I am currently using vsphere 5.5 with Trend deep security and going to upgrade to 6.7 with NSX and Trend Deep security appliances. All Mgmt vlans (esxi, vcenter, PSC, NSX manager, Trend security appliances and etc...) will be on StD vSwitch portgroup and All VM workload is on DVS portgroup. My question: Do I must use DVS portgroup for the NSX manger, controller and host preparation for their network adapter or STD vSwitch portgroup to do it's service, However All VM workload on DVS port group.
NSX vSwitch is based on vSphere distributed switches (VDSs), which provide uplinks for host connectivity to the top-of-rack (ToR) physical switches. You can certainly keep all management components (PSC/NSX/Controllers etc) on STD switch if you wish to use the same (Don't connect to VXLAN based PG ).As a best practice, VMware recommends that you plan and prepare your vSphere Distributed Switches before installing NSX for vSphere.NSX services are not supported on vSphere Standard Switch. VM workloads must be connected to vSphere Distributed Switches to use NSX services and features.
NSX vSwitch is based on vSphere distributed switches (VDSs), which provide uplinks for host connectivity to the top-of-rack (ToR) physical switches. You can certainly keep all management components (PSC/NSX/Controllers etc) on STD switch if you wish to use the same (Don't connect to VXLAN based PG ).As a best practice, VMware recommends that you plan and prepare your vSphere Distributed Switches before installing NSX for vSphere.NSX services are not supported on vSphere Standard Switch. VM workloads must be connected to vSphere Distributed Switches to use NSX services and features.
Thanks for your fast reply. Just to recap what I understood that I must use VDS portgroup for (PSC/NSX/Controllers etc) network adapter if I am going to use the VXALN. However as in my case I will not use the VXLAN feature so I will keep all management components (PSC/NSX/Host preparation/Controllers etc) on STD switch and VM workloads will be connected to vSphere Distributed for NSX security features.
Just to recap what I understood that I must use VDS portgroup for (PSC/NSX/Controllers etc) network adapter if I am going to use the VXALN.
No, you should not try to place/migrate management components to NSX Provisioned VXLAN network . Data plane outage will impact management Machines as well. So i don't recommend that design. Dedicate few vlans for those workloads and you can keep leverage VSS or DVS .