NSX 6.4 API - docs.vmware.com for vSphere API Guide Version: 6.4 Page 2 Table of Contents Introduction 13 Endpoints 17 Working With vSphere Distributed Switches 17 Working With vSphere

NSX for vSphere API GuideUpdate 5

Modified on 24 MAY 2018

VMware NSX for vSphere 6.4

Page 1

NSX for vSphere API Guide Version: 6.4 Page 2

Table of Contents13Introduction

17Endpoints

17Working With vSphere Distributed Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Working With vSphere Distributed Switches in a Datacenter

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Working With a Specific vSphere Distributed Switch

21Working With Segment ID Pools and Multicast Ranges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Working With Segment ID Pools

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Working With a Specific Segment ID Pool

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Working With Multicast Address Ranges

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Working With a Specific Multicast Address Range

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Working With the VXLAN Port Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Update the VXLAN Port Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26VXLAN Port Configuration Update Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Resume VXLAN Port Configuration Update

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Working With Allocated Resources

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Resolving Missing VXLAN VMKernel Adapters

29Working With Controller Disconnected Operation (CDO) Mode

31Working With Transport Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Working With a Specific Transport Zone

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Working With Transport Zone Attributes

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Working With Transport Zone CDO Mode

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Testing Multicast Group Connectivity

40Working With Logical Switches in a Specific Transport Zone

41Working With Traceflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Working With a Specific Traceflow

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Traceflow Observations

46Working With Logical Switches in All Transport Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Working Virtual Machine Connections to Logical Switches

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48Working With a Specific Logical Switch

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Resolving Missing Port Groups for a Logical Switch

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Testing Host Connectivity

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Testing Point-to-Point Connectivity

. . . . . . . . . . . . . . . . . . . . 52Working With Hardware Gateway Bindings for a Specific Logical Switch

. . . . . . . . . . . . . . . 53Working With Connections Between Hardware Gateways and Logical Switches

55Working With IP Discovery and MAC Learning for Logical Switches

57Working With NSX Controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Working With Controller Upgrade Availability

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Working With of Controller Job Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Working With a Specific Controller

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60Working With NSX Controller System Statistics


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Working With Controller Tech Support Logs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62Working With Controller Syslog

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Working With Controller Cluster Snapshots

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Working With the NSX Controller Cluster Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Working With Controller NTP Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65Working With the NSX Controller Password

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Working With Controller Synchronization

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Working with Controller Synchronization Status

67Working With Hypervisor Tunnel Health Status Using BFD . . . . . . . . . . . . . . . . . . . . . . . 67Working with overall information about tunnel health of a hypervisor

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Working with tunnel health status for a specific host

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Working with tunnel connections for a specific host

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Working with remote host status

72Working With BFD Configuration Information

74Working With pNIC Configuration Information

76Working With Services Grouping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Retrieve Services from a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Create a Service on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Working With a Specified Service

79Working With Service Groups Grouping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Creating Service Groups on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Working With Service Groups on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Working With a Specific Service Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Working With a Specific Service Group Member

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Working With Service Group Members on a Specific Scope

82Working With IP Pool Grouping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82Working With IP Pools on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Working With a Specific IP Pool

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Working With IP Pool Address Allocations

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86Working With Specific IPs Allocated to an IP Pool

87Working With Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Working With Licensing Capacity

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88Working With Licensing Status

89Working With Security Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Managing Security Tags

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91Delete a Security Tag

. . . . . . . . . . . . . . . . . . . . . . . . . . . 91Working With Virtual Machines on a Specific Security Tag

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Manage a Security Tag on a Virtual Machine

. . . . . . . . . . . . . . . . . . . . . . . 93Working With Virtual Machine Details for a Specific Security Tag

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Working With Security Tags on a Specific Virtual Machine

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95Working With Security Tags Unique ID Selection Criteria

97Working With NSX Manager SSO Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Working With SSO Configuration Status


98Working With User Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Manage Users on NSX Manager

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Working With User Account State

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Manage NSX Roles for Users

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Working With NSX Manager Role Assignment

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Working With Available NSX Manager Roles

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Working With Scoping Objects

101Working with API Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Working with API Tokens

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Working With API Token Expiration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102Working With Token Invalidation

104Working With Security Group Grouping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104Creating New Security Groups With Members

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106Creating New Security Groups Without Members

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 107Updating a Specific Security Group Including Membership

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Working With a Specific Security Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Working With Members of a Specific Security Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Working With Virtual Machines in a Security Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Working With IP Addresses in a Security Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Working With MAC Addresses in a Security Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Working With vNICs in a Security Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . 111Working With Virtual Machine Security Group Membership

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Working With IP Address in a Security Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Working With Internal Security Groups

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Working With Security Groups on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Working With Security Group Member Types

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114Working With a Specific Security Group Member Type

115Working With IP Set Grouping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Working With IP Sets on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Creating New IP Sets

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Working With a Specific IP Set

117Configuring NSX Manager with vCenter Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Connection Status for vCenter Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Working with vCenter Server Connection

119Configuring Index Maintainance

121Configuring the High CPU Usage Reporting Tool

123Working with the CPU Usage Monitoring Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Working With CPU Usage Indicator

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Working With CPU Usage Details

125Working With Universal Sync Configuration in Cross-vCenter NSX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Working With Universal Sync Configuration Roles

. . . . . . . . . . . . . . . . . . . . . . . . . . 125Working With Universal Sync Configuration of NSX Managers

. . . . . . . . . . . . . . . . . . . . . . . . . . . 126Universal Sync Configuration of a Specific NSX Manager

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127NSX Manager Synchronization


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Working With Universal Sync Entities

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Working With Universal Sync Status

128Working With the Appliance Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Global Information for NSX Manager

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Summary Information for NSX Manager

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129Component Information for NSX Manager

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131Reboot NSX Manager

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131NSX Manager Appliance CPU Information

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132NSX Manager Appliance CPU Details

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132NSX Manager Appliance Uptime Information

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133NSX Manager Appliance Memory Information

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133NSX Manager Appliance Storage Information

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133NSX Manager Appliance Network Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Working With DNS Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Working With Security Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Working With TLS Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137Working With Time Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Working With NTP Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138Configure System Locale

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139Working With Syslog Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Working With Multiple Syslog Servers

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141Working With Components

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Working With a Specific Component

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143Working With Component Dependencies

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144Working With Component Dependents

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144Working With Component Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145Toggle Component Status

. . . . . . . . . . . . . . . . . . . . . . . . . . 145Working With the Appliance Management Web Application

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145NSX Manager Appliance Backup Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148NSX Manager Appliance Backup FTP Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148NSX Manager Appliance Backup Exclusion Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149NSX Manager Appliance Backup Schedule Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149NSX Manager Appliance On-Demand Backup

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150Working With NSX Manager Appliance Backup Files

. . . . . . . . . . . . . . . . . . . . . . . . . . 150Restoring Data from an NSX Manager Appliance Backup File

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Working With Tech Support Logs by Component

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Working With Tech Support Log Files

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Working With Support Notifications

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Acknowledge Notifications

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Upgrading NSX Manager Appliance

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Upload an NSX Manager Upgrade Bundle

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152Upload an NSX Manager Upgrade Bundle from URL

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153Prepare for NSX Manager Upgrade

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Start the NSX Manager Upgrade

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155NSX Manager Upgrade Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 155Working With Certificates on the NSX Manager Appliance

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155Working With Keystore Files

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155NSX Manager Certificate Manager


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Working With Certificate Signing Requests

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157Working With Certificate Chains

158Working With NSX Manager System Events

160Working with Host Event Notifications

161Working With NSX Manager Audit Logs

163Working With the VMware Customer Experience Improvement Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163Working With the VMware CEIP Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164Working With Proxy Setting for VMware CEIP

166Working With Network Fabric Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 166Working With Network Virtualization Components and VXLAN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170Working With Network Fabric Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 171Working With Network Fabric Status of Child Resources

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172Working With Status of Resources by Criterion

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174Working With Locale ID Configuration For Clusters

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175Working With Locale ID Configuration for Hosts

177Working With Security Fabric and Security Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Working With a Specified Service

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179Working With Service Dependencies

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179Working With Installed Services on a Cluster

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Working With a Specific Service on a Cluster

182Working With Data Collection for Activity Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Working With Data Collection on a Specific Virtual Machine

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182Override Data Collection

. . . . . . . . . . . . . . . . . . . . . . 183Retrieve Data Collection Configuration for a Specific Virtual Machine

185Working With Activity Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185Working With Aggregated User Activity

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187Working With User Details

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Working With a Specific User

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Working With Applications

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Working With a Specific Application

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Working With Discovered Hosts

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Working With a Specific Discovered Host

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Working With Desktop Pools

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Working With a Specific Desktop Pool

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190Working With Virtual Machines

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Working With a Specific Virtual Machine

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Working With LDAP Directory Groups

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Working With a Specific LDAP Directory Group

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Working With a Specific User's Active Directory Groups

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192Working With Security Groups

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192Working With a Specific Security Group

193Working With Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Registering Domains


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Retrieve LDAP Domains

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194Delete a Specific Domain

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Working with Root Distinguished Names

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Delete DomainRootDN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Create LDAP Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196Query LDAP Servers for a Domain

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Update AD Sync Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197Start LDAP Full Sync

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Start LDAP Delta Sync

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198Delete LDAP Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198EventLog Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199Working With EventLog Servers for a Domain

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199Delete EventLog Server

200Working With Mapping Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Working With User to IP Mappings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Working With Host to IP Mappings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Working With IP to User Mappings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Working With User Domain Groups

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201Working With a Specific Static User Mapping

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Working With Static User Mappings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Working With Static User IP Mappings for a Specific User

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Working With Static User IP Mappings for a Specific IP

204Working With Activity Monitoring Syslog Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204Enable Syslog Support

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204Disable Syslog Support

205Working With Solution Integrations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205Working With Agents on a Specific Host

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206Working With a Specific Agent

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207Working With Agents on a Specific Deployment

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208Working With Conflicting Agencies

210Working With MAC Address Set Grouping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210Working With a Specific MAC Address Set

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211Working With MAC Address Sets on a Specific Scope

214Working With ESX Agent Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214Working With EAM Status

215Working With Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218Working With a Specific System Alarm

220Working With Alarms from a Specific Source

223Working With System Scale (Capacity Parameter) Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223System Scale (Capacity Parameter) Dashboard Report

. . . . . . . . . . . . . . . . . . . . . . . . . . . 224System Scale (Capacity Parameter) Dashboard Threshold

226Working With Custom Dashboard Widget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236Working With a Specific Widget


240Working With the Task Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240Working With a Specific Job Instance

241Working With Guest Introspection and Third-party Endpoint Protection (Anti-virus)Solutions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 241Register a Vendor and Solution with Guest Introspection

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 242Working With Registered Guest Introspection Vendors

. . . . . . . . . . . . . . . . 242Working With Guest Introspection Vendors and Endpoint Protection Solutions

. . . . . . . . . . . . . . . . . . . . . . . . . 243Information About Registered Endpoint Protection Solutions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 243Endpoint Protection Solution Registration Information

. . . . . . . . . . . . . . . . . . . . . . . . . . 244IP Address and Port For an Endpoint Protection Solution

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245Activate an Endpoint Protection Solution

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246Activated Security Virtual Machines

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246Activate a Registered Endpoint Protection Solution

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Working With Solution Activation Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . 248Working With Guest Introspection SVM Health Thresholds

250Working With Distributed Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Default Firewall Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Working with Distributed Firewall Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255Working With Layer 3 Sections in Distributed Firewall

. . . . . . . . . . . . . . . . . . . . . . . . . 259Working With a Specific Layer 3 Distributed Firewall Section

. . . . . . . . . . . . . . . . . . . . . . . . 264Working With Distributed Firewall Rules in a Layer 3 Section

. . . . . . . . . . . . . . . . . . . . . . . . 265Working With a Specific Rule in a Specific Layer 3 Section

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Working With Layer 2 Sections in Distributed Firewall

. . . . . . . . . . . . . . . . . . . . . . . . . 268Working With a Specific Layer 2 Distributed Firewall Section

. . . . . . . . . . . . . . . . . . . . . . . . 271Working With Distributed Firewall Rules in a Layer 2 Section

. . . . . . . . . . . . . . . . . . . . . . . . 273Working With a Specific Rule in a Specific Layer 2 Section

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274Layer 3 Redirect Sections and Rules

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275Layer 3 Redirect Section

. . . . . . . . . . . . . . . . . . . . . . . . 276Working With Layer 3 Redirect Rules for a Specific Section

. . . . . . . . . . . . . . . . . . . 277Working With a Specific Layer 3 Redirect Rule for a Specific Section

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Service Insertion Profiles and Layer 3 Redirect Rules

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278Enable Distributed Firewall After Upgrade

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279Working With Distributed Firewall Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280Working With a Specific Layer 3 Section Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Working With a Specific Layer 2 Section Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281Import and Export Firewall Configurations

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282Working With a Specific Saved Firewall Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Export a Firewall Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284Import a Firewall Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284Working With Distributed Firewall Session Timers

. . . . . . . . . . . . . . . . . . . 287Working With a Specific Distributed Firewall Session Timer Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288Working With Distributed Firewall Event Thresholds

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289Working With Distributed Firewall Thresholds

. . . . . . . . . . . . . . . . . . . . . . . . . . . 292Working With the Distributed Firewall Global Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . 293Working With the Distributed Firewall Universal Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Synchronize Firewall

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294Enable Firewall


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294Working With IPFIX

. . . . . . . . . . . . . . . . . . . . . . . . . . . 295Distributed Firewall State Realization for Grouping Objects

298Working With SpoofGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298Working With SpoofGuard Policies

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298Working With a Specific SpoofGuard Policy

. . . . . . . . . . . . . . . . . . . . . . 299Perform SpoofGuard Operations on IP Addresses in a Specific Policy

301Working With Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301Working With Flow Monitoring Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302Working With Flow Monitoring Meta-Data

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303Working With Flow Monitoring Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305Working With Flow Configuration for a Specific Context

306Exclude Virtual Machines from Firewall Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307Working With the Exclusion List

309Working With NSX Edge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319Working With a Specific NSX Edge

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324Working With DNS Client Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324Working With AESNI

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325Working With Core Dumps

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325Working With FIPS on NSX Edge

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326Working With NSX Edge Logs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326Working With NSX Edge Summary

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333Working With NSX Edge Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335Working With NSX Edge Health Summary

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337Working With NSX Edge Tech Support Logs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338Working With NSX Edge CLI Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Working With NSX Edge Remote Access

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Working With NSX Edge System Control Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340Working With NSX Edge Firewall Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343Working With Firewall Rules

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344Working With a Specific Firewall Rule

. . . . . . . . . . . . . . . . . . . . . . . . . . 345Working With the NSX Edge Global Firewall Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347Working With the Default Firewall Policy for an Edge

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347Working With Statistics for a Specific Firewall Rule

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347Working With NAT Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352Working With NAT Rules

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353Working With a Specific NAT Rule

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354Working With the NSX Edge Routing Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363Working With the NSX Edge Global Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364Working With Static and Default Routes

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365Working With OSPF Routing for NSX Edge

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367Working With BGP Routes for NSX Edge

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370Working With GRE Tunnels

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373Working With a Specific GRE Tunnel

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376Working With Layer 2 Bridging

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376Working With NSX Edge Load Balancer

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385Working With Application Profiles


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387Working With a Specific Application Profile

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388Working With Application Rules

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389Working With a Specific Application Rule

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390Working With Load Balancer Monitors

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392Working With a Specific Load Balancer Monitor

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393Working With Virtual Servers

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394Working With a Specific Virtual Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394Working With Server Pools

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398Working With a Specific Server Pool

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399Working With a Specific Load Balancer Member

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399Working With Load Balancer Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403Working With Load Balancer Acceleration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403Working With NSX Edge DNS Server Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405Get DNS server statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406Configure DHCP for NSX Edge

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410Working With DHCP IP Pools

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411Working With a Specific DHCP IP Pool

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411Working With DHCP Static Bindings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413Working With a Specific DHCP Static Binding

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414Working With DHCP Relays

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416Working With DHCP Leases

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416Working With NSX Edge High Availability

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418Working With Remote Syslog Server on NSX Edge

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419Working With SSL VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419Working With SSL VPN Server

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420Working With Private Networks

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421Working With a Specific Private Network

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422Working With IP Pools for SSL VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423Working With a Specific IP Pool for SSL VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424Working With Network Extension Client Parameters

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425Working With SSL VPN Client Installation Packages

. . . . . . . . . . . . . . . . . . . . . . . 426Working With a Specific SSL VPN Client Installation Package

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428Working With Portal Layout

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428Working With Image Files for SSL VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429Working With Portal Users

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430Working With a Specific Portal User

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431Working With Authentication Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432Working With the RSA Config File

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433SSL VPN Advanced Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433Working With Logon and Logoff Scripts for SSL VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435Working With Uploaded Script Files

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436Uploading Script Files for SSL VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436Working With SSL VPN Users

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437Working With Active Client Sessions

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437Working With a Specific Active Client Session

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 437Working With NSX Edge Firewall Dashboard Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438Working With SSL VPN Dashboard Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439Working With Tunnel Traffic Dashboard Statistics


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439Working With Interface Dashboard Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439Working With Interface Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440Working With Uplink Interface Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440Working With Internal Interface Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440Working With L2 VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445Working With L2 VPN Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446Working With IPsec VPN

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450Working With IPsec Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452Automatic Configuration of Firewall Rules

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453Working With NSX Edge Appliance Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . 456Working With NSX Edge Appliance Configuration by Index

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458Working With Edge Services Gateway Interfaces

. . . . . . . . . . . . . . . . . . . . . . . . . . 459Working With a Specific Edge Services Gateway Interface

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461Working With a Sub-Interface of a Backing Type

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462Creating a Sub-Interface of a Backing Type

. . . . . . . . . . . . . . . . . . . . . . . . . . . 463Working With Logical Router HA (Management) Interface

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Working With Logical Router Interfaces

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465Working With a Specific Logical Router Interface

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466Configuring Edge Services in Async Mode

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467Working With a Specific Edge Job Status

468Working With NSX Edge Configuration Publishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468Working With NSX Edge Tuning Configuration

470Working With Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470Working With Certificates and Certificate Chains

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470Working With Certificate Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471Working With Certificates on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471Working With Self-Signed Certificates

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472Working With a Specific Certificate

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472Working With Certificate Signing Requests

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473Working With Self-Signed Certificate for CSR

. . . . . . . . . . . . . . . . . . . . . . . . . 474Working With Certificate Signing Requests on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . 474Working With Certificate Revocation Lists on a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474Working With CRL Certificates in a Specific Scope

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475Working With a Specific CRL Certificate

476Working With Service Composer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477Working With Security Policies

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479Working With all Security Policies

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483Working With a Specific Security Policy

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486Working With Security Group Bindings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487Working With Security Actions on a Security Policy

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487Working with Service Composer Policy Precedence

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487Working With Service Composer Status

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488Working With All Service Composer Alarms

. . . . . . . . . . . . . . . . . . . . . . . . . 489Working With Service Composer Firewall Applied To Setting

. . . . . . . . . . . . . . . . . . . . . . . 490Working With Service Composer Configuration Import and Export

. . . . . . . . . . . . . . . . . . . . . . . . . . 491Working With Virtual Machines with Security Actions Applied

. . . . . . . . . . . . . . . . . . . . . . . . . 492Working With Security Actions Applicable on a Security Group


. . . . . . . . . . . . . . . . . . . . . . . . . 496Working With Security Actions Applicable on a Virtual Machine

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497Working With Service Composer Firewall

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498Working With Service Composer Firewall Information

. . . . . . . . . . . . . . . . . . . . . . . . . . . 498Working With Security Policies Mapped to a Security Group

502Working With SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502Working With SNMP Status Settings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503Working With SNMP Managers

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Working With a Specific SNMP Manager

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505Working With SNMP Traps

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506Working With a Specific SNMP Trap

508Working With Translation of Virtual Machines to IP Addresses

509Working With Support Bundle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510Status of the Technical Support Bundle

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512Download Support Bundle

513Working With the Central CLI

514Communication Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514Communication Status of a Specific Host

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514Communication Status of a List of Hosts

516Working With Hardware Gateways . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517Working With a Specific Hardware Gateway

. . . . . . . . . . . . . . . . . . . . . . . . . . . 518Working With Switches on a Specific Hardware Gateway

. . . . . . . . . . . . . . . . . . . . . . 519Working With a Specific Switch on a Specific Hardware Gateway

. . . . . . . . . . . . . . . . . 519Working With Ports on a Specific Switch on a Specific Hardware Gateway

. . . . . . . . . . . . . . . . . . . . . . . . . . . . 520Working With the Hardware Gateway Replication Cluster

523Working With Hardware Gateway Bindings and BFD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523Working With Hardware Gateway Bindings

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524Working With a Specific Hardware Gateway Binding

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525Working With Hardware Gateway Binding Statistics

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525Working With Hardware Gateway Binding Objects

. . . . . . . . . . . . . . . . . . 526Working With Hardware Gateway BFD (Bidirectional Forwarding Detection)

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527Working With Hardware Gateway BFD Configuration

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527Working With Hardware Gateway BFD Tunnel Status

530Appendix


IntroductionThis manual, the NSX for vSphere API Guide, describes how to install, configure, monitor, and maintain the VMwareNSX system by using REST API requests.

Intended AudienceThis manual is intended for anyone who wants to use REST API to programmatically control NSX in a VMwarevSphere environment. The information in this manual is written for experienced developers who are familiar with virtualmachine technology, virtualized datacenter operations, and REST APIs. This manual also assumes familiarity withNSX for vSphere.

VMware Technical Publications GlossaryVMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For definitions of terms asthey are used in VMware technical documentation go to http://www.vmware.com/support/pubs.

Technical Documentation and Product UpdatesYou can find the most up-to-date technical documentation on the VMware Web site at:http://www.vmware.com/support/.

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to: .

Using the NSX REST APITo use the NSX REST API, you must configure a REST client, verify the required ports are open between your RESTclient and the NSX Manager, and understand the general RESTful workflow.

Ports Required for the NSX REST API

The NSX Manager requires port 443/TCP for REST API requests.

Configuring REST Clients for the NSX REST API

Some common REST clients include Postman, RESTClient (a Firefox add-on), and curl (a command-line tool). Thedetails of REST client configuration will vary from client to client, but this general information should help you configureyour REST client correctly. The NSX REST API can use basic authentication or JSON Web Token authentication.

You can authenticate using basic authentication or JSON Web Tokens. See "Working with API Tokens" forinformation on creating and using JSON Web Tokens. You must configure your REST client to send the NSXManager authentication credentials. See the documentation for your REST client for details.

You must use https to send API requests to the NSX Manager.You might need to import the certificate from the NSX Manager to your REST client to allow it to connect to the NSXManager.

When you submit an API request with a request body, you must include the appropriate Content-Typeheader.Starting in NSX 6.4, both XML and JSON are supported. This guide documents XML examples. Set theContent-Type header to application/xml or application/json as needed.Some requests require additional headers, for example, firewall configuration changes require the If-Match header.This is noted on each method description.

To ensure you always receive the correct response bodies, set the Accept headerStarting in NSX 6.4, both XML and JSON are supported. This guide documents XML examples. Set the Acceptheader to application/xml or application/json as needed.Note: Some methods, for example, the central CLI method, POST /1.0/nsx/cli, might require a different Acceptheader.

http://www.vmware.com/support/pubshttp://www.vmware.com/support/


The following API method will return a response on a newly deployed NSX Manager appliance, even if you have notmade any configuration changes. You can use this as a test to verify that your REST client is configured correctly tocommunicate with the NSX Manager API.

GET /api/2.0/services/usermgmt/user/admin

URI and Query Parameters

Some methods have URI or query parameters. URI parameters are values that you include in the request URL. Youuse a question mark (?) to join the request URL and the query parameters. Multiple query parameters can becombined by using ampersands (&).

For example, you can use this method to get a list of logical switches on a transport zone:

GET /api/2.0/vdn/scopes/{scopeId}/virtualwires

scopeId is a URI parameter that represents a transport zone.

The startindex and pagesize query parameters control how this information is displayed. startindex determineswhich logical switch to begin the list with, and pagesize determines how many logical switches to list.

To view the first 20 logical switches on transport zone vdnscope-1, use the following parameters: scopeId URI parameter set to vdnscope-1. startindex query parameter set to 0. pagesize query parameter set to 20.

These parameters are combined to create this request:

GET https://192.168.110.42/api/2.0/vdn/scopes/vdnscope-1/virtualwires?startindex=0&pagesize=20

RESTful Workflow Patterns

All RESTful workflows fall into a pattern that includes only two fundamental operations, which you repeat in this orderfor as long as necessary. Make an HTTP request (GET, PUT, POST, or DELETE).

The target of this request is either a well-known URL (such as NSX Manager) or a link obtained from the response toa previous request. For example, a GET request to an Org URL returns links to vDC objects contained by the Org.

Examine the response, which can be an XML document or an HTTP response code.If the response is an XML document, it might contain links or other information about the state of an object. If theresponse is an HTTP response code, it indicates whether the request succeeded or failed, and might beaccompanied by a URL that points to a location from which additional information can be retrieved.

Revision Numbers

Some API objects include a configuration version number. In some cases, this revision number is used to preventconcurrent changes to an object. As a best practice, before you change the configuration of an object, retrieve thelatest configuration using GET. Modify the response body as needed and use it as your PUT request body. If the objecthas been modified since your GET operation, you might see an error message.

Finding vCenter Object IDsMany API methods reference vCenter object IDs in URI parameters, query parameters, request bodies, and responsebodies. You can find vCenter object IDs via the vCenter Managed Object Browser.

Find Datacenter MOID

1 In a web browser, enter the vCenter Managed Object Browser URL: http://vCenter-IP-Address/mob.

2 Click content.

3 Find rootFolder in the Name column, and click the corresponding link in the Value column. For example,group-d1.


4 Find the childEntity in the Name column, and the corresponding Value column entry is the datacenter MOID. Forexample, datacenter-21.

Find Cluster or Host MOID


2 Click content.


4 Find childEntity in the Name column, and click the corresponding link in the Value column. For example,datacenter-21.

5 Find hostFolder in the Name column, and click the corresponding link in the Value column. For example,group-h23.

6 Find childEntity in the Name column. The corresponding Value column lists the host clusters. For example,domain-c33.

7 To find the MOID of a host in a cluster, click the appropriate host cluster link located in the previous step.

8 Find host in the Name column. The corresponding Value column lists the hosts in that cluster by vCenter MOIDand hostname. For example, host-32 (esx-02a.corp.local).

Find Portgroup MOID


2 Click content.




6 Find childEntity in the Name column. The corresponding Value column contains links to host clusters. Click theappropriate host cluster link. For example, domain-c33.

7 Find host in the Name column. The corresponding Value column lists the hosts in that cluster by vCenter MOIDand hostname. Click the appropriate host link, For example, host-32.

8 Find network in the Name column. The corresponding Value column lists the port groups on that host, Forexample, dvportgroup-388.

Find VM MOID or VM Instance UUID


2 Click content.




6 Find childEntity in the Name column. The corresponding Value column contains links to host clusters. Click theappropriate host cluster link. For example, domain-c33.

7 Find host in the Name column. The corresponding Value column lists the hosts in that cluster by vCenter MOIDand hostname. Click the appropriate host link, For example, host-32.


8 Find vm in the Name column. The corresponding Value column lists the virtual machines by vCenter MOID andhostname. For example, vm-216 (web-01a).

9 To find the instance UUID of a VM, click the VM MOID link located in the previous step. Click the config link in theValue column.

10 Find instanceUuid in the Name column. The corresponding Value column lists the VM instance UUID. Forexample, 502e71fa-1a00-759b-e40f-ce778e915f16.


Endpointshttps://{nsxmanager}/apiBase URI Parameters:

nsxmanager(required) Hostname or IP address of the NSX Manager.

Working With vSphere Distributed Switches

GET /api/2.0/vdn/switches

Description:Retrieve information about all vSphere Distributed Switches.

Responses:Status Code: 200Body: application/xml

dvs-35VmwareDistributedVirtualSwitch423A993F-BEE6-1285-58F1-54E48D508D90916287b3-761d-430b-8ab2-83878dfe3e7f10VmwareDistributedVirtualSwitchvds-site-adatacenter-21DatacenterDatacenter Site Afalse01600FAILOVER_ORDERUplink 4falsedvs-47VmwareDistributedVirtualSwitch******


POST /api/2.0/vdn/switches

Description:Prepare a vSphere Distributed Switch.

The MTU is the maximum amount of data that can be transmitted in one packet before it is divided into smallerpackets. VXLAN frames are slightly larger in size because of the traffic encapsulation, so the MTU required is higherthan the standard MTU. You must set the MTU for each switch to 1602 or higher.

Request:Body: application/xml

dvs-26DistributedVirtualSwitch0DistributedVirtualSwitchETHER_CHANNELmtu-value

Working With vSphere Distributed Switches in a Datacenter

GET /api/2.0/vdn/switches/datacenter/{datacenterID}

URI Parameters:

datacenterID(required) A valid datacenter ID (e.g. datacenter-21)

Description:Retrieve information about all vSphere Distributed Switches in the specified datacenter.


dvs-35 VmwareDistributedVirtualSwitch 423A993F-BEE6-1285-58F1-54E48D508D90 916287b3-761d-430b-8ab2-83878dfe3e7f 10


VmwareDistributedVirtualSwitch vds-site-a datacenter-21 Datacenter Datacenter Site A false 0 1600 FAILOVER_ORDER Uplink 4 false dvs-47 VmwareDistributedVirtualSwitch *** ***

Working With a Specific vSphere Distributed Switch

GET /api/2.0/vdn/switches/{vdsId}

URI Parameters:

vdsId(required) A valid vSphere Distributed Switch ID (e.g. dvs-35)

Description:Retrieve information about the specified vSphere Distributed Switch.


dvs-35 VmwareDistributedVirtualSwitch 423A993F-BEE6-1285-58F1-54E48D508D90 916287b3-761d-430b-8ab2-83878dfe3e7f 10 VmwareDistributedVirtualSwitch


vds-site-a datacenter-21 Datacenter Datacenter Site A false 0 1600 FAILOVER_ORDER Uplink 4 false

DELETE /api/2.0/vdn/switches/{vdsId}

URI Parameters:

vdsId(required) A valid vSphere Distributed Switch ID (e.g. dvs-35)

Description:Delete the specified vSphere Distributed Switch.


Working With Segment ID Pools and Multicast Ranges

Working With Segment ID PoolsSegment ID pools (also called segment ID ranges) provide virtual network identifiers (VNIs) to logical switches.

You must configure a segment ID pool for each NSX Manager. You can have more than one segment ID pool. Thesegment ID pool includes the beginning and ending IDs.

You should not configure more than 10,000 VNIs in a single vCenter server because vCenter limits the number ofdvPortgroups to 10,000.

If any of your transport zones will use multicast or hybrid replication mode, you must also configure a multicast addressrange.

GET /api/2.0/vdn/config/segments

Description:Retrieve information about all segment ID pools.


1Local SegmentsLocal Segment ID pool50005999false03Universal-SegmentsUniversal segment ID pool200000201000true2

POST /api/2.0/vdn/config/segments

Query Parameters:

isUniversal(optional) Set to true when creating a universal segment ID pool.

Description:Add a segment ID pool.


name - Required property. desc - Optional property. begin - Required property. Minimum value is 5000 end - Required property. Maximum value is 16777216


Segment 1Segment Range 1500012999

Working With a Specific Segment ID Pool

GET /api/2.0/vdn/config/segments/{segmentPoolId}

URI Parameters:

segmentPoolId(required) A valid segmentPoolId

Description:Retrieve information about the specified segment ID pool.


1Local SegmentsLocal Segment ID pool50005999false0

PUT /api/2.0/vdn/config/segments/{segmentPoolId}

URI Parameters:


Description:Update the specified segment ID pool.


If the segment ID pool is universal you must send the API request to the primary NSX Manager.


Local Segment ID pool expanded6999

DELETE /api/2.0/vdn/config/segments/{segmentPoolId}

URI Parameters:


Description:Delete the specified segment ID pool.

If the segment ID pool is universal you must send the API request to the primary NSX Manager.

Working With Multicast Address RangesIf any of your transport zones will use multicast or hybrid replication mode, you must add a multicast address range(also called a multicast address pool). Specifying a multicast address range helps in spreading traffic across yournetwork to avoid overloading a single multicast address.

GET /api/2.0/vdn/config/multicasts

Description:Retrieve information about all configured multicast address ranges.

Universal multicast address ranges have the property isUniversal set to true.


5 239.0.0.0-239.255.255.255 239.0.0.0 239.255.255.255 false 0 10 Range 2 237.0.0.0


237.255.255.255 false 0

POST /api/2.0/vdn/config/multicasts

Query Parameters:

isUniversal(optional) Set to true when creating a universal multicast addressrange.

Description:Add a multicast address range for logical switches.

The address range includes the beginning and ending addresses.


Range 2237.0.0.0237.255.255.255

Working With a Specific Multicast Address Range

GET /api/2.0/vdn/config/multicasts/{multicastAddresssRangeId}

URI Parameters:

multicastAddresssRangeId(required) A valid multicast address range ID

Description:Retrieve information about the specified multicast address range.


5 239.0.0.0-239.255.255.255 239.0.0.0 239.255.255.255 false 0


PUT /api/2.0/vdn/config/multicasts/{multicastAddresssRangeId}

URI Parameters:


Description:Update the specified multicast address range.

If the multicast address range is universal you must send the API request to the primary NSX Manager.


Extended range 2Extended range 2238.255.255.255

DELETE /api/2.0/vdn/config/multicasts/{multicastAddresssRangeId}

URI Parameters:


Description:Delete the specified multicast address range.

If the multicast address range is universal you must send the API request to the primary NSX Manager.

Working With the VXLAN Port Configuration

GET /api/2.0/vdn/config/vxlan/udp/port

Description:Retrieve the UDP port configured for VXLAN traffic.


4789


Update the VXLAN Port Configuration

PUT /api/2.0/vdn/config/vxlan/udp/port/{portNumber}

URI Parameters:

portNumber(required) A valid UDP port for VXLAN

Query Parameters:

force(optional) Set to true to force the change in VXLAN port.

This updates the port configuration on the hosts directly,and might cause a disruption in VXLAN traffic. In across-vCenter NSX environment, this does not changethe port on all NSX Managers.

Description:Update the VXLAN port configuration to use port portNumber.

This method changes the VXLAN port in a three phrase process, avoiding disruption of VXLAN traffic. In across-vCenter NSX environment, change the VXLAN port on the primary NSX Manager to propagate this change on allNSX Managers and hosts in the cross-vCenter NSX environment.

Method history:

Release Modification

6.2.3

Method updated. Port change is now non-disruptive, andpropagates to secondary NSX Managers if performed onthe primary NSX Manager. Force parameter added.

VXLAN Port Configuration Update Status

GET /api/2.0/vdn/config/vxlan/udp/port/taskStatus

Description:Retrieve the status of the VXLAN port configuration update.

Method history:


6.2.3 Method introduced.


8472


4789 PHASE_TWO PAUSED

Resume VXLAN Port Configuration Update

POST /api/2.0/vdn/config/vxlan/udp/port/resume

Description:If you update the VXLAN port using the Change button on the Installation > Logical Network Preparation page inthe vSphere Web Client, or using PUT /api/2.0/vdn/config/vxlan/udp/port/{portNumber} without the forceparameter, and the port update does not complete, you can try resuming the port config change.

You can check the progress of the VXLAN port update with GET/api/2.0/vdn/config/vxlan/udp/port/taskStatus.

Only try resuming the port update if it has failed to complete. You should not need to resume the port update undernormal circumstances.

Method history:



Working With Allocated Resources

GET /api/2.0/vdn/config/resources/allocated

Query Parameters:

type set to segmentId or multicastAddress

pagesize The number of results to return. Range is 1-1024.

startindex The starting point for returning results.

Description:Retrieve information about allocated segment IDs or multicast addresses.

Resolving Missing VXLAN VMKernel Adapters

POST /api/2.0/vdn/config/host/{hostId}/vxlan/vteps

Query Parameters:


action(required) remediate: Use the remediate action to recreate themissing VXLAN VMKernel adapter on the host. Thisaction removes the adapter using the resync action,then recreates the adapter.

resync: If the VXLAN VMKernel adapter is no longerneeded, you can use the resync action to remove themissing VXLAN VMKernel adapter from the NSXManager configuration database.

Description:Resolve missing VXLAN VMKernel adapters.

Method history:




Working With Controller Disconnected Operation (CDO)ModeYou can enable CDO mode on secondary NSX Manager to avoid connectivity issues with the primary site.

CDO mode state has the following values: ENABLED: CDO mode has been successfully enabled on NSX Manager. DISABLED: CDO m

NSX 6.4 API - docs.vmware.com for vSphere API Guide Version: 6.4 Page 2 Table of Contents Introduction 13 Endpoints 17 Working With vSphere Distributed Switches 17 Working With vSphere

Documents