VMware NSX

 View Only
  • 1.  ClusterComputeResource' is not supported in NSX-T. "

    Posted Aug 30, 2023 06:25 PM

    Dear Team,

    During V2T getting below message

     

    ClusterComputeResource' is not supported in NSX-T. On few DFW rules Cluster is selected, how to mitigate the same. Please assist.

     

    thank you in advance



  • 2.  RE: ClusterComputeResource' is not supported in NSX-T. "
    Best Answer

    Posted Sep 10, 2023 08:28 PM

    The error message "ClusterComputeResource' is not supported in NSX-T" typically indicates that there are Distributed Firewall (DFW) rules in your VMware environment that reference a compute cluster. NSX-T does not support using compute clusters in DFW rules as you would in a traditional vSphere environment. To mitigate this issue and make your DFW rules compatible with NSX-T, you should update these rules. Here's how you can proceed:

    1. **Identify DFW Rules with Cluster References:**
    - First, identify the specific DFW rules that reference the "ClusterComputeResource." These rules may have been created in your vSphere environment.

    2. **Understand the Intent of Cluster Rules:**
    - Understand the purpose of these rules. In traditional vSphere environments, it's common to use clusters for grouping VMs, but in NSX-T, segmentation and security are typically achieved differently.

    3. **Update DFW Rules:**
    - For each rule that references a cluster, you'll need to update it to work with NSX-T. The exact changes will depend on the intent of the rule. Here are some considerations:

    a. **Replace Cluster References:** If the cluster was used to group VMs for security purposes, you'll need to replace the cluster reference with references to the specific VMs or security groups in NSX-T. This means redefining the source and destination objects of the rule.

    b. **Redesign Rules:** If the rules were using cluster-based logic that's not directly translatable to NSX-T, you may need to redesign the rules to fit the NSX-T security model. This could involve creating new security groups, tags, or policies as needed.

    c. **Review Policies:** Reevaluate the policies that these cluster-based rules were a part of. NSX-T has a different way of managing security policies, so you may need to create new policies to replace the old ones.

    4. **Test and Validate:** Before making any changes in a production environment, thoroughly test the updated DFW rules in a test or staging environment. Ensure that the new rules achieve the desired security outcomes without any unintended consequences.

    5. **Apply Changes:** Once you're confident that the updated rules are working correctly, apply them in your NSX-T environment.

    6. **Documentation:** Document the changes you've made to the DFW rules for future reference and auditing.

    7. **Review Other Configuration:** Review your overall NSX-T configuration to ensure it aligns with your security and segmentation requirements. Make sure that you have appropriate security groups, tags, and policies in place to manage security effectively.

    8. **Seek Assistance if Needed:** If you encounter complexities or challenges during this process, consider seeking assistance from VMware support or consulting with a VMware NSX-T expert who can provide guidance specific to your environment.

    Updating DFW rules from a vSphere-based model to an NSX-T model may require some significant changes, but it's essential to ensure that your security posture remains effective in the new environment while avoiding any compatibility issues.