top of page
  • Rajeshkumar M

vROPS Custom properties to monitor VMs NSX-T TAGs

Updated: Jan 27, 2023

I’m using NSX-T Tags to add group members for my DFW rules and I wanted to track the NSX-T TAG assignment/unassign changes, also I would like to get vROPS report/dashboard based on the NSX-T TAG along with other vSphere VM properties. To make it easy, I have created NSX-T tags as custom properties for Virtual Machine resource kind in vROPS. I have a powercli script created to update the vROPS NSX-T custom properties, the script also included in this article. If I schedule the script to run every day then the NSX-T manager tag changes will be updated in in vROPS custom properties.

Fig 1

Fig 1, I have two NSX-T tags are in my NSX-T Manager and these are assigned to vrops01 and vrops02 VM’s in my NSX-T manager. These tags are used for my group membership and DFW rule.

Fig 2

Fig 2, the NSX-T tags are visible in vSphere Virtual machine object as custom properties and I can see when the TAG assigned/removed to this VM.

Fig 3

Fig 3, A view created to display the TAG status, I can use this view to create a report or dashboard alone with other VM properties/metrics. The VM’s assigned the TAG in NSX-T will have the value 1 and the value 0 for if the VM is not assigned with this NSX-T tags(vrops-icmp-disable, vrops-ssh-disable)

# server names and authentication information

$nsxt_username = "username"                     
$nsxt_password = "password"
$nsxtFQDN ="site-a-nsx.domain.local"
$esxiHost = $null


$vrops_username ="username"

$nsxtTags=@("vrops-ssh-disable", "vrops-icmp-diable") # NSX-T tags name needs to be updated in vROPS
$clustername="Site-A-Compute"                         # VM's in teh cluster will get assigned the NSX-T TAG cutome properties in vROPS

$PWord = ConvertTo-SecureString -String $nsxt_password -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $nsxt_username, $PWord

# TO get the VM's assigend with teh tag from NSX-T manager
Function getNSXTTagVMs()
[Parameter (Mandatory = $false)] [String]$nsxtTag

$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", 'application/json')
$headers.Add("Accept", 'application/json')
$uri = "https://{0}/policy/api/v1/infra/tags/effective-resources?tag={1}" -f $nsxtFQDN,$nsxtTag
$res = Invoke-RestMethod -Uri $uri -Headers $header -Method 'GET' -Authentication:Basic -Credential $Credential -SkipCertificateCheck

foreach($nsxtRes in $res.results)

# Update the TAG as custom properties along with status to the VM Resource Kind provided to this function
Function setvROPSNSXTTag()
[Parameter (Mandatory = $false)] [String]$vmName,
[Parameter (Mandatory = $false)] [String]$tag,
[Parameter (Mandatory = $false)] [String]$value
Write-Host($vmName + " " + $tag + " " + $value)
$vmRes = Get-OMResource -name $vmName -ResourceKind VirtualMachine
$customProperties = New-Object VMware.VimAutomation.VROps.Views.PropertyContents
$customProperty = New-Object VMware.VimAutomation.VROps.Views.PropertyContent
$customProperty.StatKey = "nsxt-tag|"+$tag
$customProperty.Values = @($value)
$customProperty.Timestamps = 1605764821000
$customProperties.Propertycontent = @($customProperty)  
$customProperty = $null
$customProperties = $null
$vmRes = $null

Connect-VIServer $vcFQDN -User $vc_username -Password $vc_password
Connect-OMServer $vropsFQDN -User $vrops_username -Password $vrops_password
$clusterVM = get-cluster $clustername | get-vm 

# Loops runs for every NSX-T mentioned in the array variable nsxtTags
foreach($nsxtTag in $nsxtTags)
    getNSXTTagVMs -nsxtTag $nsxtTag
foreach($vm in $clusterVM)
# Loops runs for every VM in the mentioned vSphere Cluster and update the respective NSX-T tag and status in vROPS custome properties
       setvROPSNSXTTag -vmName $ -tag $nsxtTag -value 1

       setvROPSNSXTTag -vmName $ -tag $nsxtTag -value 0

Disconnect-OMServer $vropsFQDN -confirm:$false
Disconnect-VIServer $vcFQDN -confirm:$false

65 views0 comments

Recent Posts

See All

vSphere Tags to NSX-T Tags

I created a simple powercli script to copy the vSphere Tags to NSX-T, it helped me to copy the NSX-T tags on the recovery VM's in non-federated/local NSX-T managers. Since SRM retain the vSphere TAG's

vIDM Locl user password reset without email link

When resetting config admin or any local user password in VMware identity manager will trigger an email link, if in case the smtp is not working/configured we can use API call to reset the password. Y

bottom of page