At several EUC projects we have a testing Workspace ONE environment(s) where desktop image and application packaging takes place, and a production Workspace ONE environment where only tested and approved items from the test are released. The environments are separated into vCenter/NSX managers. Actually, the production ones are even more separated in management and two or more desktop pods. All with their own NSX managers, and with there own management and rules. There is a need for a way to synchronize the approved NSX DFW rule set from testing to production, and between the production pods, without too much effort or human interference. We couldn’t find a cmdlet that does this all, so I wrote up the following script to synchronize the NSX configuration between pods: PowerNSX DFW Synchronization Script. We also have the same need for other projects, and I think it will benefit the next iteration of the NSXHorizonJumpstart I was working on earlier. You can go and grab the first version of the PowerNSX DFW synchronization script at https://github.com/Paikke/NsxSynchronization. In the remainder of this blog post, I will explain some further this script.
A few blog posts ago (https://www.pascalswereld.nl/2017/08/24/nsx-for-desktop-jumpstart-microsegmentation-with-horizon-service-installer-fling/) I wrote about using the Horizon Service Installer fling for adding Horizon services to NSX for Desktop. From that blog post, I have been continuing to evolve the services file with services, sections, and rules that will normally appear in an EUC solution with VMware products. I tried to maintain the services yml file to keep on working with the fling. Currently you still can, however I don’t know how long this will be.
And this is because of another part I am working on, using PowerNSX for adding the services file to the NSX environment, and in turn, replace the need of the fling. You can read about me starting this at the post PowerCLI Collection: PowerNSX Desktop Jumpstart and process YAML (yml) config file. And this blog post is about explaining the first version to reach feature parity to the Horizon Service installer fling. The NSXHorizonJumpstart script now reads and adds to the complete yml file to NSX services, service groups, security groups and adds the Firewall sections with the firewall groups.
You can find both the services file as the current version of the script from the master branch at: https://github.com/Paikke/NSXHorizonJumpstart.
In my last blog post (https://www.pascalswereld.nl/2017/08/24/nsx-for-desktop-jumpstart-microsegmentation-with-horizon-service-installer-fling/) I wrote about using the Horizon Service Installer fling for adding Horizon services to NSX for Desktop. From that blog post I have been evolving the services file with services and rules that will normally appear in an EUC solution with VMware products. Not just sticking with Horizon 7, but also getting App Volumes, UEM, UAG, and infrastructure components in the picture. And I will be continuing to evolve the services.
Another part I am working on is using PowerShell/PowerNSX for adding the services file to the NSX environment, and in turn, replace the need of the fling. And this blog post is about explaining the current structure from reading the yml file and using this information to check and add to NSX. For now, the services yml file will be maintained to keep on working with the fling.