Networking Design of vRealize Automation for Consolidated SDDC

As part of this design, use the application virtual network configuration to connect the vRealize Automation with the other management solutions in the SDDC. Use the load balancer in the cross-region application virtual network for high availability and request balancing of the vRealize Automation components.

This design uses NSX logical switches to abstract the vRealize Automation application and its supporting services. You can place the application in any region regardless of the underlying physical infrastructure such as network subnets, compute hardware, or storage types.

Application Virtual Networks

The vRealize Automation appliance and main IaaS components are installed in the cross-region shared application virtual network and the vSphere proxy agent nodes are installed in their region-specific shared application virtual networks.

This networking design has the following features:

The vRealize Automation appliance and IaaS nodes are on the same network because they can be failed over between regions after scaling out to a multi-region design. vRealize Automation and vRealize Business also share this network.
All nodes have routed access to the vSphere management network through the NSX Universal Distributed Logical Router.
Routing to the vSphere management network and other external networks is dynamic and is based on the Border Gateway Protocol (BGP).

For more information about the networking configuration of the application virtual network, see Virtualization Network Design for Consolidated SDDC and NSX Design for Consolidated SDDC.

Table 1. Design Decisions on the Application Virtual Network for vRealize Automation
Decision ID	Design Decision	Design Justification	Design Implication
CSDDC-CMP-008	Place the following components of vRealize Automation on the existing cross-region application virtual network: vRealize Automation appliance IaaS Web Server IaaS Manager virtual machine running DEM Orchestrator, IaaS Proxy Agent and DEM Worker	Provides a consistent deployment model for management applications and ensures that growth to a dual-region design is supported.	You must use an implementation in NSX to support this network configuration.

Load Balancer Configuration

By using session persistence on the load balancer, the same server can serve all requests after a session is established with that server. The session persistence is enabled on the load balancer to direct subsequent requests from each unique session to the same vRealize Automation server in the load balancer pool.

The load balancer also handles failover for the IaaS Manager Service because only one Manager Service is active at one time. The Manager Service can operate with the use of session persistence.

Consider the following load balancer characteristics for vRealize Automation.

Table 2. Specification of the Load Balancer Application Profiles
Server Role	Type	Enable SSL Pass-Through	Persistence	Expires in (Seconds)
vRealize Automation - Persistence	HTTPS (443)	Enabled	Source IP	1800
vRealize Automation	HTTPS (443)	Enabled	-	-

Table 3. Specification of the Load Balancer Service Monitoring
Monitor	Interval	Timeout	Max Retries	Type	Expected	Method	URL	Receive
vRealize Automation Appliance	3	10	3	HTTPS	204	GET	/vcac/services/api/health
vRealize Automation IaaS Web	3	10	3	HTTPS		GET	/wapi/api/status/web	REGISTERED
vRealize Automation IaaS Manager	3	10	3	HTTPS		GET	/VMPSProvision	ProvisionService
vRealize Orchestrator	3	10	3	HTTPS		GET	/vco-controlcenter/docs

Table 4. Specification of the Load Balancer Pools
Server Role	Algorithm	Monitor	Members	Port	Monitor Port
vRealize Automation Appliance	Round Robin	vRealize Automation Appliance monitor	vRealize Automation Appliance nodes	443
vRealize Automation Remote Console Proxy	Round Robin	vRealize Automation Appliance monitor	vRealize Automation Appliance nodes	8444	443
vRealize Automation IaaS Web	Round Robin	vRealize Automation IaaS Web monitor	IaaS web nodes	443
vRealize Automation IaaS Manager	Round Robin	vRealize Automation IaaS Manager monitor	IaaS Manager nodes	443
vRealize Automation Appliance	Round Robin	Embedded vRealize Automation Orchestrator Control Center monitor	vRealize Automation Appliance nodes	8283

Table 5. Specification of the Load Balancer Virtual Servers
Protocol	Port	Default Pool	Application Profile
HTTPS	443	vRealize Automation Appliance Pool	vRealize Automation - Persistence Profile
HTTPS	443	vRealize Automation IaaS Web Pool	vRealize Automation - Persistence Profile
HTTPS	443	vRealize Automation IaaS Manager Pool	vRealize Automation Profile
HTTPS	8283	Embedded vRealize Orchestrator Control Center Pool	vRealize Automation - Persistence Profile
HTTPS	8444	vRealize Automation Remote Console Proxy Pool	vRealize Automation - Persistence Profile

Table 6. Design Decisions on Load Balancing vRealize Automation
Decision ID	Design Decision	Design Justification	Design Implication
CSDDC-CMP-009	Set up an NSX edge device for load balancing the vRealize Automation services.	Enabling this design with a load balancer allows for a future expansion of the CMP with application-level HA.	Additional configuration is required to configure the load balancers
CSDDC-CMP-010	Configure the load balancer for vRealize Automation Server Appliance, Remote Console Proxy, and IaaS Web to use Round-Robin algorithm with Source-IP based persistence with a 1800 second timeout.	Round-robin provides a good balance of clients between both appliances, while the Source-IP persistence mode ensures that individual clients remain connected to the same appliance. 1800-second timeout aligns with the vRealize Automation Appliance Server sessions timeout value. Sessions that transfer to a different vRealize Automation Appliance might result in a poor user experience.	None
CSDDC-CMP-011	Configure the load balancer for vRealize IaaS Manager Service to use Round-Robin algorithm without persistence.	The Manager Service does not need session persistence.	None