VMware NSX-V Manager

To add a VMware NSX-V management station, complete the following steps.

VMware Log Insight must be enabled.

Step 1: Configure the Device

FireMon strives to provide up-to-date product information, however we are not always aware when vendors change their device UI. If any Configure the Device procedure differs from your device version (UI location of fields, not information needed), please consult your device's user guide.

  1. Log in to NSX-V Manager.
  2. Create an Administrator account with an assigned role of Auditor. This profile will be used in the NSX-V Settings during setup in the Administration module.
  3. If you will be using Policy Automation (a separate license is required), you can create a secondary administrator account with an assigned role of Security Administrator.
  4. Click Manage Appliance Settings.
  5. Click Manage > General.
  6. Navigate to the Syslog Server section and click Edit.
    1. Enter the IP of Log Insight.
    2. Enter 514 for the Port.
    3. Select UDP as the Protocol.
    4. Click OK.
  7. Log in to vSphere.
  8. Create an Administrator account with a Read-Only permission profile. This profile will be used in the vCenter Settings during setup in the Administration module.
  9. Click the Home icon, and then click Networking & Security.
  10. Click NSX Edges.
  11. Double-click a device from the list.
  12. Click Manage > Settings > Configuration.
  13. In the Details pane, on the Syslog servers line, click Change.
    1. Enter the IP of Log Insight.
    2. Select UDP as the Protocol.
    3. Click OK.
  14. Click the Actions icon on the toolbar, and select Change Log Level.
    1. Change the Edge Control Level Logging to INFO.
    2. Click OK.

    Repeat steps 10 and 11 for every NSX Edge listed.

Step 2: Onboard the Device in the Administration Module

  1. On the toolbar, click Device > Management Stations.
  1. Click Create, and then click VMware > NSX-V.
  1. General Properties section.
  1. In the Name box, type the name of the device as you want to see it in SIP.
  2. In the Description box, type an optional description of the device being added.
  3. In the Management IP Address box, type the IP address of the NSX-V device.
  4. In the Data Collector box, type the IP address of the data collector that will collect data from this device.
  5. In the Central Syslog Server box, select the syslog server from the list (optional).

Syslog fields are optional if the device uses the same IP for syslog and management.
A central syslog server is required only if syslog messages come from a different IP. A central syslog server must be created before it can be assigned to a device. To track usage via syslog, the device must support Level 3+.

  1. In the Syslog Match Names box, type the syslog match names (optional). You can enter multiple names separated by a comma.

    If there are multiple distributed firewalls, you must enable complementary tags and then set the syslog match name.

  1. By default, the Automatically Retrieve Configuration check box is selected.
  2. In the External ID box, type a unique identifier to be used when the device identifier is different than what is displayed in SIP.
  1. For Collection Configuration, enable Update Rule Documentation on Member Devices to allow Rule Documentation fields on member devices to inherit a value from the management station. Any management stations Rule Documentation field updates will override updates on the member device. A rule marked to be removed will not be updated.
  1. NSX-V Settings section.
    1. The NSX-V IP is the Management IP Address entered in General Properties.
    2. The default Port is 443.
    3. In the User Name box, type the user name for the administrator account with an assigned role of Auditor.
    4. Type the Password and then Re-enter Password for the user name.
  2. vCenter Settings section.
    1. In the vCenter IP box, type the IP address of vCenter.
    2. The default Port is 443.
    3. In the User Name box, type the user name for the administrator account with a Read-Only permission profile.

      The user name field must include the vSphere domain. For example, username@domain.local.

    1. Enter the Password and then Re-enter Password for the user name.
  1. Policy Automation section.

    Prerequisites: A valid Policy Automation license is required to complete this section and you needed to create a secondary admin account (Security Administrator role) in the VMware UI.

  1. In the User Name box, type the user name used for the secondary administrator account.
  2. In the Password box, type the password used for the secondary administrator account.
  3. In the Re-enter Password box, retype the password entered above.
  1. Retrieval section.

Scheduled Retrieval

Select the Enable Scheduled Retrieval check box to perform a retrieval at a set time regardless of change detection. This will activate additional fields to complete.

  • Set the Scheduled Retrieval Time to fit your requirements.

  • Select the Scheduled Retrieval Time Zone from the list.

Check for Change Retrieval

Select the Enable Check for Change check box to check for configuration changes after the specified interval and perform a retrieval if changes are detected. This will activate an additional field to complete.

  • The default Check for Change Interval time is 1440 minutes (every 24 hours). You can change the check interval time to best fit your requirements. The minimum required interval is 60 minutes (1 hour).

  1. Click Save.
    Devices being managed will be listed in the Discovered Devices section.