One of the hottest topics in the world of software-defined everything is unequivocally NSX. This rocketship of a technology is fundamentally changing datacenter design — much like vSphere so effectively did (except at a greater pace). NSX redefines how networks are built, consumed, and managed. Even more importantly, security no longer has to be compromised due to the the prohibitive cost of per-application policies. And best of all, this all done with software. That’s a good thing since we’re at the start of a software-defined revolution, quickly breaking out of our hardware-defined chains.

I can go on and on, but this post isn’t about how awesome NSX is…not entirely anyway.

Making Awesome…Awesomer

So how do we take awesome up another notch? Easy…automate it (i’m sure you figured I’d say that). And not just automate in the “I’ll run a fancy custom script or workflow as soon as the request hits my desk”. While that’s neat — and congrats on putting in all the work for building those static processes (also, good luck handing those proprietary scripts over to the next admin when LinkedIn recruiters finally land you) — that’s not what I’m referring to. Automation in that sense has been around for decades and traditionally misses two of the worst choke points in IT — People and Process. People like to control things. [Legacy] processes are inefficient and outdated. Automation in the software-defined world is effective only when infrastructure just happens. This is where vRealize Automation (vRA) takes center stage.

In the software-defined world, infrastructure is defined by policy based on a set of requirements — business, IT, applications, security, whatever. That policy is tied to a set of logic that makes stuff happen as needed, when needed. For its part in the SDDC stack, vRA ties policy to services using a variety of configuration elements. At request time, policies can invoke (through automation) governance, workflows, app-centric services, and integration with external systems through extensibility. The policy simplifies management of the deployed applications or services throughout their lifecycle…up until decommissioning, where vRA can undo the entire stack (now ask yourself — how many dormant ACL’s exist in your firewalls?). Along the way, vRA provides total transparency, greater controls, and deeper integrations into external systems. While automation may sound scary to those who love control, vRA ensures those folks can sleep at night, especially when combined with the greater vRealize suite. What it can’t do is recommend something to fill all resulting free time.

Where Does NSX Come In?

You’ve probably heard at least some commotion around vRealize Automation and NSX being #BetterTogether by now. This is more than a VMware marketing campaign…vRA 7.x delivered significant enhancements, including several industry-firsts. The Converged Blueprint Designer (CBP) redefines how applications and services are authored, incorporating the full IT services stack using a unified drag-and-drop canvas. NSX has become a first-class citizen of vRA to provide application-centric networking and security through deep integration between the two products. Check out the video below to see Unified Service Authoring with NSX in action…

Behind the Scenes

To pull this off, VMware’s Networking and Security Business Unit (NSBU) and Cloud Management Business Unit (CMBU) worked closely together to better understand target use cases and key capabilities of each respective product (among several other things). Then they got to work. Integration had to be more than leveraging vRA’s extensibility engine, more than an XaaS story, more than a facade. To deliver this vision, NSX needed to be a native extension of vRA, enabling it with a single checkbox and access info…

Adding NSX Manager to vSphere Endpoint
   Adding NSX Manager to vSphere Endpoint

Once added, an inventory is kicked off, returning all the configurations and services available for vRA’s consumption. These details are incorporated into vRA’s Reservation model and bound to Network Profiles. vRA also become natively aware of VXLAN Transports, DLRs, Security Groups, and Logical Networks…in addition to all traditional or logical networks available to endpoint…

vRealize Automation Reservations with NSX Services
   vRealize Automation Reservations with NSX Services

The Converged Blueprint Designer is where the rest of the magic happens — an intuitive drag-and-drop interface that brings all the pieces together, readying any application to consume existing NSX services or dynamically provision them on-demand at request time. Seriously, watch the video. It’s beautiful…

vRealize Automation Converged Blueprint with NSX Components
   vRealize Automation Converged Blueprint with NSX Components

To be perfectly clear, the integration work was started (and delivered) in previous versions of both products, but made a massive leap in the latest releases (vRA 7.x, NSX 6.2.x). The result is what you see today — vRA delivering deep integration and automation of the vast majority of NSX’s software-defined services, built and deployed around applications, and bound to the policies that keep IT and the business happy. vRealize Automation and NSX together converge the benefits of both platforms to help bridge the gap between legacy IT and the software-defined datacenter. Together, infrastructure just happens.

Want More? Get the Technical Deep-Dive

As I mentioned in the opening, the craving for vRealize Automation and NSX is immense…and there is so much more to discuss. This topic is one of top requests for briefs, demos, training, talks, VMUG’s, and — coming soon — VMworld. The content has been a work in progress, but I finally published and recorded the first version vRA (7) + NSX Technical Deep-Dive deck (recording below). The presentation gets into the weeds of vRA and NSX working together to deliver the goods. It incorporates some of the content my NSBU counterparts have delivered in the past (ton’s of credit) while focusing on the new capabilities uniquely delivered by vRA 7. Give it a go if you’ve got ~50mins to spare.