virtuallyGhetto

PowerCLI

Getting started with the new NSX-T Policy API in VMC

by 12 Comments

Today, when you deploy a new SDDC on VMware Cloud on AWS (VMC), it is based on NSX-V by default, nothing ground breaking. However, customers also have the option to request an NSX-T based SDDC, which actually came as a surprise to a couple of folks who I spoke with at VMworld. Back in August, Early Access for NSX-T based SDDC was announced and customers can take advantage of the additional networking and security capabilities provided by NSX-T within VMC. Humair Ahmed who works over in our Networking & Security Business Unit has an excellent blog post here that goes into more details. If you are interested in an NSX-T based SDDC, please reach out to your local VMware account team for more information.


Upon first glance, you might think that this is the exact same version of NSX-T that we have been shipping to our on-premises customers but in fact, it is actually a brand new and improved version. Similar to vSphere (vCenter and ESXi) and VSAN, VMC is always running a newer version of our software than our on-prem customers. One immediate difference that you should be aware of when using NSX-T in VMC is that the current NSX-T API is not available and instead a new NSX-T Policy API has been introduced to help simplify the consumption of NSX-T. All functionality in the current on-prem NSX-T API can be consumed using the new Policy API.

At VMworld, I spoke to a number of current and upcoming customers with NSX-T based SDDCs and they were really interested in using the new NSX-T Policy API and as the title of this blog post suggests, this will be a quick primer on how to do that. Before we get started, confirm that you have an NSX-T based SDDC deployed. If you are not sure, there are a few ways to determine this using either the VMC Console UI or API, instructions can be found here and here.

[Read more...] about Getting started with the new NSX-T Policy API in VMC

Using VMC API to answer commonly asked questions about your SDDC

by Leave a Comment

In the past month or so since joining the VMware Cloud on AWS (VMC) team, I have seen a number of inquiries from our Customer Success team, partners and customers on how to retrieve certain pieces information about their deployed SDDC, usually for information or integration purposes. Some of these questions can simply be answered by using the VMC Console UI, however there are others that is only available when using the VMC API, which provides a ton more data than what the UI could ever display. In any case, I figure it would be useful to share some of this information, especially as it pertains to the VMC API.

Below are just some of the frequently asked questions that I have seen and they can all be answered simply performing a GET /api/orgs/<orgId>/sddcs/<sddcId> on your specific SDDC via VMC API. In addition, I have also create two sample scripts which exercises these VMC APIs, one using the native VMC REST API and another with PowerCLI using the VMC cmdlet, which you can find more details below.

1) What version is my SDDC running?

This can be found in the VMC Console UI under the "Support" tab for a given SDDC.


You can also find this information using the VMC API by referring to the resource_config.sddc_manifest.vmc_version property.

2) When was my SDDC created?

This can be found in the VMC Console UI under the "Support" tab for a given SDDC.


You can also find this information using the VMC API by referring to the created property.

3) How long do I have until my 1-Node SDDC expires?

This can be found in the VMC Console UI under the SDDC card summary view or detailed view.


You can also find this information using the VMC API by referring to the expiration_date property. This property will be null if your SDDC is NOT a 1-Node, which is the only configuration which has an expiration.

[Read more...] about Using VMC API to answer commonly asked questions about your SDDC

Quick Tip – Requirements for using Guest Operation APIs (Invoke-VMScript & Copy-VMGuestFile) in VMC

by Leave a Comment

Since this question came up again today, I figure it was worth sharing in case others also had trouble using the vSphere Guest Operations API in VMware Cloud on AWS (VMC), which includes PowerCLI's Invoke-VMScript and Copy-VMGuestFile cmdlet. There are a couple of requirements that you must satisfy both in the GuestOS as well as between your on-prem vSphere environment and VMC.

  1. VMware Tools installed and running, it may seem obvious, but I have had customers trying to use various scripts without realizing this was a requirement. You should also ensure that you are running the latest version of VMware Tools, especially as there bugfixes that may impact Guest Operations APIs.
  2. VPN or Direct Connect (DX) configured between your on-prem vSphere environment and VMC, this is required as you will need access to ESXi hosts which is only available through a VPN or DX
  3. Create a VMC firewall rule to allow access from your on-prem network to VMC's ESXi hosts on port 443 which is used for Guest Operations access including transferring files to and from the GuestOS


The VMC firewall rule is usually the thing that most folks forget about and this simply because for most on-prem environment, access to ESXi over 443 is just sort of a default.

Once you have configured the VMC firewall to allow 443 to ESXi hosts, you will be able to use the Guest Operations API including Invoke-VMScript and Copy-VMGuestFile to a VM running in VMC

Automation with the VMware Cloud Services Platform (CSP)

by Leave a Comment

I was recently doing some work where I needed to access the APIs for the VMware Cloud Services Platform (CSP). As the name suggests, CSP is where customers can manage access, billing and consumption of the various VMware SaaS offerings including VMware Cloud on AWS (VMC) and VMware Hybrid Cloud Extension to just name a couple.

CSP also provides a RESTful API (Swagger documentation here) which enables customers and partners to automate all aspects of the CSP UI. Although my use of the CSP API is quite small, I figure it  would useful to share the overall workflow in case others were interested in consuming the full CSP API.

[Read more...] about Automation with the VMware Cloud Services Platform (CSP)

Retrieving detailed per-VM space utilization on VSAN

by 4 Comments

I was recently helping out my friend Paudie O'Riordan with a request from a customer who was looking for a way to collect detailed space utilization for their VMs (VM Home, VMDK & swap) running on VSAN. Today, this level of granularity is not available in the vSphere UI and the customer was interested in both the used and reserved capacity on a per-VM basis. Luckily, this information can be retrieved using the VSAN Management API.

To do so, we just need to use the VsanQueryObjectIdentities() API method, which I have used in the past to retrieve things like "thick" provisioned VM and translating VSAN Object IDs to their friendly VM display name. To retrieve space utilization information, we just need to set the includeSpaceSummary property to be true. While developing the PowerCLI sample script, I found that this specific property is currently not supported when querying vCenter Server and to retrieve this information, you must go directly to each ESXi host within the VSAN Cluster. I have already filed a feature request and it looks like this will be fixed in a future vSphere release.

[Read more...] about Retrieving detailed per-VM space utilization on VSAN

Quick Tip – How do I tell if NSX-V or NSX-T is installed?

by 1 Comment

This question came up last week asking for a programmatic method to identify whether NSX-V or NSX-T is deployed in your environment. With NSX-V, vCenter Server is a requirement but for NSX-T, vCenter Server is not a requirement, especially for multi-hypervisor support. In this post, I will assume for NSX-T deployments, you have configured a vCenter Compute Manager.

Both NSX-V and NSX-T uses the ExtensionManager API to register themselves with vCenter Server and we can leverage this interface to easily tell if either solutions are installed. NSX-V uses the com.vmware.vShieldManager string to identify itself and NSX-T uses the com.vmware.nsx.management.nsxt string to identify itself.

Here is a quick PowerCLI snippet that demonstrates the use of the vSphere API to check whether NSX-V or NSX-T is installed and provides the version shown in the registration:

Here is a screenshot from my environment which has both NSX-V (6.4) and NSX-T (2.1) installed:


Note: Due to some current testing, I have not upgraded my NSX-T deployment to the latest 2.2 release, so I do not know if the version gets bumped to match the actual released version