Posts

Showing posts from March, 2019

Use PowerCLI to set your SDDC Firewall rules

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
One thing I really like about VMware is the team spirit of that company. People are always here to help you, sharing their experiences and knowledge. We have our EPIC2 values and one guy in particular stands out for Passion and Community.
It's William Lam
He is well known in our community for his "virtuallyGhetto" blog and the 1000+ posts he wrote over many subjects and technologies. Recently, I asked him what API should i use to retrieve the VMC SDDC Public IP address and he replied to me with a blog post !! Amazing.
William wrote many PowerShell modules and in particular the ones for NSX-T and VMC.
Download and import VMware.VMC.NSXT and VMware.VMC PowerShell modules. We will need them later.
This article will describe how to automate tasks after SDDC deployment like creating logical segments, setting up Firewall rules on MGW (the Management Gateway) and most importantly on CGW (the Compute Gateway).


PowerShell Install o…

Deploy VMware Cloud on AWS Route Based VPN with API

Image
Gilles Chekroun
Lead VMware Cloud on AWS Specialist
---
Following my articles on AWS Transit Gateway here and here, I found it quite complex to setup the VPN connection and the 2 tunnels from TGW VPN attachment to VMC route based VPN using the GUI.

AWS VPN Naming and VMC VPN relationshipWhen creating the AWS TGW VPN attachment, AWS gives the possibility to "download configuration file"
AWS - VMC relationship: Once this is clear, it's time to map these parameters to our API Calls.
Five API calls For properly setting a Route Based VPN to AWS TGW we need 5 API calls:
Get the NSX-T Proxy URLGet the SDDC Public IPSet Local AS NumberSet BGP Neighbour IDSet VPN TunnelsBefore we can do any API calls into VMC we need a few parameter like "Refresh-Token", "Org-ID", "SDDC-ID". Refer to my earlier post here on how to get them.
Get NSX-T Proxy URLThis API call will get "Org-ID, SDDC-ID and Session-Token" and will return the NSX-T Proxy URL you need in t…