Objective 9.2 – Understand NSX Automation

Principles

  1. Discern common use cases that require the NSX REST API
  2. Compare and contrast how the NSX REST API works and how it is used with a supported browser
  3. Understand how NSX REST API Calls are sent to the NSX Manager
  4. Differentiate common NSX REST API verbs
  5. Determine how to use NSX REST API calls to learn the network topology

References

  1. NSX Administration Guide

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf

  1. NSX vSphere API Guide

http://pubs.vmware.com/NSX-6/topic/com.vmware.ICbase/PDF/nsx_604_api.pdf

Discern common use cases that require the NSX REST API

  1. User management
    • Get user information
    • Enable/Disable users
    • Remove user role
  2. Logical Switches
    • Create Switches
    • Configure Segment IDs
  3. Edge Management
    • Create and managed ESGs and Logical Routers
    • Configure Load Balancers
  4. Grouping objects
    • Security Policies, TAGs
    • IP/MAC Sets
    • IP Pools
  5. Firewall management
    • ESG Firewall rules management
    • Distributed Firewall rules management

Compare and contrast how the NSX REST API works and how it is used with a supported browser

  • REST: Representational State Transfer
  • Uses HTTP to create and modify and delete objects through a URL
  • REST API defined by a set of XML documents (schema) that defines:
    • Supported objects e.g. Logical Switch, NSX Edge
    • XML schema for supported objects
    • How objects are addressed e.g. object id
  • Browser support is provided through extensions e.g. Firefox RESTClient

Understand how NSX REST API Calls are sent to the NSX Manager

  • Add HTTP Basic (base64) authentication header e.g.
    • Authorization: Basic YWRtaW46YWRtaW4=
    • String after “Basic” is base64 encoded <username>:<password>
  • Enter HTTP method (GET, PUT, POST, DELETE)
  • Enter URI for selected object e.g. nsxmanager/api/2.0/services/vsmconfig
  • e.g. with curl:

curl -k -h <username>:<password> https://nsxmanager/api/<uri>

Differentiate common NSX REST API verbs

  • GET: Read operations
  • POST: Create objects
  • PUT: Modify objects
  • DELETE: Remove objects

Determine how to use NSX REST API calls to learn the network topology

  • Get a list of Edges (ESGs + DLRs)

<nsxmanager>/api/4.0/edges

  • Get a specific Edge or DLR configuration

<nsxmanager>/api/4.0/edges/<edge-id>

  • Get a list of Logical Switches

<nsxmanager>/api/2.0/vdn/switches

  • Get DFW Configuration

<nsxmanager>/api/4.0/firewall/globalroot-0/config

  • Get Security Groups

<nsxmanager>/api/2.0/services/securitygroup/scope/globalroot-0