PowerNSX Set-NSXFirewallRule AppliedTo Support

This post was originally published on this site

As you’ve seen from my recent blog posts, I’ve been doing a lot of NSX work recently.  One of my customers has been working on a distributed firewall redesign and, as part of this effort, we determined that we needed to change the “AppliedTo” field for all of their existing firewall rules.  Because they have hundreds of rules, we knew that we’d need some sort of automated solution, lest we introduce unknown errors through our attempts at making these changes by hand.  Given my past experiences with PowerNSX (and the fact that it’s my primary NSX management interface), I figured that this would be super easy, barely an inconvenience.  Whoops!

PowerNSX is great, but it’s a community tool at its core.  This means that the feature set that it has is limited to the intersection of features that the community has needed and those that the community has spent the time developing.  So, 99.999% of what I need is already there and I usually don’t even need to think about it… but it turns out that this was one of those 0.001% issues.  PowerNSX already had the ability to create NSX Firewall rules with an AppliedTo value, but it didn’t have the ability to change the AppliedTo field for existing rules.

Since that functionality was there for New-NSXFirewallRule, I figured that I could try my hand at implementing it in Set-NSXFirewallRule.  In the end, it didn’t require much (really, just 3 lines of code), but it took me quite a while to get there!  My biggest challenge was that I had to work with PowerShell XML objects (since they were getting passed to the NSX API to make the actual changes), and XML objects don’t always behave the way normal objects do!

XML objects come in 2 flavors: Documents and Extensions.  I’m not super clear on the distinctions between the two, but a summary seems to be that Extensions get nested into Documents.  The nesting structure for an Extension is super important and ultimately goes back to the Document object, so that Document object is super important.

So, what happens when you use the Set-NSXFirewallRule cmdlet?  Well, in short, it gets the specified Firewall Rule ID from NSX as an XML Extension, then changes whatever needs to be changed in that XML, then pushes it back into NSX.  If you’re changing things like the rule Name or Action, that’s super easy, because those are literally just strings that get updated; they don’t modify the XML structure at all.

AppliedTo, on the other hand, has the potential to modify the XML file a little bit.  What happens if the rule was originally AppliedTo a single object, but now it needs to be AppliedTo several?  You’re going to need new nodes in the XML to support that.  Fortunately, there’s a private function in PowerNSX (meaning that you can’t just execute it like you would a cmdlet) called New-NsxAppliedToListNode.  That’s the function that the New-NSXFirewallRule cmdlet uses when it wants to build out the AppliedTo list for a new firewall rule.  That function will return a chunk of XML that’s formatted with everything that AppliedTo needs in order to be built out correctly, but there was a catch.

The function needs an XML Document for the Firewall Rule so that it’ll build the AppliedTo list with the correct context.  When building a new firewall rule, the cmdlet builds a new XML Document as part of that process, so it just uses that document and everything’s good.  Set-NSXFirewallRule gets the rule back as an XML Extension though, so the New-NsxAppliedToListNode couldn’t just take it and use it for the context.

Fortunately, a bit of poking around revealed an easy solution (after a whole lot of other, fruitless poking around)!  The firewall rule XML Extension has a property: .SchemaInfo.OwnerDocument which is the actual XML Document!  So, I passed that to the New-NsxAppliedToListNode function and got back a perfectly usable AppliedTo list!  So, I just delete the existing AppliedToList node and replace it with the new one (using Powershell’s magic XML functions instead of normal PowerShell object assignments, because XML), and everything looks great!

I don’t really understand Git or, for that matter, GitHub.  I’ve tried, and I think that I understand the basics, but I’m not 100% clear on the whole pull request process.  I think that I’ve got everything in place so that my change can get folded back into PowerNSX proper, but you can find my fork on GitHub if you need access to this feature while I work through any issues with the pull request.

Cross vCenter Workload Migration Fling v3.1

This post was originally published on this site

Here is a small update to the Cross vCenter Workload Migration Fling which includes a couple of commonly requested features along with some bug fixes. What’s New in v3.1 Support for disk format conversion between Thick (Lazy Zeroed), Thick (Eager Zeroed) and Thin provisioning Support for VM rename pattern for Clone operation Fixed duplicated network […]

VTSP-VMware Cloud on AWS 2019 is Now Available on Partner University

This post was originally published on this site

The VTSP – VMware Cloud on AWS 2019 training plan is designed to deliver the knowledge and skills to successfully understand VMware Cloud on AWS solution from a technical perspective. It will also provide the features, functions, and capabilities of VMware Cloud on AWS, as well as with a high-level technical sales presentation to successfully position and […]

The post VTSP-VMware Cloud on AWS 2019 is Now Available on Partner University appeared first on Partner News.

VMware Acquisition – Nyansa

This post was originally published on this site

Yesterday (21st January 2020), saw an announcement from VMware and Nyansa (pronounced “knee-ans-sah”) sharing the intent of VMware to acquire Nyansa.  Nyansa are a relatively young company creating innovative AI-based IT infrastructure analytics software.  VMware appear to be looking to align this acquisition to their SD-WAN portfolio (Velocloud) to help drive the development of truly self-healing networks. It’s often interesting […]

Installing the NVIDIA software on an ESXi host and configuring for vGPU usage

This post was originally published on this site


Advertise here with BSA

I have been busy in the lab with testing our VR workload within a VM and then streaming the output to a head-mounted display. Last week I received a nice new shiny NVIDIA RTX6000 to use in my Dell Precision workstation. I received a passively cooled RTX8000 at first, by mistake that is. And the […] Continue reading

vSAN Thin vs Thick Provisioning

This post was originally published on this site

I’ve recently had several conversations around whether leveraging thin or thick provisioning within a vSAN datastore is necessary. Although the default vSAN Storage Policy leverages thin provisioning, it is important to understand why it is the default and the recommended best practice. Thin vs Thick Provisioning Let’s start with how vSAN defines a thin or thick provisioned disk. Within a […]

The post vSAN Thin vs Thick Provisioning appeared first on Virtual Elephant.

Amazon EKS Price Reduction

This post was originally published on this site

Since it launched 18 months ago, Amazon Elastic Kubernetes Service has released a staggering 62 features, 14 regions, and 4 Kubernetes versions. While developers, like me, are loving the speed of innovation and the incredible new features, today, we have an announcement that is going to bring a smile to the people in your finance department. We are reducing the price by 50%.

As of the 21st of January, the price will reduce from $0.20 per hour for each Amazon EKS cluster to $0.10 per hour. This new price is for all new and existing Amazon EKS clusters.

Incredible Momentum
Last year, I wrote about a few of those 62 Amazon EKS features. Features such as Amazon EKS on AWS Fargate, EKS Windows Containers support, and Managed Node Groups for Amazon Elastic Kubernetes Service. It has been a pleasure to hear customers in the comments, in meetings, and at events tell me that features like these are enabling them to run different kinds of applications more reliably and more efficiently than ever before. I also have enjoyed watching customer feedback come in via the public containers roadmap and see the Amazon EKS team deliver requested features at a constant rate.

Customers are Flourishing on Amazon Elastic Kubernetes Service
Amazon EKS is used by big and small customers to run everything from simple websites to mission-critical systems and large scale machine learning jobs. Below are three examples from the many customers that are seeing tremendous value from Amazon EKS.

Snap runs 100% on K8s in the cloud and, in the last year, moved multiple parts of their app, including the core messaging architecture to Amazon EKS as part of their move from a monolithic service-oriented architecture to microservices. In their words, “Undifferentiated Heavy Lifting is work that we have to do that doesn’t directly benefit our customers. It’s just work. Amazon EKS frees us up to worry about delivering customer value and allows developers without operational experience to innovate without having to know where their code runs.” You can learn more about Snap’s journey in this video recorded at the AWS New York Summit.

HSBC runs mission-critical, highly secure banking infrastructure on Amazon EKS and joined us on stage at AWS re:Invent 2019 to talk about why they bank on Amazon EKS.

Advalo is a predictive marketing platform company, reaching customers during the most influential moments in their purchase decision. – Edouard Devouge, Lead SRE at Advalo says “We are running our applications on Amazon EKS, launching up to 2,000 nodes per day and running up to 75,000 pods for microservices and Machine Learning apps, allowing us to detect purchase intent through individualized Marketing in the website and shops of our customers.”

With today’s announcement, all the benefits that these customers describe are now available at a great new price, ensuring that AWS remains the best place in the world to run your Kubernetes clusters.

Amazon Elastic Kubernetes Service Resources
Here are some resources to help you to learn how to make great use of Amazon EKS in your organization:

Effective Immediately
The 50% price reduction is available in all regions effective immediately, and you do not have to do anything to take advantage of the new price. From today onwards, you will be charged the new lower price for the Amazon Elastic Kubernetes Service service. So sit back, relax, and enjoy the savings.

— Martin

Become a VMware NSX Expert Today

This post was originally published on this site

If you’ve wanted to learn about VMware NSX, a L2-L7 networking and security virtualization platform entirely in software, and didn’t know where to start, this is the guide for you. Already an NSX user, and want to improve on your skills? This is also a great resource to becoming an NSXpert! Reintroducing the VMware NSX

The post Become a VMware NSX Expert Today appeared first on Network Virtualization.

Monitoring vSAN Performance

This post was originally published on this site

Determining the root cause of performance issues in any environment can be a challenge, but with environments running dozens, if not hundreds of virtual workloads, pinpointing the exact causes, and understanding the options for mitigation can be difficult for even the experienced administrator. Since a vSAN cluster is made up of locally-attached disks, there are

The post Monitoring vSAN Performance appeared first on Virtual Blocks.