vRA and NSX – Intro to Network and Security Automation

Network and security automation — and specifically the use of on-demand services — will continue to play a more significant role as NSX (and network virtualization in general) continues to become more and more prominent. Customers are still trying to understand the impacts of app-centric networking and whether or not they’re ready to hand these critical services to automation tools. There’s a perception that automation reduces control and/or visibility into networking and security services that traditionally involve a ton of ownership, red tape, and several siloed personalities that love to hear their own voice (I used to be one!). Plus, there are personal domains and certifications to protect!

Once these folks realize vRA + NSX will provide greater control, more governance, and better visibility than they’ve ever had before, heads tend to deflate a bit. NSX adoption is on a rocketship and its benefits are resonating with traditional network silos and modern shops alike. As adoption (and resulting trust) continues to grow within an enterprise, the second part of the equation — automation — become the obvious next step for streamlining network and security services, often getting kicked off with two wonderful words: now what? Enter vRealize Automation.

For its part, vRA is designed to bridge the gap between a pure consumption model and on-demand everything.…

vRA and NSX – Part 1, vSphere Prep

Introduction

There are a few prerequisite steps to complete on the vSphere and NSX side before vRA can be configured to consume its services or deliver on-demand networking and security. In Part 1 of this series, we will use the vSphere Web Client to review the NSX baseline deployment and add the necessary configurations for staging. What is configured here will depend on the desired objectives and use cases…I’ll cover minimum requirements.

Note: These steps assume you have already deployed NSX Manager, registered NSX with vSphere, and prepared hosts / clusters per best practice.

Objectives:

  • Review NSX deployment in vSphere to ensure prerequisites are in tact
  • Validate Logical Network / VXLAN configuration

As mentioned previously, this guide assumes a basic NSX deployment has been completed. This section will review the lab configuration and validate NSX has been properly deployed and configured.

1.  Log in the vSphere Web Client.

2.  Navigate to Networking & Security to review the existing NSX deployment configuration.

3.  Select Installation in the Networking & Security pane.

4.  In the Management tab, verify that at least one primary NSX Manager is available and at least one NSX Controller Node has been deployed (with status: Connected):

vra7-135

5.  In the Host Preparation tab, expand the target clusters and ensure Installation status, Firewall, and VXLAN are all showing a green check mark:

vra7-133

In this example, there are two configured clusters — Cloud Cluster and Mgmt Cluster.

vRA and NSX Integration Series

It should be no surprise that VMware is putting a lot of time and energy around the benefits of vRealize Automation and NSX. The #BetterTogether campaign has taken off and just about anyone touching either of these solutions should be able to articulate that message by now. I’ve been focusing on the integrations between vRA and NSX partly because it’s within my charter, but primarily due to being huge believer in the transformative nature of the technology behind it. Whether at a VMUG, in a briefing, building internal content, or in my home office as my puppy, Millie, begs to go out and play just as I start recording a video (it’s like clockwork!), this has easily become one of my favorite topics.

While the benefits are easily articulated and demos [usually] go off without a hitch, much of the feedback I get suggests there’s a perceived complexity with the integration. “Not so!”, says I. While complex is a relative term, integrating vRA and NSX doesn’t have to be, especially if you have a basic understanding of the two solutions individually. Although I will agree on at least one thing — while documentation is generally getting better, there’s still a major gap in prescribed [how-to] content.…

Adding a Network Selection Drop-Down in vRA 7

Ever since the early days of vCAC, customers have needed the ability to provide a variety of additional control options to vRealize Automation’s self-service consumer. I’m specifically referring to inputs and selection options that are made available to the consumer during request time. Some of the most common examples include fields for plain text input, drop-down menus, checkboxes, value lists, and text descriptors. The input or selection can be basic information or used for downstream processing during machine provisioning.

Custom Properties

There are hundreds (thousands?) of use cases and unique requirements that make it just about impossible for VMware to deliver every option as an out of the box. function. Instead, vRealize Automation (vRA) leverages Custom Properties to provide a quick-n-easy way to control many aspects of machine provisioning. Custom properties can be used across much of vRA’s configuration constructs, including Blueprints, Business Groups, Compute Resources, Reservations, and Endpoints (in that order of precedence). Custom properties are a core component of vRA’s massive extensibility engine and are often used in collaboration with the Property Dictionary, Property Groups, vRealize Orchestrator (via workflow stubs), and the new Event Broker. If you’re unfamiliar with custom properties and these concepts, be sure to read the documentation.…

vRA and NSX – Using Baseline Security Groups

vRA and NSX came together back when vRA (a.k.a. vCAC) 6.0 was released, just as VMware was transitioning from vCNS to NSX. In vRA 6.x, inventory-collected security groups must be selected (checked) per Reservation prior to being available for consumption by a multi-machine blueprint (and only MMBP’s support NSX in vRA 6.x). As I’ve highlighted several times before, the latest release of vRealize Automation (7.x) delivers deeper integrations with NSX and unified service authoring capabilities to make delivering application-centric networks the new norm. See this post for how vRA and NSX are better together…I won’t repeat those details here.

With vRA 7’s deeper integration and broader use cases, one hugely powerful feature is the ability to incorporate one or more NSX Security Groups — either Pre-Existing or On-Demand — into your service design using the new Converged Blueprint Designer (CBP). You simply drag-and-drop the security group right on to the unified canvas and bind it to the desired machine components…

vra-cbp-nsx-sg

nsx security groups in vra

As a result, the provisioned machines are automatically added to the security group (Existing Security Group) or a new security group is dynamically created and bound to an existing security policy at request (On-Demand Security Group).…

vRealize Automation and NSX – Better Together

One of the hottest topics in the world of software-defined everything is unequivocally NSX. This rocketship of a technology is fundamentally changing datacenter design — much like vSphere so effectively did (except at a greater pace). NSX redefines how networks are built, consumed, and managed. Even more importantly, security no longer has to be compromised due to the the prohibitive cost of per-application policies. And best of all, this all done with software. That’s a good thing since we’re at the start of a software-defined revolution, quickly breaking out of our hardware-defined chains.

I can go on and on, but this post isn’t about how awesome NSX is…not entirely anyway.

Making Awesome…Awesomer

So how do we take awesome up another notch? Easy…automate it (i’m sure you figured I’d say that). And not just automate in the “I’ll run a fancy custom script or workflow as soon as the request hits my desk”. While that’s neat — and congrats on putting in all the work for building those static processes (also, good luck handing those proprietary scripts over to the next admin when LinkedIn recruiters finally land you) — that’s not what I’m referring to. Automation in that sense has been around for decades and traditionally misses two of the worst choke points in IT — People and Process.…

VMware Cloud Management Q1’16 Releases

Today was a big day for VMware’s Cloud Management business unit!

While most of these releases are an incremental (“sub”) release, they are quite important for all customers who have either already deployed or upgraded to vRealize Automation 7.0 and/or vRealize Business 7.0, or have been patiently holding off for the first incremental update prior to deploying or moving into production (especially considering the many platform-level enhancements introduced in 7.0).

As you’d expect, the vRA / vRB 7.0.1 updates bring with them bug fixes and minor enhancements since the 7.0 release(s). The theme is product quality, performance, scale and stability. These also represent the first releases to align with the BU’s new 90-day target for major and minor releases.

 

 

vRealize Automation 7.0.1

 

vRealize Orchestrator 7.0.1 (standalone VA)

 

vRealize Automation 6.2.4

 

vRealize Business for Cloud 7.0.1

vRealize Automation 7 – Part 1.1, Spotlight Overview and Demo

As a follow up to the vRealize Automation 7 – Part 1, What’s New – Spotlight Features, I have just published a YouTube video that walks through vRA 7.0’s Spotlights and jumps into an 18-minute demo that dives a little deeper in each feature…

  • Logging in, Service Catalog, Overview
  • VMware Identity Manager (vIDM) – Federated Identity Management
  • Converged Blueprints – Unified Service Design
    • App Authoring
    • NSX Networking
  • Event Broker

The video below has been published in VMware Cloud Management’s YouTube channel. Be sure to subscribe to the vRealize Automation Playlist!

 

This is the complete 35-min video (demo starts at 17:30). I will publish just the demo portion as a separate video shortly.

 

++++
@virtualjad…