Posts

Showing posts from July, 2018

Using PowerNSX to Build NSX Distributed Firewall Rules

I've been helping one of my customers set up a proof of concept NSX implementation, which has involved configuring and then destroying several firewall designs.  In order to speed up this process, we've had to get pretty good at using PowerNSX to script out the creation of those NSX firewall rules (and other security objects).

First, how do you get PowerNSX?  Just like PowerCLI!  Open up your PowerShell window, then use this command: Install-Module PowerNSX

Now that you've got PowerNSX installed, take a moment to look at what it does for you.  Look at all of the available cmdlets by using: get-command -module PowerNSX

There's a lot going on there!  In general, the PowerNSX cmdlets use the normal PowerShell verbs: get, set, add, remove, and new, and the nouns are prefixed with NSX.  So, if you're using tab completion to figure out what command you're doing, <verb>-nsx... is usually a pretty safe place to start.  For example, if I want to get my security ta…

Finding Servers Created within the Last Year

One of my customers recently asked me to generate a report showing all of the VMs that they had created within the last 12 months (ideally, broken down by OS), and then another showing the same for 24-12 months ago.  I did a bunch of digging around and couldn't find any attribute on the VMs that showed their creation date.  Some research revealed that the standard solution to this problem is to get-vievents for all of the VMs, then look at the date of the first event.

Unfortunately, this customer had performed a vCenter migration about a year ago, so our logs weren't intact for this purpose.  I was stumped, but one of the other admins came up with a good idea: look at the AD objects instead of the VM objects.  AD objects actually have a .whenCreated attribute, so we just need to grab them all and then find the ones for our desired timeframes.

Of course, that approach grabs all AD computers, including desktops.  We just needed a list of servers (we knew that all servers would b…