The deployment (issues) of NSX Intelligence VM (version 1) with an HTTP server

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

So a brand new "tool" was released with NSX-T 2.5 called NSX Intelligence.

Rutger Blom did a good job writing about the installation procedure and what it does.

One thing Rutger did not write about is the bit where we need to "upload" the .OVF file with the use of an HTTP server.

When installing the Intelligence VM I stumbled upon a few issues. I want to make sure that you will not face these issues so I am going to explain what I did to resolve these issues

UPDATE: 03-OCT-2019:

VMware's official KB article arround this issue has been published as well: https://kb.vmware.com/s/article/74962

Issue 1

The deployment of NSX Intelligence VM has failed with error 'OVF certificate validation failed. Error: Certificate file not available.

Unfortunately, I did not take a screenshot of this one.

Issue 2

The deployment of NSX Intelligence VM has failed with error 'OVF certificate validation failed. Error: [VALIDATION_ERROR: CERTIFICATE_INVALID_SIGNATURE; ]'.

Issue 3

The deployment of NSX Intelligence VM has failed with error 'OVF certificate validation failed. Error: Ovf, manifest and certificate files not found'.

Webservers tested

So to get it working it is important to say that not all webservers have the capability to support the correct file/MIME types for the file extensions used in OVF deployment.

MiniWeb

So I started with MiniWeb, and I thought that I needed to get a webserver ASAP up and running to do get this thing deployed most quickly. This webserver did not support the correct file/MIME types for the file extensions used in OVF deployment at all and there was no way to configure much. So I stopped with this piece of software. So this is where I ran into Issue#1.

Python SimpleHTTPServer

Then a colleague told me he got it to work with using Python SimpleHTTPServer, so I tried that ... What you can do with this is that you can turn any directory into a web server. But then I faced Issue#2.

IIS with Windows 2016 Standard

So I asked another colleague how he got it working, and he told me IIS is working fine... So I started to install IIS, and tried it again... And I faced Issue#3... Note with all the webservers I was able to download the .OVF file from the browser ... and that made it even more strange.

I guess IIS is a webserver is used a lot and will be for this deployment. So internal engineering figured out how to get IIS working.

1) You need to unzip the tar file (in my case VMware-NSX-Intelligence-appliance-1.0.0.0.0.14576942.tar) with 7Zip (I used WinZip) and you need to verify that the sha1 checksum for the files should be same as mentioned in the manifest file before progressing with installation else it will throw the certificate validation error. WinZip did cause the checksum to mismatch here.

After the decompression of the file you will get the following files:

nsx-intelligence-appliance-1.0.0.0.0.14576942.cert
nsx-intelligence-appliance-1.0.0.0.0.14576942.mf
nsx-intelligence-appliance-1.0.0.0.0.14576942.ovf
nsx-intelligence-appliance.vmdk

2) Add MIME types (In the IIS settings explaind here) for all files as follows:

.ovf (application/vmware)
.vmdk (application/octet-stream)
.mf (text/cache-manifest)
.cert (application/x-x509-ca-cert)

And with these settings, you will be able to deploy NSX Intelligence.

Ubuntu with LAMPP Apache 2

I also installed a fresh copy of Ubuntu with the LAMPP services that installed Apache 2 as part of the package and uncompressed the file (with the command tar -xvf VMware-NSX-Intelligence-appliance-1.0.0.0.0.14576942.tar) and without any other additional settings, I could use the URL hosted by this webserver for the deployment of NSX Intelligence.

Ubuntu server with nginx

Another colleague of mine reported that NGNIX with Ubuntu also works out of the box.