PowerCLI

Automating new Cloud Motion with vSphere Replication using Hybrid Cloud Extension (HCX) API

09/25/2018 by William Lam Leave a Comment

Cloud Motion with vSphere Replication is the newest migration type that has been added to the Hybrid Cloud Extension (HCX) solution, which was also demonstrated during the VMworld US 2018 keynote (watch here). Unlike the traditional Bulk Migration, which also uses vSphere Replication to perform the initial replication, Cloud Motion with VR does not incur any downtime during the VM switch over. This is possible with our most beloved vSphere feature, vMotion!

With Bulk Migration, the VM on the source vCenter Server must be shutdown before the newly replicated VM on the destination vCenter Server can be powered on or else a network conflict will occur. Using Cloud Motion with VR, the VM is simply vMotion'ed from the source vCenter Server to the destination vCenter Server and because the VM's storage has already been replicated, the only thing that needs to transfer is the memory state of the VM.

All three HCX Migration Types can be scheduled from the HCX UI using the vSphere Client or automated using the HCX API. The latter option is definitely ideal for customers with large number of migrations but it can also help with smaller migrations as it reduces the amount of user input required when using the UI and ultimately, this reduces user errors.

To help demonstrate the HCX Migration APIs, I have updated my VMware HCX PowerShell Module to include the following two new functions:

New-HcxMigration
Get-HcxMigration

Automating Hybrid Cloud Extension (HCX) Manager OVA deployment

09/24/2018 by William Lam Leave a Comment

Feedback on my recent Hybrid Cloud Extension (HCX) Automation articles has been very positive, thanks to those who have reached out. One area that I have not had a chance to spend much time on which a few of you have pinged me about is the automating the actual deployment of the HCX Manager, which is provided to customers as an OVA image. In this article, I have created a basic PowerCLI script called deploy_hcx_manager_ova.ps1 that demonstrates using the Import-VApp and Get-OVFConfiguration cmdlets to import the OVA along with specifying the required OVF properties. The script will also wait for the HCX Manager to be ready by checking the VAMI URL located at https://[HCX-MANAGER]:9443

Lastly, for those of you who are new to HCX or would like a step by step walk through of setting up HCX, Emad Younis just kicked off a new blog series on learning about HCX, which I highly recommend folks check out here.

Here are the instructions on using the PowerCLI script to automate the HCX OVA deployment:

Step 1 - Download the latest HCX Manager OVA from HCX Cloud (you will need to login with your cloudadmin credentials)

Step 2- Download the PowerCLI HCX deployment script here.

Step 3 - Edit the script with your HCX configuration and deployment details

Step 4 - You will need to connect to your vCenter Server by using the Connect-VIServer cmdlet and then run the deployment script using the following command:

.\deploy_hcx_manager.ova.ps1

Once the deployment is successful, you can now open a browser to https://[HCX-MANAGER]:9443 and login using the admin credentials that you had specified in the script. I also plan to do a follow-up to this blog post on automating the initial configuration using the HCX VAMI APIs, so stay tuned.

NSX-T Policy PowerShell Community Module for VMC

09/21/2018 by William Lam 4 Comments

Earlier this week I had published an article on how to get started with the new NSX-T Policy API in VMware Cloud on AWS (VMC), if you have not read through that guide yet, I recommend you take a look at that first as this covers the prerequisites which will be required. As mentioned in that article, I planned to add a few more NSX-T Policy API examples and now the community NSX-T Policy PowerShell includes 37 additional functions which you can see the complete list below:

Connect-NSXTProxy
Get-NSXTFirewall
Get-NSXTGroup
Get-NSXTSegment
Get-NSXTService
New-NSXTFirewall
New-NSXTGroup
New-NSXTSegment
New-NSXTServiceDefinition (renamed as of 07/01/2019)
Remove-NSXTFirewall
Remove-NSXTGroup
Remove-NSXTSegment
Get-NSXTDistFirewallSection (as of 01/02/2019)
Get-NSXTDistFirewall (as of 01/02/2019)
New-NSXTDistFirewall (as of 01/03/2019)
Remove-NSXTDistFirewall (as of 01/03/2019)
Get-NSXTOverviewInfo (as of 02/02/2019)
Get-NSXTInfraScope (as of 03/14/2019)
Get-NSXTInfraGroup (as of 03/14/2019)
New-NSXTDistFirewallSection (as of 04/19/2019)
Remove-NSXTService (as of 04/19/2019)
Get-NSXTPolicyBasedVPN (as of 05/09/2019)
New-NSXTPolicyBasedVPN (as of 05/09/2019)
Remove-NSXTPolicyBasedVPN (as of 05/09/2019)
Get-NSXTDNS (as of 06/08/2019)
Set-NSXTDNS (as of 06/08/2019)
Get-NSXTPublicIP (as of 07/01/2019)
New-NSXTPublicIP (as of 07/01/2019)
Remove-NSXTPublicIP (as of 07/01/2019)
Get-NSXTNatRule (as of 07/01/2019)
New-NSXTNatRule (as of 07/01/2019)
Remove-NSXTNatRule (as of 07/01/2019)

After importing the module, to see the list of all functions, you can run the following command:

Get-Command -Module VMware.VMC.NSXT

Getting started with the new NSX-T Policy API in VMC

09/17/2018 by William Lam 21 Comments

Today, when you deploy a new SDDC on VMware Cloud on AWS (VMC), NSX-T is now the default networking stack and NSX-V is no longer used for net new deployments. In fact, we are about to start migrating existing VMC customers who have an NSX-V SDDC and converting them to an NSX-T SDDC. Humair Ahmed who works over in our Networking & Security Business Unit has an excellent blog post here that goes into more details on what NSX-T brings to VMC.

Upon first glance, you might think that this is the exact same version of NSX-T that we have been shipping to our on-premises customers but in fact, it is actually a brand new and improved version. Similar to vSphere (vCenter and ESXi) and VSAN, VMC is always running a newer version of our software than our on-prem customers. One immediate difference that you should be aware of when using NSX-T in VMC is that the current NSX-T API is not available and instead a new NSX-T Policy API has been introduced to help simplify the consumption of NSX-T. All functionality in the current on-prem NSX-T API can be consumed using the new Policy API.

At VMworld, I spoke to a number of current and upcoming customers with NSX-T based SDDCs and they were really interested in using the new NSX-T Policy API and as the title of this blog post suggests, this will be a quick primer on how to do that. Before we get started, confirm that you have an NSX-T based SDDC deployed. If you are not sure, there are a few ways to determine this using either the VMC Console UI or API, instructions can be found here and here.

Using VMC API to answer commonly asked questions about your SDDC

09/06/2018 by William Lam Leave a Comment

In the past month or so since joining the VMware Cloud on AWS (VMC) team, I have seen a number of inquiries from our Customer Success team, partners and customers on how to retrieve certain pieces information about their deployed SDDC, usually for information or integration purposes. Some of these questions can simply be answered by using the VMC Console UI, however there are others that is only available when using the VMC API, which provides a ton more data than what the UI could ever display. In any case, I figure it would be useful to share some of this information, especially as it pertains to the VMC API.

Below are just some of the frequently asked questions that I have seen and they can all be answered simply performing a GET /api/orgs/<orgId>/sddcs/<sddcId> on your specific SDDC via VMC API. In addition, I have also create two sample scripts which exercises these VMC APIs, one using the native VMC REST API and another with PowerCLI using the VMC cmdlet, which you can find more details below.

1) What version is my SDDC running?

This can be found in the VMC Console UI under the "Support" tab for a given SDDC.

You can also find this information using the VMC API by referring to the resource_config.sddc_manifest.vmc_version property.

2) When was my SDDC created?

This can be found in the VMC Console UI under the "Support" tab for a given SDDC.

You can also find this information using the VMC API by referring to the created property.

3) How long do I have until my 1-Node SDDC expires?

This can be found in the VMC Console UI under the SDDC card summary view or detailed view.

You can also find this information using the VMC API by referring to the expiration_date property. This property will be null if your SDDC is NOT a 1-Node, which is the only configuration which has an expiration.

Quick Tip – Requirements for using Guest Operation APIs (Invoke-VMScript & Copy-VMGuestFile) in VMC

08/02/2018 by William Lam 1 Comment

Since this question came up again today, I figure it was worth sharing in case others also had trouble using the vSphere Guest Operations API in VMware Cloud on AWS (VMC), which includes PowerCLI's Invoke-VMScript and Copy-VMGuestFile cmdlet. There are a couple of requirements that you must satisfy both in the GuestOS as well as between your on-prem vSphere environment and VMC.

VMware Tools installed and running, it may seem obvious, but I have had customers trying to use various scripts without realizing this was a requirement. You should also ensure that you are running the latest version of VMware Tools, especially as there bugfixes that may impact Guest Operations APIs.
VPN or Direct Connect (DX) configured between your on-prem vSphere environment and VMC, this is required as you will need access to ESXi hosts which is only available through a VPN or DX
Create a VMC firewall rule to allow access from your on-prem network to VMC's ESXi hosts on port 443 which is used for Guest Operations access including transferring files to and from the GuestOS

The VMC firewall rule is usually the thing that most folks forget about and this simply because for most on-prem environment, access to ESXi over 443 is just sort of a default.

Once you have configured the VMC firewall to allow 443 to ESXi hosts, you will be able to use the Guest Operations API including Invoke-VMScript and Copy-VMGuestFile to a VM running in VMC