PowerCLI

Can a VM in the VMC Compute Network access the SDDC Management Network?

11/19/2018 by William Lam Leave a Comment

Similiar to an on-premises vSphere deployment, VMware Cloud on AWS follows good security practices by isolating and preventing access to the SDDC Management Network including Virtual Machines running in the Compute Network. With that said, the SDDC can be configured to enable access to the SDDC Management Network for either all or subset of workloads running in the Compute Network.

I have seen this request come up a few times, usually around proof of concepts, lack of on-premises infrastructure or wanting to run completely isolated within VMC for Dev/Test purposes. Below are the step by step instruction on setting this up for both an NSX-V and NSX-T based SDDC. Once enabled, customers can access the vCenter vSphere UI from within the specified Virtual Machine(s) including using tools like OVFTool or PowerCLI for importing new or existing workloads.

Note: Please refer to this blog post here to determine if you are running an NSX-V or NSX-T based SDDC.

All vSphere 6.7 Update 1 release notes & download links

10/16/2018 by William Lam 10 Comments

The highly anticipated vSphere 6.7 Update has officially GA'ed! Below is an aggregation of all the related release notes and downloads for this vSphere release. I have also created a short URL which you can use to access this exact same page using vmwa.re/vsphere67u1

The downloads are currently being staged, so please be patient.

vCenter Server 6.7u1

ESXi 6.7u1

vSAN 6.7u1

Automating new Cloud Motion with vSphere Replication using Hybrid Cloud Extension (HCX) API

09/25/2018 by William Lam Leave a Comment

Cloud Motion with vSphere Replication is the newest migration type that has been added to the Hybrid Cloud Extension (HCX) solution, which was also demonstrated during the VMworld US 2018 keynote (watch here). Unlike the traditional Bulk Migration, which also uses vSphere Replication to perform the initial replication, Cloud Motion with VR does not incur any downtime during the VM switch over. This is possible with our most beloved vSphere feature, vMotion!

With Bulk Migration, the VM on the source vCenter Server must be shutdown before the newly replicated VM on the destination vCenter Server can be powered on or else a network conflict will occur. Using Cloud Motion with VR, the VM is simply vMotion'ed from the source vCenter Server to the destination vCenter Server and because the VM's storage has already been replicated, the only thing that needs to transfer is the memory state of the VM.

All three HCX Migration Types can be scheduled from the HCX UI using the vSphere Client or automated using the HCX API. The latter option is definitely ideal for customers with large number of migrations but it can also help with smaller migrations as it reduces the amount of user input required when using the UI and ultimately, this reduces user errors.

To help demonstrate the HCX Migration APIs, I have updated my VMware HCX PowerShell Module to include the following two new functions:

New-HcxMigration
Get-HcxMigration

Automating Hybrid Cloud Extension (HCX) Manager OVA deployment

09/24/2018 by William Lam Leave a Comment

Feedback on my recent Hybrid Cloud Extension (HCX) Automation articles has been very positive, thanks to those who have reached out. One area that I have not had a chance to spend much time on which a few of you have pinged me about is the automating the actual deployment of the HCX Manager, which is provided to customers as an OVA image. In this article, I have created a basic PowerCLI script called deploy_hcx_manager_ova.ps1 that demonstrates using the Import-VApp and Get-OVFConfiguration cmdlets to import the OVA along with specifying the required OVF properties. The script will also wait for the HCX Manager to be ready by checking the VAMI URL located at https://[HCX-MANAGER]:9443

Lastly, for those of you who are new to HCX or would like a step by step walk through of setting up HCX, Emad Younis just kicked off a new blog series on learning about HCX, which I highly recommend folks check out here.

Here are the instructions on using the PowerCLI script to automate the HCX OVA deployment:

Step 1 - Download the latest HCX Manager OVA from HCX Cloud (you will need to login with your cloudadmin credentials)

Step 2- Download the PowerCLI HCX deployment script here.

Step 3 - Edit the script with your HCX configuration and deployment details

Step 4 - You will need to connect to your vCenter Server by using the Connect-VIServer cmdlet and then run the deployment script using the following command:

.\deploy_hcx_manager.ova.ps1

Once the deployment is successful, you can now open a browser to https://[HCX-MANAGER]:9443 and login using the admin credentials that you had specified in the script. I also plan to do a follow-up to this blog post on automating the initial configuration using the HCX VAMI APIs, so stay tuned.

NSX-T Policy PowerShell Community Module for VMC

09/21/2018 by William Lam 4 Comments

Earlier this week I had published an article on how to get started with the new NSX-T Policy API in VMware Cloud on AWS (VMC), if you have not read through that guide yet, I recommend you take a look at that first as this covers the prerequisites which will be required. As mentioned in that article, I planned to add a few more NSX-T Policy API examples and now the community NSX-T Policy PowerShell includes 37 additional functions which you can see the complete list below:

Connect-NSXTProxy
Get-NSXTFirewall
Get-NSXTGroup
Get-NSXTSegment
Get-NSXTService
New-NSXTFirewall
New-NSXTGroup
New-NSXTSegment
New-NSXTServiceDefinition (renamed as of 07/01/2019)
Remove-NSXTFirewall
Remove-NSXTGroup
Remove-NSXTSegment
Get-NSXTDistFirewallSection (as of 01/02/2019)
Get-NSXTDistFirewall (as of 01/02/2019)
New-NSXTDistFirewall (as of 01/03/2019)
Remove-NSXTDistFirewall (as of 01/03/2019)
Get-NSXTOverviewInfo (as of 02/02/2019)
Get-NSXTInfraScope (as of 03/14/2019)
Get-NSXTInfraGroup (as of 03/14/2019)
New-NSXTDistFirewallSection (as of 04/19/2019)
Remove-NSXTService (as of 04/19/2019)
Get-NSXTPolicyBasedVPN (as of 05/09/2019)
New-NSXTPolicyBasedVPN (as of 05/09/2019)
Remove-NSXTPolicyBasedVPN (as of 05/09/2019)
Get-NSXTDNS (as of 06/08/2019)
Set-NSXTDNS (as of 06/08/2019)
Get-NSXTPublicIP (as of 07/01/2019)
New-NSXTPublicIP (as of 07/01/2019)
Remove-NSXTPublicIP (as of 07/01/2019)
Get-NSXTNatRule (as of 07/01/2019)
New-NSXTNatRule (as of 07/01/2019)
Remove-NSXTNatRule (as of 07/01/2019)

After importing the module, to see the list of all functions, you can run the following command:

Get-Command -Module VMware.VMC.NSXT

Getting started with the new NSX-T Policy API in VMC

09/17/2018 by William Lam 23 Comments

Today, when you deploy a new SDDC on VMware Cloud on AWS (VMC), NSX-T is now the default networking stack and NSX-V is no longer used for net new deployments. In fact, we are about to start migrating existing VMC customers who have an NSX-V SDDC and converting them to an NSX-T SDDC. Humair Ahmed who works over in our Networking & Security Business Unit has an excellent blog post here that goes into more details on what NSX-T brings to VMC.

Upon first glance, you might think that this is the exact same version of NSX-T that we have been shipping to our on-premises customers but in fact, it is actually a brand new and improved version. Similar to vSphere (vCenter and ESXi) and VSAN, VMC is always running a newer version of our software than our on-prem customers. One immediate difference that you should be aware of when using NSX-T in VMC is that the current NSX-T API is not available and instead a new NSX-T Policy API has been introduced to help simplify the consumption of NSX-T. All functionality in the current on-prem NSX-T API can be consumed using the new Policy API.

At VMworld, I spoke to a number of current and upcoming customers with NSX-T based SDDCs and they were really interested in using the new NSX-T Policy API and as the title of this blog post suggests, this will be a quick primer on how to do that. Before we get started, confirm that you have an NSX-T based SDDC deployed. If you are not sure, there are a few ways to determine this using either the VMC Console UI or API, instructions can be found here and here.