and segmentation requirements. Make sure that you have appropriate security groups, tags, and policies in place to manage security effectively.

8. **Seek Assistance if Needed:** If you encounter complexities or challenges during this process, consider seeking assistance from VMware support or consulting with a VMware NSX-T expert who can provide guidance specific to your environment.

Updating DFW rules from a vSphere-based model to an NSX-T model may require some significant changes, but it's essential to ensure that your security posture remains effective in the new environment while avoiding any compatibility issues.

View solution in original post

Reply
1 Reply
andrewassis
Contributor
Contributor
‎09-10-2023 01:27 PM
Jump to solution

The error message "ClusterComputeResource' is not supported in NSX-T" typically indicates that there are Distributed Firewall (DFW) rules in your VMware environment that reference a compute cluster. NSX-T does not support using compute clusters in DFW rules as you would in a traditional vSphere environment. To mitigate this issue and make your DFW rules compatible with NSX-T, you should update these rules. Here's how you can proceed:

1. **Identify DFW Rules with Cluster References:**
- First, identify the specific DFW rules that reference the "ClusterComputeResource." These rules may have been created in your vSphere environment.

2. **Understand the Intent of Cluster Rules:**
- Understand the purpose of these rules. In traditional vSphere environments, it's common to use clusters for grouping VMs, but in NSX-T, segmentation and security are typically achieved differently.

3. **Update DFW Rules:**
- For each rule that references a cluster, you'll need to update it to work with NSX-T. The exact changes will depend on the intent of the rule. Here are some considerations:

a. **Replace Cluster References:** If the cluster was used to group VMs for security purposes, you'll need to replace the cluster reference with references to the specific VMs or security groups in NSX-T. This means redefining the source and destination objects of the rule.

b. **Redesign Rules:** If the rules were using cluster-based logic that's not directly translatable to NSX-T, you may need to redesign the rules to fit the NSX-T security model. This could involve creating new security groups, tags, or policies as needed.

c. **Review Policies:** Reevaluate the policies that these cluster-based rules were a part of. NSX-T has a different way of managing security policies, so you may need to create new policies to replace the old ones.

4. **Test and Validate:** Before making any changes in a production environment, thoroughly test the updated DFW rules in a test or staging environment. Ensure that the new rules achieve the desired security outcomes without any unintended consequences.

5. **Apply Changes:** Once you're confident that the updated rules are working correctly, apply them in your NSX-T environment.

6. **Documentation:** Document the changes you've made to the DFW rules for future reference and auditing.

7. **Review Other Configuration:** Review your overall NSX-T configuration to ensure it aligns with your security and segmentation requirements. Make sure that you have appropriate security groups, tags, and policies in place to manage security effectively.

8. **Seek Assistance if Needed:** If you encounter complexities or challenges during this process, consider seeking assistance from VMware support or consulting with a VMware NSX-T expert who can provide guidance specific to your environment.

Updating DFW rules from a vSphere-based model to an NSX-T model may require some significant changes, but it's essential to ensure that your security posture remains effective in the new environment while avoiding any compatibility issues.

Reply