Automate NSX-T with PowerCLI

While working on an NSX-T project I got the question from the customer to deliver some firewall and network automation based on PowerShell. This to help them ramp up the creation of networks and firewall rules. I pointed them to the PowerCLI Preview for NSX-T, but I wasn’t aware that this fling only was able to retrieve information from NSX-T and not create items/objects. So, how can we do this then? I knew we were able to manage NSX-T since PowerCLI version 6.5.3, but how does this work?


After some google-fu I came across a blog post of Kyle Ruddy named: Getting Started with the PowerCLI Module for VMware NSX-T. This article describes how the NSX-T PowerShell Module works and which cmdlets where available:

  • Connect-NsxtServer
  • Disconnect-NsxtServer
  • Get-NsxtService
    Only 3 commands? Yes, only 3 commands! Because of the simple reason that with the 3rd command you have full access to NSX-T’s public API! And therefore you’re able to retrieve and create items/objects. In the blog article Kyle also gives some examples on how to Retrieve Transport Zone Information or perform Logical Switch and IP Pool Management. But how do we create an NSGroup or a Distributed Firewall Section? This post contains some additional examples and I’ll update this post as new scripts will come along.

    The first thing we need to do is connect to the NSX-T Manager:


    Create a NSGroup based on a Security Tag

    Read More

    Automating the vRealize Automation Manager Service Failover

    During a couple of vRealize Automation (vRA) design engagements I had to explain that the vRealize Automation Manager Service doesn’t have an Automated Failover process (active/passive) and relies on a manual intervention. This was quite hard for the customers to understand and accept because of active / active redundancy of other vRA components like the Web Service.

    So OK what does the vRA Manager Service do (link)?

    The Manager Service is a Windows service that coordinates communication between IaaS DEMs, the SQL Server database, agents, and SMTP. IaaS requires that only one Windows machine actively run the Manager Service. For backup or high availability, you may deploy additional Windows machines where you manually start the Manager Service if the active service stops.

    And that last part is something my customers didn’t like (at all) because this depends on a person to activate the service manually. OK then how can we solve this?

    Automating the Manager Service Failover

    I like to keep things simple and wanted to Automate the Manager Service failover with vRealize Operations (vROps) monitoring the service and kicking off an action when the service is down. Eventually I got this to work but this took way too much effort and didn’t like the complex setup of vROps sending a SNMP trap to vRO and then let vRO kick off a Powershell script on the vRA IaaS Manager server. So back to the drawing board and the solution was way too simple… Running a scheduled task on the Secondary vRA IaaS Manager server that checks the Manager Service on the Primary and then starts it locally when the service is down.


  • Powershell allows the execution of scripts
  • Scheduled task is running under the vRA Service Account
    The Script

    Read More

    How to add a PowerShell host to vRO

    When you add a PowerShell host to vRealize Orchestrator (vRO) you are able to kick-off PowerShell scripts from your vRO workflows or just from the vSphere WebClient! Which can make your day to day work so much easier. So here is a short post about how you can add a PowerShell host to vRO.



  • vRealize Orchestrator
  • vRO PowerShell Plug-in v1.0.6.2442318 (link)
  • Windows 2008 R2+ with PowerShell 2.0+
    In the past I had some issues with the vRO v1.0.5 Plug-in and the default realm so please check which vRO PowerShell Plug-in you are using!

    For a Stand-alone PowerShell host :

    Then logon to your PowerShell host and configure Windows Remote Management.

    Open an elevated command prompt and run the following commands :

    Now the PowerShell host has been configured the PowerShell host can be added to vRO.
    Read More