6.2
Table Of Contents
- IaaS Integration for Multi-Machine Services
- Contents
- IaaS Integration for Multi-Machine Services
- Introduction to Multi-Machine Services
- Configuring Network and Security Integration
- Configuring vRealize Orchestrator Endpoints
- Create a vSphere Endpoint for Networking and Security Virtualization
- Run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator
- Creating a Network Profile
- Configuring a Reservation for Network and Security Virtualization
- Optional Configurations for Multi-Machine Services
- Creating Multi-Machine Blueprints
- Specifying Scripts for Multi-Machine Service Provisioning
- Specifying Custom Properties for Multi-Machine Services
- Blueprint Action Settings for Multi-Machine Services
- Create a Multi-Machine Blueprint
- Specify Blueprint Information for a Multi-Machine Blueprint
- Specify Build Information for a Multi-Machine Blueprint
- Specify Network Information for a Multi-Machine Blueprint
- Specify Scripting Information for a Multi-Machine Blueprint
- Add Multi-Machine Blueprint Custom Properties
- Specify Actions for Multi-Machine Blueprints
- Publish a Blueprint
- Configuring Multi-Machine Blueprints for Network and Security Virtualization
- Managing Multi-Machine Services
3 Select the NSX endpoint as the input parameter for the workflow.
Use the IP address you specified when you created the vSphere endpoint to register an NSX
instance.
After you run this workflow, the Distributed Firewall rules defined in the security policy are applied only on
the vNICs of the security group members to which this security policy is applied.
What to do next
Apply the applicable security features for the multi-machine blueprint.
Creating a Network Profile
A fabric administrator creates external network profiles and templates for network address translation
(NAT), routed, and private network profiles.
Fabric administrators create network profiles to define existing, physical networks and networks for virtual
machines provisioned as part of multi-machine services. A network profile can define one of the types of
networks.
Table 2‑1. Available Network Types for a Network Profile
Network Type Description
External networks Existing physical networks configured on the vSphere server. They are the external part of the NAT and routed
types of networks. An external network profile can define a range of static IP addresses available on the
external network. An external network profile with a static IP range is a prerequisite for NAT and routed
networks.
NAT virtual
networks
Created during provisioning. They are networks that use one set of IP addresses for external communication
and another set for internal communications. With one-to-one NAT networks, every virtual machine is assigned
an external IP address from the external network profile and an internal IP address from the NAT network
profile. With one-to-many NAT networks, all machines share a single IP address from the external network
profile for external communication. A NAT network profile defines local and external networks that use a
translation table for mutual communication.
Routed virtual
networks
Created during provisioning. They represent a routable IP space divided across subnets that are linked
together with a routing table. Every new routed network has the next available subnet assigned to it and an
entry in the routing table to connect it to other routed networks that use the same network profile. The virtual
machines that are provisioned with routed networks that have the same routed network profile can
communicate with each other and the external network. A routed network profile defines a routable space and
available subnets.
Private virtual
networks
Created during provisioning. They are internal networks that have no connection to external, public networks.
The virtual machines in a private network communicate only with each other. You can communicate with a
virtual machine in a private network with the VMware Remote Console option in vRealize Automation. A private
network profile defines an internal network, ranges of static IP addresses, and a range of DHCP addresses.
In general, vRealize Automation uses vSphere DHCP to assign IP addresses to the machines it
provisions, regardless of which provisioning method is used. When provisioning virtual machines by
cloning or using kickstart/autoYaST provisioning, however, the requesting machine owner can assign
static IP addresses from a predetermined range.
IaaS Integration for Multi-Machine Services
VMware, Inc. 17