[fusion_builder_container hundred_percent=”no” equal_height_columns=”no” menu_anchor=”” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” class=”” id=”” background_color=”” background_image=”” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” parallax_speed=”0.3″ video_mp4=”” video_webm=”” video_ogv=”” video_url=”” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” overlay_color=”” video_preview_image=”” border_size=”” border_color=”” border_style=”solid” padding_top=”” padding_bottom=”” padding_left=”” padding_right=””][fusion_builder_row][fusion_builder_column type=”1_1″ layout=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” border_position=”all” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding_top=”” padding_right=”” padding_bottom=”” padding_left=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” center_content=”no” last=”no” min_height=”” hover_type=”none” link=””][fusion_text]
It took me some time to wrap my head around the new powerful automation functionality introduced in VMware 2.4. It is referenced in the release notes as Declarative Policy Management, but what does that mean?
The intent is to simplify and automate network and security configurations through outcome-driven policy statements. This new declarative policy API reduces the number of configuration steps by allowing users to describe desired end-goals, while letting the system figure out how best to achieve it. Define an entire network topology and deploy it all in one shot, in an order-independent, prescriptive manner.
The result is expanded API functionality, and an updated UI. The changes to the UI are significant, and can broken down into two main areas, a brand new Simplified UI section, and an Advanced UI section which is the interface from NSX-T 2.3.
- Introduced in NSX-T 2.4.
- More declarative: you tell what you need, and plumping is done for you, as in it’s a simplified effort required to deploy a solution.
- the order you perform operations is less important.
- NSX-T API documentation references the target as: https://<policy-mgr>/policy/api
- Segments are a NSX-T 2.4 construct, that you won’t see in the Advanced UI.
- The NSX-T Container Plugin (NCP) that is embedded in the Enterprise PKS tile does not support the Policy API at this time.
- The Policy API is asynchronous, where the response is returned immediately and realization will take time to finish.
- The Advanced Networking & Security section represents the UI from NSX-T 2.3.
- More imperative: you need to be more specific in your specified action to achieve the desired outcome.
- The order you perform operations is more important.
- It’s called Advanced since you have to do the plumbing manually, as in an advanced effort required to deploy a solution.
- REST API documentation references the target as: https://<nsx-mgr>/api
- The Advanced UI/API will be deprecated over time; all features and use cases will eventually be transferred to the Simplified UI/API.
- The NSX-T Container Plugin (NCP) that is embedded in the Enterprise PKS tile is supported.
In NSX-T 2.4, some operations must be performed under Advanced UI, since support is not yet available in the newer Simplified UI. Notes that
This diagram illustrates that:
- Both Policy Manager and NSX Manager coexist on the same unified appliance
- Policy API is realized by Policy Manager Management Plane API
Explaining why:
- Objects created in Simplified UI can be seen in the Advanced UI.
- Objects created in Advanced UI can’t be seen in Simplified UI.
Objects created in the Simplified UI appear as a Protected Object, that can’t be edited using the Advanced UI, with an indicator to denote it was created by nsx_policy:
In preparation for a future blog post, take a look at what the new Policy API has to offer, you can review the API Documentation through the NSX-T Manager link:
or also find the API Documentation here, online.
[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]