top of page
  • Rajeshkumar M

vROPS Custom properties to monitor VMs NSX-T TAGs

Updated: Jan 27

I’m using NSX-T Tags to add group members for my DFW rules and I wanted to track the NSX-T TAG assignment/unassign changes, also I would like to get vROPS report/dashboard based on the NSX-T TAG along with other vSphere VM properties. To make it easy, I have created NSX-T tags as custom properties for Virtual Machine resource kind in vROPS. I have a powercli script created to update the vROPS NSX-T custom properties, the script also included in this article. If I schedule the script to run every day then the NSX-T manager tag changes will be updated in in vROPS custom properties.

Fig 1

Fig 1, I have two NSX-T tags are in my NSX-T Manager and these are assigned to vrops01 and vrops02 VM’s in my NSX-T manager. These tags are used for my group membership and DFW rule.

Fig 2

Fig 2, the NSX-T tags are visible in vSphere Virtual machine object as custom properties and I can see when the TAG assigned/removed to this VM.

Fig 3

Fig 3, A view created to display the TAG status, I can use this view to create a report or dashboard alone with other VM properties/metrics. The VM’s assigned the TAG in NSX-T will have the value 1 and the value 0 for if the VM is not assigned with this NSX-T tags(vrops-icmp-disable, vrops-ssh-disable)

# server names and authentication information

$nsxt_username = "username"                     
$nsxt_password = "password"
$nsxtFQDN ="site-a-nsx.domain.local"
$esxiHost = $null


$vrops_username ="username"

$nsxtTags=@("vrops-ssh-disable", "vrops-icmp-diable") # NSX-T tags name needs to be updated in vROPS
$clustername="Site-A-Compute"                         # VM's in teh cluster will get assigned the NSX-T TAG cutome properties in vROPS

$PWord = ConvertTo-SecureString -String $nsxt_password -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $nsxt_username, $PWord

# TO get the VM's assigend with teh tag from NSX-T manager
Function getNSXTTagVMs()
[Parameter (Mandatory = $false)] [String]$nsxtTag

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", 'application/json')
$headers.Add("Accept", 'application/json')
$uri = "https://{0}/policy/api/v1/infra/tags/effective-resources?tag={1}" -f $nsxtFQDN,$nsxtTag
$res = Invoke-RestMethod -Uri $uri -Headers $header -Method 'GET' -Authentication:Basic -Credential $Credential -SkipCertificateCheck

foreach($nsxtRes in $res.results)

# Update the TAG as custom properties along with status to the VM Resource Kind provided to this function
Function setvROPSNSXTTag()
[Parameter (Mandatory = $false)] [String]$vmName,
[Parameter (Mandatory = $false)] [String]$tag,
[Parameter (Mandatory = $false)] [String]$value
Write-Host($vmName + " " + $tag + " " + $value)
$vmRes = Get-OMResource -name $vmName -ResourceKind VirtualMachine
$customProperties = New-Object VMware.VimAutomation.VROps.Views.PropertyContents
$customProperty = New-Object VMware.VimAutomation.VROps.Views.PropertyContent
$customProperty.StatKey = "nsxt-tag|"+$tag
$customProperty.Values = @($value)
$customProperty.Timestamps = 1605764821000
$customProperties.Propertycontent = @($customProperty)  
$customProperty = $null
$customProperties = $null
$vmRes = $null

Connect-VIServer $vcFQDN -User $vc_username -Password $vc_password
Connect-OMServer $vropsFQDN -User $vrops_username -Password $vrops_password
$clusterVM = get-cluster $clustername | get-vm 

# Loops runs for every NSX-T mentioned in the array variable nsxtTags
foreach($nsxtTag in $nsxtTags)
    getNSXTTagVMs -nsxtTag $nsxtTag
foreach($vm in $clusterVM)
# Loops runs for every VM in the mentioned vSphere Cluster and update the respective NSX-T tag and status in vROPS custome properties
       setvROPSNSXTTag -vmName $ -tag $nsxtTag -value 1

       setvROPSNSXTTag -vmName $ -tag $nsxtTag -value 0

Disconnect-OMServer $vropsFQDN -confirm:$false
Disconnect-VIServer $vcFQDN -confirm:$false

61 views0 comments

Recent Posts

See All

I would like to share how I tested the SaltStack VMware module for NSX-T desired state configuration and issues. First installed python on my Linux machine then installed salt stack with bootstrap scr

In my previous article, I used a script to automate load balancer configuration during recovery via script. The script uses principle identity to authenticate with NSX-T. I have created a principle id

NSX-T TAG’s are location specific, if we create any group based on the TAG to apply global distributed firewall rule, the rule will not get applied at recovery site since the recovery site doesn’t hav

bottom of page