WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / Which NSX-T Policy APIs are used in the NSX-T UI in VMC?

Which NSX-T Policy APIs are used in the NSX-T UI in VMC?

02.20.2019 by William Lam // Leave a Comment

As the adoption of VMware Cloud on AWS (VMC) continues to accelerate, one of the very first UI interface that customers must interact with is the NSX-T UI, for enabling basic connectivity. By default the Edge Gateway has a Deny All Firewall Rule, so you will need to come to this screen to setup connectivity from your on-premises environment including a Direct Connect (DX) or Route/Policy-Based VPN. For some customers who have familiarize themselves with the NSX-T UI and its capabilities, usually the next order of business is how do I go about automating these various aspects from Day 0 setup all the way to Day N where I am migrating in or creating additional workloads.

A very common set of questions that I have been getting lately is which API do I need to look at to do X in the NSX-T UI in VMC?


Having spent some time with the NSX-T Policy API, I figure it would be useful to share the categories of NSX-T Policy API that maps back to what you see in the NSX-T UI in VMC. The list below is not exhaustive, but should it should point you in the right direction when needing to automate a particular operation.

0. Overview - https://www.williamlam.com/2019/02/how-to-retrieve-the-nsx-t-overview-info-sddc-public-ip-appliance-infra-subnet-etc-in-vmc.html

  1. Segments (Logical Networks) - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.Connectivity.Segments
  2. Route Based VPN - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.L3Vpn
    1. Edit Local ASN - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Methods.PatchBgpNeighborConfig
  3. Policy Based VPN - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.L3Vpn
  4. Layer 2 VPN - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.L2Vpn
  5. NAT - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.Nat
  6. Gateway Firewall - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.Gateway%20Firewall
  7. Distributed Firewall (DFW) - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.Dfw
  8. Groups - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Methods.ListGroupForDomain
  9. Services - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Methods.ListServicesForTenant
  10. IPFIX - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.Ipfixdfw
  11. Port Mirroring - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Methods.ListPortMirroringInstances
  12. DNS - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Sections.Policy.Dns%20Forwarder
  13. Public IPs - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Methods.ListPublicIps
  14. Direct Connect
    1. https://vmware.github.io/vsphere-automation-sdk-rest/vmc/index.html#SVC_com.vmware.vmc.orgs.account_link.connected_accounts
    2. https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Methods.GetDxBgpInfo
  15. Connected VPC - https://vdc-download.vmware.com/vmwb-repository/dcr-public/fce962c2-9c8d-477c-ba14-0572c3f11ed6/da7645f7-fe16-47a9-9e8d-29b9bae8cb34/nsx_api_vmc.html#Methods.ListLinkedVpcs

Below are some additional resources including reference samples when working with the NSX-T Policy API, definitely worth checking out if you ask me? 😉

  • Getting started with the new NSX-T Policy API in VMC
  • NSX-T Policy PowerShell Community Module for VMC
  • Managing Distributed Firewall Rules in VMC using PowerShell & NSX-T Policy API
  • Using NSX-T Policy API to retrieve the Routing Table in VMC
  • Changing the default behavior of the NSX-T Distributed Firewall (DFW) in VMC to Deny All
  • Quick Tip – How do I tell if NSX-V or NSX-T is installed?

More from my site

  • Connecting to NSX-T Policy API using NSX-T Private IP in VMC
  • How to retrieve the NSX-T Overview Info (SDDC Public IP, Appliance & Infra Subnet, etc.) in VMC?
  • Using NSX-T Policy API to retrieve the Routing Table in VMC
  • Getting started with the new NSX-T Policy API in VMC
  • Retrieving network statistics on VMware Cloud on AWS using NSX-T Policy API

Categories // Automation, NSX, VMware Cloud on AWS Tags // NSX-T, Policy Manager API, VMware Cloud on AWS

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...