Installing vShield Endpoint installs a new vib and a service virtual machine on each host in the cluster. vShield Endpoint is required for NSX Data Security, Activity Monitoring, and several third party security solutions.

The installation instructions that follow assume that you have the following system:

A datacenter with supported versions of vCenter Server and ESXi installed on each host in the cluster. For information on the required versions, see System Requirements for NSX.

Network virtualization components must have been installed on the hosts in the cluster where you want to install vShield Endpoint. vShield Endpoint cannot be installed on stand alone hosts.

NSX Manager 6.0 installed and running.

If you want to assign an IP address to the NSX Endpoint service virtual machine from an IP pool, create the IP pool before installing NSX Endpoint. See Create an IP Pool.

1

Log in to the vSphere Web Client.

2

Click Networking & Security and then click Installation.

3

Click the Service Deployments tab and click the New Service Deployment (Add) icon.

4

In the Deploy Network and Security Services dialog box, select vShield Endpoint and click Next.

5

In Specify schedule (at the bottom of the dialog box), select Deploy now to deploy Endpoint as soon as it is installed or select a deployment date and time.

6

Click Next.

7

Select the datacenter and cluster(s) where you want to install Endpoint and click Next.

8

On the Select storage page, select the datastore on which to add the service virtual machines storage or select Specified on host It is recommended that use shared datastores and networks instead of specified on host so that deployment workflows are automated.

The selected datastore must be available on all hosts in the selected cluster.

If you selected Specified on host, follow the steps below for each host in the cluster.

a

On the vSphere Web Client home page, click vCenter and then click Hosts.

b

Click a host in the Name column and then click the Manage tab.

c

Click Agent VM Settings and click Edit.

d

Select the datastore and click OK.

9

Click Next.

10

On the Configure management network page, select the distributed virtual port group to host the management interface. If the datastore is set to Specified on host, the network must also be Specified on host.

The selected port group must be able to reach the NSX Manager’s port group and must be available on all hosts in the selected cluster.

If you selected Specified on host, follow the steps in Step 8 to select a network on the host. When you add a host(s) to the cluster, the datastore and network must be set before it is added to the cluster.

11

In IP assignment, select one of the following:

Select

To

DHCP

Assign an IP address to the NSX Endpoint service virtual machine through Dynamic Host Configuration Protocol (DHCP). Select this option if your hosts are on different subnets.

An IP pool

Assign an IP address to the NSX Endpoint service virtual machine from the selected IP pool.

12

Click Next and then click Finish on the Ready to complete page.

13

Monitor the deployment till the Installation Status column displays Successful.

14

If the Installation Status column displays Failed, click the icon next to Failed. All deployment errors are displayed. Click Resolve to fix the errors. In some cases, resolving the errors displays additional errors. Take the required action and click Resolve again.

Install VMware Tools on guest virtual machines.