Once you have completed the install of your three NSX-T manager nodes it is a good idea to replace the certificates with certificate authority (CA) signed certificates with your domain. This will provide better security knowing the web page you are connecting to is trusted. Also, you can avoid that annoying “Your connection is not private” page. We will walk through how to replace all the system generated certificates used with the NSX-T manager platform.
To ensure our servers are only accepting connections using secure cryptographic protocols we often need to restrict which protocols are enabled on a server. NSX-T manager appliances include TLSv1.1 and TLSv1.2 enabled by default. This article will walk you through confirming what TLS protocols are enabled as well as how to disable TLS protocol versions to harden your deployment.
An Uplink Profile defines how an N-VDS residing on a respective transport node will map to the physical NICs of a host. The configurable properties of an uplink profile determines how transport nodes connect to the physical network by configuring the number of NICs, teaming policies, VLANs and MTU.
The benefit of creating a custom uplink policy allows you to configure the desired state once and enforce that desired state everywhere. Thus, creating a consistent and reliable deployment.
Transport zones determine which hosts and by extension which virtual machines can use a particular segment (network). Hosts get added to transport zones. When a host is a member of a transport zone it can “see” all the segments that were created under that transport zone. A transport zone can span multiple clusters however, segments cannot span multiple transport zones.
Transport node profiles ensure a consistent, reliable deployment of transport nodes within your infrastructure. We will walk through the configuration of a transport node profile from start to finish.
We are going to walk through the preparation of our ESXi hosts to become Transport Nodes. Once complete, we will be able to start applying NSX-T features and policies to your data center deployment.