Delete partner services through NSX Manager UI or API call.
To delete partner services:
Procedure
- Remove EPP rules applied to VM groups running on the host.
- Remove service profile protection applied to VM groups.
- Navigate to System > Service Deployments > Deployment.
- From the Partner Service drop-down menu, select the partner service.
- Click the vertical ellipses icon of the service you want to delete.
- Click Delete. The service will be permanently deleted and cannot be recovered.
- In the pop-up window, click Delete.
If the NSX Manager cannot reach partner service VM or cannot synchronize the state of the partner service VM, the status goes into Unknown state. If the service cannot be deleted, the Status goes into Failed state. In such scenarios, the partner service VM is not completely deleted from NSX. You need to call APIs to completely remove the partner service VMs.
- To verify whether there are any stale entries in NSX, run the following API.
GET https://<nsx-manager-IP>/api/v1/serviceinsertion/services
{ "results": [ { "functionalities": [ "EPP", "IDS_IPS" ], "implementations": [ "EAST_WEST" ], "attachment_point": [ "SERVICE_PLANE" ], "transports": [ "NSH" ], "on_failure_policy": "ALLOW", "service_deployment_spec": { "deployment_template": [ { "name": "Deep Security - Deployment Template", "attributes": [ { "key": "solutionId", "display_name": "solutionId", "value": "7498352642083520512", "attribute_type": "STRING", "read_only": false }, { "key": "failOpen", "display_name": "failOpen", "value": "true", "attribute_type": "STRING", "read_only": false }, { "key": "ipAddress", "display_name": "ipAddress", "value": "169.254.1.39", "attribute_type": "STRING", "read_only": false }, { "key": "port", "display_name": "port", "value": "48651", "attribute_type": "STRING", "read_only": false }, { "key": "management.DNS2", "display_name": "management.DNS2", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "management.DNS", "display_name": "management.DNS", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "management.netmask0", "display_name": "management.netmask0", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "management.ip0", "display_name": "management.ip0", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "management.ipv6Dhcp", "display_name": "management.ipv6Dhcp", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "defaultAction", "display_name": "defaultAction", "value": "isNetworkFeatureAvailable:true,NSXType:NSX-T", "attribute_type": "STRING", "read_only": false }, { "key": "agentName", "display_name": "agentName", "value": "serviceinstance-x", "attribute_type": "STRING", "read_only": false }, { "key": "management.gateway", "display_name": "management.gateway", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "dpdkMode", "display_name": "dpdkMode", "value": "0", "attribute_type": "STRING", "read_only": false }, { "key": "vmname", "display_name": "vmname", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "management.dhcp", "display_name": "management.dhcp", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "management.hostname", "display_name": "management.hostname", "value": "", "attribute_type": "STRING", "read_only": false }, { "key": "management.ipv6Gateway", "display_name": "management.ipv6Gateway", "value": "", "attribute_type": "STRING", "read_only": false } ] } ], "deployment_specs": [ { "name": "Deep Security - 20.0.0-877-C12M24-LARGE", "ovf_url": "https://<nsx-manager-IP:portnumber>/appliance/NSX/dsva-20.0.0-877-C12M24-large.ovf", "min_host_version": "6.5", "host_type": "ESXI", "service_form_factor": "LARGE", "svm_version": "1.0" }, { "name": "Deep Security - 20.0.0-877-C2M4-SMALL", "ovf_url": "https://<nsx-manager-IP:portnumber>/appliance/NSX/dsva-20.0.0-877-C2M4-small.ovf", "min_host_version": "6.5", "host_type": "ESXI", "service_form_factor": "SMALL", "svm_version": "1.0" }, { "name": "Deep Security - 20.0.0-877-C8M16-MEDIUM", "ovf_url": "https://<nsx-manager-IP:portnumber>/appliance/NSX/dsva-20.0.0-877-C8M16-medium.ovf", "min_host_version": "6.5", "host_type": "ESXI", "service_form_factor": "MEDIUM", "svm_version": "1.0" }, { "name": "Deep Security - 20.0.0-877-C8M24-LARGE", "ovf_url": "https://<nsx-manager-IP:portnumber>/appliance/NSX/dsva-20.0.0-877-C8M24-large.ovf", "min_host_version": "6.5", "host_type": "ESXI", "service_form_factor": "LARGE", "svm_version": "1.0" }, { "name": "Deep Security - 20.0.0-877-C4M8-SMALL", "ovf_url": "https://<nsx-manager-IP:portnumber>/appliance/NSX/dsva-20.0.0-877-C4M8-small.ovf", "min_host_version": "6.5", "host_type": "ESXI", "service_form_factor": "SMALL", "svm_version": "1.0" }, { "name": "Deep Security - 20.0.0-877-C6M16-MEDIUM", "ovf_url": "https://<nsx-manager-IP:portnumber>/appliance/NSX/dsva-20.0.0-877-C6M16-medium.ovf", "min_host_version": "6.5", "host_type": "ESXI", "service_form_factor": "MEDIUM", "svm_version": "1.0" } ], "nic_metadata_list": [ { "interface_label": "ens", "interface_index": 1, "interface_type": "CONTROL" }, { "interface_label": "ens", "interface_index": 2, "interface_type": "DATA1" }, { "interface_label": "ens", "interface_index": 0, "interface_type": "MANAGEMENT", "user_configurable": true } ], "svm_version": "20.0" }, "vendor_id": "Trend Micro", "service_manager_id": "1b76b8ca-75a9-4909-a649-ba3abfc6fbfe", "service_capability": { "nsh_liveness_support_enabled": true, "can_decrement_si": false }, "resource_type": "ServiceDefinition", "id": "83f9266a-a3e9-459e-ba79-ddd699e4a32b", "display_name": "Trend Micro Deep Security", "description": "Advanced security for virtual servers and desktops - Provides Agentless Anti-Malware, Web Reputation, Intrusion Prevention, Integrity Monitoring and Firewall.", "_create_user": "admin", "_create_time": 1617235766601, "_last_modified_user": "admin", "_last_modified_time": 1617235766783, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "result_count": 1
- To verify whether there are service profiles still present in NSX, run the following API.
GET https://<nsx-manager-IP>/api/v1/serviceinsertion/services/<service-id>/service-profiles
{ "results": [ { "service_id": "83f9266a-a3e9-459e-ba79-ddd699e4a32b", "vendor_template_key": "Gold", "vendor_template_id": "0628655d-37fe-453d-8607-731a99362dd7", "resource_type": "GiServiceProfile", "id": "ccfd4d9c-afcf-4f85-aee2-b4593a2d3e66", "display_name": "EPP-profile", "_create_user": "nsx_policy", "_create_time": 1617239484207, "_last_modified_user": "nsx_policy", "_last_modified_time": 1617239484207, "_system_owned": false, "_protection": "REQUIRE_OVERRIDE", "_revision": 0 } ] }
- To delete the service profile that was applied to the policy, run the following API.
DELETE https://<nsx-manager-IP>/api/v1/serviceinsertion/services/<service-id>/service-profiles/<service-profile-id>
{ "httpStatus": "BAD_REQUEST", "error_code": 289, "module_name": "common-services", "error_message": "Principal 'admin' with role '[enterprise_admin]' attempts to delete or modify an object of type GiServiceProfile it doesn't own. (createUser=nsx_policy, allowOverwrite=null)" }
- To know whether there are any Vendor Templates still available in NSX, run the following API.
GET https://<nsx-manager-IP>/api/v1/serviceinsertion/services/<service-id>/vendor-templates
{ "results": [ { "attributes": [], "service_id": "83f9266a-a3e9-459e-ba79-ddd699e4a32b", "vendor_template_key": "Gold", "functionality": "EPP", "redirection_action": "PUNT", "resource_type": "VendorTemplate", "id": "0628655d-37fe-453d-8607-731a99362dd7", "display_name": "Default (EBT)", "description": "The default Deep Security profile configuration used for EBTs.", "_create_user": "admin", "_create_time": 1617235768228, "_last_modified_user": "admin", "_last_modified_time": 1617235768228, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 }, { "attributes": [], "service_id": "83f9266a-a3e9-459e-ba79-ddd699e4a32b", "vendor_template_key": "P4_Network", "functionality": "IDS_IPS", "redirection_action": "PUNT", "resource_type": "VendorTemplate", "id": "e0bd601c-c9ec-4d30-bbd3-d924c029de07", "display_name": "Windows Server_Network", "description": "An example policy for Windows Server servers.", "_create_user": "admin", "_create_time": 1617239792464, "_last_modified_user": "admin", "_last_modified_time": 1617239792464, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 },
- Delete the vendor templates, if there are any.
DELETE https://<nsx-manager-IP>/api/v1/serviceinsertion/services/<service-id>/vendor-templates<vendor-template-id>
- Delete the service.
DELETE https://<nsx-manager-IP>/api/v1/serviceinsertion/services/<service-id>
- Delete the partner service manager.
DELETE https://<nsx-manager-IP>/api/v1/serviceinsertion/service-manager/<service-manager-id>