Why does vCenter show 0 NSX licenses in use? – How to determine VMware NSX licensing

Why does vCenter show 0 (zero) VMware NSX licenses in use?

This question comes up with clients and coworkers alike all the time, so I figured I’d do my best to disseminate the information a bit further into the “inter-webs”.

The question of why vCenter shows 0 (zero) NSX licenses in use is greatly due to the fact that VMware NSX is not tied to vCenter in all versions, like NSX-T or NSX-MH, versus NSX-V. VMware NSX-V is of course the vSphere based version of NSX, MH the “multi-hypervisor” version and “T”, “Transformers” for bare-metal or cloud-based container environments and the like.

VMware NSX Editions

With the release of NSX 6.2.2, VMware introduced 3 different license editions; Standard, Advanced, and Enterprise. These license editions allow you align NSX with your company’s use case.

Standard Edition: Automates IT workflows, bringing agility to the data center network and reducing network operating costs and complexity.

Advanced Edition: Standard Edition plus a fundamentally more secure data center with micro-segmentation. Helps secure the data center to the highest levels, while automating IT provisioning of security.

Enterprise Edition: Advanced Edition plus networking and security across multiple domains. Enables the data center network to extend across multiple sites and connect to high-throughput physical workloads.

VMware NSX License Capacity Usage

Since there are many versions of VMware NSX that are not vCenter-based, the use of vCenter licensing is inherently useless. Thus, VMware NSX licensing is displayed in the VMware NSX Manager interface.

Per the documentation, the NSX capacity usage calculation method only reports for clusters prepared and enabled with DFW and VXLAN. CPU count is number of CPUs (sockets) of all prepared hosts. VM count and Concurrent Users is the count of all powered on VMs in the cluster. This VM count does not include system VMs (service VMs, partner VMs, edge appliances, etc).

NSX usage is reported correctly under the NSX Manager in NSX vSphere Webclient Plugin. **Please note under license management in VC the NSX license will report Usage as ZERO**

vShield Endpoint License in NSX 6.2.4

vShield Endpoint is a component of vCloud Network and Security (vCNS). This component allows you to offload antivirus and anti-malware agent processing to a dedicated secure virtual appliance. With the release of NSX 6.2.4, the default license is NSX for vShield Endpoint allowing you to manage your vShield Endpoint environment with NSX. Customers who purchased vSphere with vShield Endpoint (Essential Plus and above) will be able to download NSX. This means that NSX will appear on the vSphere download site, just like vCNS does today. To ensure customers do not use any other unlicensed NSX features (eg. VXLAN, DFW, Edge services), the license key will have hard enforcement to prevent NSX host preparation and block Edge creation. If you require an evaluation license key, please request this through VMware sales.

If you have questions regarding VMware NSX licensing, auditing of licensing or the like, please contact your VMware account team or NSX Technical Account Specialist.

VMware NSX 6.3.5 Upgrade Process with Step-by-Step

The VMware NSX 6.3.5 upgrade is fairly straightforward. The NSX Manager does most of the heavy lifting with a little bit of instruction from us and there’s only a small amount of manual interaction to ensure component upgrades are performed at your discretion, in order to maintain edge connectivity during the process. Please use the official VMware NSX 6.3 Upgrade Guide documentation for your efforts. My intentions with this post are for preview purposes only, so you can know what to expect.

As always, ensure your backups are current for NSX Manager before beginning. If you have support, a proactive support ticket to seed the details of your upgrade plan with versions and components greatly speeds up support, should you hit a snag.

VMware NSX 6.3.5 Upgrade Process

Determine the current version of VMware NSX by navigating to the “Installation” section in “Networking & Security”.

Verify that your NSX version is compatible with the latest upgrade in the VMware Interoperability Matrix – Upgrade Path. NSX versions from 6.2 forward are compatible with 6.3.5, as you’ll see below.

Log into the NSX Manager with admin credentials and click “Upgrade” on the home screen. The upgrade process takes about 30-60 minutes overall, so make sure you’ve got the time you need.

Click the “Upgrade” button in the upper right corner of the screen. From here on out, it’s critical that we let the following stages run without interruption.

Click on “Choose File” and navigate to the NSX upgrade bundle that ends in tar.gz. The upgrade bundle is a separate download from the appliance, so make sure you’ve got the correct bits before continuing.

Select the NSX upgrade bundle and click “Open” and then “Continue”. Upon clicking “Continue”, NSX Manager uploads the upgrade bundle and stages it. After staging the build, NSX Manager verifies the upgrade bundle to validate authenticity and payload.

After the verification is complete, you’re presented with the upgrade dialog summary. Ensure you have selected your desired SSH mode and if you wish to participate in the VMware Customer Experience Program. Once you’re prepared to continue, click the “Upgrade” button and the upgrade will begin.

Once the NSX upgrade has begun, you’ll see the status of running.

After verifying the post upgrade version of NSX Manager, log into vCenter, navigate to “Networking & Security”, “Installation” and ensure other NSX Controllers have been upgraded as well.

Finally, navigate to “NSX Edges”, select each Edge, right click and select “Upgrade” to upgrade your NSX Edge nodes.

Verify that the NSX Edge nodes have been upgraded to the correct version.

Once you’ve completed the NSX Edge upgrades the NSX vSphere host upgrades need to be run. Click the “Upgrade available” in NSX Component Installation on Hosts.

After host upgrades, perform a NSX backup and do some general connectivity tests to ensure operation. Having a scripted ping test that pings to and from different components on the network makes testing quite a bit quicker, so it’s not a bad idea to spend some time on that beforehand.

As always, feel free to hit me up with questions and whatever you do, #runNSX.

What’s New in VMware NSX 6.3.5?

With the last few NSX releases, our overall focus has been on compliance and product parity. VMware NSX 6.3.5 primarily delivers improvements and enhancements in Guest Introspection, L2 VPN and the remediation of 32 defects.

VMware NSX 6.3.5 provides improvements in Guest Introspection VM’s, that on deployment, are named Guest Introspection (XX.XX.XX.XX), where XX.XX.XX.XX is the IPv4 address of the host on which the GI machine resides and occurs during the initial deployment of GI. Naming the GI VM with the IP address of it’s host, will provide VMware admins some much needed information, at a glance.

The L2 VPN service now supports changing and/or enabling logging on the fly – without a process restart, enhanced logging, tunnel state and statistics, events for tunnel status changes and a number of CLI enhancements. This provides for greater troubleshooting capabilities for L2 VPN configurations and the like.

Of the 32 defects fixed, Resolved Issue 19879763 that causes NSX Controllers to expire root passwords 90 days after build, is the most notable. The issue is detailed in KB000051144 – Deploying NSX Controller fails in NSX-v 6.3.3 and 6.3.4.

The NSX 6.3.5 Release Notes do not contain the Resolved Issue, as VMware development re-released 6.3.3 and 6.3.4, adding it to the Resolved Issue in those product release notes respectively. Details on the rest of the defects can be found in the release notes as usual, so check there for more details.

As for requirements, they are vSphere 5.5U3, vSphere 6.0U3, as well as, vSphere 6.5U1 and later. All versions of VMware Tools are supported. Some Guest Introspection-based features require newer VMware Tools versions, so see the release notes. As for version compatibility with other VMware products, like vRealize Network Insight and Log Insight, see the VMware Product Interoperability Matrix.

For more information, as always, make sure you read the release notes, contact your VMware account team and engage VMware support proactively.