Automating Security Group and Policy Creation with NSX REST API and Python


My latest post on the VMware NSX Network Virtualization Blog, Automating Security Group and Policy Creation with NSX REST API, describes using NSX REST API with some code for a simple yet realistic use case focused around security where automation can help. In this example I use Python.


Let’s assume the end user has 100+ Security Groups that need to be created. It can become tedious if one has to create so many Security Groups manually. One method of automation can be to leverage the NSX REST API and a bit of code.

For our example, first, we create a CSV file with one Security Group per row. Each row has two fields; the first field is the Security Group name, and, the second field is the matching criteria, or, in this case, specifically the word to match in the VM name (meaning, if the VM name contains this word, the VM will meet the criteria to dynamically be added to respective Security Group). The fields per row are separated via a comma within a CSV file. Figure 1 below shows a screenshot of the file used as input to the python script in the demonstrated example.

Data in CSV File used to Automatically Create Security Groups with Inclusion Criteria

Data in CSV File used to Automatically Create Security Groups with Inclusion Criteria

By using this method, a user can create hundreds or even thousands of security groups within seconds. The creation of security rules/policies can also be automated leveraging these created Security Groups. Pretty cool. One of the great advantage of network and security objects in software: the automation possibilities are endless. Check out the full post on the VMware NSX Network Virtualization Blog. Grab the script from the full blog post or here and try it out yourself

Twitt

Tags: , , , , , , , , , , , , , , , , ,

Leave a Reply

*


+ 2 = six