Do you want to modernize your data center? NSX has introduced amazing new technology and is the perfect ally for network and security administrators. But what if you want more agility? Could you imagine drinking coffee and watching the network configuring itself? Consuming NSX through configuration frameworks like Ansible or scripting languages such as Python or PowerShell goes a step beyond the simple usage of the GUI and allow for introducing custom advanced logic and workflows. Automating your infrastructure allows you to increase productivity, reduce errors due to manual configuration mistakes and simplify processes.
More on http://cloudmaniac.net
2. • This presentation may contain product features that are currently under development.
• This overview of new technology represents no commitment from VMware to deliver these
features in any generally available product.
• Features are subject to change, and must not be included in contracts, purchase orders, or
sales agreements of any kind.
• Technical feasibility and market demand will affect final delivery.
• Pricing and packaging for any new technologies or features discussed or presented have not
been determined.
Disclaimer
2
3. Why Automate?
Application + Infrastructure
App
request
NETWORKING
SECURITY
New or pre-existing virtual networking and security
Infrastructure Only
Infra
request
NETWORKING
SECURITY
New virtual networking and/or security infrastructure
3
Consistent configuration
Accelerate workload deployment
Avoid risk from human errors
Compliance and auditability
4. NSX Manager
NSX REST API
NSX Automation Solutions
4
vRealize
Automation
vCloud
Director
vRealize
Orchestrator
VIO
VMware Cloud Management DevOps Language / Tools
5. curl -X get https://{{nsxmanager}}/api/7.0/nsx/postman
5
Postman Collection
NSX API calls can be easily added
with RAML Spec
https://github.com/vmware/nsxraml
Variable Input
Globally defined
XML Body pre-populated
Code Snippets
Generates code
snippets for multiple
tools or languages
6. NSX Ansible Module
6
Infrastructure as Code to get NSX to a desired state
https://github.com/vmware/nsxansible
Ansible features an state-driven resource model
that describes the desired state of a configuration
Ansible in 5 key words: abstraction, agentless,
playbooks, extensibility, idempotency
Based on NSX RAML specification file describing
the NSX-v API
Deployment, installation and logical topologies
supported
macOS and Linux
7. Execution #1
2 logical switches are created
Execution #2
Nothing happens, as the logical
switches already exist
Execution #3
Playbook re-creates 1st logical switch,
and leave the 2nd one untouched
Idempotency? ¯_(ツ)_/¯
Idempotence ~ property of certain operations in mathematics and computer
science, that can be applied multiple times without changing the result beyond
the initial application. – Wikipedia
7
Wikipedia, please help me!
Idempotency ~ An operation is idempotent if the result of performing it once is
exactly the same as the result of performing it repeatedly without any intervening
actions. – Ansible Documentation
8. PowerNSX
8
PowerShell module that abstracts the VMware
NSX API to a set of easily used functions
https://github.com/vmware/powernsx
Available for Windows, but also for Linux and
macOS (using PowerShell Core)
Requires PowerShell 3.0
Opensource
NSX Manager setup
Host Preparation
Logical Switching
Logical Routing
NSX ESG
Dynamic Routing
273 FUNCTIONS
Distributed Firewall
Service Composer
NSX Edge LB
SSL VPN
#TAM3281E CONFIDENTIAL
9. Which Tools Should I Use?
9
Meet Kevin, Stuart and Bob
Bob: Cloud AdminKevin: Network / Security AdminStuart: VMware Admin
10. Use the Force Code Luke!
10
Don’t be limited by existing examples
Invent use cases
Use the tools that you need
Combine tools
Describe your infrastructure: separation of
configuration (WHAT) from the logic (HOW)
11. More Resources
11
Automating NSX for vSphere with
PowerNSX
CONFIDENTIAL
PowerNSX in Hands on Labs
VMware Github
https://github.com/vmware/nsxansible
https://github.com/vmware/nsxraml
https://github.com/vmware/powernsx
https://github.com/vmware/pynsxv
Editor's Notes
WHY > WHAT
API documentation is built from RAML spec file
One playbook can be run against a pattern or collections of hosts. Ansible features an state-driven resource model that describes the desired state of computer systems and services, not the paths to get them to this state.
Abstraction: declarative approach allows separation of configuration (WHAT) from the logic (HOW)
Agentless: use SSH
Playbooks: Ansible’s configuration, deployment, and orchestration language
Extensibility: based on modules
Idempotency: same expected behavior – every single time
What is a playbook? A series of tasks that can be run to deliver a desired configuration; marked up in YAML.
NB: Points on Ansible positioning… :
Declarative approach allows separation of Configuration (What I want the system to look like) from the logic of implementation (The how…)
This separation simplifies the frequently modified configuration of the system from the much less frequently modified ‘How’. Both are lifecycled separately
Significant advantage :
Configuration declaration becomes your ‘backup’
Configuration IS demonstrably the source of truth
Configuration can be version controlled (Who, when, and why of changes)
Configuration can be confidently reverted to last known good…
Disadvantage
Live system adhoc changes become transient (and probably not desirable)
Skill / Mindset changes required.
Tasks are meant to be idempotent... which means that it must be safe to run a task over and over again without any side effects.
Demo: https://asciinema.org/a/136358 or http://bit.ly/nsx01
Use the solution you are comfortable with
Depends on the requirement VS tool capabilities
Tools already used in your company
Depends on how your workloads are currently provisioned