Where are my Ports?

When searching for a service that includes a port the UI is not overally helpful. It is currently constrained by scope. Searching port by range is something that is easily done with PowerNSX. This includes values that contain the desired port AND those that are included within a range.

When defining a new service within NSX for vSphere it is possible to define a range such as 1024-40000. This means all ports specified by protocol, TCP or UDP, would be subject to the rule the service is used.

A quick look at HTTPS reveals the following services that have an absolute value of 443.

PS /> get-nsxservice -port 443 | select name

VMware Consolidated Backup
Horizon 6 Default HTTPS Client connection to Connection and Security Servers
Horizon 6 Secure Connection Server to View Composer Service communication
Horizon 6 Connection Server to vCenter server communication

Here we can see our venerable HTTPS servers along with others that use HTTPS. Time to look at the first service in detail. Storing the output in a variable we can dig deeper into VMware Consolidated Backup.

PS /> $https[0]

objectId : application-101
objectTypeName : Application
vsmUuid : 564D7CD5-361E-D806-04FD-953DAFAE7E86
nodeId : 13591f6c-5500-45b9-b160-fc0197059ea5
revision : 1
type : type
name : VMware Consolidated Backup
scope : scope
clientHandle :
extendedAttributes :
isUniversal : false
universalRevision : 0
inheritanceAllowed : true
element : element

PS /> $https[0].element

applicationProtocol value
------------------- -----
TCP 443

[0] allows us to select the first object stored within a variable. We can see the applicationProtocol value is TCP and the value is 443. I’d argue this is a duplicated service and superfluous. If I get my way I hope that one day they are tcp-53 and udp-53 named services along with useful service groups! Back on track.

Using a default install the first search will search services using port 16440. This could be within a range or explicitly defined.

PS /> get-nsxservice -port 16440


Time to store the output within the variable $rpc and look at the first object. We want to explore the element property.

PS /> $rpc[0].element

applicationProtocol value
------------------- -----
UDP 1025-65535

Note that the element value is 1025-65535. The port we searched here is 16440. Using some create regex it is possible to take the existing ranges and determine if the value is greater than 1025 and less that 65535.

Very quick way to determine the ports used within a service or service group.

My VCDX NV Submission

I have not kept my VCDX ambitions in the dark. Well, come December 2nd last year I submitted my design for VCDX NV. The VCDX is VMware’s highest certification for individuals and focuses on four tracks – these currently are Data Center Virtualisation, Network Virtualisation, Desktop Management, and Cloud Management Automation.

Journey thus far

I have done a few design now for NSX for vSphere and it gave me the confidence to mould an existing design to the handbook and blueprint requirements. It is key that someone attempting VCDX-NV knows and understands the blueprint for their respective track. Understand what is expected, understand what is required, and most importantly, know your design.

I create my own template for my documents in a modular fashion which was logical to me and my reader. Given that NSX touches many components of the stack

Mock, Stock, and Two Smoking VTEPs

I submitted my design as previously mentioned and this was successful with all required documentation met and received. This was a great email to receive after submissions as I battled some work commitments, personal commitments, and a state-side trip all within 2 weeks of the submission date. It was hectic and at many times I felt that I forgot something but I did not.

Now it is time to prepare my presentation and run some mock presentations through that explain my design along with defending my decisions that I made. My defence date is mid February and it is all eyes are set to that. Between now and then I have a metric bucket-load of work which means my time on this must be focused and precise.

What stands between me and VCDX is something I do on a regular basis – make decision based upon information I have at hand, discuss it, and move on.
They have my numbers and it is time to claim them.