With vCloud Director 8.20 has VMware started to let the tenants and admins consume NSX function via the vCloud Director API endpoint. The NSX function in vCloud Director are only a subset of the native NSX features but the API is identical. To leverage the API and the features itself more comfortable I have started to create my own PowerShell Module for vCloud Director NSX API.
vCloud Director NSX API Dokumentation
The vCloud Director API for NSX Programming Guide highlights beside the documentation itself two important informations:
- The vCloud Director API for NSX is not part of the vCloud API.
- The vCloud Director acts like a proxy to authenticated users and the NSX API can be accessed via https://vcloud.example.com/network
- The vCloud Director API for NSX supports a subset of the operations and objects defined in the NSX API
- That means that the NSX for vSphere API Guide is valid for the vCloud Director API for NSX but only a subset of the features is available
My PowerShell Module for vCloud Director NSX API
The Module was created with the intention to give vCloud Director Administrator the capability the vCloud Director NSX Features like in native NSX with the PowerNSX PowerShell Module. Of course, the PowerNSX module is way more advanced.
With the version 1.1 of my PowerShell Module for vCloud Director NSX API I have implemented the basic get operations to report Firewall and NAT rules.
This functions connect to the vCloud Director API with the highest available ApiVersion.
New-NsxVcdApiConnection [-Server] <String> [-Credential] <PSCredential> [<CommonParameters>]
This function reports all available Edge Gateways. The Gateways can be filtered by Name and OrgVdcName.
Get-NsxVcdEdge [[-Name] <String>] [[-OrgVdcName] <String>] [<CommonParameters>]
This function shows all available details of one Edge Gateway. Get-NsxVcdEdge can be used as pipe.
Get-NsxVcdEdgeDetails [-Id] <String> [<CommonParameters>]
This function gets the firewall rules of one ore more Edge Gateways. Rules can be filtered by Id and instead of a table or list the output can also be the XML from the API.
Get-NsxVcdEdgeFirewallRule [-Id] <String> [[-RuleId] <Int64>] [-OutputXML] [<CommonParameters>]
This functions creates a more readable summary of an Edge Gateway firewall rule.
Get-NsxVcdEdgeFirewallRuleDetails [-Id] <String> [-RuleId] <Int64> [<CommonParameters>]
This function gets the NAT (SNAT and DNAT) rules of one or more Edge Gateways.
Get-NsxVcdEdgeNatRule [[-Id] <String>] [<CommonParameters>]
This function returnes all Distributed Firewall Rules (DFW) of the selected OrgVdc. You can switch between -layer3Sections and -layer2Sections.
# layer3Sections Get-NsxVcdDfwRule -OrgVdcId <String> [-RuleId <String>] [-layer3Sections] [-OutputXML] [<CommonParameters>] # layer2Sections Get-NsxVcdDfwRule -OrgVdcId <String> [-RuleId <String>] [-layer2Sections] [-OutputXML] [<CommonParameters>]
Get the Module
Help to improve the Module
I would be glad about a feedback if this module helps you. If you find a new Bug or have an idea for an enhancement, just file a GitHub Issue or open a new pull request.
I have already set some goals for the next version(s) of the module: