We have learned, in this chapter, how NSX Manager generates self-signed certificates for each of the hosts and controller nodes that are pushed to them over secure channels. A single CA-signed certificate will be installed for the NSX Manager to secure both the management interface and API endpoint on port 443. The vFabric RabbitMQ broker certificates, sent to the NSX Manager for communications with ESXi hosts, are uniquely generated on first boot.

NSX Manager instances on each site are configured to integrate with the vCenter SSO service associated with the vCenter Server instance to which they are bound. This facilitates the secure authentication of vCenter users within NSX for vSphere and any of the identity stores configured under vCenter, including LDAP, Active Directory, and NIS directories. The integration is set up through the NSX Manager user interface by supplying the address and port of the vCenter SSO server.

The NTP settings for the NSX Manager must be configured to ensure...