Safe NSX Removal on vSphere 7.0.3

Nicholas Siakotos
cloud nsx nsx-t security vmware vsphere

This guide provides clear, step-by-step instructions for safely removing NSX from a Security Only installation on vSphere 7.0.3. Make sure you have a backup of your environment before proceeding.

Steps

1. Move VMkernel Ports to Standard Switches

    • Migrate all VMkernel ports from the NSX-backed Distributed Virtual Switch (VDS) to standard vSwitches.

    • Verify network connectivity before proceeding.

2. Place the Host into Maintenance Mode

    • Log in to vCenter or directly to the ESXi host.

    • Place the host into Maintenance Mode.

3. Allow SSH and ESXi Shell

    • Enable SSH and ESXi Shell:

        • Navigate to Host > Manage > Services.

        • Start both services.

4. Access the Host via SSH

    • Use an SSH client (e.g., PuTTY) to connect to the ESXi host.

5. Check Installed NSX VIBs

Run the next command to check for NSX VIBs:

esxcli software vib list | grep -E 'nsx|vsipfwlib'

6. Remove NSX

Run the following command to initiate NSX removal:

nsxcli -c del nsx

    • When prompted, type yes and press Enter.

7. Note Physical Ports to Uplinks

    • Document the current physical port mappings to uplinks for reference in subsequent steps.

8. Remove Host from VDS

    • In vCenter, remove the host from the Distributed Virtual Switch (VDS).

9. Add Host Back to VDS

    • Re-add the host to the VDS and select the physical uplinks noted in the previous step.

10. Wait and Verify NSX VIBs

    • Wait 30 seconds, then recheck for NSX VIBs using the command: esxcli software vib list | grep -E 'nsx|vsipfwlib'

    • If values are returned, wait another 30 seconds and try again.

    • Note: On average, this step takes 1-2 minutes. Do not proceed until the command returns no value.

11. Exit Maintenance Mode

    • Remove the host from Maintenance Mode.

Final Verification

    • Confirm the ESXi host is functioning correctly without NSX components.

    • Verify VMkernel connectivity and virtual machine networking.

Important Notes

    • Perform these steps during a maintenance window to minimize impact.

    • Test the process in a non-production environment if possible.

    • Ensure backups and documentation are in place before starting.

    • Contact VMware support if issues arise.