NSX, API, Automation and Unicorns
•
2 likes•1,253 views
Do you want to modernize your data center? NSX has introduced amazing new technology and is the perfect ally for network and security administrators. But what if you want more agility? Could you imagine drinking coffee and watching the network configuring itself? Consuming NSX through configuration frameworks like Ansible or scripting languages such as Python or PowerShell goes a step beyond the simple usage of the GUI and allow for introducing custom advanced logic and workflows. Automating your infrastructure allows you to increase productivity, reduce errors due to manual configuration mistakes and simplify processes. More on http://cloudmaniac.net
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to NSX, API, Automation and Unicorns
Similar to NSX, API, Automation and Unicorns (20)
Recently uploaded
Recently uploaded (20)
NSX, API, Automation and Unicorns
- 1. Romain Decker @woueb VMTN6665E #VMworld #VMTN6665E NSX, API, AutomationNSX, API, Automation and Unicorns
- 2. • This presentation may contain product features that are currently under development. • This overview of new technology represents no commitment from VMware to deliver these features in any generally available product. • Features are subject to change, and must not be included in contracts, purchase orders, or sales agreements of any kind. • Technical feasibility and market demand will affect final delivery. • Pricing and packaging for any new technologies or features discussed or presented have not been determined. Disclaimer 2
- 3. Why Automate? Application + Infrastructure App request NETWORKING SECURITY New or pre-existing virtual networking and security Infrastructure Only Infra request NETWORKING SECURITY New virtual networking and/or security infrastructure 3 Consistent configuration Accelerate workload deployment Avoid risk from human errors Compliance and auditability
- 4. NSX Manager NSX REST API NSX Automation Solutions 4 vRealize Automation vCloud Director vRealize Orchestrator VIO VMware Cloud Management DevOps Language / Tools
- 5. curl -X get https://{{nsxmanager}}/api/7.0/nsx/postman 5 Postman Collection NSX API calls can be easily added with RAML Spec https://github.com/vmware/nsxraml Variable Input Globally defined XML Body pre-populated Code Snippets Generates code snippets for multiple tools or languages
- 6. NSX Ansible Module 6 Infrastructure as Code to get NSX to a desired state https://github.com/vmware/nsxansible Ansible features an state-driven resource model that describes the desired state of a configuration Ansible in 5 key words: abstraction, agentless, playbooks, extensibility, idempotency Based on NSX RAML specification file describing the NSX-v API Deployment, installation and logical topologies supported macOS and Linux
- 7. Execution #1 2 logical switches are created Execution #2 Nothing happens, as the logical switches already exist Execution #3 Playbook re-creates 1st logical switch, and leave the 2nd one untouched Idempotency? ¯_(ツ)_/¯ Idempotence ~ property of certain operations in mathematics and computer science, that can be applied multiple times without changing the result beyond the initial application. – Wikipedia 7 Wikipedia, please help me! Idempotency ~ An operation is idempotent if the result of performing it once is exactly the same as the result of performing it repeatedly without any intervening actions. – Ansible Documentation
- 8. PowerNSX 8 PowerShell module that abstracts the VMware NSX API to a set of easily used functions https://github.com/vmware/powernsx Available for Windows, but also for Linux and macOS (using PowerShell Core) Requires PowerShell 3.0 Opensource NSX Manager setup Host Preparation Logical Switching Logical Routing NSX ESG Dynamic Routing 273 FUNCTIONS Distributed Firewall Service Composer NSX Edge LB SSL VPN #TAM3281E CONFIDENTIAL
- 9. Which Tools Should I Use? 9 Meet Kevin, Stuart and Bob Bob: Cloud AdminKevin: Network / Security AdminStuart: VMware Admin
- 10. Use the Force Code Luke! 10 Don’t be limited by existing examples Invent use cases Use the tools that you need Combine tools Describe your infrastructure: separation of configuration (WHAT) from the logic (HOW)
- 11. More Resources 11 Automating NSX for vSphere with PowerNSX CONFIDENTIAL PowerNSX in Hands on Labs VMware Github https://github.com/vmware/nsxansible https://github.com/vmware/nsxraml https://github.com/vmware/powernsx https://github.com/vmware/pynsxv
Editor's Notes
- WHY > WHAT
- API documentation is built from RAML spec file
- One playbook can be run against a pattern or collections of hosts. Ansible features an state-driven resource model that describes the desired state of computer systems and services, not the paths to get them to this state. Abstraction: declarative approach allows separation of configuration (WHAT) from the logic (HOW) Agentless: use SSH Playbooks: Ansible’s configuration, deployment, and orchestration language Extensibility: based on modules Idempotency: same expected behavior – every single time What is a playbook? A series of tasks that can be run to deliver a desired configuration; marked up in YAML. NB: Points on Ansible positioning… : Declarative approach allows separation of Configuration (What I want the system to look like) from the logic of implementation (The how…) This separation simplifies the frequently modified configuration of the system from the much less frequently modified ‘How’. Both are lifecycled separately Significant advantage : Configuration declaration becomes your ‘backup’ Configuration IS demonstrably the source of truth Configuration can be version controlled (Who, when, and why of changes) Configuration can be confidently reverted to last known good… Disadvantage Live system adhoc changes become transient (and probably not desirable) Skill / Mindset changes required.
- Tasks are meant to be idempotent... which means that it must be safe to run a task over and over again without any side effects. Demo: https://asciinema.org/a/136358 or http://bit.ly/nsx01
- Use the solution you are comfortable with Depends on the requirement VS tool capabilities Tools already used in your company Depends on how your workloads are currently provisioned