Mobile SDDC Guide Part 4 – Demo Deployment

In part 4 of the Mobile SDDC Guide, we will configure the NSX components in our nested virtualized environment to deploy and run our customized 3-tier web application. Software-defined load balancer will also be enabled for the 3-tier web application. Lastly, micro-segmentation via NSX’s distributed virtual firewall will also be configured in our nested virtualized environment. This entry contains information of the deployment and configuration.

This video will contain all the functions used for this part of the Mobile SDDC script:

Appliance Deployment:

  • 1 x 3-Tier Web Appliance
    • Created by VMware’s Networking and Security Business Unit (NSBU)
    • Named as 3-tier-app
    • Deployed in the compute-cluster
  • 1 x NSX Edge Service Gateway (ESG)
    • Deployed via NSX plugin in vCenter Server
    • Named as nsx-esg
    • Deployed in the compute-cluster
  • 1 x NSX Distributed Logical Router (DLR)
    • Deployed via NSX plugin in vCenter Server
    • Named as nsx-dlr
    • Deployed in the compute-cluster

Environment Configuration:

  • 4 x logical switches: transit-ls, web-ls, app-ls and db-ls
  • Configure OSPF area on nsx-esg and nsx-dlr: Area 51
  • Enable load balancer services on nsx-esg
  • 1 x distributed firewall (DFW) section: 3-tier-app-dfw
  • 4 x distributed firewall (DFW) rules: external-to-web, web-to-app, app-to-db and default-block

Functions in Mobile SDDC Script:

Each function is colored in blue and emboldened.
Running each function will perform configurations detailed in the bullet points.


  • Creates the following logical switches (attached to transport-zone which spans across the compute-cluster)
    • transit-ls to connect nsx-esg and nsx-dlr
    • web-ls to connect the web virtual machines in the 3-tier-app
    • app-ls to connect the app virtual machines in the 3-tier-app
    • db-ls to connect the db virtual machines in the 3-tier-app


  • Deploys nsx-esg
    • Uplink interface of nsx-esg is connected to vds-management-network
    • Internal interface (transit) of nsx-esg is connected to transit-ls
  • Enables and configures OSPF on nsx-esg
    • Area 51 is configured for OSPF


  • Deploys nsx-dlr
    • Uplink interface (transit) of nsx-dlr is connected to transit-ls
    • Internal interfaces of nsx-esg are connected to web-ls, app-ls and db-ls
  • Enables and configures OSPF on nsx-dlr
    • Area 51 is configured for OSPF


  • Deploys 3-tier-app
    • 2 web virtual machines
    • 2 app virtual machines (only 1 is used for the demo)
    • 1 db virtual machine
  • Connects virtual machines in 3-tier-app to respective logical switches
    • Web virtual machines are connected to web-ls
    • App virtual machines are connected to app-ls
    • Db virtual machines are connected to db-ls


  • Enables load balancer services on nsx-esg
    • New application profile is created
    • Existing service monitoring for HTTP is used
    • New pool is created with web virtual machines and round-robin algorithm
    • New virtual server is created


  • Creates 3-tier-app-dfw
    • 3-tier-app-dfw is a new distributed firewall (DFW) section
  • Creates the following DFW rules
    • external-to-web allow external network and web-ls to communicate
    • web-to-app allows virtual machines in web-ls and app-ls to commmunicate
    • app-to-db allows virtual machines in app-ls and db-ls to commmunicate
    • default-block denies all traffic in the environment unless permitted by the above DFW rules