Skip to main content

Albarius Integration Guide: VMware by Broadcom NSX-T Connection

Enable Albarius to interact with the NSX Manager API for automated micro-segmentation provisioning and security policy management.

Written by Denis Malinovtsev

1. Introduction

This document outlines the step-by-step procedures required to establish a secure and functional connection between the Albarius platform and the VMware by Broadcom NSX (formerly NSX-T) Management Cluster.

Objective: Enable Albarius to interact with the NSX Manager API for [Insert specific purpose, e.g., automated micro-segmentation provisioning, security policy management, logical switch syncing, or inventory retrieval].

2. Prerequisites

Before initiating the connection setup, ensure the following requirements are met:

  • NSX Version: NSX-T Data Center / NSX version [Insert minimum supported version, e.g., 3.2 or 4.x].

  • Network Access: Albarius must have routeability to the NSX Manager IP address or the Virtual IP (VIP) of the NSX Management Cluster.

  • Credentials: Administrator account on NSX with appropriate REST API permissions for the intended operations.

  • Albarius Access: Administrator access to the Albarius configuration console.

3. Network and Firewall Configuration

To allow Albarius to communicate with the NSX Manager, specific ports must be permitted through any intermediate firewalls.

  1. Navigate to the firewall policy managing traffic between the Albarius platform and the NSX Manager cluster.

  2. Create a rule to permit the necessary traffic:

    • Source: Albarius IP Address ([Insert Albarius IP/Subnet])

    • Destination: NSX Manager Cluster VIP or Individual Node IPs ([Insert NSX Manager IP(s)])

    • Service/Ports: * HTTPS / TCP 443 (For REST API Access)

  3. Additional rules:

    • Src: Clients | Dst: Albarius Server | Svc: TCP-2345

    • Src: NSX-T | Dst: Albarius Server | Svc: 5517 UDP

  4. Install the policy.

4. VMware NSX Configuration

Note: For production automation, it is highly recommended to create a dedicated local user or use a Principal Identity with certificate-based authentication. This guide covers the local user API account creation.

4.1 Create a Dedicated Local User

To ensure least-privilege access and auditability, create a specific user for the Albarius integration.

  1. Log in to the NSX Manager UI using an Enterprise Admin account.

  2. Navigate to System > User Management > Local Users.

  3. Click Add.

  4. Configure the new user details:

    • Username: albarius-api

    • Full Name: Albarius Service Account

    • Password: Enter and confirm a strong password.

  5. Click Save.

4.2 Assign Roles and Permissions

Assign the appropriate role to the newly created local user based on the level of access Albarius requires.

  1. Navigate to System > User Management > Role Assignment.

  2. Click Add > Role Assignment for Local User.

  3. Configure the assignment:

    • User: Select the albarius-api user created in the previous step.

    • Role: Assign the relevant role(s). Typical API roles include:

      • Enterprise Admin: (Full unrestricted access - Use with caution)

      • Security Admin: (Allows management of distributed firewall rules, security groups, etc.)

      • Network Admin: (Allows management of Tier-0/Tier-1 gateways, segments, etc.)

      • Auditor: (Read-only access across the environment)

  4. Click Save.

4.3 Send logs

Send Logs Aria


Log Management > Log Forwarding > Create New Destination.
1. Name.

2. Set Albarius server IP.

3. Transport UDP.

4. Filter: “text” | “matches” | *FIREWALL_PKTLOG:*

5. Click Advanced Settings > Set Port 5517.

6. Test & Save.

A screenshot of a computer Description automatically generated

API Call limits Commands CLI (Optionally)

set service http client-api-concurrency-limit [number].

set service http client-api-rate-limit [number].

set service http global-api-concurrency-limit [number].

5. Albarius Platform Configuration

With the NSX-T side prepared, configure the connection within the Albarius platform.

  1. Log in to the Albarius portal.

  2. Navigate to [Insert Path: e.g., Settings > Integrations > Add New].

  3. Select VMware NSX-T from the available integration types.

  4. Enter the following details:

    • NSX Manager IP/FQDN: [Insert NSX Manager VIP or active node IP]

    • Username: [Insert the account created in step 4.1, e.g., albarius-api]

    • Password: [Insert credentials]

    • Verify SSL Certificate: [Toggle On/Off based on whether you are using publicly trusted certs or self-signed certs in NSX]

  5. Click Save Configuration.

6. Verification and Testing

To ensure the connection is fully operational:

  1. Within the Albarius integration page, click the Test Connection button.

  2. Verify that a "Success" message is returned.

  3. Navigate to Firewalls to confirm that data (security groups, VMs, tags, or distributed firewall policies) is successfully synchronizing from NSX.

7. Troubleshooting

If the connection test fails, verify the following:

  • Management VIP Status: Ensure the NSX Management Cluster VIP is accessible and that the underlying manager nodes are in a healthy state (System > Appliances).

  • Certificate Issues: If "Verify SSL Certificate" is enforced in Albarius but the NSX Manager uses a self-signed certificate, the API call may fail. Temporarily disable strict SSL verification in Albarius or import the NSX CA certificate into Albarius.

  • API Logs: Connect to the active NSX Manager node via SSH and check the reverse proxy logs for incoming API requests and authentication failures:

tail -f /var/log/proxy/reverseproxy.log

Related Articles
Albarius Integration Guide: Check Point Management Connection
Albarius Integration Guide: Palo Alto Panorama Connection
Albarius Integration Guide: Fortinet FortiManager / FortiGate Connection
Did this answer your question?