Dear all,
My client wants to isolate a machine using rest api https://code.vmware.com/apis/329/nsx-for-vsphere . this script will run from another solution based on external criteria.
I found that possible solution maybe distributed firewall calls (adding rules to block any packet contains machine's ip as it's source or destination )
Is this the right solution or there is a better solution through VXLAN or something else ?
I am totally new to nsx v-sphere. Any help appreciated
If starting to use NSX go for NSX-T, as NSX-V has an announced EOS.
If all you want is to isolate VMs the easiest way is to use the distributed firewall. It has no dependencies on overlay routing. DFW uses groups for rules which can have specific criteria, so you can essentially isolate VMs without even having to call an API. If you want to check something outside of NSX environment and act upon this I think the easiest way to isolate a VM would be to have a DFW rule that matches on VMs with a specific tag setup with the desired isolation. When you effectively want to isolate the VM just send an API call to tag the VM and the DFW rule will start acting. Remove the tag and you remove isolation.
If starting to use NSX go for NSX-T, as NSX-V has an announced EOS.
If all you want is to isolate VMs the easiest way is to use the distributed firewall. It has no dependencies on overlay routing. DFW uses groups for rules which can have specific criteria, so you can essentially isolate VMs without even having to call an API. If you want to check something outside of NSX environment and act upon this I think the easiest way to isolate a VM would be to have a DFW rule that matches on VMs with a specific tag setup with the desired isolation. When you effectively want to isolate the VM just send an API call to tag the VM and the DFW rule will start acting. Remove the tag and you remove isolation.
Thanks for your assistance