Deploying Ops Manager with NSX-T for Enterprise PKS

Page last updated:

Warning: Pivotal Container Service (PKS) v1.4 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy.
To stay up to date with the latest software and security updates, upgrade to a supported version.

This topic provides instructions for deploying Ops Manager on VMware vSphere with NSX-T integration for use with Enterprise Pivotal Container Service (Enterprise PKS).


Before deploying Ops Manager with NSX-T for Enterprise PKS, you must do the following:

SSH Key Requirements for Ops Manager v2.6

Beginning with Ops Manager v2.6 for vSphere, password authentication is replaced with SSL/TLS authentication. If you are installing Ops Manager v2.6 on vSphere, you cannot deploy Ops Manager successfully without adding a public SSH key in the appropriate field of the Customize Template screen. If you do not add a public SSH key, Ops Manager shuts down automatically because it cannot find a key and may enter a reboot loop. For more information, see Passwords Not Supported for Ops Manager VM on vSphere in the Ops Manager v2.6 release notes. For installation instructions specific to Ops Manager v2.6, see Deploy Ops Manager v2.6.

When you add the key value to the Public SSH Key field, you must enter the entire public key similar to the format required for authorized_keys. For example, the format required is similar to the following:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAnZBapWsER/EO1hLYvV/rkZe78mUBueZGHx1kw+ByfNbLoA385Cm72L+6qq40yOIH6R42nHN/bynbeHOD4Ptes4/s2lrLJtTzEWgH9XYnId4sE5f+QTFd2kRtTzZcu8WvFudEIyCIWjO+o9yvPETs05dEl/3KDn+t9uXxiszrG9Ycb2uNNpmDES+ohm9BQQFmpwFnao+UuQbRXLCcQ3SoE3Ai5Z9O+3PBwm0IByx87/dUuqvVISAJ8yGu2hJobx9PPStFERtUsfx5x+WIu9XIkrl5tzxgH9hBDsOS9cVUYJ7kKUUf1yyro6ocHyu6TWHJHSJLt8Z2FULxMPpqdn+8Xw== my-key

Deploy Ops Manager for Enterprise PKS

  1. Download the Pivotal Ops Manager for vSphere installation file from the Pivotal Network.

    1. Open a browser to the Pivotal Operations Manager download page on the Pivotal Network.
    2. Use the dropdown menu to select the supported Pivotal Operations Manager release.
    3. Select the Pivotal Ops Manager for vSphere download option. This downloads the Pivotal Ops Manager for vSphere VM template as an OVA file.
  2. Log into vCenter using the vSphere Web Client (FLEX) to deploy the Ops Manager OVA. This can also be done using the using the vSphere Client (HTML5), the OVFTool, or the PowerCLI.

  3. Select the Resource Pool defined for the Enterprise PKS Management Plane. See Create Enterprise PKS Management Plane if you have not defined the Enterprise PKS Management Resource Pool.

  4. Right click the Enterprise PKS Management Plane Resource Pool and select Deploy OVF Template.

    Deploy om 02

  5. At the Select template screen, click Browse.

    Deploy om 03

  6. Select the Ops Manager OVA file you downloaded and click Open.

  7. Review template selection and click Next.

    Deploy om 04

  8. At the Select Name and location screen, enter a name for the Ops Manager VM (or use the default name), select the Datacenter object, and click Next

    Deploy om 06

  9. At the Select a resource screen, select the Enterprise PKS Management Plane Resource Pool and click Next.

    Deploy om 07

  10. At the Review Details screen, confirm the configuration up to this point and click Next.

    Deploy om 08

  11. At the Select Storage screen, select Thin Provision, choose the desired Datastore, and click Next. For more information about disk formats, see Provisioning a Virtual Disk in vSphere.

    Warning: Ops Manager requires a Director VM with at least 8GB memory.

    Deploy om 09

  12. At the Select Networks screen, if you are using vSphere 6.7, select either the Enterprise PKS Management T1 Logical Switch that you defined when Creating the Enterprise PKS Management Plane, or if you are using vSphere 6.5, select a vSS or vDS port-group such as the standard VM Network, and click Next.

    Deploy om 10

    WARNING: With VMware vCenter Server 6.5, when initially deploying the Ops Manager OVA, you cannot connect to an NSX-T logical switch. You must first connect to a vSphere Standard (vSS) or vSphere Distributed Switch (vDS). After the OVA deployment is complete, before powering on the Ops Manager VM, connect the network interface to the NSX-T logical switch. The instructions below describe how to do this. This issue is resolved in VMware vCenter Server 6.7. For more information about this issue, see the VMware Knowledge Base.

  13. At the Customize template screen, enter the following information.

    • Admin Password: A default password for the “ubuntu” user. If you do not enter a password, Ops Manager will not boot up. (Required for Ops Manager v2.4 and v2.5.)
    • Public SSH Key: Required for Ops Manager v2.6. Enter the pre-existing public SSH key value to allow SSH access to the Ops Manager VM. You must enter the entire the public key similar to the format required for authorized_keys. See SSH Key Requirements for Ops Manager v2.6.
    • Custom hostname: The hostname for the Ops Manager VM, for example ops-manager.
    • DNS: One or more DNS servers for the Ops Manager VM to use, for example
    • Default Gateway: The default gateway for Ops Manager to use, for example
    • IP Address: The IP address of the Ops Manager network interface, for example (assuming Enterprise PKS NAT-mode).
    • NTP Servers: The IP address of one or more NTP servers for Ops Manager, for example
    • Netmask: The network mask for Ops Manager, for example, Deploy om 11
  14. Click Next.

  15. At the Ready to complete screen, review the configuration settings and click Finish. This action begins the OVA import and deployment process.

    Deploy om 12

  16. Use the Recent Tasks panel at the bottom of the vCenter dashboard to check the progress of the OVA import and deployment. IF the import or deployment is unsuccessful, check the configuration for errors.

    Deploy om 13

  17. After the deployment completes successfully, right-click the Ops Manager VM and select Edit Settings.

    Deploy om 14

  18. If you initially selected a vDS or vSS network for the Virtual Hardware > Network adapter 1 setting, change the vNIC connection to use the nsx.LogicalSwitch that is defined for the Enterprise PKS Management Plane, for example LS-MGMT-PKS. See Create Enterprise PKS Management Plane if you have not defined the Enterprise PKS Management T1 Logical Switch and Router.

    Deploy om 15

  19. Right-click the Ops Manager VM and click Power On.

    Deploy om 16

Configure Ops Manager for Enterprise PKS

  1. Create a DNS entry for the IP address that you used for Ops Manager. You must use this fully qualified domain name when you log into Ops Manager in the Installing Pivotal Cloud Foundry on vSphere topic. Use the routable IP address assigned to Ops Manager.

    Note: Ops Manager security features require you to create a fully qualified domain name to access Ops Manager during the initial configuration.

  2. Navigate to the fully qualified domain of your Ops Manager in a web browser.

    Note: It is normal to experience a brief delay before the interface is accessible while the web server and VM start up.

    Note: If you are using the NAT deployment topology, you will need a DNAT rule that maps the Ops Manager private IP to a routable IP. See Create Enterprise PKS Management Plane for instructions.

    Deploy om 17

  3. The first time you start Ops Manager, you are required select an authentication system. These instructions use Internal Authentication. See Set Up Ops Manager in the PCF documentation for configuration details for the SAML and LDAP options.

    Deploy om 18

  4. Select Internal Authentication and provide the following information:

    • Username, Password, and Password confirmation to create a user with administrative privileges.
    • Decryption passphrase and the Decryption passphrase confirmation. This passphrase encrypts the Ops Manager datastore, and is not recoverable.
    • HTTP proxy or HTTPS proxy, follow the instructions in Configuring Proxy Settings for the BOSH CPI.
  5. Read the End User License Agreement, and select the checkbox to accept the terms.

  6. Click Setup Authentication. It takes a few minutes to initialize the database.

    Deploy om 19

  7. Log in to Ops Manager with the username and password that you created.

    Deploy om 20

  8. Verify success. You should be able to log in, and you should see the BOSH Director tile is present and ready for configuration, indicated by the orange color.

    Deploy om 21

Next Step

After you complete this procedure, follow the instructions in Generating and Registering the NSX Manager Certificate for Enterprise PKS.

Please send any feedback you have to