Some weeks ago a new version of VMware vRNI (Network Insight) was released. (v3.6.0) Release notes
In this release an exciting new feature was introduced: REST API. This made me do a little jump of joy seeing i was knee deep in a brownfield micro-segmentation project.
vRNI by its self is a great help to collect all dataflows in your datacenter using NSX DFW Flowlogging, IPFIX and Netflow. Creating application entity’s based on whatever (in my case ordinary VLAN/IP segments) you can get a “Recommended Firewall ruleset” which can exported to XML (in a NSX compatible format!) or CSV.
In large environments this can still be a pain in the @$$ and a large amount of manual labor. So I created a script leveraging the brand new REST API to export all Application based flows as demonstrated in the screenrecoring below.
To create this application entity’s go to the vRealize Network Insight Menu on the left and click the following: “Entities” –> “Application” then top right corner click the button “Add Application” here you can define your application membership conditions on which the firewall rules will be based.
Then, run the script ! (owh and don’t forget to have 7zip installed including the 7Zip4Powershell module, or you could disable the unzip part of the script):