What’s New in vSphere 6.7 Update 2 and NSX 6.4.5

UI Changes

You can see the first UI change in vSphere 6.7U2 when you login to vCenter. Gone is the dark blue flash-based SSO login screen, which was the final reminder of the ‘old web client’, and in with the new Clarity UI login splash screen that was introduced on the VAMI a few versions ago:

vCenter 6.7U2 Login

Dark Theme

The most important feature for any app to be cool these days that was introduced in U1 has been improved in U2 to add a bit more colour to certain features that make them easier to view:

Dark-Theme-Colour

Not everything has caught up though, NSX for example still doesn’t go full night mode.

NSX Plugin Install

A nice subtle update in 6.7U2 is that you’re not longer required to logout when you install NSX. In previous versions the warning banner would say that the NSX plugin has been installed but you need to log out to activate, now it just needs a simple refresh!

 

NSX Dashboard

The NSX dashboard in the vCenter H5 UI could always be a bit slow to load, but at least now there’s some visibility of it actually doing something in the background. Activity bars are now shown on the dashboard tiles:

NSX Dashboard Loading

NSX HTML5 UI Updates

NSX 6.4.5 now provides more (Routing, Bridging, Load Balancing) configuration for ESGs into the HTML5 UI:

NSX HTML5 Config.PNG

 

Hands On With NSX-T 2.4

In order to wrap my head around the changes from NSX-V (ok, NSX Data Center for vSphere) to NSX-T (Data Center) I’ve created a few labs with previous versions. With the latest release 2.4 though there’s a lot of simplification been done in terms of deployment and manageability that you can tell straight away from the UI.

After a few hours with NSX-T 2.4 I’d setup the following deployment:

NSXT.png

Diagramming it all out helps me to understand how the pieces fit together (and there are a lot of pieces to NSX-T).

A few things I’ve noticed so far…

Logical Switches in vCenter

A nice feature in NSX-T is the way that Logical Switches are presented in vCenter, compared to the ugly ‘virtualwires’ from NSX-V, you now get full integration of the N-VDS (NSX-T Virtual Distributed Switches) so they look just like the old school VDS’s. Heres’ the view from H01:

h01-nvds

And again from H03:

h03-nvds

New Workflows

Creating segments, routers and other networking constructs had been a little complicated in previous releases, but now the new wizards makes these tasks easy. Once created the show up in, adding some much needed visibility in to what’s been created:

new-dashboards.PNG

For my first deployment I went straight in with the Advanced Networking & Security screen, not knowing that none of these objects are shown in the fancy new dashboards… so I recreated them. Objects created through the new workflows do show up in the Advanced tab though and can be identified with the ‘Protected Object’ icon as below:

adv_networking

 

Working with NSX API: Adding an IP to an ESG (Edge Services Gateway)

Whilst setting up an NSX load balancer (post to follow) I found the need to add a secondary IP to an ESG. Because of this (KB2151309) handy bug feature I had to either delete the ESG and re-create it, or set a secondary IP via the API, so here goes…

This post assume basic knowledge of NSX components and uses the following:

  • NSX 6.3.2 with a fully deployed ESG
  • Postman

The Before

A quick look at the ‘before’ setup of the ESG interface configuration (IPs and names have been changed to protect the innocent):

And here’s a closer look at the vNIC 0 that we’ll be adding a secondary IP to, to prove there’s not already one set:

API Call 1 – Get the config of the vNIC we want to change

So we know we need to edit vNIC 0, but to get all of its current config we need to call on the API. This will help to see the structure of the config required and confirm all of the settings.

The NSX API Guide tells us how the API request should look…

So fire up Postman (or other API consumer) and structure the request:

  • Method: GET
  • URL: https://NSX-MANAGER.FQDN/api/4.0/edges/edge-1/vnics/0
    • This is from the NSX API Guide as above, with the index of 0 at the end to represent the vNIC 0 we’re working with
    • Remember that in NSX world that the NSX Manager presents the Northbound API, so you’re always interacting with the Manager
  •  Authorization:
    • Type: Basic Auth
    • Username: (API-enabled user, could be the NSX default ‘admin’)
    • Password; ^^^
  • Headers:
    • Content-Type: application/xml
    • Authorization: Basic (base64-added from the Authorization tab)

Hit Send and you should see some data similar to what was represented in the NSX web GUI:

<?xml version="1.0" encoding="UTF-8"?>
<vnic>
    <label>vNic_0</label>
    <name>EXTERNAL</name>
    <addressGroups>
        <addressGroup>
            <primaryAddress>10.1.1.1</primaryAddress>
            <subnetMask>255.255.255.248</subnetMask>
            <subnetPrefixLength>29</subnetPrefixLength>
        </addressGroup>
    </addressGroups>
 <mtu>1500</mtu>
 <type>uplink</type>
 <isConnected>true</isConnected>
 <index>0</index>
 <portgroupId>dvportgroup-6645</portgroupId>
 <portgroupName>EXTERNAL</portgroupName>
 <enableProxyArp>false</enableProxyArp>
 <enableSendRedirects>false</enableSendRedirects>
</vnic>

 

API Call 2 – Setting the Secondary IP Address

Note that in the output above from the vNIC it has no secondary addresses configured and there’s no stanza for one. So how do you know how to add one? And do you just guess and change the method from GET to POST? All is explained again in the NSX API Guide…

So we now know the syntax and method (PUT) to add a secondary address!

Back in Postman, update the request to change the method, then add a Body with the existing vNIC0 configuration (which was obtained earlier) along with the new secondary IP config (I’ve used 10.1.1.2) and hit Send:

Ok, it loaded for a bit then looks to have sent, but how do you know? Well in the bottom right corner of Postman we see Status: 204 No Content. Any HTTP 2XX message is a success and the fact that no content was sent back is fine, we didn’t expect anything.

The After

Time to check that the new config has worked. We can do this two ways, in the NSX web GUI or via the API…

Since we’re still in Postman, re-issue the GET from earlier to retrieve the new vNIC0 config:

And to be sure, confirm in the NSX web GUI:

 

Extension Mobility Remote Login/Logout without PIN in Python

Whilst trying to automate some mundane networking tasks in Python, I’ve started looking our UC environment. This lead me to a great post (thanks!) here:

https://ucnote.wordpress.com/2015/11/29/extension-mobility-remotely-login-user-to-phone/

I’m by no means a coder, but I’ve converted the PowerShell script from there into a Python version (feel free to suggest a more PEP8 improvement), that uses the Requests library.

Some uses for this is to make a web app to see who is logged in where and give the ability to log them out remotely. Alternatively, provide a Windows login/log off script that automatically logs a user into their handset (users with no roles can log themselves in/out, whilst users with the EM Authentication Proxy Rights role can login/logout any user).

Ingredients Used:

If you want to try this out it should work on most UCM versions and I think in Py3, but to rule out any incompatibilities, my environment was:

  • Python 2.7
  • Requests 2.9.1
  • CUCM 10.5(1)
  • Softphone

The Code:

Change the hard coded variables for your own and comment in/out the logout/in respectively:

#! /usr/bin/env python
import getpass
import requests

# YOUR DETAILS FROM HERE
cucm_server = "CUCM"
mac = "000000000002"
device = "SEP" + mac
emuser = "emuser"
appEmProxyUser = "appemadmin"
appPw = getpass.getpass(prompt="Enter the EMProxyUser password: ")
# TO HERE

uri = "http://" + cucm_server + ":8080/emservice/EMServiceServlet"
headers = {"Content-Type":
 "application/x-www-form-urlencoded"}

parameters = "<request>"
parameters += "<appInfo><appID>" + appEmProxyUser +\
 "</appID><appCertificate>" + appPw + "</appCertificate></appInfo>"

# parameters += "<logout><deviceName>" + device + "</deviceName></logout>"
parameters += "<login><deviceName>" + device + "</deviceName><userID>" +\
 emuser + "</userID></login>"

parameters += "</request>"

r = requests.post(uri,
 data={"xml":
 parameters},
 headers=headers)
print(r.text)