6.2
Table Of Contents
- IaaS Integration for Multi-Machine Services
- Contents
- IaaS Integration for Multi-Machine Services
- Introduction to Multi-Machine Services
- Configuring Network and Security Integration
- Configuring vRealize Orchestrator Endpoints
- Create a vSphere Endpoint for Networking and Security Virtualization
- Run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator
- Creating a Network Profile
- Configuring a Reservation for Network and Security Virtualization
- Optional Configurations for Multi-Machine Services
- Creating Multi-Machine Blueprints
- Specifying Scripts for Multi-Machine Service Provisioning
- Specifying Custom Properties for Multi-Machine Services
- Blueprint Action Settings for Multi-Machine Services
- Create a Multi-Machine Blueprint
- Specify Blueprint Information for a Multi-Machine Blueprint
- Specify Build Information for a Multi-Machine Blueprint
- Specify Network Information for a Multi-Machine Blueprint
- Specify Scripting Information for a Multi-Machine Blueprint
- Add Multi-Machine Blueprint Custom Properties
- Specify Actions for Multi-Machine Blueprints
- Publish a Blueprint
- Configuring Multi-Machine Blueprints for Network and Security Virtualization
- Managing Multi-Machine Services
Configuring Network and
Security Integration 2
vRealize Automation supports virtualized networks based on the vCloud Networking and Security and
NSX platforms. Network and security virtualization allows virtual machines to communicate with each
other over physical and virtual networks securely and efficiently.
To integrate network and security with vRealize Automation an IaaS administrator must install the
vCloud Networking and Security or NSX plug-ins in vRealize Orchestrator and create
vRealize Orchestrator and vSphere endpoints.
A fabric administrator can create network profiles that specify network settings in reservations and
blueprints. External network profiles define existing physical networks. NAT, routed, and private network
profiles are templates for configuring network interfaces when you provision virtual machines, and for
configuring NSX Edge devices created when you provision multi-machines.
Note When deploying a multi-machine that uses both an NSX Edge load balancer and app isolation, the
dynamically provisioned load balancer is not added to the security group with the other multi-machine
blueprint components. This prevents the load balancer from communicating with the machines for which it
is meant to handle connections. Because Edges are excluded from the NSX distributed firewall, they
cannot be added to security groups. To allow load balancing to function properly, use another security
group or security policy that allows the required traffic into the component VMs for load balancing.
A tenant administrator or business group manager can configure network adapters, load balancing, and
security for all components provisioned from a multi-machine blueprint that uses a routed network profile.
A tenant administrator or business group manager can use the templates to define multi-machine service
networks. In a multi-machine blueprint, you can configure network adapters and load balancing for all
components provisioned from that multi-machine blueprint.
In the multi-machine blueprint, you can select a transport zone that identifies the vSphere endpoint. A
transport zone specifies the hosts and clusters that can be associated with logical switches created within
the zone. A transport zone can span multiple vSphere clusters. The multi-machine blueprint and the
reservations used in the provisioning must have the same transport zone setting. Transport zones are
defined in the NSX and vCloud Networking and Security environments. See NSX Administration Guide.
n
Configuring vRealize Orchestrator Endpoints
If you are using vRealize Automation workflows to call vRealize Orchestrator workflows, you must
configure the vRealize Orchestrator instance or server as an endpoint.
VMware, Inc.
12