VMware Networking Community
HassanAlKak88
Expert
Expert
‎12-19-2018 11:30 PM

NSX guest introspection architecture design with DR

Hello,

We are planning to integrate our NSX environment with McAfee Move through the guest introspection service.

Below is the NSX architecture Design:

Main Site:

Vcenter Server 6.7

ESXi host 6.7

NSX Manager 6.4.3 (Primary)

McAfee EPO server with Move products and extension

DR site:

Vcenter Server 6.7

ESXi host 6.7

NSX Manager 6.4.3 (Secondary)

Our request is how can we design/implement this solution with the existence of DR site ?

Do we need to integrate McAfee EPO with the two NSX manager (Primary and Secondary)?

Does McAfee EPO understand the Primary and Secondary roles for NSX manager ?

What about redirection policies, do we need to configure them twice ?

Do we need two McAfee EPO server (one on main and second on DR) ? or just a replication for this machine to DR site ?

Please advise,

Thanks in advance,


If my reply was helpful, I kindly ask you to like it and mark it as a solution

Regards,
Hassan Alkak
1 Reply
RaymundoEC
VMware Employee
VMware Employee
‎02-12-2019 09:58 PM

I have a similar question time ago, so let me share what are my toughs on your questions:

Our request is how can we design/implement this solution with the existence of DR site ?

yes but will be a not "one-click button solution"

Do we need to integrate McAfee EPO with the two NSX manager (Primary and Secondary)?

2 EPOs for 2 NSX manager

Does McAfee EPO understand the Primary and Secondary roles for NSX manager ?

no EPO can be configured in DR mode

What about redirection policies, do we need to configure them twice ?

no, policies need to be share as per DR mode of EPO

Do we need two McAfee EPO server (one on main and second on DR) ? or just a replication for this machine to DR site ?

yes for DR mode in EPO, the tricky part will be sync since is not an easy task, this is a failover only not LB or such a thing,  so in addition you need to deal with MSCS and meed requirements for having that between sites, so will be a complex solution not easy to maintain.

+vRay