One of design principles of CloudControl is to integrate processes and tools into a single, unified platform for NSX provisioning, day 2 operations and troubleshooting. Many tools are natively incorporated into the management function for a given device, object or policy.
Object and device-level tools
Troubleshooting commands are quickly and easily launched from the management dashboard with a single click. This alleviates the need for jumping into another application just to see the status of this feature. ReSTNSX will execute the appropriate commands to get the user the information needed relative to their location in the application. In this example, "show edge <edge-id> nat" was run via Central CLI on behalf of the user for a given ESG (ESG-2).
vRNI Flow Analyzer
VMware's vRNI is one source for gathering application flows in preparation for developing NSX dFW rules as it has visibility into both physical and virtual IPFIX data. Unfortunately, with NSX or vRNI, there is no easy or automated method to filter, combine, edit and publish rules to NSX. ReSTNSX's Security Planner for vRNI addresses all of these limitations with a simple 3 step process to transform live flow data to NSX policy.
Command Line Interfaces (CLI) are extremely powerful when looking at details of an environment or when troubleshooting a problem. Just like most vendors, NSX provides CLI access to NSX components using their own command syntax. As a result, users must learn the vendor specific commands. In a troubleshooting situation, users must navigate between CLI windows and the NSX UI to get a complete picture of the environment. ReSTNSX's Central CLI enables these commands through the web interface while providing a point and click feature that alleviates the need for memorizing command syntaxes. With this approach, users do not need to open up separate Telnet/SSH sessions to access the NSX CLI.
Not knowing if your firewall rule set is still relevant is frustrating and often requires third party tools to gain visibility into the metrics for rule analysis. ReSTNSX's Rule Analyzer provides section-by-section and rule-by-rule views of policy data for NSX-v and/or NSX-T environments. This data includes a rule break-down of source/destination types, hit counts, bandwidth* and other Top N Charts. ReSTNSX enables users to execute GET, POST and PUT API calls against any of the defined data sources without needing to worry about auth tokens or the URI for the most common calls. These calls are executed against the active data source selected in ReSTNSX. Options within the tool also include the ability to define per-user favorites for NSX and vCenter along with per-user URI history.
ReSTNSX Central CLI
Although VMware NSX Data Center Manager provides management of objects and policies via a centralized control plane, it lacks similar capabilities for troubleshooting. Today, administrators must have console login access to multiple devices across each NSX domain. ReSTNSX provides administrators a single, centralized and unified management fabric for all NSX domains. Command-line troubleshooting is provided natively within the ReSTNSX web interface and alleviates the need for Network, Security and Virtualization Engineers to access devices directly. Customers running NSX 6.3, 6.4 or NSX-T now have an operationally consistent management interface - regardless of version.
For those of you who script or provision / monitor NSX components through API understand the complexities of the different authentication requirements and variations in API calls. NSX-v, NSX T and vCenter all have different requirements for connectivity that can be cumbersome to manager. ReSTNSX enables users to execute GET, POST and PUT API calls against any of the defined data sources without needing to worry about auth tokens or the URI for the most common calls. These calls are executed against the active data source selected in ReSTNSX. Options within the tool also include the ability to define per-user favorites for NSX and vCenter along with per-user URI history.
ReSTNSX's Security Planner for Firewall Rule Conversion has you covered. f you are you trying to migrate security policy from another vendor to NSX you have likely noticed that it is not an easy task. Although rule anatomies are similar across vendors, the referenced objects and options are vastly different. Normalizing policy that can be migrated to NSX is difficult, time consuming and an entirely manual effort. Even with scripting, transformation logic is needed to convert these policy and objects. ReSTNSX's Security Planner for Firewall Rule Conversion has you covered.
Throughout the ReSTNSX Central CLI experience, the user is clicking their way to information without needing to type a command. CLI input is also available for the die-hard CLI users.
If you are moving a workload to the cloud or just not sure what dependencies exist between your application and other resources, ReSTNSX' Cloud Check provides visibility into traffic to and from a Virtual Machine. By leveraging vRNI or dFW flow data, users can easily determine these dependencies.
ReSTNSX Centralized Management
IT Administrators with multiple NSX Managers, being the same or different versions, encounter management barriers when trying to operationalize such an environment. Management is decentralized and is complex as each version has it’s own user interface to learn. This is especially true for customers adding NSX-T to the environment. ReSTNSX provides administrators with a feature-rich management platform that easily integrates all of these disparate NSX domains into a single, unified management fabric. The user experience between NSX-v 6.3, 6.4 and NSX-T is consistent and minimizes the learning curve of new releases. By centralizing management, migrating configurations between environments is simplified with on-box capabilities
When it comes to security, consistent policy enforcement is paramount where workloads can dynamically move between environments. As workloads move, enforcing security can be difficult - often requiring manual intervention or custom scripting. Policy Engine can copy sections, rules, objects (NS Groups, Services) from one NSX domain to another. Options include NSX-v to NSX-v, NSX-T to NSX-T, NSX-T to VMware Public cloud. ReSTNSX policies can be used for a one time copy (migration) or provide ongoing updates to keep non-cross vCenter (NSX-v) or non-Federated (NSX-T) environments up to date ReSTNSX's Policy Engine allows a global view of policy enforcement across multiple NSX-v and/or NSX-T environments.
ReSTNSX Professional Services
Migrating security policies from vendor to vendor is complex. Each manufacturer has their own proprietary implementations making conversion a manual and time consuming process. Additionally, when implementing a macro or micro-segmentation strategy with a SDN solution such as NSX, there are additional complexities as the enforcement points are no longer centralized on your edge devices. Standardizing on a common ruleset syntax is critical when implementing a de-centralized security model with NSX.
The ReSTNSX Professional Services team and platform eliminates this complexity with our proprietary conversion scripts and innovative ReST API engine for rule deployment. By ingesting the security policies from vendors such as Cisco, Juniper, Checkpoint and even legacy VMware NSX environments, the ReSTNSX team accelerates your deployment with faster rule conversion and optimization