Version 1.7 of PowervRNI was released yesterday, and this post covers what’s new in this version. If you’re not familiar with PowervRNI, it is a PowerShell module that you can use to manage vRealize Network Insight. From adding data sources & applications, to retrieve data from it, such a network flows, PowervRNI covers most of the public API endpoints of Network Insight.

What’s New?

A bunch! First off, it has been updated to support the new data sources and API calls that have been added in Network Insight 5.0. Second, I’ve added a few backlog items. I’ll go through the changes below.

Data Sources

New: Update-vRNIDataSource

Let’s start with a good one. PowervRNI had to ability to add and remove data sources, but not edit them. Update-vRNIDataSource adds the possibility to update one or multiple data sources by updating their Nickname, Notes, or, most importantly, their Username and Password details. Imaging updating the login credentials of 52 switches, all at once. This example does just that:

PS # Get-vRNIDataSource -DataSourceType ciscoswitch | Update-vRNIDataSource -Username readonly -Password secret

New Data Sources

Version 1. 7 adds support for the new data sources: Azure, VeloCloud, FortiManager, and Generic Router/Switch devices (UANI). Here are a few examples:

Adding a VeloCloud Orchestrator

PS # New-vRNIDataSource -DataSourceType velocloud -Username [email protected] -Password password -CollectorVMId $collectorId -Nickname VeloCloud -FDQN vcoxx.velocloud.net

entity_id   : 10771:962:1907704854791059140
entity_type : VeloCloudDataSource
fqdn        : vcoxx.velocloud.net
proxy_id    : 10771:901:8169725906866024439
nickname    : VeloCloud
enabled     : True
credentials : @{[email protected]; password=}

Adding an Azure subscription

PS # New-vRNIDataSource -DataSourceType azure -CollectorVMId $collectorId -Nickname Azure-TenantID xxx-xxx-xxx-xxx -ApplicationID xxx-xxx-xxx-xxx -SecretKey secret -SubscriptionID xxx-xxx-xxx-xxx

entity_id     : 10771:966:6062894549792355656
entity_type   : AzureDataSource
proxy_id      : 10771:901:8169725906866024439
nickname      : Azure-Dev
enabled       : True
credentials   : @{azure_client=xxx-xxx-xxx-xxx; azure_tenant=xxx-xxx-xxx-xxx; azure_subscription=xxx-xxx-xxx-xxx}
flows_enabled : True

Adding a Generic Switch/Router device

PS # New-vRNIDataSource -DataSourceType generic-device -CollectorVMId $collectorId -IP 10.0.0.1 -Nickname gw1

entity_id   : 10771:963:7000486714130462696
entity_type : GenericSwitchDataSource
ip          : 10.0.0.1
proxy_id    : 10771:901:8169725906866024439

Uploading the Generic Switch/Router ZIP file with CSVs

PS # Get-vRNIDataSource -DataSourceType generic-device | where {$_.nickname -eq "gw1"} | Update-vRNIDataSourceData -Zipfile ~/new-gw1-csv.zip 

entity_id   : 10771:963:1592443492322905846
entity_type : GenericSwitchDataSource
ip          : 10.0.0.1
proxy_id    : 10771:901:8169725906866024439
nickname    : gw1
enabled     : True

Adding Kubernetes and OpenShift clusters has also been fixed, by using the contents of your KubeConfig:

PS # $nsxtId = (Get-vRNIDataSource -DatasourceType nsxt | Where {$_.nickname -eq "my-nsxt-manager"} | Select -ExpandProperty id)
PS C:\> $collectorId = (Get-vRNINodes | Where {$_.ip_address -eq "10.0.0.11"} | Select -ExpandProperty id)
PS # $kubeconfig = (Get-Content ~/.kube/config | Out-String)
PS # New-vRNIDataSource -DataSourceType kubernetes -Nickname k8s-cluster-1 -CollectorVMId $collectorId -NSXTManagerID $nsxtId -KubeConfig $kubeconfig

F5 Load Balancer support has been fixed. The API in 4.2 didn’t work, as the data source had a different entity type.

PS # New-vRNIDataSource -DataSourceType f5-bigip -Username admin -Password password -CollectorVMId $collectorId -Nickname F5 -FDQN f5.lab.local

entity_id : 10771:952:7880684499039039792
entity_type : F5BIGIPDataSource
fqdn : f5.lab.local
proxy_id : 10771:901:8169725906866024439
nickname : F5
enabled : True
credentials : @{username=admin}

Setting NSX-v Controller Passwords

Network Insight collects routing information from the NSX-v controllers. To do so, it needs the password to log in to those controllers. I’ve added a new cmdlet called Update-vRNINSXvControllerPassword to do this:

PS # Get-vRNIDataSource -DatasourceType nsxv | Update-vRNINSXvControllerClusterPassword -Password secret

Support for NSX-v and NSX-T Virtual Infra Latency

From NSX-v 6.4.5+ and NSX-T 2.5+ – NSX can stream telemetry on latency between VTEPs, physical and virtual NICs. NSX is configured by Network Insight and the new -NSXEnableLatency $True parameter on New-vRNIDataSource, will do that when adding the NSX Manager as a data source. Example:

PS # New-vRNIDataSource -DataSourceType nsxv -NSXEnableLatency $True -FDQN mgr.nsx.local -Username admin -Password secret -Nickname mgr.nsx.local -CollectorVMId $collectorId -Enabled $True -NSXEnableCentralCLI $True -NSXEnableIPFIX $True -NSXvCenterID $vcId

A better experience with Connect-vRNIServer

Before 1.7, when connecting with LDAP/Active Directory credentials, the Connect-vRNIServer cmdlet looked as following:

Connect-vRNIServer -Server platform -Username [email protected] -Domain ld.local -Password secret

Maybe you’ve noticed the domain name is mentioned twice, both in the Username and Domain values. This was mostly due to the input that the vRNI API requires. It’s a small change, but now, PowervRNI now detects the usage of a non-local domain and allow you to omit the Domain parameter.

Connect-vRNIServer -Server platform -Username [email protected] -Password secret

If you have local vRNI accounts with domains other than local, you can make sure it authenticates locally by still adding the parameters: -Domain LOCAL, *or* -UseLocalAuth.

Get-vRNIKubernetesServices

Network Insight can pull Kubernetes information (services, namespaces, clusters, nodes, etc.) and the networking details behind these containers. But, there’s only 1 public API added to retrieve information, and it’s to retrieve a list of the Kubernetes services:

PS # Get-vRNIKubernetesServices -Limit 1

entity_id          : 10771:1504:7006772991589105315
name               : metrics-server
entity_type        : KubernetesService
vendor_id          : c88a10d1-e04c-11e9-a348-0050569525d5
annotations        : {kubectl.kubernetes.io/last-applied-configuration}
labels             : {kubernetes.io/name}
creation_timestamp : 09/26/2019 10:59:59
namespace          : @{entity_id=10771:1503:2077432250506315584}
cluster_ip         : @{ip_address=10.100.200.71;netmask=255.255.255.255; network_address=10.100.200.71/32}
loadbalancer_ip    : @{ip_address=; netmask=; network_address=}
type               : ClusterIP
external_ips       : {}
selectors          : {k8s-app}

Set-vRNIUserPassword

Network Insight 5.0 also added a new API endpoint to manage passwords of local users. The new cmdlet Set-vRNIUserPassword allows you to change your own password, or as an administrator; change passwords of all users.

PS # Set-vRNIUserPassword -Username admin@local -NewPassword newpassword
or
PS # Set-vRNIUserPassword -Username [email protected]
PowerShell credential request
Input the new password
Password for user [email protected]: ********

Other things

  • Fixed adding Huawei switches as data sources by using the new DataSourceType in vRNI 5.0.
  • Fixed returning multiple entities with the same name (e.g. same VM names with Get-vRNIVM)


Share the wealth!