VMware Aria Automation supports discovering networks and security groups from NSX Projects and VPCs which can be added to network profiles.
What are NSX Projects and VPCs and how are they used in VMware Aria Automation
In previous releases, VMware Aria Automation could only use NSX networks and security groups that are part of the /infra
branch included in the Default view of the NSX Manager UI. Starting with 8.18.1, VMware Aria Automation supports the discovery of networks and security groups included in all NSX Projects and Virtual Private Clouds (VPCs) configured in NSX Manager. These networks and security groups can be added to network profiles which can be selected for allocation to your cloud templates.
An NSX Project enables multi-tenancy for NSX network and security objects where each project is analogous to a tenant. A NSX VPC is an additional layer of tenancy that you can configure within an existing project. Both NSX Projects and VPCs are primarily configured and managed in NSX Manager by an administrator. For more information on NSX Projects and VPCs and how to add them in your NSX Manager environment, go to NSX Multi-tenancy.
VMware Aria Automation collects information about three types of NSX Project and VPC infrastructure objects:
- NSX Project segments
- NSX VPC subnets
- NSX Project and VPC groups
Within VMware Aria Automation segments and subnets are treated as networks, while groups are treated as security groups.
Modifying VPC subnets can have certain limitations in VMware Aria Automation depending on their IP configuration. Subnets with a manual IP configuration include CIDR routing which cannot be modified in VMware Aria Automation. However, you can still update the IP range of these subnets by clicking the Manage IP Ranges button. Subnets with an automatic IP configuration in NSX cannot be modified in VMware Aria Automation. You cannot create IP ranges of these subnets since the IPAM is managed by NSX and the Manage IP Ranges button is greyed out.
Information regarding segments and subnets is displayed under NSX Project/VPC column.
. Information regarding security groups is displayed under . If a given network or security group is part of an NSX Project or VPC, this information is displayed in theNetworks and security groups that are part of an NSX Project and/or VPC include three new custom properties.
Custom Property | Description |
---|---|
NsxProjectAndVpc |
The names of the NSX Project and, if applicable for the specific network or security group, NSX VPC. |
NsxProjectId |
The ID of the NSX Project. |
NsxVpcId |
The ID of the NSX VPC. |
Allocation logic for Network Interface Controllers (NICs)
VMware Aria Automation allocation logic prioritizes security groups based on the hierarchy of the networks to which the NIC or NICs are connected. The highest priority is given to /infra
level segments, followed by Project segments, and finally VPC subnets. /infra
level security groups are always prioritized if available. However, if the deployment selects security groups from either NSX Projects or VPCs, certain limitations apply. If a NSX Project security group is selected, for example, all NICs assigned to this security group must land on segments in this specific NSX Project or subnets in the VPC or VPCs included under the NSX Project. If a VPC security group is selected, all NICs assigned to this security group can only land on subnets in this specific VPC. If you select multiple security groups in a network profile, only those that follow this allocation logic are selected for the NIC based on the network selection.
Operation: 'Update.Network': Unable to find a valid subnet for network 'Network_Name_' of type 'EXISTING' with constraints '[{"tag":"public:subnetType"},{"tag":"DEV-VPC:vpc"}]' in network profile 'NetP'. Filtered subnets [DEV-VPC-PUBLIC-SUB] NSX projects [DEV-PRO / DEV-VPC] are not compatible with NSX projects [DEV-PRO / DEV-VPC1, DEV-PRO] of security groups [DEV-VPC1-GRP1, DEV-PROJ-GRP].