Today I have been working in the lab messing around with vCloud Networking and Security for one of the projects I am working on. With all the new changes in vCloud Networking and Security version 5.1, deploying an edge device needs a little understanding. I have written this blog article to walk you through the steps involved in deploying an edge device, and what to look for when you have deployed it.
The following steps show how to deploy a vCloud Networking and Security edge device through the vCloud Networking and Security Manager.
- Login to the vCloud Networking and Security Manager (formerly and still called vShield Manager)
- Expand Datacenters, and select the datacenter you want to deploy your edge device in, and select the tab Network Virtualization
- Select Edges. You will be shown a list of the current edge devices. Click the green plus to add a new edge device
- Type the name you want to call the edge device. This is the virtual machine display name you will see in vCenter. If you want to enable HA (High Availability) on the edge, tick the Enable HA device
- Enter the CLI username and password that you set when configuring the vCloud Networking and Security Manager
- Select the appliance size, I always recommend to keep the Auto rule generation tick box enabled. Before clicking next, you MUST click the green plus to enter the configuration details for the edge device.
- Select from the dropdowns, which Cluster or Resource pool and datastore you want to deploy the edge on
- You now need to add the interfaces for this edge device, click the green plus
- Enter the details for your edge device uplink. This is the external interface.
- Select the port group you want to connect the edge too
- Specify the IP address for this external interface
- Enter the subnet
- Scroll down the edge interface window and change the MTU to 1600. Note: The MTU must be changed on your switches for this to work.
- Follow the steps again to create an internal interface. This is the interface that you will use to route traffic from your VMs.
- Configure the Default Gateway by clicking the check box, and add the gateway IP. This is the default gateway for you external interface that you added in the previous steps
- Enable the tickbox Configure Firewall default policy and set the default policy. If you ticked the HA box you can set the configuration options for this here
- Review the summary and click Finish to deploy the edge device
- You will now see the status of the edge Deploying vShield edge device
- Once the edge has deployed you will see the status Deploy
To understand what you have actually deployed, if you look within vCenter at the vSwitch you have deployed the edge on, you will be able to see the different port groups and connections the Edge device has.
Hi Dave,
I’m following your guide (in conjunction with a couple of others) to deploy an Edge device for vCD 5.1 load balancing.
My 2 networks are both private /24 networks presented as portgroups on a vDS, and VSM is installed and working. VSM / vCNS is the latest GA release.
I get an error when clicking ‘Finish’ to begin the deployment – “Invalid IP Address input ‘com.vmware.vshield.edge.dto.IpAddressDto@3a1faa50’ for field ‘featureConfigs.features[2].ipAddresses’.”
In this case, Google wasn’t my friend and I can’t find anything on this error, and I’ve checked and rechecked the IPs are correct. Any idea’s what it might be?
Not seen that error before, but a few things i would check.
1) Check that you have created an uplink (with a correct external IP for the connected port group)
2) Check that you have created an Internal nic (can be any ip address, but must match correct subnet)
3) Make sure you selected a cluster for the edge device
These are the common things that can get muddled up.
Let me know how you get on.