program nsx-t network and security using python/java · security using python/java yasen simeonov,...

CODE2544U

Program NSX-T Network and Security Using Python/Java

Yasen Simeonov, VMware, Inc.

#vmworld #CODE2544U

Disclaimer

2©2019 VMware, Inc.

This presentation may contain product features or functionality that are currently

under development.

This overview of new technology represents no commitment from VMware to deliver

these features in any generally available product.

Features are subject to change, and must not be included in contracts, purchase orders,

or sales agreements of any kind.

Technical feasibility and market demand will affect final delivery.

Pricing and packaging for any new features/functionality/technology discussed

or presented, have not been determined.

The information in this presentation is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation

to deliver any items presented herein.

vSphere

BRANCH

BRANCH

EDGE/IOT

TELCO/ NFV

BRANCH

BRANCH

DCDC

DC

BRANCH

Virtual Cloud Network

Tied Together—Everywhere.

vRNI

CLEAR VISIBILITY

NSX Intelligence

DEEP INSIGHT

3©2019 VMware, Inc.

How the NSX API isUsed?

Cloud Management Configuration Management

Programming Languages

NSX RESTAPI

NSX Manager(s)

4©2019 VMware, Inc.

©2019 VMware, Inc.

NSX-T – API Verbs

HTTP “Verbs”

GET

POST

PUT

CRUD

Read

Create

Update

Use

Create an NSX object (e.g. logicalswitch)

Retrieve data about a single NSXobject

or multiple objects

Modify all properties of analready

existing NSX object

PATCH Create/EditEdit if exists, Create instead

DELETE DeleteRemove an NSX object

NSX API Documentation

Available directly in NSX manager GUI

Dynamically generated from code

6©2019 VMware, Inc.

Swagger Codegen

nsx_api.yamlswagger-codegen

> swagger-codegen generate -i

nsx_api.json -l python

curl -k -u admin:VMwareVMware1! https://nsx1.yasen.local/api/v1/spec/openapi/nsx_api.json

curl -k -u admin:VMwareVMware1!https://nsx1.yasen.local/api/v1/spec/openapi/nsx_policy_api.json

7©2019 VMware, Inc.

Dynamically create libraries/modules in multiple languages

Pick your favorite language!

Based on OpenAPI

Policy API vs Management API

8©2019 VMware, Inc.

High Level Architecture

Transport Node

NSX Manager

MPA NSX Proxy

MP CCPPolicy

Administrator

Or Integration

9©2019 VMware, Inc.

NSX Policy Manager and NSX Manager Architecture

NSX Manager

CorfuDB

Policy

Proton

UI/APIReverse

Proxy

Reverse Proxy is the entry point to the

Converged Appliance

10©2019 VMware, Inc.

The Policy & Manager UI havebeen

merged in the NSX-T 2.4release

Policy handles all networking and security

polices and enforces them into the

NSX Manager

Proton is the core component of the NSX

Manager. It is responsible for managing

the L2, L3 and DFW verticals.

Both Policy and Proton persistdata

into CorfuDB

Intent vs Realization

Policy NSX

Manager

IntentHTTP Request

11©2019 VMware, Inc.

RealizationHTTP Request

Policy API

Simplified UI

Manager API

Advanced UI

When interacting with the Simplified UI or Policy API, just because the intent has been

accepted successfully, it doesn't mean that it has been configured (realized) on the default

enforcement point (local NSX Manager)

OverviewNSX SDKs for Python and Java are available from the VMWARE {code}™ website

12©2019 VMware, Inc.

1. Create an APIClient object

• Arguments: NSX manager host/ip, authentication

2. Instantiate a service for the API endpoint

• One service for each API endpoint, e.g. /api/v1/transport-zones

3. Create a payload object

4. Call the service's create/get/update/delete method

13©2019 VMware, Inc.

General Workflow

Creating the API Client (Java)

14©2019 VMware, Inc.

ApiClient apiClient = ApiClientUtils.createApiClient(

"https://10.160.33.4/api/v1", "admin",

"VMwarensbu_1".toCharArray());

Creating the Stub Context (Python)

15©2019 VMware, Inc.

conf = Configuration()

conf.host = 'https://nsx1.yasen.local/policy/api/v1'

conf.username = "admin"

conf.password = "VMwareVMware1!"

conf.verify_ssl = False

Creating a Transport Zone Service

16©2019 VMware, Inc.

Java:

Transportzones zoneService =

apiClient.createStub(Transportzones.class);

Python:

transportzones_svc = Transportzones(stub_config)

Creating a Transport Zone (Java)

17©2019 VMware, Inc.

TransportZone transportZone = new TransportZone.Builder(

TransportZone.TRANSPORTTYPE_OVERLAY)

.setDisplayName("My Transport Zone")

.setDescription("Transport zone for demo")

.setHostSwitchName("hostswitch1").build();

TransportZone resultTZ = zoneService.create(transportZone);

Builder constructor arguments are all of the required properties (green). Optional properties

can be set with setters.

Creating a Transport Zone (Python)

18©2019 VMware, Inc.

new_tz = TransportZone(

transport_type=TransportZone.TRANSPORTTYPE_OVERLAY,

display_name="My transport zone",

description="Transport zone for demo",

host_switch_name="hostswitch1"

)

result_tz = transportzones_svc.create(new_tz)

Demo

19©2019 VMware, Inc.

NSX-T Open Source ResourcesWhat’s Next

@VMwareNSX

#runNSX

Learn ContributeTry

Take a

Hands-on Lab

Join VMUG, VMware

Communities (VMTN)

https://github.com/vmware-samples/nsx-t

https://github.com/yasensim/nsxt-ansible

20©2019 VMware, Inc.

ResourcesHow to get started

https://nsx.techzone.vmware.com@VMwareNSX

#runNSX

Learn ConnectTry

Design Guides

Demos

Take a

Hands-on Lab

Join VMUG, VMware

Communities (VMTN)

21©2019 VMware, Inc.