vRealize Automation supports virtualized networks based on the vCloud Networking and Security and NSX platforms. Network and security virtualization allows virtual machines to communicate with each other over physical and virtual networks securely and efficiently.
To integrate network and security with vRealize Automation an IaaS administrator must install the vCloud Networking and Security or NSX plug-ins in vRealize Orchestrator and create vRealize Orchestrator and vSphere endpoints.
A fabric administrator can create network profiles that specify network settings in reservations and blueprints. External network profiles define existing physical networks. NAT, routed, and private network profiles are templates for configuring network interfaces when you provision virtual machines, and for configuring NSX Edge devices created when you provision multi-machines.
When deploying a multi-machine that uses both an NSX Edge load balancer and app isolation, the dynamically provisioned load balancer is not added to the security group with the other multi-machine blueprint components. This prevents the load balancer from communicating with the machines for which it is meant to handle connections. Because Edges are excluded from the NSX distributed firewall, they cannot be added to security groups. To allow load balancing to function properly, use another security group or security policy that allows the required traffic into the component VMs for load balancing.
A tenant administrator or business group manager can configure network adapters, load balancing, and security for all components provisioned from a multi-machine blueprint that uses a routed network profile.
A tenant administrator or business group manager can use the templates to define multi-machine service networks. In a multi-machine blueprint, you can configure network adapters and load balancing for all components provisioned from that multi-machine blueprint.
In the multi-machine blueprint, you can select a transport zone that identifies the vSphere endpoint. A transport zone specifies the hosts and clusters that can be associated with logical switches created within the zone. A transport zone can span multiple vSphere clusters. The multi-machine blueprint and the reservations used in the provisioning must have the same transport zone setting. Transport zones are defined in the NSX and vCloud Networking and Security environments. See NSX Administration Guide.