VMware Cloud Community
vMarkusK1985
Expert
Expert
Jump to solution

vCD PowerCLI Create an Edge Gateway

Hello,

I need to automate in PowerCLI one more Step during Org VDC setup, the "Edge Gateway Creation".

At the moment it looks like the only way to do that is directly via API (via PowerShell in my Case):

vCloud Air Documentation Center

Has anyone done that before in PowerCLI / PowerShell or maybe a better way that via API?

Kind Regards,

Markus

https://mycloudrevolution.com | https://twitter.com/vMarkus_K | https://github.com/vMarkusK
1 Solution

Accepted Solutions
mavelite
Enthusiast
Enthusiast
Jump to solution

This is cut from a script I was using to create fully nested labs for customer and internal use. It allowed for custom private IP space in any configuration and had a standard set of NAT, Firewall, LB and DHCP settings. It's ugly but it works, let me know if you have any questions.

        $firewall = New-Object VMware.VimAutomation.Cloud.Views.Gateway

        $firewall.Name = $orgName

        $firewall.Configuration = New-Object VMware.VimAutomation.Cloud.Views.GatewayConfiguration

        $firewall.Configuration.BackwardCompatibilityMode = $false

        $firewall.Configuration.GatewayBackingConfig = "compact"

        $firewall.Configuration.UseDefaultRouteForDnsRelay = $true

        $firewall.Configuration.HaEnabled = $true

        $firewall.Configuration.EdgeGatewayServiceConfiguration = New-Object VMware.VimAutomation.Cloud.Views.GatewayFeatures

        $firewall.Configuration.GatewayInterfaces = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterfaces

        $firewall.Configuration.GatewayInterfaces.GatewayInterface = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface

        $firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface

        $firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].DisplayName = "ExNet"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].Network = $ExNetExternalNetwork.Href

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].InterfaceType = "uplink"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].UseForDefaultRoute = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].ApplyRateLimit = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].DisplayName = "VMNet"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].Network = $VMNetExternalNetwork.Href

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].InterfaceType = "uplink"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].UseForDefaultRoute = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].ApplyRateLimit = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].DisplayName = "PublicNet"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].Network = $PublicNetwork[0].Href

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].InterfaceType = "uplink"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].UseForDefaultRoute = $true

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].ApplyRateLimit = $false

$ExNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation

        $ExNetexternalSubnet.Gateway = $ExNetExternalNetwork.Gateway

        $ExNetexternalSubnet.Netmask = $ExNetExternalNetwork.Netmask

        $ExNetexternalSubnet.IpAddress = $ExNetExternalBlock[0]

        $ExNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $ExNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $ExNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $ExNetexternalSubnet.IpAddress # ### $firstExternalIP

        $ExNetexternalSubnet.IpRanges.IpRange[0].EndAddress =   $ExNetexternalSubnet.IpAddress  # ### $lastExternalIP

        $VMNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation

        $VMNetexternalSubnet.Gateway = $VMNetExternalNetwork.Gateway

        $VMNetexternalSubnet.Netmask = $VMNetExternalNetwork.Netmask

        $VMNetexternalSubnet.IpAddress = $VMNetExTernalBlock[0]

        $VMNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $VMNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $VMNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $VMNetexternalSubnet.IpAddress # ### $firstExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[0].EndAddress =   $VMNetexternalSubnet.IpAddress  # ### $firstExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[1].StartAddress = $VMNetExTernalBlock[1] # ### $SecondExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[1].EndAddress =   $VMNetExTernalBlock[1]  # ### $SecondExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[2].StartAddress = $VMNetExTernalBlock[2] # ### $ThirdExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[2].EndAddress =   $VMNetExTernalBlock[2]  # ### $ThirdExternalIP

        $PublicexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation

        $PublicexternalSubnet.Gateway = $PublicNetwork[0].Gateway.IPAddressToString

        $PublicexternalSubnet.Netmask = $PublicNetwork[0].Netmask

        if ($PublicExternalBlock.count -eq 1) {

            $PublicexternalSubnet.IpAddress = $PublicExternalBlock

            } else {

            $PublicexternalSubnet.IpAddress = $PublicExternalBlock[0]

            }

        $PublicexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $PublicexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $PublicexternalSubnet.IpRanges.IpRange[0].StartAddress = $PublicexternalSubnet.IpAddress # ### $firstExternalIP

        $PublicexternalSubnet.IpRanges.IpRange[0].EndAddress =   $PublicexternalSubnet.IpAddress  # ### $lastExternalIP

 

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].SubnetParticipation = $ExNetexternalSubnet

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].SubnetParticipation = $VMNetexternalSubnet

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].SubnetParticipation = $PublicexternalSubnet

        $orgVdc.ExtensionData.CreateEdgeGateway($firewall)

        write-host "Please wait, we're currently rolling out the Edge Firewall..."

        sleep 20

        While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

        if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

            sleep 120

            write-host "Please wait, we're currently rolling out the Edge Firewall..."

        }}

        sleep 20

        #Create an Internal network on the Edge gateway

        $edgeGateway = Search-Cloud -QueryType EdgeGateway -Name $orgName | Get-CIView | where {$_.name -like "$orgName*"}

        $ExNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork

        $ExNetnetwork.EdgeGateway = $edgeGateway.Id

        $ExNetnetwork.isShared = $false

        $ExNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration

        $ExNetnetwork.Name = "ExNet-Inside"

        $ExNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes

        $ExNetnetwork.Configuration.FenceMode = "natRouted"

        $IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope

        $IpScope.Gateway = $ExNetinternalGateway

        $IpScope.Netmask = $ExNetinternalNetmask

        $IpScope.Dns1 = $ExNetinternalGateway

        $IpScope.DnsSuffix = 'mv.rackspace.com'

        $IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $IpScope.IpRanges.IpRange[0].StartAddress = $ExNetfirstInternalIP

        $IpScope.IpRanges.IpRange[0].EndAddress = $ExNetlastInternalIP

        $ExNetnetwork.Configuration.IpScopes.IpScope += $IpScope

        $orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)

        write-host "Please wait, we're currently rolling out the ExNet-Inside network..."

        sleep 20

        While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

        if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

            sleep 120

            write-host "Please wait, we're currently rolling out the ExNet-Inside network..."

        }}

        sleep 20

        $VMNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork

        $VMNetnetwork.EdgeGateway = $edgeGateway.Id

        $VMNetnetwork.isShared = $false

        $VMNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration

        $VMNetnetwork.Name = "VMNet-Inside"

        $VMNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes

        $VMNetnetwork.Configuration.FenceMode = "natRouted"

        $IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope

        $IpScope.Gateway = $VMNetinternalGateway

        $IpScope.Netmask = $VMNetinternalNetmask

        $IpScope.Dns1 = $VMNetinternalGateway

        $IpScope.DnsSuffix = 'mv.rackspace.com'

        $IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $IpScope.IpRanges.IpRange[0].StartAddress = $VMNetfirstInternalIP

        $IpScope.IpRanges.IpRange[0].EndAddress = $VMNetlastInternalIP

        $VMNetnetwork.Configuration.IpScopes.IpScope += $IpScope

        $orgVdc.ExtensionData.CreateNetwork($VMNetnetwork)

        write-host "Please wait, we're currently rolling out the VMNet-Inside network..."

        sleep 20

        While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

        if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

            sleep 120

            write-host "Please wait, we're currently rolling out the VMNet-Inside network..."

        }}

        sleep 20

        #Setup the firewall services for the network

        $firewallService = New-Object VMware.VimAutomation.Cloud.Views.FirewallService

        $firewallService.DefaultAction = "drop"

        $firewallService.FirewallRule = New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.firewallRule[0].Description = "Default Outgoing Allowed"

        $firewallService.firewallRule[0].IsEnabled = $true

        $firewallService.firewallRule[0].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[0].Protocols.any = $true

        $firewallService.firewallRule[0].Policy = "allow"

        $firewallService.firewallRule[0].SourceIp = "internal"

        $firewallService.firewallRule[0].DestinationIp = "any"

        $firewallService.firewallRule[0].Port = "-1"

        $firewallService.firewallRule[0].SourcePort = "-1"

        $firewallService.firewallRule[0].EnableLogging = $false

        $firewallService.firewallRule[1].Description = "IAD Bastion Access"

        $firewallService.firewallRule[1].IsEnabled = $true

        $firewallService.firewallRule[1].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[1].Protocols.any = $true

        $firewallService.firewallRule[1].Policy = "allow"

        $firewallService.firewallRule[1].SourceIp = "69.20.0.1"

        $firewallService.firewallRule[1].DestinationIp = "internal"

        $firewallService.firewallRule[1].Port = "-1"

        $firewallService.firewallRule[1].SourcePort = "-1"

        $firewallService.firewallRule[1].EnableLogging = $false

        $firewallService.firewallRule[2].Description = "NTP Access"

        $firewallService.firewallRule[2].IsEnabled = $true

        $firewallService.firewallRule[2].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[2].Protocols.udp = $true

        $firewallService.firewallRule[2].Policy = "allow"

        $firewallService.firewallRule[2].SourceIp = "72.3.128.240"

        $firewallService.firewallRule[2].DestinationIp = "internal"

        $firewallService.firewallRule[2].Port = "123"

        $firewallService.firewallRule[2].SourcePort = "123"

        $firewallService.firewallRule[2].EnableLogging = $false

        $firewallService.firewallRule[3].Description = "DFW Bastion Access"

        $firewallService.firewallRule[3].IsEnabled = $true

        $firewallService.firewallRule[3].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[3].Protocols.any = $true

        $firewallService.firewallRule[3].Policy = "allow"

        $firewallService.firewallRule[3].SourceIp = "72.3.128.84"

        $firewallService.firewallRule[3].DestinationIp = "internal"

        $firewallService.firewallRule[3].Port = "-1"

        $firewallService.firewallRule[3].SourcePort = "-1"

        $firewallService.firewallRule[3].EnableLogging = $false

        $firewallService.firewallRule[4].Description = "Lon3 Bastion Access"

        $firewallService.firewallRule[4].IsEnabled = $true

        $firewallService.firewallRule[4].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[4].Protocols.any = $true

        $firewallService.firewallRule[4].Policy = "allow"

        $firewallService.firewallRule[4].SourceIp = "212.100.225.42"

        $firewallService.firewallRule[4].DestinationIp = "internal"

        $firewallService.firewallRule[4].Port = "-1"

        $firewallService.firewallRule[4].SourcePort = "-1"

        $firewallService.firewallRule[4].EnableLogging = $false

        $edgeGateway.ConfigureServices($firewallService)

        write-host "Please wait, we're currently rolling out the default firewall rules..."

        sleep 30

        #creating NAT rules on the edge for PAT connectivity and RDP Inbound to the Windows Jump Server

        Write-Host "Creating SNAT and DNAT Rules"

        New-SNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $ExNetSubnet -TranslatedIP $PublicexternalSubnet.IpAddress

        sleep 30

        New-DNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $PublicexternalSubnet.IpAddress -OriginalPort "3389" -TranslatedIP $SQLExNet -TranslatedPort "3389" -Protocol "tcp"

        sleep 30

View solution in original post

6 Replies
mavelite
Enthusiast
Enthusiast
Jump to solution

This is cut from a script I was using to create fully nested labs for customer and internal use. It allowed for custom private IP space in any configuration and had a standard set of NAT, Firewall, LB and DHCP settings. It's ugly but it works, let me know if you have any questions.

        $firewall = New-Object VMware.VimAutomation.Cloud.Views.Gateway

        $firewall.Name = $orgName

        $firewall.Configuration = New-Object VMware.VimAutomation.Cloud.Views.GatewayConfiguration

        $firewall.Configuration.BackwardCompatibilityMode = $false

        $firewall.Configuration.GatewayBackingConfig = "compact"

        $firewall.Configuration.UseDefaultRouteForDnsRelay = $true

        $firewall.Configuration.HaEnabled = $true

        $firewall.Configuration.EdgeGatewayServiceConfiguration = New-Object VMware.VimAutomation.Cloud.Views.GatewayFeatures

        $firewall.Configuration.GatewayInterfaces = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterfaces

        $firewall.Configuration.GatewayInterfaces.GatewayInterface = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface

        $firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface

        $firewall.Configuration.GatewayInterfaces.GatewayInterface += New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].DisplayName = "ExNet"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].Network = $ExNetExternalNetwork.Href

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].InterfaceType = "uplink"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].UseForDefaultRoute = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].ApplyRateLimit = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].DisplayName = "VMNet"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].Network = $VMNetExternalNetwork.Href

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].InterfaceType = "uplink"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].UseForDefaultRoute = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].ApplyRateLimit = $false

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].DisplayName = "PublicNet"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].Network = $PublicNetwork[0].Href

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].InterfaceType = "uplink"

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].UseForDefaultRoute = $true

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].ApplyRateLimit = $false

$ExNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation

        $ExNetexternalSubnet.Gateway = $ExNetExternalNetwork.Gateway

        $ExNetexternalSubnet.Netmask = $ExNetExternalNetwork.Netmask

        $ExNetexternalSubnet.IpAddress = $ExNetExternalBlock[0]

        $ExNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $ExNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $ExNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $ExNetexternalSubnet.IpAddress # ### $firstExternalIP

        $ExNetexternalSubnet.IpRanges.IpRange[0].EndAddress =   $ExNetexternalSubnet.IpAddress  # ### $lastExternalIP

        $VMNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation

        $VMNetexternalSubnet.Gateway = $VMNetExternalNetwork.Gateway

        $VMNetexternalSubnet.Netmask = $VMNetExternalNetwork.Netmask

        $VMNetexternalSubnet.IpAddress = $VMNetExTernalBlock[0]

        $VMNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $VMNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $VMNetexternalSubnet.IpRanges.IpRange += New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $VMNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $VMNetexternalSubnet.IpAddress # ### $firstExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[0].EndAddress =   $VMNetexternalSubnet.IpAddress  # ### $firstExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[1].StartAddress = $VMNetExTernalBlock[1] # ### $SecondExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[1].EndAddress =   $VMNetExTernalBlock[1]  # ### $SecondExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[2].StartAddress = $VMNetExTernalBlock[2] # ### $ThirdExternalIP

        $VMNetexternalSubnet.IpRanges.IpRange[2].EndAddress =   $VMNetExTernalBlock[2]  # ### $ThirdExternalIP

        $PublicexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation

        $PublicexternalSubnet.Gateway = $PublicNetwork[0].Gateway.IPAddressToString

        $PublicexternalSubnet.Netmask = $PublicNetwork[0].Netmask

        if ($PublicExternalBlock.count -eq 1) {

            $PublicexternalSubnet.IpAddress = $PublicExternalBlock

            } else {

            $PublicexternalSubnet.IpAddress = $PublicExternalBlock[0]

            }

        $PublicexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $PublicexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $PublicexternalSubnet.IpRanges.IpRange[0].StartAddress = $PublicexternalSubnet.IpAddress # ### $firstExternalIP

        $PublicexternalSubnet.IpRanges.IpRange[0].EndAddress =   $PublicexternalSubnet.IpAddress  # ### $lastExternalIP

 

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[0].SubnetParticipation = $ExNetexternalSubnet

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[1].SubnetParticipation = $VMNetexternalSubnet

        $firewall.Configuration.GatewayInterfaces.GatewayInterface[2].SubnetParticipation = $PublicexternalSubnet

        $orgVdc.ExtensionData.CreateEdgeGateway($firewall)

        write-host "Please wait, we're currently rolling out the Edge Firewall..."

        sleep 20

        While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

        if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

            sleep 120

            write-host "Please wait, we're currently rolling out the Edge Firewall..."

        }}

        sleep 20

        #Create an Internal network on the Edge gateway

        $edgeGateway = Search-Cloud -QueryType EdgeGateway -Name $orgName | Get-CIView | where {$_.name -like "$orgName*"}

        $ExNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork

        $ExNetnetwork.EdgeGateway = $edgeGateway.Id

        $ExNetnetwork.isShared = $false

        $ExNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration

        $ExNetnetwork.Name = "ExNet-Inside"

        $ExNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes

        $ExNetnetwork.Configuration.FenceMode = "natRouted"

        $IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope

        $IpScope.Gateway = $ExNetinternalGateway

        $IpScope.Netmask = $ExNetinternalNetmask

        $IpScope.Dns1 = $ExNetinternalGateway

        $IpScope.DnsSuffix = 'mv.rackspace.com'

        $IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $IpScope.IpRanges.IpRange[0].StartAddress = $ExNetfirstInternalIP

        $IpScope.IpRanges.IpRange[0].EndAddress = $ExNetlastInternalIP

        $ExNetnetwork.Configuration.IpScopes.IpScope += $IpScope

        $orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)

        write-host "Please wait, we're currently rolling out the ExNet-Inside network..."

        sleep 20

        While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

        if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

            sleep 120

            write-host "Please wait, we're currently rolling out the ExNet-Inside network..."

        }}

        sleep 20

        $VMNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork

        $VMNetnetwork.EdgeGateway = $edgeGateway.Id

        $VMNetnetwork.isShared = $false

        $VMNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration

        $VMNetnetwork.Name = "VMNet-Inside"

        $VMNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes

        $VMNetnetwork.Configuration.FenceMode = "natRouted"

        $IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope

        $IpScope.Gateway = $VMNetinternalGateway

        $IpScope.Netmask = $VMNetinternalNetmask

        $IpScope.Dns1 = $VMNetinternalGateway

        $IpScope.DnsSuffix = 'mv.rackspace.com'

        $IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $IpScope.IpRanges.IpRange[0].StartAddress = $VMNetfirstInternalIP

        $IpScope.IpRanges.IpRange[0].EndAddress = $VMNetlastInternalIP

        $VMNetnetwork.Configuration.IpScopes.IpScope += $IpScope

        $orgVdc.ExtensionData.CreateNetwork($VMNetnetwork)

        write-host "Please wait, we're currently rolling out the VMNet-Inside network..."

        sleep 20

        While ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

        if ((Search-Cloud -QueryType EdgeGateway | get-ciview | where {$_.name -eq $orgName}).tasks.task.Status -eq "running") {

            sleep 120

            write-host "Please wait, we're currently rolling out the VMNet-Inside network..."

        }}

        sleep 20

        #Setup the firewall services for the network

        $firewallService = New-Object VMware.VimAutomation.Cloud.Views.FirewallService

        $firewallService.DefaultAction = "drop"

        $firewallService.FirewallRule = New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.FirewallRule += New-Object VMware.VimAutomation.Cloud.Views.FirewallRule

        $firewallService.firewallRule[0].Description = "Default Outgoing Allowed"

        $firewallService.firewallRule[0].IsEnabled = $true

        $firewallService.firewallRule[0].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[0].Protocols.any = $true

        $firewallService.firewallRule[0].Policy = "allow"

        $firewallService.firewallRule[0].SourceIp = "internal"

        $firewallService.firewallRule[0].DestinationIp = "any"

        $firewallService.firewallRule[0].Port = "-1"

        $firewallService.firewallRule[0].SourcePort = "-1"

        $firewallService.firewallRule[0].EnableLogging = $false

        $firewallService.firewallRule[1].Description = "IAD Bastion Access"

        $firewallService.firewallRule[1].IsEnabled = $true

        $firewallService.firewallRule[1].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[1].Protocols.any = $true

        $firewallService.firewallRule[1].Policy = "allow"

        $firewallService.firewallRule[1].SourceIp = "69.20.0.1"

        $firewallService.firewallRule[1].DestinationIp = "internal"

        $firewallService.firewallRule[1].Port = "-1"

        $firewallService.firewallRule[1].SourcePort = "-1"

        $firewallService.firewallRule[1].EnableLogging = $false

        $firewallService.firewallRule[2].Description = "NTP Access"

        $firewallService.firewallRule[2].IsEnabled = $true

        $firewallService.firewallRule[2].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[2].Protocols.udp = $true

        $firewallService.firewallRule[2].Policy = "allow"

        $firewallService.firewallRule[2].SourceIp = "72.3.128.240"

        $firewallService.firewallRule[2].DestinationIp = "internal"

        $firewallService.firewallRule[2].Port = "123"

        $firewallService.firewallRule[2].SourcePort = "123"

        $firewallService.firewallRule[2].EnableLogging = $false

        $firewallService.firewallRule[3].Description = "DFW Bastion Access"

        $firewallService.firewallRule[3].IsEnabled = $true

        $firewallService.firewallRule[3].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[3].Protocols.any = $true

        $firewallService.firewallRule[3].Policy = "allow"

        $firewallService.firewallRule[3].SourceIp = "72.3.128.84"

        $firewallService.firewallRule[3].DestinationIp = "internal"

        $firewallService.firewallRule[3].Port = "-1"

        $firewallService.firewallRule[3].SourcePort = "-1"

        $firewallService.firewallRule[3].EnableLogging = $false

        $firewallService.firewallRule[4].Description = "Lon3 Bastion Access"

        $firewallService.firewallRule[4].IsEnabled = $true

        $firewallService.firewallRule[4].Protocols = New-Object VMware.VimAutomation.Cloud.Views.FirewallRuleTypeProtocols

        $firewallService.firewallRule[4].Protocols.any = $true

        $firewallService.firewallRule[4].Policy = "allow"

        $firewallService.firewallRule[4].SourceIp = "212.100.225.42"

        $firewallService.firewallRule[4].DestinationIp = "internal"

        $firewallService.firewallRule[4].Port = "-1"

        $firewallService.firewallRule[4].SourcePort = "-1"

        $firewallService.firewallRule[4].EnableLogging = $false

        $edgeGateway.ConfigureServices($firewallService)

        write-host "Please wait, we're currently rolling out the default firewall rules..."

        sleep 30

        #creating NAT rules on the edge for PAT connectivity and RDP Inbound to the Windows Jump Server

        Write-Host "Creating SNAT and DNAT Rules"

        New-SNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $ExNetSubnet -TranslatedIP $PublicexternalSubnet.IpAddress

        sleep 30

        New-DNATRule -EdgeGateway $orgName -ExternalNetwork $PublicNetwork[0] -OriginalIP $PublicexternalSubnet.IpAddress -OriginalPort "3389" -TranslatedIP $SQLExNet -TranslatedPort "3389" -Protocol "tcp"

        sleep 30

vMarkusK1985
Expert
Expert
Jump to solution

Thank you. Your code sample helped a lot!

If you want to speed up your code a little bit you can wait for your Edge to become Ready instead of a simple Sleep:

    while((Search-Cloud -QueryType EdgeGateway -Name $Name).IsBusy -eq $True){

        $i++

        Start-Sleep 1

        if($i -gt $Timeout) { Write-Error "Creating Edge Gateway."; break}

        Write-Progress -Activity "Creating Edge Gateway" -Status "Wait for Edge to become Ready..."

    }

    Write-Progress -Activity "Creating Edge Gateway" -Completed

Kind regards,

Markus

https://mycloudrevolution.com | https://twitter.com/vMarkus_K | https://github.com/vMarkusK
Reply
0 Kudos
vMarkusK1985
Expert
Expert
Jump to solution

My final version of the Function to create a Edge Gateway in vCloud Director https://mycloudrevolution.com/2017/06/27/powercli-create-vcloud-director-edge-gateway/   :

#Requires -Version 4

#Requires -Modules VMware.VimAutomation.Cloud, @{ModuleName="VMware.VimAutomation.Cloud";ModuleVersion="6.3.0.0"}

Function New-MyEdgeGateway {

<#

.SYNOPSIS 

    Creates a new Edge Gateway with Default Parameters

.DESCRIPTION 

    Creates a new Edge Gateway with Default Parameters

   

    Default Parameters are:

    * Size

    * HA State

    * DNS Relay

   

.NOTES 

    File Name  : New-MyEdgeGateway.ps1

    Author     : Markus Kraus

    Version    : 1.0

    State      : Ready

   

.LINK 

    https://mycloudrevolution.com/

.EXAMPLE 

    New-MyEdgeGateway -Name "TestEdge" -OrgVDCName "TestVDC" -OrgName "TestOrg" -ExternalNetwork "ExternalNetwork" -IPAddress "192.168.100.1" -SubnetMask "255.255.255.0" -Gateway "192.168.100.254" -IPRangeStart ""192.168.100.2" -IPRangeEnd ""192.168.100.3" -Verbose

.PARAMETER Name 

    Name of the New Edge Gateway as String

  

.PARAMETER OrgVDCName

    OrgVDC where the new Edge Gateway should be created as string

.PARAMETER OrgName

    Org where the new Edge Gateway should be created as string

.PARAMETER ExternalNetwork

     External Network of the new Edge Gateway as String

.PARAMETER IPAddress

     IP Address of the New Edge Gateway as IP Address

.PARAMETER SubnetMask

     Subnet Mask of the New Edge Gateway as IP Address

.PARAMETER Gateway

     Gateway of the New Edge Gateway as IP Address

.PARAMETER IPRangeStart

     Sub Allocation IP Range Start of the New Edge Gateway as IP Address

.PARAMETER IPRangeEnd

     Sub Allocation IP Range End of the New Edge Gateway as IP Address

.PARAMETER Timeout

    Timeout for the Edge Gateway to get Ready

    Default: 120s

      

#>

    Param (

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Name of the New Edge Gateway as String")]

        [ValidateNotNullorEmpty()]

            [String] $Name,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="OrgVDC where the new Edge Gateway should be created as string")]

        [ValidateNotNullorEmpty()]

            [String] $OrgVdcName,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Org where the new Edge Gateway should be created as string")]

        [ValidateNotNullorEmpty()]

            [String] $OrgName,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="External Network of the New Edge Gateway as String")]

        [ValidateNotNullorEmpty()]

            [String] $ExternalNetwork,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="IP Address of the New Edge Gateway as IP Address")]

        [ValidateNotNullorEmpty()]

            [IPAddress] $IPAddress,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Subnet Mask of the New Edge Gateway as IP Address")]

        [ValidateNotNullorEmpty()]

            [IPAddress] $SubnetMask,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Gateway of the New Edge Gateway as IP Address")]

        [ValidateNotNullorEmpty()]

            [IPAddress] $Gateway,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Sub Allocation IP Range Start the New Edge Gateway as IP Address")]

        [ValidateNotNullorEmpty()]

            [IPAddress] $IPRangeStart,

        [Parameter(Mandatory=$True, ValueFromPipeline=$False, HelpMessage="Sub Allocation IP Range End the New Edge Gateway as IP Address")]

        [ValidateNotNullorEmpty()]

            [IPAddress] $IPRangeEnd,

        [Parameter(Mandatory=$False, ValueFromPipeline=$False,HelpMessage="Timeout for the Edge Gateway to get Ready")]

        [ValidateNotNullorEmpty()]

            [int] $Timeout = 120

    )

    Process {

    ## Get Org vDC

    Write-Verbose "Get Org vDC"

    [Array] $orgVdc = Get-Org -Name $OrgName | Get-OrgVdc -Name $OrgVdcName

    if ( $orgVdc.Count -gt 1) {

        throw "Multiple OrgVdcs found!"

        }

        elseif ( $orgVdc.Count -lt 1) {

            throw "No OrgVdc found!"

            }

    ## Get External Network

    Write-Verbose "Get External Network"

    $extNetwork = Get-ExternalNetwork | Get-CIView -Verbose:$False | where {$_.name -eq $ExternalNetwork}

    ## Build EdgeGatway Configuration

    Write-Verbose "Build EdgeGatway Configuration"

    $EdgeGateway = New-Object VMware.VimAutomation.Cloud.Views.Gateway

    $EdgeGateway.Name = $Name

    $EdgeGateway.Configuration = New-Object VMware.VimAutomation.Cloud.Views.GatewayConfiguration

    #$EdgeGateway.Configuration.BackwardCompatibilityMode = $false

    $EdgeGateway.Configuration.GatewayBackingConfig = "compact"

    $EdgeGateway.Configuration.UseDefaultRouteForDnsRelay = $false

    $EdgeGateway.Configuration.HaEnabled = $false

    $EdgeGateway.Configuration.EdgeGatewayServiceConfiguration = New-Object VMware.VimAutomation.Cloud.Views.GatewayFeatures

    $EdgeGateway.Configuration.GatewayInterfaces = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterfaces

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface = New-Object VMware.VimAutomation.Cloud.Views.GatewayInterface

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].name = $extNetwork.Name

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].DisplayName = $extNetwork.Name

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].Network = $extNetwork.Href

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].InterfaceType = "uplink"

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].UseForDefaultRoute = $true

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].ApplyRateLimit = $false

   

    ## Inputs müssen verändert werden

    $ExNetexternalSubnet = New-Object VMware.VimAutomation.Cloud.Views.SubnetParticipation

    $ExNetexternalSubnet.Gateway = $Gateway.IPAddressToString

    $ExNetexternalSubnet.Netmask = $SubnetMask.IPAddressToString

    $ExNetexternalSubnet.IpAddress = $IPAddress.IPAddressToString

    $ExNetexternalSubnet.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

    $ExNetexternalSubnet.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

    $ExNetexternalSubnet.IpRanges.IpRange[0].StartAddress = $IPRangeStart.IPAddressToString

    $ExNetexternalSubnet.IpRanges.IpRange[0].EndAddress =   $IPRangeEnd.IPAddressToString

   

    $EdgeGateway.Configuration.GatewayInterfaces.GatewayInterface[0].SubnetParticipation = $ExNetexternalSubnet

   

    ## Create EdgeGatway

    Write-Verbose "Create EdgeGatway"

    $CreateEdgeGateway = $orgVdc.ExtensionData.CreateEdgeGateway($EdgeGateway)

    ## Wait for EdgeGatway to become Ready

    Write-Verbose "Wait for EdgeGatway to become Ready"

    while((Search-Cloud -QueryType EdgeGateway -Name $Name -Verbose:$False).IsBusy -eq $True){

        $i++

        Start-Sleep 5

        if($i -gt $Timeout) { Write-Error "Creating Edge Gateway."; break}

        Write-Progress -Activity "Creating Edge Gateway" -Status "Wait for Edge to become Ready..."

    }

    Write-Progress -Activity "Creating Edge Gateway" -Completed

    Start-Sleep 1

    Search-Cloud -QueryType EdgeGateway -Name $Name | Select Name, IsBusy, GatewayStatus, HaStatus | ft -AutoSize

    }

}

https://mycloudrevolution.com | https://twitter.com/vMarkus_K | https://github.com/vMarkusK
dmyagkov
Contributor
Contributor
Jump to solution

Hi guys.

imho, this piece of code don't work or out of date (checked in vCD 8.20.0.2):

#Create an Internal network on the Edge gateway

        $edgeGateway = Search-Cloud -QueryType EdgeGateway -Name $orgName | Get-CIView | where {$_.name -like "$orgName*"}

        $ExNetnetwork = New-Object VMware.VimAutomation.Cloud.Views.OrgVdcNetwork

        $ExNetnetwork.EdgeGateway = $edgeGateway.Id

        $ExNetnetwork.isShared = $false

        $ExNetnetwork.Configuration = New-Object VMware.VimAutomation.Cloud.Views.NetworkConfiguration

        $ExNetnetwork.Name = "ExNet-Inside"

        $ExNetnetwork.Configuration.IpScopes = New-Object VMware.VimAutomation.Cloud.Views.IpScopes

        $ExNetnetwork.Configuration.FenceMode = "natRouted"

        $IpScope = New-Object VMware.VimAutomation.Cloud.Views.IpScope

        $IpScope.Gateway = $ExNetinternalGateway

        $IpScope.Netmask = $ExNetinternalNetmask

        $IpScope.Dns1 = $ExNetinternalGateway

        $IpScope.DnsSuffix = 'mv.rackspace.com'

        $IpScope.IpRanges = New-Object VMware.VimAutomation.Cloud.Views.IpRanges

        $IpScope.IpRanges.IpRange = New-Object VMware.VimAutomation.Cloud.Views.IpRange

        $IpScope.IpRanges.IpRange[0].StartAddress = $ExNetfirstInternalIP

        $IpScope.IpRanges.IpRange[0].EndAddress = $ExNetlastInternalIP

        $ExNetnetwork.Configuration.IpScopes.IpScope += $IpScope

        $orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)

Creating Routed Org Network in vCD 8.20.0.2

Reply
0 Kudos
vMarkusK1985
Expert
Expert
Jump to solution

Sorry, I do not understand the question. Can you post the error produced by your snippet?

https://mycloudrevolution.com | https://twitter.com/vMarkus_K | https://github.com/vMarkusK
Reply
0 Kudos
dmyagkov
Contributor
Contributor
Jump to solution

Hello, Markus.

Exception calling "CreateNetwork" with "1" argument(s): "The server returned 'Server Error' with the status code 500 - InternalServerError."

At line:1 char:1

+ $orgVdc.ExtensionData.CreateNetwork($ExNetnetwork)

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  + CategoryInfo : NotSpecified: (:) [], MethodInvocationException

  + FullyQualifiedErrorId : CloudException

Look at this topic, please, for more information:

Creating Routed Org Network in vCD 8.20.0.2

Reply
0 Kudos