HOWTO: Deploy a VMware NSX Edge Services Gateway (ESG)

This is one of many posts that will form part of the VCAP6-NV Deploy Exam Guide.

What is an Edge Service Gateway (ESG)?

An Edge Services Gateway is a virtual appliance that is responsible for both North/South traffic and various Edge services, including Load Balancing, NAT and DHCP.

In this example, we will create a new ESG with two interfaces, one to connect to the transit network (Internal) and one to connect to a vDS Portgroup (Uplink).

Deploying a VMware NSX Edge Service Gateway (ESG)

Note: Adding an ESG has a certain amount of prerequisites that can be found within the VMware Doc site here.

Note: These steps assume you are not even logged into vCenter Server.  Skip the first few steps if you are!

Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).

Enter appropriate User name and Password and click Login.

Click Network and Security.

Click NSX Edges.

Click Add (+).

Enter the Name of the new ESG and (optional) check the Enable High Availability checkbox.

Click Next.

Enter and confirm a Password for the CLI credentials.  (Optional) check the Enable SSH access or Enable FIPS mode checkboxes based on your requirements.

Click Next.

Select the correct Datacenter from the drop down, select the appropriate Appliance Size and then click Add(+).

Note: one of the main differences between deploying the ESG and DLR is the ESG is sized based requirements.

Select the target Cluster/Resource Pool from the dropdown.

Select the target Datastore from the dropdown.

Click OK.

Click Next.

Click Add(+).

Enter the Name of the NSX Edge Interface, select the appropriate Type option (either Internal or Uplink).

At Connected To, click Select.

Select the target Network (Logical Switch / Standard Portgroup / Distributed Portgroup) and click OK.

Click Add(+).

Enter the Primary IP Address and the Subnet Prefix Length.

Click OK.

Add additional Interfaces as required.

Click Next.

Select the appropriate vNIC from the dropdown and enter the Gateway IP Address.

Click Next.

Check the Configure Firewall default policy checkbox.

Select the desired Default Traffic Policy and Logging options.

Note: If HA has been specified, select the vNIC from the dropdown and enter the Management IPs.

Click Next.

Click Finish.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.