VMware vRealize Automation - 6.2 User’s Manual

IaaS Integration for MultiMachine Services

vRealize Automation 6.2

IaaS Integration for Multi-Machine Services

You can find the most up-to-date technical documentation on the VMware website at:

https://docs.vmware.com/

If you have comments about this documentation, submit your feedback to

docfeedback@vmware.com

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

VMware, Inc. 2

IaaS Integration for Multi-Machine Services 5

Updated Information 6

Using the Goal Navigator 6

Introduction to Multi-Machine Services 8

Multi-Machine Service Concepts 8

Multi-Machine Service Life Cycle 9

Comparing Multi-Machine Services and vApps 10

Configuring IaaS for Multi-Machine Services Checklist 10

Configuring Network and Security Integration 12

Configuring vRealize Orchestrator Endpoints 13

Create a vRealize Orchestrator Endpoint 13

Create a vSphere Endpoint for Networking and Security Virtualization 15

Run the Enable Security Policy Support for Overlapping Subnets Workflow in

vRealize Orchestrator 16

Creating a Network Profile 17

Create an External Network Profile 18

Create a Private Network Profile 20

Create a NAT Network Profile 22

Create a Routed Network Profile 24

Configuring a Reservation for Network and Security Virtualization 26

Create a Reservation 27

VMware, Inc.

Optional Configurations for Multi-Machine Services 30

Cost Information for Multi-Machine Services 30

Cost Calculation for Multi-Machine Services 30

How Cost Is Displayed 31

Creating Multi-Machine Blueprints 33

Specifying Scripts for Multi-Machine Service Provisioning 33

Specifying Custom Properties for Multi-Machine Services 34

Blueprint Action Settings for Multi-Machine Services 35

Create a Multi-Machine Blueprint 36

Specify Blueprint Information for a Multi-Machine Blueprint 36

Specify Build Information for a Multi-Machine Blueprint 37

Specify Network Information for a Multi-Machine Blueprint 38

Specify Scripting Information for a Multi-Machine Blueprint 39

IaaS Integration for Multi-Machine Services

Add Multi-Machine Blueprint Custom Properties 39

Specify Actions for Multi-Machine Blueprints 40

Publish a Blueprint 41

Configuring Multi-Machine Blueprints for Network and Security Virtualization 42

Adding Network Profiles to a Multi-Machine Blueprint 43

Add a Private Network Profile to a Multi-Machine Blueprint 43

Add a Routed Network Profile to a Multi-Machine Blueprint 44

Add a NAT Network Profile to a Multi-Machine Blueprint 45

Configure Network Adapters for Component Machines 47

Configure Load Balancers for Component Machines 48

Applying Security on a Component Machine 49

Specify Security Policy, Groups, and Tags for Component Machines 50

Configure Reservations for Routed Gateways 52

Enable App Isolation for Component Machines 52

Managing Multi-Machine Services 55

Editing Multi-Machine Blueprints 55

Monitoring Workflows and Viewing Logs 55

Troubleshooting a Partially Successful Multi-Machine Deployment Message 56

VMware, Inc. 4

IaaS Integration for Multi-Machine Services

IaaS Integration for Multi-Machine Services describes how to integrate multi-machine services in an

existing VMware vRealize Automation deployment.

This documentation is intended to be used with the following prerequisite guides:

IaaS Configuration for Virtual Platforms

IaaS Configuration for Cloud Platforms

IaaS Configuration for Physical Machines

After the Infrastructure as a Service (IaaS) is set up for a relevant machine type, this documentation

guides you through the following processes:

Preparing for provisioning

Creating and configuring multi-machine blueprints

Configuring component machines for network and security virtualization

All of the IaaS configuration tasks that should be completed before machine provisioning are included in

this document and its prerequisite guides. For information about managing provisioned machines, see

Tenant Administration.

Note Not all features and capabilities of vRealize Automation are available in all editions. For a

comparison of feature sets in each edition, see https://www.vmware.com/products/vrealize-automation/.

Intended Audience

This information is intended for IaaS administrators, tenant administrators and business group managers,

and fabric administrators who want to integrate multi-machine services and network and security

virtualization into their vRealize Automation deployment. It is written for experienced Windows or Linux

system administrators who are familiar with virtualization technology and the basic concepts described in

Foundations and Concepts.

VMware, Inc.

IaaS Integration for Multi-Machine Services

VMware Technical Publications Glossary

VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For

definitions of terms as they are used in VMware technical documentation, go to

http://www.vmware.com/support/pubs.

Updated Information

This IaaS Integration for Multi-Machine Services is updated with each release of the product or when

necessary.

This table provides the update history of the IaaS Integration for Multi-Machine Services.

Revision Description

001642-03 Added Troubleshooting a Partially Successful Multi-Machine Deployment Message.

001642-02 Updated Enable App Isolation for Component Machines and Chapter 2 Configuring Network and Security Integration

to include information about load balancing and app isolation.

001642-01

001642-00 Initial 6.2 release.

Updated Configure Routed Network Profile IP Ranges.

Removed an erroneous statement about archive periods from Chapter 4 Creating Multi-Machine Blueprints.

Updated Specifying Scripts for Multi-Machine Service Provisioning.

Using the Goal Navigator

The goal navigator guides you through high-level goals that you might want to accomplish in

vRealize Automation.

The goals you can achieve depend on your role. To complete each goal, you must complete a sequence

of steps that are presented on separate pages in the vRealize Automation console.

The goal navigator can answer the following questions:

Where do I start?

What are all the steps I need to complete to achieve a goal?

What are the prerequisites for completing a particular task?

Why do I need to do this step and how does this step help me achieve my goal?

The goal navigator is hidden by default. You can expand the goal navigator by clicking the icon on the left

side of the screen.

After you select a goal, you navigate between the pages needed to accomplish the goal by clicking each

step. The goal navigator does not validate that you completed a step, or force you to complete steps in a

particular order. The steps are listed in the recommended sequence. You can return to each goal as many

times as needed.

VMware, Inc. 6

IaaS Integration for Multi-Machine Services

For each step, the goal navigator provides a description of the task you need to perform on the

corresponding page. The goal navigator does not provide detailed information such as how to complete

the forms on a page. You can hide the page information or move it to a more convenient position on the

page. If you hide the page information, you can display it again by clicking the information icon on the

goal navigator panel.

VMware, Inc. 7

Introduction to Multi-Machine

Services 1

With the multi-machine services feature of vRealize Automation, users can provision multi-machine

services, and their component machines, in a virtual datacenter based on existing templates.

Multi-machine services are compound services composed of multiple machines that can be provisioned

and managed with vRealize Automation as a single entity.

For example, in a tiered application deployment, you might have multiple database servers, application

servers, and Web servers. In addition to creating blueprints for each of the server types, you can also

create a multi-machine blueprint that includes all of the machines needed for the entire application

deployment. Users can then provision the multi-machine service and perform actions, such as rebooting,

on all of the component machines with a single action.

This chapter includes the following topics:

Multi-Machine Service Concepts

Multi-Machine Service Life Cycle

Comparing Multi-Machine Services and vApps

Configuring IaaS for Multi-Machine Services Checklist

Multi-Machine Service Concepts

Multi-machine services are containers for their component machines. Component machines can be

virtual, physical, or cloud, or any combination of the three.

The following characteristics describe multi-machine services in vRealize Automation:

They are defined by a blueprint that references one or more component blueprints.

They can have a lease duration associated with them.

They are not counted as a machine in reports or licensing but their component machines are counted.

Requests can be made subject to approval.

Many machine operations, such as reboot, can be performed on the multi-machine service as a

whole. The requested action is performed on all of the components in the service.

Some blueprint types, such as vCloud Director blueprints, cannot be added as components of a multi-

machine blueprint.

VMware, Inc.

IaaS Integration for Multi-Machine Services

These concepts apply to multi-machine services in vRealize Automation.

Component Blueprint

A machine blueprint that is part of a multi-machine service. A component

blueprint is referenced by a multi-machine blueprint. You can also use it to

request standalone machines that are not part of a multi-machine service.

Component Machine

A machine that is managed as part of a multi-machine service. A multi-

machine service might include several component machines.

Multi-machine Blueprint

Multi-machine Service

A blueprint that defines a multi-machine service.

A compound service composed of multiple machines that

vRealize Automation can provision and manage as a single entity.

For more information about the core concepts, see Foundations and Concepts.

Multi-Machine Service Life Cycle

Multi-machine services follow the same general life cycle as individual machines, from requesting and

provisioning through managing and decommissioning.

A multi-machine blueprint contains references to blueprints for the component machines. For each

component blueprint, it specifies the minimum and maximum number of machines for the multi-machine

service.

A multi-machine blueprint can specify scripts, or workflows, to run during the provisioning process or

when powering the multi-machine service on or off. Distributed Execution Manager worker services or

agents, not the component machines, run the scripts.

When users request a multi-machine service, they can specify the following settings:

How many component machines to provision, based on limits specified in the multi-machine blueprint

Specifications for the component machines, such as CPU, memory, and storage, based on the

individual component blueprints

General settings, such as lease duration and custom properties, to be applied to component

machines in the multi-machine service

Before provisioning the multi-machine service, vRealize Automation allocates resources for all of the

component machines. If the multi-machine service causes a reservation to become over-allocated, its

provisioning fails. After the resources are allocated, the component machines are provisioned and

powered on.

After the multi-machine service is provisioned, the machine owner can perform machine menu tasks on

the multi-machine service as a whole, such as powering the multi-machine service off and on, or

destroying the multi-machine service and its component machines.

If the multi-machine blueprint allows for a varying number of machines for any component type, the

machine owner can add or delete machines from the multi-machine service after it is provisioned.

VMware, Inc. 9

IaaS Integration for Multi-Machine Services

The machine owner can view the components that make up a multi-machine service and manage them

as a group or individually. Most machine operations are available for individual component machines,

except for changing the owner or lease.

These operations are inclusive to the multi-machine service and modify the group as a whole. Conversely,

some actions are inclusive to the individual components, such as suspending, redeploying, and

connecting using Microsoft Remote Desktop Protocol or VMware Remote Console.

Comparing Multi-Machine Services and vApps

You can use vRealize Automation multi-machine services or vApps to group component machines.

Table 1‑1. Comparison of Multi-Machine Service and vApp (vCloud) Features

vRealize Automation Multi-Machine Service vApp (vCloud)

Create a multi-machine blueprint that references individual

machine blueprints in vRealize Automation.

Provision machines of any type (virtual, physical, or cloud) as

part of a service.

Use vRealize Automation to manage component machines of a

multi-machine service.

Application-specific networks can be defined in a multi-machine

blueprint for vCloud Networking and Security and NSX.

Component machines can be added or removed after initial

provisioning.

vRealize Automation defines startup and shutdown order. The vApp template defines startup and shutdown order.

Use existing vApp templates created in vCloud Director or

vCloud Air.

Provision virtual machines from vCloud Director or vCloud Air.

Use vCloud Director or vCloud Air to manage vApp machines.

Application-specific networks are defined in a vApp.

Component machines cannot be added or removed after initial

provisioning.

For both, access to the component portal for Microsoft Remote Desktop Protocol, Virtual Network

Computing, and SSH depends on the guest and console and the endpoint.

Conﬁguring IaaS for Multi-Machine Services Checklist

IaaS administrators, tenant administrators or business group managers, and fabric administrators perform

required and optional configurations to implement multi-machine services in vRealize Automation.

For information about how to create the necessary network profiles, fabric groups, business groups,

reservation policies, and machine endpoints, see the following documents:

IaaS Configuration for Virtual Platforms

IaaS Configuration for Cloud Platforms

IaaS Configuration for Physical Machines

The following high-level checklist shows the tasks required to integrate multi-machine services into an

existing vRealize Automation deployment.

VMware, Inc. 10

IaaS Integration for Multi-Machine Services

Table 1‑2. Conﬁguring IaaS for multi-machine services checklist

Task Required Role

Configure vRealize Automation workflows to call vRealize Orchestrator workflows.

See Create a vRealize Orchestrator Endpoint.

Create a vSphere endpoint to allow vRealize Automation to interact with a

vCloud Networking and Security or NSX instance.

See Create a vSphere Endpoint for Networking and Security Virtualization.

Create network profiles.

To use the vCloud Networking and Security or NSX endpoint you must create a routed network

profile.

See Creating a Network Profile.

Create a reservation to assign networks and security groups.

See Create a Reservation.

Depending on your customization needs, you can configure scripts, custom properties, and

actions for the multi-machine service.

See Chapter 4 Creating Multi-Machine Blueprints.

Create multi-machine blueprints.

See Create a Multi-Machine Blueprint.

Configure multi-machine blueprints to provision to virtualized networks based on the

vCloud Networking and Security or NSX platform.

See Chapter 5 Configuring Multi-Machine Blueprints for Network and Security Virtualization.

Outside of vRealize Automation

IaaS administrator

Fabric administrator

IaaS administrator

Tenant administrator

Business group manager

Tenant administrator

Business group manager

Tenant administrator

Business group manager

Publish multi-machine blueprints.

See Publish a Blueprint.

Tenant administrator

Business group manager

Before users can request machines, a tenant administrator must configure the service catalog. See

Tenant Administration.

VMware, Inc. 11

Conﬁguring Network and

Security Integration 2

vRealize Automation supports virtualized networks based on the vCloud Networking and Security and

NSX platforms. Network and security virtualization allows virtual machines to communicate with each

other over physical and virtual networks securely and efficiently.

To integrate network and security with vRealize Automation an IaaS administrator must install the

vCloud Networking and Security or NSX plug-ins in vRealize Orchestrator and create

vRealize Orchestrator and vSphere endpoints.

A fabric administrator can create network profiles that specify network settings in reservations and

blueprints. External network profiles define existing physical networks. NAT, routed, and private network

profiles are templates for configuring network interfaces when you provision virtual machines, and for

configuring NSX Edge devices created when you provision multi-machines.

Note When deploying a multi-machine that uses both an NSX Edge load balancer and app isolation, the

dynamically provisioned load balancer is not added to the security group with the other multi-machine

blueprint components. This prevents the load balancer from communicating with the machines for which it

is meant to handle connections. Because Edges are excluded from the NSX distributed firewall, they

cannot be added to security groups. To allow load balancing to function properly, use another security

group or security policy that allows the required traffic into the component VMs for load balancing.

A tenant administrator or business group manager can configure network adapters, load balancing, and

security for all components provisioned from a multi-machine blueprint that uses a routed network profile.

A tenant administrator or business group manager can use the templates to define multi-machine service

networks. In a multi-machine blueprint, you can configure network adapters and load balancing for all

components provisioned from that multi-machine blueprint.

In the multi-machine blueprint, you can select a transport zone that identifies the vSphere endpoint. A

transport zone specifies the hosts and clusters that can be associated with logical switches created within

the zone. A transport zone can span multiple vSphere clusters. The multi-machine blueprint and the

reservations used in the provisioning must have the same transport zone setting. Transport zones are

defined in the NSX and vCloud Networking and Security environments. See NSX Administration Guide.

Configuring vRealize Orchestrator Endpoints

If you are using vRealize Automation workflows to call vRealize Orchestrator workflows, you must

configure the vRealize Orchestrator instance or server as an endpoint.

VMware, Inc.

IaaS Integration for Multi-Machine Services

Create a vSphere Endpoint for Networking and Security Virtualization

An IaaS administrator creates an instance of a vSphere endpoint to allow vRealize Automation to

interact with a vCloud Networking and Security or NSX instance.

Run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator

Before you use the NSX security policy features from vRealize Automation, an administrator must

run the Enable security policy support for overlapping subnets workflow in vRealize Orchestrator.

Creating a Network Profile

A fabric administrator creates external network profiles and templates for network address

translation (NAT), routed, and private network profiles.

Configuring a Reservation for Network and Security Virtualization

An IaaS administrator can use a reservation to assign external networks and routed gateways to

network profiles for basic and multi-machine networks, specify the transport zone, and assign

security groups to multi-machine components.

Conﬁguring vRealize Orchestrator Endpoints

If you are using vRealize Automation workflows to call vRealize Orchestrator workflows, you must

configure the vRealize Orchestrator instance or server as an endpoint.

You can associate a vRealize Orchestrator endpoint with a multi-machine blueprint to make sure that all

of the vRealize Orchestrator workflows for machines provisioned from that blueprint are run using that

endpoint.

vRealize Automation by default includes an embedded vRealize Orchestrator instance. It is

recommended that you use this as your vRealize Orchestrator endpoint for running vRealize Automation

workflows in a test environment or creating a proof of concept . For more information about managing the

embedded vRealize Orchestrator instance, see Advanced Service Design.

You can also install a plug-in on an external vRealize Orchestrator server.

It is recommended that you use this vRealize Orchestrator endpoint for running vRealize Automation

workflows in a production environment.

To install the plug-in, see the README available with the plug-in installer file from the VMware product

download site at http://vmware.com/web/vmware/downloads under the vCloud Networking and Security

or NSX links.

Create a vRealize Orchestrator Endpoint

vRealize Automation uses vRealize Orchestrator endpoints to run network and security-related workflows.

You can configure multiple endpoints to connect to different vRealize Orchestrator servers. Each endpoint

must have a priority.

When executing vRealize Orchestrator workflows, vRealize Automation tries the highest priority

vRealize Orchestrator endpoint first. If that endpoint is not reachable, then it proceeds to try the next

highest priority endpoint until a vRealize Orchestrator server is available to run the workflow.

VMware, Inc. 13

IaaS Integration for Multi-Machine Services

Prerequisites

Verify that the NSX plug-in is installed in vRealize Orchestrator.

The installation instruction is available in a README file from the VMware product download site at

http://vmware.com/web/vmware/downloads under the VMware NSX or

VMware vCloud Networking and Security links.

Procedure

1 Select Infrastructure > Endpoints > Endpoints.

2 Select New Endpoint > Orchestration > vCenter Orchestrator.

3 Enter a name and, optionally, a description.

4 Type a URL with the fully qualified name or IP address of the vRealize Orchestrator server and the

vRealize Orchestrator port number.

The format depends on the version of the vRealize Orchestrator server.

vRealize Orchestrator version URL format

5.1 https://hostname:port

5.5 https://hostname:port/vco

The transport protocol must be HTTPS. If no port is specified, the default port 8281 is used.

To use the default vRealize Orchestrator instance embedded in the vRealize Appliance, type

https://vrealize-automation-appliance-hostname:8281/vco.

5 Specify the credentials to use to connect to this endpoint.

a Click the ellipsis next to the Credentials field.

b Select an existing credential from the list or click New Credentials to provide your

vRealize Orchestrator credentials.

The credentials you use should have Execute permissions for any vRealize Orchestrator

workflows to call from IaaS.

To use the default vRealize Orchestrator instance embedded in the vRealize Appliance, the user

name is administrator@vsphere.local and the password is the administrator password that

was specified when configuring SSO.

6 Specify the endpoint priority.

a Click New Property.

b Type VMware.VCenterOrchestrator.Priority in the Name text box.

The property name is case sensitive.

VMware, Inc. 14

IaaS Integration for Multi-Machine Services

c Type an integer greater than or equal to 1 in the Value text box.

Lower value means higher priority.

Click the Save icon ( ).

7 Click OK.

8 From the Endpoints column, point to the vRealize Orchestrator endpoint and click Data Collection

from the drop-down menu.

The data collection process takes 2-3 minutes to check whether the associated NSX plug-in is

installed on this endpoint.

9 Verify that you receive a status message that confirms the data collection process for the

vRealize Orchestrator endpoint is successful.

What to do next

Create a networking solution endpoint. See Create a vSphere Endpoint for Networking and Security

Virtualization.

Create a vSphere Endpoint for Networking and Security Virtualization

An IaaS administrator creates an instance of a vSphere endpoint to allow vRealize Automation to interact

with a vCloud Networking and Security or NSX instance.

For a vSphere endpoint in vRealize Automation, all of the NSX related networking operations for that

endpoint must be completed on the same vRealize Orchestrator server.

You can optimize this solution for audit and troubleshooting by creating a service account on vSphere and

vCloud Networking and Security or NSX so that a clear audit trail can be traced back to

vRealize Automation.

Prerequisites

Verify that a system administrator installed a vCloud Networking and Security or NSX instance, and

that it is accessible.

Verify that an IaaS administrator created a vSphere endpoint. The vSphere server targeted by the

endpoint must be configured to communicate with the vCloud Networking and Security or NSX

instance.

Verify that an IaaS administrator created credentials for the vCloud Networking and Security or NSX

management console to be used as the endpoint. These credentials can be the same ones used for

logging in to vSphere.

Procedure

1 Select Infrastructure > Endpoints > Endpoints.

VMware, Inc. 15

IaaS Integration for Multi-Machine Services

2 Locate a vSphere endpoint and click Edit in the drop-down menu.

3 Select the Specify manager for network and security platform check box to implement networking

and security virtualization.

4 Type the URI for the management console of the vCloud Networking and Security or NSX instance in

the Address text box to register the instance to the vSphere endpoint.

The URL must be of the type: https://hostname or https://IP_address.

For example, https://vCNSa.

5 Click the Credentials text box and select the necessary credentials.

6 Click OK.

7 Select Infrastructure > Compute Resources > Compute Resources.

8 Point to the vSphere compute resource to configure data collection and click Data Collection from

the drop-down menu.

The data collection process synchronizes the vSphere and the vCloud Networking and Security or

NSX inventories to vRealize Automation. This process creates a vCloud Networking and Security or

NSX endpoint in vRealize Orchestrator that is used during data collection.

9 Verify that you receive a status message that confirms the data collection process for the

vRealize Orchestrator endpoint is successful.

What to do next

If you plan to use the NSX security policy features from vRealize Automation, you must run a workflow.

See Run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator.

Run the Enable Security Policy Support for Overlapping Subnets Workﬂow in vRealize Orchestrator

Before you use the NSX security policy features from vRealize Automation, an administrator must run the

Enable security policy support for overlapping subnets workflow in vRealize Orchestrator.

Security policy support for the overlapping subnets workflow is applicable to a VMware NSX 6.1 and later

endpoint. Run this workflow only once to enable this support.

Prerequisites

Verify that a vSphere endpoint is registered with an NSX endpoint.

Procedure

1 Select the Workflow tab to navigate through the library to the NSX > NSX workflows for VCAC

folder.

2 Run the Enable security policy support for overlapping subnets workflow.

VMware, Inc. 16

IaaS Integration for Multi-Machine Services

3 Select the NSX endpoint as the input parameter for the workflow.

Use the IP address you specified when you created the vSphere endpoint to register an NSX

instance.

After you run this workflow, the Distributed Firewall rules defined in the security policy are applied only on

the vNICs of the security group members to which this security policy is applied.

What to do next

Apply the applicable security features for the multi-machine blueprint.

Creating a Network Proﬁle

A fabric administrator creates external network profiles and templates for network address translation

(NAT), routed, and private network profiles.

Fabric administrators create network profiles to define existing, physical networks and networks for virtual

machines provisioned as part of multi-machine services. A network profile can define one of the types of

networks.

Table 2‑1. Available Network Types for a Network Proﬁle

Network Type Description

External networks Existing physical networks configured on the vSphere server. They are the external part of the NAT and routed

types of networks. An external network profile can define a range of static IP addresses available on the

external network. An external network profile with a static IP range is a prerequisite for NAT and routed

networks.

NAT virtual

networks

Routed virtual

networks

Private virtual

networks

Created during provisioning. They are networks that use one set of IP addresses for external communication

and another set for internal communications. With one-to-one NAT networks, every virtual machine is assigned

an external IP address from the external network profile and an internal IP address from the NAT network

profile. With one-to-many NAT networks, all machines share a single IP address from the external network

profile for external communication. A NAT network profile defines local and external networks that use a

translation table for mutual communication.

Created during provisioning. They represent a routable IP space divided across subnets that are linked

together with a routing table. Every new routed network has the next available subnet assigned to it and an

entry in the routing table to connect it to other routed networks that use the same network profile. The virtual

machines that are provisioned with routed networks that have the same routed network profile can

communicate with each other and the external network. A routed network profile defines a routable space and

available subnets.

Created during provisioning. They are internal networks that have no connection to external, public networks.

The virtual machines in a private network communicate only with each other. You can communicate with a

virtual machine in a private network with the VMware Remote Console option in vRealize Automation. A private

network profile defines an internal network, ranges of static IP addresses, and a range of DHCP addresses.

In general, vRealize Automation uses vSphere DHCP to assign IP addresses to the machines it

provisions, regardless of which provisioning method is used. When provisioning virtual machines by

cloning or using kickstart/autoYaST provisioning, however, the requesting machine owner can assign

static IP addresses from a predetermined range.

VMware, Inc. 17

IaaS Integration for Multi-Machine Services

Fabric administrators specify the ranges of IP addresses that can be used in network profiles. Each IP

address in the specified ranges allocated to a machine is reclaimed for reassignment when the machine

is destroyed and the ReclaimDestroyedStaticIPAddresses workflow runs.

A fabric administrator creates external network profiles and templates for NAT, private, and routed

network profiles on the Network Profiles page. A tenant administrator or business group manager creates

NAT, private, and routed network profiles in multi-machine blueprints for use in configuring network

adapters and load balancers for the multi-machine components.

Create an External Network Proﬁle

A fabric administrator can create an external network profile to define external network properties and a

range of static IP addresses.

Prerequisites

Procedure

1 Specify External Network Profile Information

The network profile information identifies the external network properties and specifies settings for

an existing network. An external network profile is a requirement of NAT and routed network profiles.

2 Configure External Network Profile IP Ranges

A fabric administrator can define zero (0) or more ranges of static IP addresses for use in

provisioning a network. An external network profile must have at least one static IP range for use

with routed and NAT network profiles.

Specify External Network Proﬁle Information

The network profile information identifies the external network properties and specifies settings for an

existing network. An external network profile is a requirement of NAT and routed network profiles.

Prerequisites

Verify that you have a gateway IP address.

Procedure

1 Select Infrastructure > Reservations > Network Profiles.

2 Select New Network Profile > External.

3 Enter a name and, optionally, a description.

4 Type a mask address in the Subnet mask text box.

For example, 255.255.0.0.

5 Type an IP address in the Gateway text box.

VMware, Inc. 18

+ 39 hidden pages

VMware vRealize Automation - 6.2 User’s Manual

Contents

IaaS Integration for Multi-Machine Services

Updated Information

Using the Goal Navigator

Multi-Machine Service Concepts

Multi-Machine Service Life Cycle

Comparing Multi-Machine Services and vApps

Create a vRealize Orchestrator Endpoint

Create a vSphere Endpoint for Networking and Security Virtualization

See Run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator.

1 Specify External Network Profile Information