Which NSX-T Policy APIs are used in the NSX-T UI in VMC?

Which NSX-T Policy APIs are used in the NSX-T UI in VMC?

The NSX-T UI is one of the very first interfaces that VMware Cloud on AWS customers must interact with for enabling basic connectivity. Follow these steps to change the edge gateway default firewall rule from ‘Deny All’ to allow connectivity from your on-prem environment.

As the adoption of VMware Cloud on AWS (VMC) continues to accelerate, one of the very first UI interface that customers must interact with is the NSX-T UI, for enabling basic connectivity. By default the Edge Gateway has a Deny All Firewall Rule, so you will need to come to this screen to setup connectivity from your on-premises environment including a Direct Connect (DX) or Route/Policy-Based VPN. For some customers who have familiarize themselves with the NSX-T UI and its capabilities, usually the next order of business is how do I go about automating these various aspects from Day 0 setup all the way to Day N where I am migrating in or creating additional workloads.

A very common set of questions that I have been getting lately is which API do I need to look at to do X in the NSX-T UI in VMC?

Having spent some time with the NSX-T Policy API, I figure it would be useful to share the categories of NSX-T Policy API that maps back to what you see in the NSX-T UI in VMC. The list below is not exhaustive, but should it should point you in the right direction when needing to automate a particular operation.

Overview – https://www.virtuallyghetto.com/2019/02/how-to-retrieve-the-nsx-t-overview-info-sddc-public-ip-appliance-infra-subnet-etc-in-vmc.html

• Segments (logical Networks)
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Sections.Policy.Connectivity.Segments
• Route Based VPN
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.CreateOrReplaceL3VpnContext
• Edit Local ASN
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.PatchBgpRoutingConfig
• Policy Based VPN
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.CreateOrReplaceL3VpnContext
• Layer 2 VPN
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Sections.Policy.L2Vpn
• NAT
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.PatchPolicyNatRule
• Gateway Firewall
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.UpdateCommunicationMapForDomain (replace communication-map with gateway-policies)
• Distributed Firewall (DFW)
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.UpdateCommunicationEntry
• Groups
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.UpdateGroupForDomain
• Services
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.UpdateServiceForTenant
• IPFIX
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.CreateOrReplaceIPFIXDFWCollectorProfile
• Port Mirroring
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Methods.CreateOrReplacePortMirroringInstance
• DNS
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Sections.Policy.Dns%20Forwarder
• Public IPs
  • https://vmware.github.io/vsphere-automation-sdk-rest/vmc/index.html#SVC_com.vmware.vmc.orgs.sddcs.publicips (Part of the VMC API)
• Direct Connect
  • https://vmware.github.io/vsphere-automation-sdk-rest/vmc/index.html#SVC_com.vmware.vmc.orgs.account_link.connected_accounts
  • https://www.vmware.com/support/nsxt/doc/nsxt_23_policy_api.html#Sections.Policy.Connectivity.Bgp
• Connected VPC
  • https://vmware.github.io/vsphere-automation-sdk-rest/vmc/index.html#PKG_com.vmware.vmc.orgs.account_link (Part of VMC API)

Below are some additional resources including reference samples when working with the NSX-T Policy API, definitely worth checking out if you ask me? ?

• Getting started with the new NSX-T Policy API in VMC
• NSX-T Policy PowerShell Community Module for VMC
• Using NSX-T Policy API to retrieve the Routing Table in VMC
• Changing the default behavior of the NSX-T Distributed Firewall (DFW) in VMC to Deny All
• Quick Tip – How do I tell if NSX-V or NSX-T is installed?