Valentin Hamburger

The Programmable Datacenter - NSX on UCP

Blog Post created by Valentin Hamburger Employee on Sep 23, 2016

The Programmable Datacenter

A while ago HDS did a study together with IDC about the Programmable Datacenter and its impact on the Digital

Enterprise.The study can be found here for an interesting read. It discusses the necessity of automation and orchestration in a

future datacenter.


As part of the new technologies in a programmable datacenter, I do want to shed some light on the network virtualisation part of this programmability. In this context, I want to present VMware's NSX fully installed and running on our UCP 4000 series (UCP Director).


NSX - Network Virtualisation at a glance

VMwares NSX is a network virtualisation technology which enables higher management functions on virtually any network hardware. Typically, NSX requires a profound and well configured base network (physical underlay network) where routing is working flawlessly. So the base installation of NSX requires that the physical network, the routing and the VLANs required for NSX are configured correctly. On DIY systems this can take a while and requires a bigger team to work together.


Installing NSX on UCP Director - a piece of cake

This is where UCP can rise and shine since we concentrate on massive network automation within Director since day one. This makes the NSX installation so simple, that it actually can be done in hours compared to days on other converged systems. UCP Director controls all its attached physical switches since it is an hardware appliance model. To learn more about director and its options please visit this page.

With Director, HDS truly believes that the key of converged systems is to fully and entirely integrate into the used eco-system. For us, it is important that the user / admin is the one driving all changes and that this happens best though systems already in use - in this case - VMware's vCenter Server.

We take this integration very serious, so there will be no external element manager popping up to do any hardware configuration tasks - the configuration of the entire system is completely integrated in vCenter.


UCP Network automation and NSX - better together

UCP Director comes with a nice way of orchestrating and automating the creation of VLANs. Basically it owns all the hardware configuration as described earlier.

With this advantage, network config by rightclicking on a cluster. This wizard will now do three major things:

  1. Check all the created port groups for the cluster (the cluster where the right click was applied on)
  2. Compare the VLANs on the switch ports where the ESXi hosts of this cluster are connected
  3. Set or remove the VLANs on the switch ports were the ESXi hosts of this cluster are connected if different.

This means, no admin has to touch the switch command line or any other switch element manager. UCP Director sets the switch config based on the configured

port groups on the Distributed vSwitch.

UCP VLAN Setting.png

NSX does require a VLAN for the transport network (VXLAN) to be present on each

ESXi host participating in the VXLAN aka transport network.

The port group containing the VLAN ID is typically created during the NSX installation

(set up VXLAN and VTEP NICs). This means that the NSX manager will create a

vNIC on each host and add it to a port group holding a specific VLAN ID. In this case
we used VLAN ID 180 for this port group.
Also we right clicked on the clusters to let UCP Director configure the networking on
the switches.


The screenshot actually shows the network configuration overview. On the right
hand side you see the discovered vSwitch port groups and their configured VLAN IDs.
On the right side, you se the discovered switches and their respective VLAN IDs.
Director will now simply set the VLAN IDs from the left (port groups) on the physical

switches (actual VLANs) on the right. This will happen only on those switch ports, where the ESXi hosts are actually connected to.

It creates a secure and sound configuration and a reduced attack surface, since the VLAN is not broadly applied to all switch ports - but only on the ports that matter.

This step actually makes the whole NSX setup a piece of cake - since all the network hardware is configured for the VLAN by UCP director. Furthermore, a vSphere

admin does not even have to touch any switch command line or element manger to do this - a simple right click is all it needs.


So, what is the programmable part of this?

If you read my former blog posts there is a rich API of UCP Director available which enables all these tasks to be completely automated with REST calls.


The REST call to do the network settings actually looks like this:

POST https://ucpmanagment.ucp.local/api/cluster/domain-c99/networks/configurevlan


And that's all it needs to automatically sync the port groups with the switches where all the cluster hosts are connected.

This makes the on boarding of a new vSphere cluster including NSX config super simple. All it takes is running this script (or using the GUI in vCenter )Also it enables the combination of the vCenter, the NSX as well as the UCP Director API all in a powerful but yet simple way to make the whole infrastructure programmable and easy to consume.

You may have noticed that the cluster is called "domain-c99" that is the UCP API internal object reference (the object UUID). However, it is also the same object UUID vCenter is using when the vCenter API is referring to that cluster. This makes the two APIs not only compatible but truly interlaced. Again, for HDS the term "Converged" applies to the whole system so that it acts and reacts like one big machine - no single element manager required! Since our API's coalesce into VMware it makes this a very simple and easy user experience.


Once all this is finished, NSX on UCP is ready for action. This was just a sneak peak of what is possible with this powerful connection. If you want to learn about

how to set up NSX on UCP to get this fare, please do refer to this reference architecture document:


Call to action

If you want to see all this in action please make sure to visit the HDS stand #403 at VMworld Europe!

And...if you haven't heard HDS' take on the Programmable Data Center be sure to participate in this business focused BrightTalk session

coming up on the 4th of October. Find out why The Programmable Data Center is the next evolution of the Software Defined Data Center (SDDC) taking you on a journey to succeed in the digital economy.


Stay tuned to this blog series to learn more about NSX on UCP Director as well as to experience some powerful examples beginning with simple micro segmentation all the way up to a full vRealize Automation integration with Hitachi UCP Director and VMware NSX.