As explained in my Getting started with NSX-T Policy API in VMware Cloud on AWS (VMC) article, there are two ways in which you can interact with the NSX-T Policy API in VMC. The initial method is with the NSX-T Reverse Proxy which designed for initial setup including Edge Firewall and connectivity configuration (VPN/Direct Connect). Once you have enabled remote access from your network to the SDDC, you can continue using the reverse proxy method or you can connect directly to the NSX-T Manager via its private IP Address.
So how do you actually connect to the NSX-T Manager using its private IP? To be honest, this was not something I had to do before as I really like the simplicity of the reverse proxy but since this came up today in one of our VMC Slack channels, I figured I take a closer look.
Before you begin, make sure you have either a VPN and/or Direct Connect configured from your on-premises environment to the SDDC and that the Edge Firewall has been configured to allow you to communicate to NSX-T instance in VMC.
Step 1 - Obtain the NSX-T Manager private IP Address by selecting the SDDC and clicking on the "Support" tab.
Step 2 - To authenticate to the NSX-T Manager, you will need to obtain a CSP Access Token given a CSP Refresh Token and is this is provided to NSX-T as a Bearer Token.
Step 3 - Perform the NSX-T Policy API request given Step 1 and Step 2.
Here is an example using Postman to list all NSX-T Segments. The operation will be a GET and the URL in my example is https://10.3.192.3/policy/api/v1/infra/tier-1s/cgw/segmentsThe Authorization will be of type Bearer Token and paste the Access Token into the Token field. Lastly, make sure you have Content-Type header to application/json. Click on the "Send" button to perform the operation and if successful, you should see the list of NSX-T Segments.
In addition, I have also create a cURL example with the following sample script called list_vmc_nsxt_network_segments_using_nsxt_private_ip.sh which requires both CSP Refresh Token and NSX-T Manager private IP Address.
Here is an example of running the shell script:
More from my site
- How to retrieve the NSX-T Overview Info (SDDC Public IP, Appliance & Infra Subnet, etc.) in VMC?
- Using NSX-T Policy API to retrieve the Routing Table in VMC
- Which NSX-T Policy APIs are used in the NSX-T UI in VMC?
- Getting started with the new NSX-T Policy API in VMC
- Changing the default behavior of the NSX-T Distributed Firewall (DFW) in VMC to Deny All