NSX

Customizing the NSX-T Login UI

10/29/2019 by William Lam Leave a Comment

I have been doing some automation with NSX-T 2.5 lately and for troubleshooting and validation purposes, I obviously make use of the NSX-T UI. After each new deployment I need to login to verify a few things. Out of pure laziness, I really would like to be able to login with just a single click for development purposes. I certainly could use password manager but it would still be a couple of clicks but I was looking something slightly quicker and that could easily work in a number of environments that I have.

Looking around the filesystem of the NSX Unified Appliance, I found the structure for the login UI to be fairly similiar (thanks to VMware Clarity) to that of the vCenter Server Appliance (VCSA). I found that I could apply the same techniques I had used to customize the VCSA Login UI including setting up pre-filled credentials (no recommended for obvious reasons) on the NSX-T Appliance.

Disclaimer: This is not officially supported by VMware, use at your own risk. Please make sure to perform a backup of all original files prior to editing in case you need to restore back the system defaults.

How to debug NSX-T API Automation with PowerCLI?

10/25/2019 by William Lam Leave a Comment

I recently needed to deploy the latest version of NSX-T (2.5) for some work I was doing with Project Pacific and of course it was related to Automation 🙂 It has been some time since I have touched the NSX-T Manager API (2.0) and although most of my existing code still worked, there were some things that broke due to API deprecation and also net new functionality that I needed to use.

I normally use PowerCLI for my Automation work and/or for prototyping purposes, not only is it easy to do but PowerCLI is still one of the most popular tool used by our customers and it means that they can easily benefit from my work. However, one of my pet peeves when working with the NSX-T APIs and PowerCLI is simply the lack of useful error messages. Here is the generic error message that you would normally see even checking the $Error[0].Exception.ServerError variable, it generally does not contain anything useful or actionable.

A server error occurred: 'com.vmware.vapi.std.errors.invalid_request': . Check $Error[0].Exception.ServerError for more details.

Here is a concrete example where I am attempting to create a new Transport Zone but I am purposing leaving out a required parameter and as you can see from the output, the same generic error message is shown and not very actionable.

I normally debug NSX-T API issue whether it is a syntax or usage problem by SSH'ing to the NSX-T Manager and monitoring the actual API logs to figure out what is actually going. It usually has exactly what I am looking for in terms of the actual server error message along with details on how to fix the problem.

Connecting to NSX-T Policy API using NSX-T Private IP in VMC

05/30/2019 by William Lam 1 Comment

As explained in my Getting started with NSX-T Policy API in VMware Cloud on AWS (VMC) article, there are two ways in which you can interact with the NSX-T Policy API in VMC. The initial method is with the NSX-T Reverse Proxy which designed for initial setup including Edge Firewall and connectivity configuration (VPN/Direct Connect). Once you have enabled remote access from your network to the SDDC, you can continue using the reverse proxy method or you can connect directly to the NSX-T Manager via its private IP Address.

So how do you actually connect to the NSX-T Manager using its private IP? To be honest, this was not something I had to do before as I really like the simplicity of the reverse proxy but since this came up today in one of our VMC Slack channels, I figured I take a closer look.

NSX-T Policy API Explorer, Docs and Sample Updates for VMC

05/20/2019 by William Lam Leave a Comment

The VMware Cloud on AWS (VMC) in-product API Explorer is something that I use on a regular basis, especially for executing a quick tasks without needing to write a single line of code or for documentation purposes to understand the required parameter to a specific API. Today, the VMC API Explorer includes both the VMC Service and Cloud Services Platform API, but one key API that has been missing is the inclusion of the NSX-T Policy API.

With the release of VMC 1.7 which just came out a few days ago, customers will now be able to also access the NSX-T Policy API directly from within the VMC API Explorer! In addition to adding to the VMC API Explorer, the NSX team has also enhanced their Swagger JSON and documentation to provide a better developer experience when working with NSX-T in VMC.

NSX-T Policy API Explorer

The new NSX-T Policy API Explorer is only available for SDDCs running 1.7, which can be newly created SDDC or an SDDC that has been upgraded to 1.7. In addition, since there still SDDC running NSX-V, to view the new API Explorer, you will need to select an NSX-T 1.7 SDDC and then two new NSX-T API references will be available: NSX VMC Policy API and NSX VMC AWS Integrations API

New Thunderbolt 3 to 10GbE options for ESXi

04/17/2019 by William Lam 24 Comments

With the help from Aquantia, we now have an ESXi driver to enable the built-in 10GbE adaptor for both the Apple 2018 Mac Mini and the iMac Pro. Although this was exciting news for our VMware/Apple customers, I was actually more excited for what this development meant for the larger VMware Community when it comes to 10GbE accessibility.

Many Enterprise customers have already been using Thunderbolt 2/3 to access their 10 Gigabit infrastructure, usually over SFP+ but Ethernet based options also exists such as the Sonnet solution which I had shared last year. This is especially common for VMware customers who virtualize Apple MacOS on vSphere for MacOS/iOS development and the use of Thunderbolt enables ESXi to connect to the underlying storage and networking infrastructure, which traditionally has been either Fibre Channel and/or IP-based storage running over a 10Gig link.

When you start looking at 10GbE accessibility for VMware home labs which could potentially apply to remote office/branch office (ROBO) and Edge/IoT environments, the cost and the complexity of the setup is something that many folks have to consider. There are definitely some creative options out there, most recently Chad Moon shared his solution using a Thunderbolt 3 to PCIe expansion chassis with his Intel NUCs which will run you about $230 per setup or you can be a true hardware hacker like Jack Harvest and use one of the M.2 slots in the Intel Skull Canyon NUC and connect that to PCIe 10GbE SFP+ card with a custom 3D printed chassis to hide everything for just $43.68 🙂

NSX-T Opaque Networks now supported with Cross vCenter Workload Migration Fling

04/15/2019 by William Lam Leave a Comment

The Cross vCenter Workload Migration Fling continues to be an extremely powerful tool for our customers and I just love hearing successful customer stories like the one recently shared by Jason on how the tool allowed him to easily migrate over 600 Virtual Machines and with more to come!

Moved 600 and looking at another thousand. Some monster VMs... our test environment moved as easy as vmotion.

— Jason 🛠 (@JasonThoms) April 9, 2019

One capability that customers have been asking for is the ability to migrate to and from an NSX-T Opaque Network type, which the current Fling does not support. This has become more and more important as the default NSX stack for VMware Cloud on AWS (VMC) is now NSX-T by default, rather than NSX-V. We are also seeing requests from on-premises customers who have deployed NSX-T for their next generation infrastructure and needing the ability to easily migrate workloads between their old infrastructure that maybe running VSS/VDS or NSX-V backed networks.

With the help from two new colleagues, Vikas Shitole and Rajmani Patel, we are excited to announce the release Cross vCenter Workload Migration v2.6 which now adds support for NSX-T Opaque Networks!