After successful installation, now there is time for CSM configurations. There are two integrations that needs to take place: one is with on-prem NSX-T Manager and another is with public cloud accounts. Let’s get started on this:

Login to CSM and navigate to settings and click configure .Enter NSX Manager hostname (FQDN is preffered) or IP address, credentials and thumbprint. Click Connect

Once connectivity is successful, this part is over and we can move on to the next piece to integrate public cloud accounts. Click Finish.
Before actually adding any public account (Azure or AWS), we will need to make some preparations and run scripts that are available on [downloads.vmware.com] under Drivers & Tools section

Once you unpack it there will be two folders : one for AWS and one for Azure

Let’s start with AWS side, since i found it a bit easier to implement.  Script will generate IAM profile and role required by PCG. You will need Linux box and have the following installed there:

AWS CLI

JQ

Openssl

Below guide will help you to install AWS CLI on your machine

https://docs.aws.amazon.com/cli/latest/userguide/install-linux.html

1. Connect to your Linux machine and install pip**

   [root@ns1 ~]# curl -O https://bootstrap.pypa.io/get-pip.py
   
   % Total % Received % Xferd Average Speed Time Time Time Current
   
   Dload Upload Total Spent Left Speed
   
   100 1659k 100 1659k 0 0 2157k 0 –:–:– –:–:– –:–:– 2157k
   
   [root@ns1 ~]# python get-pip.py –user
   
   Collecting pip
   
   Downloading https://files.pythonhosted.org/packages/d8/f3/413bab4ff08e1fc4828dfc59996d721917df8e8583ea85385d51125dceff/pip-19.0.3-py2.py3-none-any.whl (1.4MB)
   
   100% |████████████████████████████████| 1.4MB 5.0MB/s
   
   Collecting wheel
   
   Downloading https://files.pythonhosted.org/packages/96/ba/a4702cbb6a3a485239fbe9525443446203f00771af9ac000fa3ef2788201/wheel-0.33.1-py2.py3-none-any.whl
   
   Installing collected packages: pip, wheel
   
   The script wheel is installed in ‘/root/.local/bin’ which is not on PATH.
   
   Consider adding this directory to PATH or, if you prefer to suppress this warning, use –no-warn-script-location.
   
   Successfully installed pip-19.0.3 wheel-0.33.1

2. Install AWS CLI**

   [root@ns1 ~]# pip install awscli –upgrade –user
   
   Collecting awscli
   
   Downloading https://files.pythonhosted.org/packages/aa/ea/cb62728e9b38f9d8c620d60815f8dd54ca015f6b9af8f5a3d03d9b2e3c64/awscli-1.16.115-py2.py3-none-any.whl (1.4MB)
   
   100% |████████████████████████████████| 1.5MB 12.1MB/s
   
   Collecting botocore==1.12.105 (from awscli)
   
   Downloading https://files.pythonhosted.org/packages/cf/ce/acc9013dee20fc94c9b9ae121f5b7b342a206f0d577be1e5c6129811194a/botocore-1.12.105-py2.py3-none-any.whl (5.3MB)
   
   100% |████████████████████████████████| 5.3MB 597kB/s
   
   Collecting colorama<=0.3.9,>=0.2.5 (from awscli)
   
   Downloading https://files.pythonhosted.org/packages/db/c8/7dcf9dbcb22429512708fe3a547f8b6101c0d02137acbd892505aee57adf/colorama-0.3.9-py2.py3-none-any.whl
   
   Collecting rsa<=3.5.0,>=3.1.2 (from awscli)
   
   Downloading https://files.pythonhosted.org/packages/e1/ae/baedc9cb175552e95f3395c43055a6a5e125ae4d48a1d7a924baca83e92e/rsa-3.4.2-py2.py3-none-any.whl (46kB)
   
   100% |████████████████████████████████| 51kB 21.2MB/s
   
   Collecting docutils>=0.10 (from awscli)
   
   Downloading https://files.pythonhosted.org/packages/50/09/c53398e0005b11f7ffb27b7aa720c617aba53be4fb4f4f3f06b9b5c60f28/docutils-0.14-py2-none-any.whl (543kB)
   
   100% |████████████████████████████████| 552kB 6.2MB/s
   
   Collecting s3transfer<0.3.0,>=0.2.0 (from awscli)
   
   Downloading https://files.pythonhosted.org/packages/d7/de/5737f602e22073ecbded7a0c590707085e154e32b68d86545dcc31004c02/s3transfer-0.2.0-py2.py3-none-any.whl (69kB)
   
   100% |████████████████████████████████| 71kB 4.5MB/s
   
   Requirement already satisfied, skipping upgrade: PyYAML<=3.13,>=3.10 in /usr/lib64/python2.7/site-packages (from awscli) (3.12)
   
   Collecting jmespath<1.0.0,>=0.7.1 (from botocore==1.12.105->awscli)
   
   Downloading https://files.pythonhosted.org/packages/83/94/7179c3832a6d45b266ddb2aac329e101367fbdb11f425f13771d27f225bb/jmespath-0.9.4-py2.py3-none-any.whl
   
   Collecting python-dateutil<3.0.0,>=2.1; python_version >= “2.7” (from botocore==1.12.105->awscli)
   
   Downloading https://files.pythonhosted.org/packages/41/17/c62faccbfbd163c7f57f3844689e3a78bae1f403648a6afb1d0866d87fbb/python_dateutil-2.8.0-py2.py3-none-any.whl (226kB)
   
   100% |████████████████████████████████| 235kB 32.6MB/s
   
   Requirement already satisfied, skipping upgrade: urllib3<1.25,>=1.20; python_version == “2.7” in /usr/lib/python2.7/site-packages (from botocore==1.12.105->awscli) (1.22)
   
   Requirement already satisfied, skipping upgrade: pyasn1>=0.1.3 in /usr/lib/python2.7/site-packages (from rsa<=3.5.0,>=3.1.2->awscli) (0.4.3)
   
   Collecting futures<4.0.0,>=2.2.0; python_version == “2.6” or python_version == “2.7” (from s3transfer<0.3.0,>=0.2.0->awscli)
   
   Downloading https://files.pythonhosted.org/packages/2d/99/b2c4e9d5a30f6471e410a146232b4118e697fa3ffc06d6a65efde84debd0/futures-3.2.0-py2-none-any.whl
   
   Requirement already satisfied, skipping upgrade: six>=1.5 in /usr/lib/python2.7/site-packages (from python-dateutil<3.0.0,>=2.1; python_version >= “2.7”->botocore==1.12.105->awscli) (1.11.0)
   
   Installing collected packages: jmespath, docutils, python-dateutil, botocore, colorama, rsa, futures, s3transfer, awscli
   
   The scripts pyrsa-decrypt, pyrsa-decrypt-bigfile, pyrsa-encrypt, pyrsa-encrypt-bigfile, pyrsa-keygen, pyrsa-priv2pub, pyrsa-sign and pyrsa-verify are installed in ‘/root/.local/bin’ which is not on PATH.
   
   Consider adding this directory to PATH or, if you prefer to suppress this warning, use –no-warn-script-location.
   
   Successfully installed awscli-1.16.115 botocore-1.12.105 colorama-0.3.9 docutils-0.14 futures-3.2.0 jmespath-0.9.4 python-dateutil-2.8.0 rsa-3.4.2 s3transfer-0.2.0

3. Install JQ and OpenSSL. In my case i already had OpenSSL installed**

   [root@ns1 ~]# yum install jq
   Loaded plugins: fastestmirror, langpacks
   Loading mirror speeds from cached hostfile
   * base: repos-lax.psychz.net
   * epel: mirror.prgmr.com
   * extras: mirrors.ocf.berkeley.edu
   * updates: mirrors.ocf.berkeley.edu
   Resolving Dependencies
   –> Running transaction check
   —> Package jq.x86_64 0:1.5-1.el7 will be installed
   –> Processing Dependency: libonig.so.2()(64bit) for package: jq-1.5-1.el7.x86_64
   –> Running transaction check
   —> Package oniguruma.x86_64 0:5.9.5-3.el7 will be installed
   –> Finished Dependency Resolution
   
   Dependencies Resolved
   
   ================================================================================
   
   Package Arch Version Repository Size
   
   ================================================================================
   
   Installing:
   jq x86_64 1.5-1.el7 epel 153 k
   Installing for dependencies:
   oniguruma x86_64 5.9.5-3.el7 epel 129 k
   
   Transaction Summary
   
   ================================================================================
   
   Install 1 Package (+1 Dependent package)
   
   Total download size: 282 k
   Installed size: 906 k
   Is this ok [y/d/N]: y
   Downloading packages:
   (1⁄2): jq-1.5-1.el7.x86_64.rpm | 153 kB 00:00
   (2⁄2): oniguruma-5.9.5-3.el7.x86_64.rpm | 129 kB 00:01
   ——————————————————————————–
   Total 208 kB/s | 282 kB 00:01
   Running transaction check
   Running transaction test
   Transaction test succeeded
   Running transaction
   Installing : oniguruma-5.9.5-3.el7.x86_64 1⁄2
   Installing : jq-1.5-1.el7.x86_64 2⁄2
   Verifying : oniguruma-5.9.5-3.el7.x86_64 1⁄2
   Verifying : jq-1.5-1.el7.x86_64 2⁄2
   
   Installed:
   jq.x86_64 0:1.5-1.el7
   
   Dependency Installed:
   oniguruma.x86_64 0:5.9.5-3.el7
   
   Complete!
   
   For openssl, do ” yum install openssl”

4. Configure your AWS to get authenticated . You will need to have your access key and secret key ID ready for your AWS account**

   [root@ns1 bin]# ./aws configure
   
   AWS Access Key ID [None]: ******
   
   AWS Secret Access Key [None]: *******
   
   Default region name [None]: us-west-1
   
   Default output format [None]: json

5. Once authenticated, issue some test commands like listing your S3 buckets to make sure that you can interact with your account using AWS CLI**

   [root@ns1 bin]# ./aws s3 ls
   
   2017-09-25 14:08:16 nizami-bucket1

6. Move file from your previously downloaded script folder nsx_csm_iam_script.sh into Linux machine and run it**

   [root@ns1 ~]#bash nsx_csm_iam_script.sh
   
   AWS Profile is set as default
   
   AWS CLI configuration verified successfully.
   
   openssl installation verified successfully.
   
   JSON parser ‘jq’ installation verified successfully.
   
   If you get errors in above output, verify your dependency installations (Openssl and jq) and your AWS credentials)
   
   *******************
   
   Do you want to create an IAM user for CSM and an IAM role for PCG? [yes/no] yes
   
   We will be creating IAM user for CSM and respective role for PCG
   
   What do you want to name the IAM User?
   
   nsx-csm
   
   Creating IAM user nsx-csm and IAM role nsx_pcg_service …
   
   Note role name as we will need to later for integration with CSM
   
   ****************
   
   IAM user and role creation successful. Please check file ./aws_details.txt for user credentials and role name information.
   
   Do you want add trust relationship for any Transit VPC account? [yes/no] no
   
   Script execution successful! Detailed script logs are generated in file ./nsx_csm_iam_script.log
   
   Look now for aws_details.txt file that should look like this
   
   [root@ns1 ~]# more aws_details.txt
   
   “AccessKeyId”: *******
   
   “SecretAccessKey”: ****
   
   “RoleName”: “nsx_pcg_service”,
   
   you will need values of those keys and rolename during integration

7. Go back to CSM and navigate to Clouds–>AWS and click ADD**
   Fill in information from file above : Access Key, Secret Key and Gateway Role name and click ADD
8. Once account gets added successfully you should see the something similar to this******************************Azure preparations

   To run the scripts on Azure side, we will need the following

   PowerShell 5 or higher

   AzureRM Module

   Let’s start

   1. Launch Windows PowerShell and check version
   2. Install AzureRM Module
   3. Log in to your Azure account. Pop-up window will appear to enter your credentials
   4.  Navigate to your account in Azure portal and search “Subscription”. We will need this to run our script
   5. Navigate to the folder where script was copied over and launch/.CreateNSXRoles.ps1 -subscriptionID _YourSubscriptionID_This will result in generation of Service Principal and identity roles for CSM and PCG. Output will be written in text file. We will need that later when adding Azure account into CSM
   6. Login to CSM and navigate to Clouds–>Azure and click ADD
      Fill in information stored in text file. Default PCG role name is “nsx-pcg-role”. Click ADD
   7. Once account gets added successfully you should see the something similar to this

This concludes CSM preparations. Next part will be dedicated to routing configurations. Stay tuned…

Author-  Nizami Mammadov CCIE#22247, VCAP-NV