Hello all, we have setup a new environment a couple of months ago and have migrated a few customers from the old to the new. I attended NSX class many years ago but I know software has changed and instructions also. Our old environment is vsphere 5.5, vcloud 9.1.0 with nsx version 6.3.6. The new environment is vsphere 6.7 on vxrails and we are looking to install the datacenter version of the new NSX. Our plan is to step away from vcloud and look into other like style software. I have 2 major questions. First, if memory serves me correctly from training a couple years ago, during the install you had to be cautious when implementing the firewall version piece of NSX because you could firewall off your ESXi hosts and disconnect everything. Not sure if this is still the case. The second question is if we already have customers on the new environment and go to setup the new data-center version of NSX, will we interrupt connections for these customers? I know there will probably be questions I have not provided information for, ask away if needed.
Thanks for any help provided in advance!
With in the distribute firewall you have a exclusion list, there you can exclude all the management components so you are safe in case something goes wrong with your policies.
Also, I would recomend you to use the "Apply to" in the DFW Rules, so you can be more specific where to apply the rules and not doing it to the entire environment at once.
For the upgrade, you should check the interoperability matrix. But most updates of NSX are quite straight forward.
Hope that helps
To answer the 1st question: Yes, there is an exclude list. See Manage a Firewall Exclusion List
Question 2: Since you are going to use vsphere 6.7, you need a N-VDS (on vsphere 7, you can use the 'normal' dvs)
Since N-VDS is a separate switch, it needs its own uplinks.
So depending on your overall setup (assuming 2 total uplinks) you need to move 1 uplink to the N-VDS and start configuring nsx on that.
This can be done without impacting traffic. But keep in mind that you only have 1 uplink to the existing dvs and current customers.
For the migration itself you could take a look at Migrating vSphere Networking
Chris, thank you for the tips. I have been reading through a couple of articles that discussed the N-VDS and figured we would need to implement it. We actually have 4 10gb ports on the vxrail hosts but are only using 2 of them currently. Could it be safe to assume that if we took 1 10gb port on each host and made that the N-VDS, implemented it, it would not have any effect on the customers? Then we could slowly migrate with customers knowledge and add a second 10gb port later on after we clean everything up?
It should have no impact. As long as you select/create the correct uplink-profile and slect the correct interfaces to use.
Another safe way is put the host in maintenance mode and manual install the required vibs.
You can easy create a new n-vds with 1 link.
Do not forget to check the physical switch for at least mtu 1600. If it is not, please refer to vendor documentation to see if you can change that without a switch reboot. Just be carefull. Esp when you also have live customer traffic going over it.