Which integrations are available for this server?

Provides tools for managing VMware NSX security, including distributed firewall (DFW) policies and rules, security groups, VM tags, Traceflow packet tracing, and Intrusion Detection and Prevention Systems (IDPS).

VMware NSX Security

VMware NSX DFW microsegmentation and security MCP skill — 20 tools for distributed firewall policies/rules, security groups, VM tags, Traceflow packet tracing, and IDPS.

Companion skills: vmware-nsx (networking), vmware-aiops (VM lifecycle), vmware-monitor (monitoring)

Quick Start

uv tool install vmware-nsx-security

mkdir -p ~/.vmware-nsx-security
cp config.example.yaml ~/.vmware-nsx-security/config.yaml
# Edit config.yaml with your NSX Manager host

echo "VMWARE_NSX_SECURITY_NSX_PROD_PASSWORD=your_password" > ~/.vmware-nsx-security/.env
chmod 600 ~/.vmware-nsx-security/.env

vmware-nsx-security doctor

What It Does

Category	Tools
DFW Policy	list, get, create, update, delete, list rules
DFW Rules	create, update, delete, stats
Security Groups	list, get, create, delete
VM Tags	list tags, apply tag
Traceflow	run trace, get result
IDPS	list profiles, engine status

Total: 20 MCP tools (10 read-only + 10 write)

MCP Server Setup

Add to ~/.claude.json:

{
  "mcpServers": {
    "vmware-nsx-security": {
      "command": "vmware-nsx-security-mcp",
      "env": {
        "VMWARE_NSX_SECURITY_CONFIG": "~/.vmware-nsx-security/config.yaml"
      }
    }
  }
}

Common Workflows

Microsegment an Application

# 1. Create groups by tag
vmware-nsx-security group create web-vms --name "Web VMs" --tag-scope tier --tag-value web
vmware-nsx-security group create app-vms --name "App VMs" --tag-scope tier --tag-value app

# 2. Create DFW policy
vmware-nsx-security policy create web-app-policy --name "Web to App" --category Application

Tag a VM

# Find VM and its external ID
vmware-nsx-security tag list my-vm-01

# Apply tag using the external ID
vmware-nsx-security tag apply <external-id> --scope tier --value web

Trace a Packet

vmware-nsx-security traceflow run <src-lport-id> \
  --src-ip 10.0.1.5 --dst-ip 10.0.2.10 --proto TCP --dst-port 443

Safety

Dependency checks: Cannot delete a policy with active rules, or a group referenced by DFW rules
Audit logging: All write ops logged to ~/.vmware-nsx-security/audit.log
Input validation: IDs validated; all API text sanitized against prompt injection
Dry-run mode: All CLI write commands support --dry-run
Credential safety: Passwords only from env vars, never in config files

Companion Skills

Skill	Scope	Tools	Install
vmware-aiops ⭐ entry point	VM lifecycle, deployment, guest ops, clusters	31	`uv tool install vmware-aiops`
vmware-monitor	Read-only monitoring, alarms, events, VM info	8	`uv tool install vmware-monitor`
vmware-nsx	NSX networking: segments, gateways, NAT, IPAM	31	`uv tool install vmware-nsx-mgmt`
vmware-storage	Datastores, iSCSI, vSAN	11	`uv tool install vmware-storage`
vmware-vks	Tanzu Namespaces, TKC cluster lifecycle	20	`uv tool install vmware-vks`
vmware-aria	Aria Ops metrics, alerts, capacity planning	18	`uv tool install vmware-aria`