program nsx-t network and security using python/java · security using python/java yasen simeonov,...
TRANSCRIPT
CODE2544U
Program NSX-T Network and Security Using Python/Java
Yasen Simeonov, VMware, Inc.
#vmworld #CODE2544U
Disclaimer
2©2019 VMware, Inc.
This presentation may contain product features or functionality that are currently
under development.
This overview of new technology represents no commitment from VMware to deliver
these features in any generally available product.
Features are subject to change, and must not be included in contracts, purchase orders,
or sales agreements of any kind.
Technical feasibility and market demand will affect final delivery.
Pricing and packaging for any new features/functionality/technology discussed
or presented, have not been determined.
The information in this presentation is for informational purposes only and may not be incorporated into any contract. There is no commitment or obligation
to deliver any items presented herein.
vSphere
BRANCH
BRANCH
EDGE/IOT
TELCO/ NFV
BRANCH
BRANCH
DCDC
DC
BRANCH
Virtual Cloud Network
Tied Together—Everywhere.
vRNI
CLEAR VISIBILITY
NSX Intelligence
DEEP INSIGHT
3©2019 VMware, Inc.
How the NSX API isUsed?
Cloud Management Configuration Management
Programming Languages
NSX RESTAPI
NSX Manager(s)
4©2019 VMware, Inc.
©2019 VMware, Inc.
NSX-T – API Verbs
HTTP “Verbs”
GET
POST
PUT
CRUD
Read
Create
Update
Use
Create an NSX object (e.g. logicalswitch)
Retrieve data about a single NSXobject
or multiple objects
Modify all properties of analready
existing NSX object
PATCH Create/EditEdit if exists, Create instead
DELETE DeleteRemove an NSX object
NSX API Documentation
Available directly in NSX manager GUI
Dynamically generated from code
6©2019 VMware, Inc.
Swagger Codegen
nsx_api.yamlswagger-codegen
> swagger-codegen generate -i
nsx_api.json -l python
curl -k -u admin:VMwareVMware1! https://nsx1.yasen.local/api/v1/spec/openapi/nsx_api.json
curl -k -u admin:VMwareVMware1!https://nsx1.yasen.local/api/v1/spec/openapi/nsx_policy_api.json
7©2019 VMware, Inc.
Dynamically create libraries/modules in multiple languages
Pick your favorite language!
Based on OpenAPI
Policy API vs Management API
8©2019 VMware, Inc.
High Level Architecture
Transport Node
NSX Manager
MPA NSX Proxy
MP CCPPolicy
Administrator
Or Integration
9©2019 VMware, Inc.
NSX Policy Manager and NSX Manager Architecture
NSX Manager
CorfuDB
Policy
Proton
UI/APIReverse
Proxy
Reverse Proxy is the entry point to the
Converged Appliance
10©2019 VMware, Inc.
The Policy & Manager UI havebeen
merged in the NSX-T 2.4release
Policy handles all networking and security
polices and enforces them into the
NSX Manager
Proton is the core component of the NSX
Manager. It is responsible for managing
the L2, L3 and DFW verticals.
Both Policy and Proton persistdata
into CorfuDB
Intent vs Realization
Policy NSX
Manager
IntentHTTP Request
11©2019 VMware, Inc.
RealizationHTTP Request
Policy API
Simplified UI
Manager API
Advanced UI
When interacting with the Simplified UI or Policy API, just because the intent has been
accepted successfully, it doesn't mean that it has been configured (realized) on the default
enforcement point (local NSX Manager)
OverviewNSX SDKs for Python and Java are available from the VMWARE {code}™ website
12©2019 VMware, Inc.
1. Create an APIClient object
• Arguments: NSX manager host/ip, authentication
2. Instantiate a service for the API endpoint
• One service for each API endpoint, e.g. /api/v1/transport-zones
3. Create a payload object
4. Call the service's create/get/update/delete method
13©2019 VMware, Inc.
General Workflow
Creating the API Client (Java)
14©2019 VMware, Inc.
ApiClient apiClient = ApiClientUtils.createApiClient(
"https://10.160.33.4/api/v1", "admin",
"VMwarensbu_1".toCharArray());
Creating the Stub Context (Python)
15©2019 VMware, Inc.
conf = Configuration()
conf.host = 'https://nsx1.yasen.local/policy/api/v1'
conf.username = "admin"
conf.password = "VMwareVMware1!"
conf.verify_ssl = False
Creating a Transport Zone Service
16©2019 VMware, Inc.
Java:
Transportzones zoneService =
apiClient.createStub(Transportzones.class);
Python:
transportzones_svc = Transportzones(stub_config)
Creating a Transport Zone (Java)
17©2019 VMware, Inc.
TransportZone transportZone = new TransportZone.Builder(
TransportZone.TRANSPORTTYPE_OVERLAY)
.setDisplayName("My Transport Zone")
.setDescription("Transport zone for demo")
.setHostSwitchName("hostswitch1").build();
TransportZone resultTZ = zoneService.create(transportZone);
Builder constructor arguments are all of the required properties (green). Optional properties
can be set with setters.
Creating a Transport Zone (Python)
18©2019 VMware, Inc.
new_tz = TransportZone(
transport_type=TransportZone.TRANSPORTTYPE_OVERLAY,
display_name="My transport zone",
description="Transport zone for demo",
host_switch_name="hostswitch1"
)
result_tz = transportzones_svc.create(new_tz)
Demo
19©2019 VMware, Inc.
NSX-T Open Source ResourcesWhat’s Next
@VMwareNSX
#runNSX
Learn ContributeTry
Take a
Hands-on Lab
Join VMUG, VMware
Communities (VMTN)
https://github.com/vmware-samples/nsx-t
https://github.com/yasensim/nsxt-ansible
20©2019 VMware, Inc.
ResourcesHow to get started
https://nsx.techzone.vmware.com@VMwareNSX
#runNSX
Learn ConnectTry
Design Guides
Demos
Take a
Hands-on Lab
Join VMUG, VMware
Communities (VMTN)
21©2019 VMware, Inc.