vRA and NSX – Using Baseline Security Groups

vRA and NSX came together back when vRA (a.k.a. vCAC) 6.0 was released, just as VMware was transitioning from vCNS to NSX. In vRA 6.x, inventory-collected security groups must be selected (checked) per Reservation prior to being available for consumption by a multi-machine blueprint (and only MMBP’s support NSX in vRA 6.x). As I’ve highlighted several times before, the latest release of vRealize Automation (7.x) delivers deeper integrations with NSX and unified service authoring capabilities to make delivering application-centric networks the new norm. See this post for how vRA and NSX are better together…I won’t repeat those details here.

With vRA 7’s deeper integration and broader use cases, one hugely powerful feature is the ability to incorporate one or more NSX Security Groups — either Pre-Existing or On-Demand — into your service design using the new Converged Blueprint Designer (CBP). You simply drag-and-drop the security group right on to the unified canvas and bind it to the desired machine components…

vra-cbp-nsx-sg

nsx security groups in vra

As a result, the provisioned machines are automatically added to the security group (Existing Security Group) or a new security group is dynamically created and bound to an existing security policy at request (On-Demand Security Group).…

vRealize Automation and NSX – Better Together

One of the hottest topics in the world of software-defined everything is unequivocally NSX. This rocketship of a technology is fundamentally changing datacenter design — much like vSphere so effectively did (except at a greater pace). NSX redefines how networks are built, consumed, and managed. Even more importantly, security no longer has to be compromised due to the the prohibitive cost of per-application policies. And best of all, this all done with software. That’s a good thing since we’re at the start of a software-defined revolution, quickly breaking out of our hardware-defined chains.

I can go on and on, but this post isn’t about how awesome NSX is…not entirely anyway.

Making Awesome…Awesomer

So how do we take awesome up another notch? Easy…automate it (i’m sure you figured I’d say that). And not just automate in the “I’ll run a fancy custom script or workflow as soon as the request hits my desk”. While that’s neat — and congrats on putting in all the work for building those static processes (also, good luck handing those proprietary scripts over to the next admin when LinkedIn recruiters finally land you) — that’s not what I’m referring to. Automation in that sense has been around for decades and traditionally misses two of the worst choke points in IT — People and Process.…