Scripting: NSX-v – Displaying Security Group Members


Often when working in customer environments, there is a requirement to define security group members which are not virtual machines within the visualised environment. To achieve this, these security group members must be defined as an IP Set.

IPSet-01

IPSet-02

The IP Set can then be included as an object in a security group.

IPSet-03

However, within the UI, it doesn’t show you all the non-vm members of a security group.

IPSet-05

So whilst on site recently, I wrote a quick script to show me ALL the members included in a security group, and it will also show the IP addresses that will be applied as part of any policy where the security group is used.

Here you can see the script when querying the security group “SG-S.Prod Machines”

I also slid another function into the script which can be used to list all the security groups configured within NSX-v.

As usual, the script is located on my GitHub site here.

 

 

Leave a Reply