2 minute read

One of the big advantages of the NSX is to a Software Defined Network (SDN) solution given us the ability to code once and execute as many times.

NSX has a really rich and complete REST API documented at VMware API Explorer - NSX 6.4.

There are multiple options to leverage the NSX API:

  • Using a REST API Client, as Postman for example
  • Going old school with curl
  • Using Powershell using cmdlets similar to Invoke-RestMethod or Invoke-WebRequest
  • Using python mapping all the API calls similar to what would be done with any other programming language that we would prefer
  • Using PowerNSX powershell module that abstracts all the hassle of payload creation and API calls

In these series of posts we will leverage PowerNSX module to simplify the interaction with the NSX Rest API.


The main objective of this series will be to demonstrate how can we leverage some of the NSX capabilities to facilitate the provision of multiple similar environments in an automated way.


We want to be able to deploy and destroy multiple copies of the standardized solution, that we will reference through the series as vPOD. Each of these vPODs will be able to host a 3 Tier App Solution. The main goal is to minimize the deployment/redeployment manual effort to the bare minimum.

Network Diagram

Let us kick this off with a simple network diagram of our vPOD that we will automate in the next few posts:

vPOD Visio


  • Each tier will have their own network segment
  • Each segment will have their own subnet
  • Inter and Intra segment traffic need to be fully secured
  • Tiers
    • WebApp - Webservers/FrontEnd Servers
      • will be the only tier exposed to the public
      • tier provides HTTP services
      • front-end services will be load balanced across multiple servers
    • App - Application/MidTier servers
      • tier to host all the app servers
      • app servers will be load balanced across multiple servers
    • DB- Database tier
      • tier hosting all the databases servers with the data used by the app servers

Instead of long post lets divide these in multiple parts

  • Create Logical Switches
  • Create NSX Edge Service Gateway
  • Create NSX Distributed Logic Router
  • Configure Distributed Firewall
  • Configure NSX Edge Service Gateway
    • Configure SNATs & DNATs
    • Configure Firewall Rules

The division of the entire process in smaller posts will give some room to detail each step and create a more modular process, where each scripted step can be used individually and re-used.