Adding VMware NSX Cloud Platform

TOS Aurora monitors the VMware platform for policy revision changes. For TOS Aurora to show full accountability details (who made the policy changes and when the changes were made), you must also configure the platform to send syslogs. To help you organize the information for your devices, you can use the device information worksheet. To see which TOS features are supported for your device, review the feature support table.

Prerequisites

  • Monitoring: You must have a user with read-only permissions for the NSX manager and for NSX-V, also a user with at least read-only permissions for the vCenter server. See Creating Read-only accounts for NSX devices for details.
  • Provisioning: You must have a user with admin permissions.

By default, changes to unlogged rules do not trigger new revisions on TOS Aurora. Therefore, unlogged changes created by tools such as Service Composer will not trigger a TOS Aurora revision. See Tracking Unlogged Rules for details.

Monitor a VMware Device

To configure TOS Aurora to monitor the policy revisions of a VMware device:

  1. In TOS Aurora, go to Monitoring > Manage Devices.

  2. Select the appropriate device type:

  3. Configure the device settings:

    • Name for Display

    • Domain: Available only if you have configured your system for managing multi-domains and All Domains is currently selected. Select the domain to which to add the device. The Domain can only be entered when adding a device; to change the Domain, you must migrate the device.

    • Get revisions from one of the following:

      • NSX Manager IP Address: Enter the IP address of the NSX manager
      • Offline File: (If available) Revisions are manually uploaded to TOS Aurora for Offline Analysis
      • vCenter IP Address: For NSX-V devices only, enter the IP address of the vCenter device.
    • NSX Manager Type: The NSX Manager type (NSX-V or NSX-T).

    • Enable Topology: Collects routing information for building the network Interactive Map.

      Topology options for Advanced management mode are configured when you import managed devices.

    • For NSX-T devices, if the device uses dynamic addressing (such as DHCP) or dynamic routing protocols (such as OSPF), select Collect dynamic topology information.

    • ST server: In a distributed deployment, select which TOS Aurora cluster monitors this device (not shown in image)

  4. Click Next.

  5. Configure the TOS Aurora connection to the VMware device, according to the parameters required by the device:

    • Enter admin credentials for the NSX manager

    • For NSX-V devices only, enter appropriate vCenter details.

    • To use default settings (recommended in most cases), leave the Port number blank.

      The device must be configured to use SSH version 2.

    • Click Retrieve Certificate to setup encrypted communication between TOS Aurora and the VMware device.

      The certificate appears, and the following message is displayed:

      retrieved

      The certificate is retrieved from the vCenter over port 8443.

  6. Click Next.

    The Monitoring Settings page appears:

  7. To use timing settings from the Timing page, select Default. Otherwise, select Custom and configure the monitoring mode and settings:

    • Real-Time Monitoring: Applies only if syslogs are configured. In Custom settings:

      • 'Install policy' interval: When two or more Install Policy events for the same policy occur within this time interval, TOS Aurora combines the events into a single Install Policy revision (Default: 60 seconds)
      • Automatic fetch frequency: Frequency (in minutes) for automatic fetch 
    • Periodic Polling, select Custom settings and configure the Polling frequency: How often TOS Aurora fetches the configuration from each device.

      If you select 1 day, you can then select the exact time (hour and minute) for the daily polling.

  8. Click Next

  9. Save the configuration.

    The VMware device now appears in the Monitored Devices tree.

How Do I Get Here?

In TOS Aurora, go to Monitoring > Manage Devices.