These blueprint code examples illustrate some basic network, security, and load balancer configurations.

For examples of detailed network and security implementation scenarios, see VMware blogs such as these:

For a complete summary of all blueprint schema options, see vRealize Automation Resource Type Schema.

For more information about network types, see Using networks and network profiles in vRealize Automation Cloud Assembly.

Resource Scenario Example Blueprint Code

vSphere machine with multiple NICs

resources:
  demo-machine:
    type: Cloud.vSphere.Machine
    properties:
      image: ubuntu
      flavor: small
      networks:
        - name: '${network-01.id}'
          deviceIndex: 0
        - name: '${network-02.id}'
          deviceIndex: 1  
  Cloud_vSphere_Network_1:
    type: Cloud.vSphere.Network
    properties:
      networkType: existing
      name: network-01
  Cloud_vSphere_Network_2:
    type: Cloud.NSX.Network
    properties:
      networkType: existing
      name: network-02

Public cloud machine to use internal IP instead of public IP

resources:
  wf_proxy:
    type: Cloud.Machine
    properties:
      image: ubuntu 16.04
      flavor: small
      constraints:
        - tag: 'platform:vsphere'
      networks:
        - name: '${resource.wf_net.id}'
          assignPublicIpAddress: false

Routed network for NSX-V or NSX-T using the NSX network component type

Cloud_NSX_Network_1:
    type: Cloud.NSX.Network
    properties:
      networkType: routed

Tagging NSX logical switches for an outbound network

For more information on this scenario, see community blog post Creating Tags in NSX with Cloud Assembly.

Cloud_NSX_Network_1:
    type: Cloud.NSX.Network
    properties:
      networkType: outbound
      tags: 
        - key: app
          value: opencart

Existing security group with a constraint tag applied to a machine NIC

You can assign tags to a Cloud.SecurityGroup component to allocate existing security groups by using tag constraints. Security groups that do not contain tags cannot be used in the blueprint.

Load balancers are not currently supported for NICs that have an associated security group.
formatVersion: 1
inputs: {}
resources:
  allowSsh_sg:
    type: Cloud.SecurityGroup
    properties:
      securityGroupType: existing
      constraints:
        - tag: allowSsh
  compute:
    type: Cloud.Machine
    properties:
      image: centos
      flavor: small
      networks:
        - network: '${resource.prod-net.id}'
          securityGroups:
            - '${resource.allowSsh_sg.id}'
  prod-net:
    type: Cloud.Network
    properties:
      networkType: existing

On-demand network with a 1 arm load balancer

inputs: {}
resources:
  mp-existing:
    type: Cloud.Network
    properties:
      name: mp-existing
      networkType: existing
  mp-wordpress:
    type: Cloud.vSphere.Machine
    properties:
      name: wordpress
      count: 2
      flavor: small
      image: tiny
      customizationSpec: Linux
      networks:
        - network: '${resource["mp-private"].id}'
  mp-private:
    type: Cloud.NSX.Network
    properties:
      name: mp-private
      networkType: private
      constraints:
        - tag: nsxt
  mp-wordpress-lb:
    type: Cloud.LoadBalancer
    properties:
      name: wordpress-lb
      internetFacing: false
      network: '${resource.mp-existing.id}'
      instances: '${resource["mp-wordpress"].id}'
      routes:
        - protocol: HTTP
          port: '80'
          instanceProtocol: HTTP
          instancePort: '80'
          healthCheckConfiguration:
            protocol: HTTP
            port: '80'
            urlPath: /index.pl
            intervalSeconds: 60
            timeoutSeconds: 30
            unhealthyThreshold: 5
            healthyThreshold: 2

Existing network with a load balancer

formatVersion: 1
inputs:
  count:
    type: integer
    default: 1
resources:
  ubuntu-vm:
    type: Cloud.Machine
    properties:
      name: ubuntu
      flavor: small
      image: tiny
      count: '${input.count}'
      networks:
        - network: '${resource.Cloud_NSX_Network_1.id}'
  Provider_LoadBalancer_1:
    type: Cloud.LoadBalancer
    properties:
      name: OC-LB
      routes:
        - protocol: HTTP
          port: '80'
          instanceProtocol: HTTP
          instancePort: '80'
          healthCheckConfiguration:
            protocol: HTTP
            port: '80'
            urlPath: /index.html
            intervalSeconds: 60
            timeoutSeconds: 5
            unhealthyThreshold: 5
            healthyThreshold: 2
      network: '${resource.Cloud_NSX_Network_1.id}'
      internetFacing: false
      instances: '${resource["ubuntu-vm"].id}'
  Cloud_NSX_Network_1:
    type: Cloud.NSX.Network
    properties:
      networkType: existing
      constraints:
        - tag: nsxt24prod