WilliamLam.com

Getting started with the new NSX-T Policy API in VMC

by // 26 Comments

Today, when you deploy a new SDDC on VMware Cloud on AWS (VMC), NSX-T is now the default networking stack and NSX-V is no longer used for net new deployments. In fact, we are about to start migrating existing VMC customers who have an NSX-V SDDC and converting them to an NSX-T SDDC. Humair Ahmed who works over in our Networking & Security Business Unit has an excellent blog post here that goes into more details on what NSX-T brings to VMC.


Upon first glance, you might think that this is the exact same version of NSX-T that we have been shipping to our on-premises customers but in fact, it is actually a brand new and improved version. Similar to vSphere (vCenter and ESXi) and VSAN, VMC is always running a newer version of our software than our on-prem customers. One immediate difference that you should be aware of when using NSX-T in VMC is that the current NSX-T API is not available and instead a new NSX-T Policy API has been introduced to help simplify the consumption of NSX-T. All functionality in the current on-prem NSX-T API can be consumed using the new Policy API.

At VMworld, I spoke to a number of current and upcoming customers with NSX-T based SDDCs and they were really interested in using the new NSX-T Policy API and as the title of this blog post suggests, this will be a quick primer on how to do that. Before we get started, confirm that you have an NSX-T based SDDC deployed. If you are not sure, there are a few ways to determine this using either the VMC Console UI or API, instructions can be found here and here.

[Read more...]

Using VMC API to answer commonly asked questions about your SDDC

by // Leave a Comment

In the past month or so since joining the VMware Cloud on AWS (VMC) team, I have seen a number of inquiries from our Customer Success team, partners and customers on how to retrieve certain pieces information about their deployed SDDC, usually for information or integration purposes. Some of these questions can simply be answered by using the VMC Console UI, however there are others that is only available when using the VMC API, which provides a ton more data than what the UI could ever display. In any case, I figure it would be useful to share some of this information, especially as it pertains to the VMC API.

Below are just some of the frequently asked questions that I have seen and they can all be answered simply performing a GET /api/orgs/<orgId>/sddcs/<sddcId> on your specific SDDC via VMC API. In addition, I have also create two sample scripts which exercises these VMC APIs, one using the native VMC REST API and another with PowerCLI using the VMC cmdlet, which you can find more details below.

1) What version is my SDDC running?

This can be found in the VMC Console UI under the "Support" tab for a given SDDC.


You can also find this information using the VMC API by referring to the resource_config.sddc_manifest.vmc_version property.

2) When was my SDDC created?

This can be found in the VMC Console UI under the "Support" tab for a given SDDC.


You can also find this information using the VMC API by referring to the created property.

3) How long do I have until my 1-Node SDDC expires?

This can be found in the VMC Console UI under the SDDC card summary view or detailed view.


You can also find this information using the VMC API by referring to the expiration_date property. This property will be null if your SDDC is NOT a 1-Node, which is the only configuration which has an expiration.

[Read more...]

Quick Tip - Requirements for using Guest Operation APIs (Invoke-VMScript & Copy-VMGuestFile) in VMC

by // 1 Comment

Since this question came up again today, I figure it was worth sharing in case others also had trouble using the vSphere Guest Operations API in VMware Cloud on AWS (VMC), which includes PowerCLI's Invoke-VMScript and Copy-VMGuestFile cmdlet. There are a couple of requirements that you must satisfy both in the GuestOS as well as between your on-prem vSphere environment and VMC.

  1. VMware Tools installed and running, it may seem obvious, but I have had customers trying to use various scripts without realizing this was a requirement. You should also ensure that you are running the latest version of VMware Tools, especially as there bugfixes that may impact Guest Operations APIs.
  2. VPN or Direct Connect (DX) configured between your on-prem vSphere environment and VMC, this is required as you will need access to ESXi hosts which is only available through a VPN or DX
  3. Create a VMC firewall rule to allow access from your on-prem network to VMC's ESXi hosts on port 443 which is used for Guest Operations access including transferring files to and from the GuestOS


The VMC firewall rule is usually the thing that most folks forget about and this simply because for most on-prem environment, access to ESXi over 443 is just sort of a default.

Once you have configured the VMC firewall to allow 443 to ESXi hosts, you will be able to use the Guest Operations API including Invoke-VMScript and Copy-VMGuestFile to a VM running in VMC