WilliamLam.com

Retrieving network statistics on VMware Cloud on AWS using NSX-T Policy API

by // 1 Comment

One question that has come up lately from VMware Cloud on AWS customers is to understand their network traffic usage, especially as it pertains to traffic that exit or egress their SDDC. There are a number of graphical tools that can be used today to get insights into this information, one is the popular vRealize Network Insight Cloud solution which many of our VMware Cloud on AWS customers are taking advantage of to not only understand traffic usage and flow data history but is also instrumental in aiding customers when planning workload migrations from their on-premises datacenter to VMware Cloud on AWS.

While researching this topic, I also came to learn that this information can be retrieved using the NSX-T Policy API which is available to all customers to use. We are going to be leveraging the Tier-0 statistics interface API from NSX-T which will give us both transmit and receive stats on all supported interfaces. From the diagram below, we can see the interfaces that are applicable to VMware Cloud on AWS is the Internet interface which includes VPN traffic, VPC interface which includes traffic going to Linked VPC and Direct Connect interface which includes traffic when using AWS Direct Connect.

NSX-T Topology in VMware Cloud on AWS

As you might expect, these exact same three interface types is then represented as logical interfaces within the NSX-T Policy API which uses the following IDs:

  • cross-vpc
  • public
  • direct-connect

Note: Statistics on the Direct Connect interface will also include traffic if you are using the new VMware Transit Connect with AWS Transit Gateway feature.

These interface can be discovered by performing a GET on /policy/api/v1/infra/tier-0s/vmc/locale-services/default/interfaces and then you would then identify the two NSX-T Edge (Active/Passive) and construct the T0 URL to retrieve the statistics. I will not bore you with the details and have implemented this as a new PowerShell function called Get-NSXTT0Stats and for those interested in the implementation, please see the code here.

Note: For those wanting to see the full NSX-T Policy REST URLs, simply append -Troubleshoot flag and that will output additional information on how I am retrieving the various pieces of information required to call into the T0 Stats API.

[Read more...]

Custom notification and automation based on host failure in VMware Cloud on AWS

by // Leave a Comment

Physical hardware failure is inevitable, this is true whether it is running in your on-premises datacenter or in the Cloud like VMware Cloud on AWS. Although vSphere HA will automatically restart all affected VMs after detecting a host failure, there is usually additional activities that must be performed by a customer such as notifying all impacted application owners and even creating an incident ticket for hardware replacement.

With VMware Cloud on AWS, the hardware replacement is done automatically for you but the downstream activity of notifying application owners to verify the application is functional is still managed by the customer. There are many ways in how customers can manage such incidents and one solution that I am a huge advocate of is taking advantage of the powerful vCenter Server Events, which has over 1700+ events, not to mention any of the 2nd/3rd party events.

When an ESXi host fails, the com.vmware.vc.HA.DasHostFailedEvent event will be generated which contains all the relavent information related to the host failure including the specific hostname/IP, when the incident occurred and details about the vSphere Cluster and Datacenter is also provided. This information is visible using the vSphere UI but it can also be programmatically retrieved using the vSphere API, which is how the vSphere UI renders this information.

Note: Everything described in this blog post including the VEBA example is applicable to any environment that contains vCenter Server and is not limited to just VMware Cloud on AWS.

[Read more...]

Extending VMware Cloud on AWS Notifications using the Notification Gateway API

by // 5 Comments

The VMware Cloud Notification Gateway (NGW) Service was launched back in May 2019 and is used to communicate important customer-facing notifications which can be delivered across a number of different communication channels as shown in the diagram below.


Of all the different communication channels, I think one of the most interesting one is the ability to send an outgoing webhook based on a specific VMware Cloud Event. In fact, this was the very first thing that caught my attention when I had first learned about the NGW Service from Nancy Cheng, the Product Manager for this service.

You can probably guess why I was so excited for this feature as it mimics a similiar capability to our VMware Event Broker Appliance (VEBA) solution. This not only enables our customers to consume other public cloud services that support webhooks but it also opens up the door for more advanced integrations, more on this at the end of this blog post 😀

As of publishing this blog post, there are over 75+ VMware Cloud Events which customers can subscribe to such including when a new SDDC is created or deleted, a new ESXi host has been added either manually or automatically via our Elastic DRS (eDRS) Service, SDDC maintenance notices to subscription reminders to just name a few. Although the default email and UI channels are great, many customers would also like to receive these notifications using other popular communications channels such as Slack or Microsoft Teams.

To help demonstrate the webhook functionality of the NGW Service API, I have created a PowerShell Module for VMware Cloud Notifications called VMware.VMC.Notification which is also published i then Microsoft Powershell Gallery. The module contains the following functions:

  • Connect-VmcNotification
  • Get-VmcNotificationEvent
  • Get-VmcNotificationWebhook
  • Test-VmcNotificationWebhook
  • Remove-VmcNotificationWebhook

[Read more...]