6.2
Table Of Contents
- IaaS Integration for Multi-Machine Services
- Contents
- IaaS Integration for Multi-Machine Services
- Introduction to Multi-Machine Services
- Configuring Network and Security Integration
- Configuring vRealize Orchestrator Endpoints
- Create a vSphere Endpoint for Networking and Security Virtualization
- Run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator
- Creating a Network Profile
- Configuring a Reservation for Network and Security Virtualization
- Optional Configurations for Multi-Machine Services
- Creating Multi-Machine Blueprints
- Specifying Scripts for Multi-Machine Service Provisioning
- Specifying Custom Properties for Multi-Machine Services
- Blueprint Action Settings for Multi-Machine Services
- Create a Multi-Machine Blueprint
- Specify Blueprint Information for a Multi-Machine Blueprint
- Specify Build Information for a Multi-Machine Blueprint
- Specify Network Information for a Multi-Machine Blueprint
- Specify Scripting Information for a Multi-Machine Blueprint
- Add Multi-Machine Blueprint Custom Properties
- Specify Actions for Multi-Machine Blueprints
- Publish a Blueprint
- Configuring Multi-Machine Blueprints for Network and Security Virtualization
- Managing Multi-Machine Services
Security policies, security groups, and security tags are defined in the NSX environment. See NSX
Administration Guide.
Security Group Collection of assets or grouping objects from the vSphere inventory. The
grouping feature enables you to create custom containers to which you can
assign resources, such as virtual machines and network adapters, for
distributed firewall protection. After a group is defined, you can add the
group as source or destination to a firewall rule for protection.
The dynamic mapping capability of security groups let you define the
criteria that an object must meet for it to be added to the security group you
are creating. This gives you the ability to include virtual machines by
defining a filter criteria with a number of parameters supported to match the
search criteria. For example, you might include a criteria to add all virtual
machines that run a specific operating system such as Microsoft Windows
2003 to the security group.
Security Tag Include a criteria to add all of the virtual machines tagged with a specified
security tag to a security group. Security tags are case sensitive.
Security Policy During data collection the security policies that have been defined in NSX
appear in the Security tab. The tenant administrator or business group
manager can assign security policies on selected component machines.
For example, for a Web component you can apply a Web security policy. A
security policy is a set of endpoint, firewall, and network introspection
services that can be applied to a security group.
App Isolation Use the logical firewall to prevent all of the inbound and outbound traffic to
the applications in the multi-machine blueprint. The component machines in
the multi-machine blueprints can communicate with each other but cannot
connect outside the firewall.
The vRealize Automation App Isolation security policy has a precedence
value of 3456. If the 3456 precedence value is applied to another
component, the deployment fails.
Specify Security Policy, Groups, and Tags for Component
Machines
A tenant administrator or business group manager can assign one or more security policies, security
groups, and security tags to a component machine provisioned with the multi-machine blueprint.
When you configure security groups for a component machine, specify a transport zone on the Network
tab of the multi-machine blueprint to make security groups available for selection. The component is
assigned to the selected security groups after provisioning.
IaaS Integration for Multi-Machine Services
VMware, Inc. 50