Kategorie: VMware

Introduction

The first and most easy way to use a Network Profile, is to deploy in an existing network. In that case there are no network components that needs to be created on the fly, hence the configuration is easy.

The following instructions will show how to create a Network Profile and configure it accordingly.

1. Go to the Infrastructure > Network Profiles page and click on [+ New Network Profile]
2. On the Summary page, provide the following information:
   • Account / region
   • Name
   • Optionally a description
   • Capabilities, which have to match constraints on a blueprint
3. On the Networks page, add the appropriate existing networks. Remember, if you have more than more network, tags can be used as blueprint constraints in order to match to tagged networks to avoid ambiguity.
4. On the Network Polices page, there is no need to do perform any configuration.
5. Click on Create

Once the network profile has been created, you can go to the blueprint and add a Network element. The following yams shows the code, for an ElasticSearch Deployment (we skip the code to install ElasticSeach) that goes to a specific existing network (we use tags to identify the currect network profile):

formatVersion: 1
name: ElasticStack
version: 1
description: Installs Elastic Stack on a single machine
inputs:
  image:
    type: string
    enum:
      - ubuntu1604
      - Ubuntu1804
    description: Image/OS required
    title: Image/OS
    default: Ubuntu1804
  flavor:
    type: string
    enum:
      - small
      - medium
    description: Choose the size of the machine
    title: Flavor
    default: medium
  network:
    type: string
    title: Network
    description: Input the network tag information
    default: 'network:vlan41'
  region:
    type: string
    description: Input the region that the resources belong to
    title: Region
    default: 'region:sc-central-1'
  key:
    type: string
    title: Public Key
    description: Input Public Key outputted from the script
    default: ENTER-PUBLIC-KEY
  name:
    type: string
    title: VM Name
    description: Name of the virtual machine
resources:
  Elastic_Stack_NODE:
    type: Cloud.Machine
    properties:
      name: elastic_stack_node
      flavor: '${input.flavor}'
      image: '${input.image}'
      cloudConfig: |
        #cloudconfig
        repo_update: true
        repo_upgrade: all
        package_update: true
        package_upgrade: all
        hostname: ${input.name}
        manage_etc_hosts: true

        runcmd:
        - echo "${input.key}" >> /root/.ssh/authorized_keys
        - echo "${input.key}" >> /home/ubuntu/.ssh/authorized_keys
        - chmod 400 /root/.ssh/vmware.pub
      networks:
        - name: '${Elastic_Stack_Network.name}'
          tags: []
          network: '${resource.Elastic_Stack_Network.id}'
          securityGroups: []
          assignPublicIpAddress: false
      constraints:
        - tag: '${input.region}'
  Elastic_Stack_Network:
    type: Cloud.Network
    properties:
      name: Elastic_Stack_Network
      networkType: existing
      constraints:
        - tag: '${input.network}'

Introduction & Summary

In short, the Network show the following information:

• The networks and networking objects that can be used for provisioning. Those networks are discovered from the underlying Cloud Accounts and can encompass vSphere network, NSX-T/NSX-V networks or those from Cloud Providers. In order to work with them and allow DHCP from blueprint deployments, we showed how to add additional information like CIDR range, DNS or domain settings.
• IP ranges could be used to define the set of IP addresses that can be reserved during provisioning.
• Once those IP ranges have been setup and you configured your blueprint correctly, the IP ranges showed all the IP addresses in use.
• Load balancers showed all the discovered load balancer
• Network containers lists containers or groupings of related networks.

Network Profiles

The next thing we want to discuss are Network Profiles.

Basically, Network Profiles are used at runtime to determine which network constructs will be used or created at runtime. Those network constructs encompass existing network constructs (from vSphere, NSX-T, NSX-V, or any VPC, VNET stuff from cloud providers): Those network constructs can be something like networks, load balancers or security groups.

In addition Network Profiles can help to create on-demand network resources. That includes:

• Public networks
• Private networks
• Outbound networks
• Routed networks

Technically, Network Profiles provide some orchestration stuff, so that we do not need the configure the underlying network management system (for example NSX). For example, when setting up a routed network, vRealize Automation will create a logical switch, a DHCP server and will advertise the NSX routes.

However, configuration is not done with solely in the Network Profile. Some tasks has to be done on the blueprint as well. 

Compared to vRealize Automation 7, the configuration has been simplified, To achieve similar goals, the configuration of network profiles and blueprints was not sufficient in the old version. There was also work to be done on reservations. However, as there are no reservations in vRA 8 anymore, things have become easier.

Besides setting up networks, vRealize Automation can also help you with microsegmentations and firewall rules.  We will discuss everything in detail within the next blog posts.

Introduction

As discussed in the last blog post, vRealize Automation allows to manage networks and their configuration settings in an intuitive and comfortable manner. Administrators have an overview over all networks imported from the underlying Cloud Accounts and are able to centrally manage stuff like CIDR Ranges, DNS settings, Gateways and so on.

Besides, administrators can use the IPAM built-in functions of vRA if they don’t have a dedicated IPAM solution like Infoblox.

Perform the following steps to manage IP ranges:

• Within the Networks page, select the network for which you want the IP ranges to be configured and click on „MANAGE IP RANGES“
• Click on [+ NEW IP RANGE]

• Provide a Name for the IP Range
• Optionally, provide a description
• Enter the Start IP address
• Provide the End IP address

Click on Create

IPAM Considerations

Once you have saved your new IP range, you can change to the IP Ranges tab and have an overview about all your configured IP Ranges.

However, there are some caveats in order to use the internal IP Ranges and hence you have to make sure that the following requirements are fulfilled:

• First, you need the VMware Tools installed on the Linux machine
• You need to setup a Guest specification in vSphere
• You have to configure the blueprint to use the guest specification
• You have to change the Network Assignment to Static on the blueprint

The first two items should be easy to be configured or are most likely already set up properly. The following code shows the necessary configuration on the blueprint.

formatVersion: 1
inputs: {}
resources:
  Cloud_vSphere_Machine_1:
    type: Cloud.vSphere.Machine
    properties:
      image: Ubuntu
      cpuCount: 1
      totalMemoryMB: 1024
      networks:
        - tags: []
          network: '${resource.Cloud_vSphere_Network_1.id}'
          assignment: static
          assignIPv6Address: false
          assignPublicIpAddress: false
      customizationSpec: Linux
  Cloud_vSphere_Network_1:
    type: Cloud.vSphere.Network
    properties:
      networkType: existing
      name: VLAN-41

Once you have accomplished these configuration settings, you can monitor the assigned IP addresses:

Network Load Balancers

When you have NSX integrated, the Network section will also display the load balancers that can be used for provisioned resources.

However, except than setting tags (which is optional), no configuration has to be done here.

Last but not least, the Network Domain section will give you an overview over containers or groupings of related networks. Networks in the network domain are related and non-overlapping. Term equivalents:

• AWS = VPC (virtual private cloud)
• Microsoft Azure = Virtual network
• vSphere = Network