A network profile defines a group of networks and network settings that are available for that cloud account in that region. Based on tag matching, one or more networks in one or more matched network profiles is available for use when a blueprint is deployed.

The network and security settings that are defined in the matched network profile are also applied when the blueprint is deployed.

A network profile is more than just a group of subnets, it defines the networking options and capabilities that are made available to deployed machines based on the network tags in their component YAML.

You typically define network profiles to support a target deployment environment, for example a small test environment in which an existing network has outbound access only or a large load-balanced production environment that requires a particular set of security policies within a particular IP range. Think of a network profile as a collection of workload-specific network characteristics.

When you deploy a blueprint, constraint tags in a blueprint's network components are matched to network tags in network profiles. For network profiles that contain capability tags, the capability tags are applied to all networks that are available for that profile.

Tag matching does not require that network profiles contain capability tags. For network profiles that do not contain capability tags, tag matching occurs on the network tags only. The network profiles that contain tag-matched networks, or matched subnets for Amazon Web Services and Microsoft Azure, are considered matched network profiles.

A network profile contains the following types of information. While some settings are optional, in a practical production environment they all play an important role.

  • Capability tags

    Capability tags are applied to all networks in the network profile, but only when the networks are used as part of that network profile. Capability tags are an optional grouping and naming tool for network profiles.

  • Networks

    Networks, or subnets if you are using Amazon Web Services or Microsoft Azure cloud accounts, are logical subdivisions of an IP network. A network groups a cloud account, IP address or range, and network tags to control how and where to provision a blueprint deployment. Network parameters in the profile define how machines in the deployment can communicate with one another over IP layer 3.

    Network tags apply to every instance of the network they have been added to, for all network profiles that contain that network. Networks can be instanced into any number of network profiles. Regardless of network profile residency, a network tag is associated with that network wherever the network is used.

  • Network policies

    A network component in a blueprint can be defined, by using its networkType setting, as either existing, public, private, or outbound.

    Depending on the associated cloud account, you can use network policies to define settings for on-demand networks for the outbound and private network types.

    • Do not create an on-demand network

      This network profile can't be used for blueprints that contain the outbound and private network types.

    • Create an on-demand network

      The specified network or subnet names and sizes for the specified network domain are used for the on-demand networks that are created for matched blueprints that contain the outbound and private network types.

    • Create an on-demand security group

      Requires an on-demand security group for the on-demand networks that are created for matched blueprints that contain the outbound and private network types.

      Security groups are applied to all machines in the deployment.