vmware-nsx-security

vmware-nsx-security

AI-powered VMware NSX DFW microsegmentation and security. Manage distributed firewall policies, security groups, Traceflow, and IDPS with 20 MCP tools.

Category
Visit Server

README

VMware NSX Security

VMware NSX DFW microsegmentation and security MCP skill — 20 tools for distributed firewall policies/rules, security groups, VM tags, Traceflow packet tracing, and IDPS.

Companion skills: vmware-nsx (networking), vmware-aiops (VM lifecycle), vmware-monitor (monitoring)

Quick Start

uv tool install vmware-nsx-security

mkdir -p ~/.vmware-nsx-security
cp config.example.yaml ~/.vmware-nsx-security/config.yaml
# Edit config.yaml with your NSX Manager host

echo "VMWARE_NSX_SECURITY_NSX_PROD_PASSWORD=your_password" > ~/.vmware-nsx-security/.env
chmod 600 ~/.vmware-nsx-security/.env

vmware-nsx-security doctor

What It Does

Category Tools
DFW Policy list, get, create, update, delete, list rules
DFW Rules create, update, delete, stats
Security Groups list, get, create, delete
VM Tags list tags, apply tag
Traceflow run trace, get result
IDPS list profiles, engine status

Total: 20 MCP tools (10 read-only + 10 write)

MCP Server Setup

Add to ~/.claude.json:

{
  "mcpServers": {
    "vmware-nsx-security": {
      "command": "vmware-nsx-security-mcp",
      "env": {
        "VMWARE_NSX_SECURITY_CONFIG": "~/.vmware-nsx-security/config.yaml"
      }
    }
  }
}

Common Workflows

Microsegment an Application

# 1. Create groups by tag
vmware-nsx-security group create web-vms --name "Web VMs" --tag-scope tier --tag-value web
vmware-nsx-security group create app-vms --name "App VMs" --tag-scope tier --tag-value app

# 2. Create DFW policy
vmware-nsx-security policy create web-app-policy --name "Web to App" --category Application

Tag a VM

# Find VM and its external ID
vmware-nsx-security tag list my-vm-01

# Apply tag using the external ID
vmware-nsx-security tag apply <external-id> --scope tier --value web

Trace a Packet

vmware-nsx-security traceflow run <src-lport-id> \
  --src-ip 10.0.1.5 --dst-ip 10.0.2.10 --proto TCP --dst-port 443

Safety

  • Dependency checks: Cannot delete a policy with active rules, or a group referenced by DFW rules
  • Audit logging: All write ops logged to ~/.vmware-nsx-security/audit.log
  • Input validation: IDs validated; all API text sanitized against prompt injection
  • Dry-run mode: All CLI write commands support --dry-run
  • Credential safety: Passwords only from env vars, never in config files

Companion Skills

Skill Scope Tools Install
vmware-aiops ⭐ entry point VM lifecycle, deployment, guest ops, clusters 31 uv tool install vmware-aiops
vmware-monitor Read-only monitoring, alarms, events, VM info 8 uv tool install vmware-monitor
vmware-nsx NSX networking: segments, gateways, NAT, IPAM 31 uv tool install vmware-nsx-mgmt
vmware-storage Datastores, iSCSI, vSAN 11 uv tool install vmware-storage
vmware-vks Tanzu Namespaces, TKC cluster lifecycle 20 uv tool install vmware-vks
vmware-aria Aria Ops metrics, alerts, capacity planning 18 uv tool install vmware-aria

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured