Provider administrators can create a Virtual Private Zone (VPZ) to allocate infrastructure resources to tenants in a multi-organization vRealize Automation environment. Administrators can also use VPZ's to control resource allocation in single tenant deployments.
You can use Virtual Private Zones to allocate resources such as images, networks, and storage resources. VPZs function much as cloud zone on a per tenant basis but they are designed specifically for use with multi tenant deployments. For any given project, you can use either cloud zones or VPZ's but not both. Also, there is a one to one relationship between VPZ's and tenants. That is, a VPZ can be assigned to only one tenant at a time.
Note: You configure image and flavor mappings for a VPZ on the Tenant Management page.
You can create a VPZ with or without NSX. If you create a zone without NSX, there are limits regarding NSX-related functionality on vSphere endpoints.
- Security (groups, firewall)
- Network components (NAT)
Prerequisites
- Enable and configure multi-tenancy on your vRealize Automation deployment using VMware Life Cycle Manager and VMware Workspace ONE Access.
- Create tenant administrators as appropriate for your tenant configuration.
- If you want to use NSX, you must create an appropriate NSX cloud account in your provider organization.
Procedure
- Select
The VPZ page shows all existing zones and enables you to create zones.
- Click New Virtual Private Zone.
There are four selections on the left side of the page that you can use to configure summary information and infrastructure components for the zone.
- Enter Summary information for the new zone.
- Add a Name and Description.
- Select an Account to which the zone applies.
- Select the Placement Policy.
Placement policy drives host selection for deployments within the specified cloud zone.
- Default - Distributes compute resources across clusters and hosts randomly. This selection works at an individual machine level. For example, all machines in a particular deployment are distributed randomly across the available clusters and hosts that satisfy the requirements.
- binpack - Places compute resources on the most loaded host that has enough available resources to run the given compute.
- spread - Provisions deployment compute resources to the cluster or host with the least number of virtual machines. For vSphere, Distributed Resource Scheduler (DRS) distributes the virtual machines across the hosts. For example, all requested machines in a deployment are placed on the same cluster, but the next deployment might select another vSphere cluster depending on the current load.
- Select the Compute resource for the zone.
Add compute resources as appropriate for the cloud zone. Initially, the filter selection is Include all Compute and the following list shows all available compute resources, and they are allocated to the applicable zone. You have two additional options for adding compute resources to a cloud zone.
- Manually select compute - Select this menu item if you want to select compute resources manually from the list below. After you select them, click Add Compute to add the resources to the zone.
- Dynamically include compute by tags - Select this menu item if you want to select compute resource to be added to the zone based on tags. All compute resources are shown until you add appropriate tags. You can select or enter one or more tags in the Include compute with these tags option.
For either compute selection, you can remove one or more of the compute resources shown on the page by selecting the box to the right and clicking Remove.
- Enter or select tags as appropriate.
- Select Storage on the left menu and select the Storage policy and other storage configurations for the zone.
- On the left menu, select Network and define the networks and, optionally, a network policy to use with this zone. You can also configure load balancers and security groups for selected network policies.
Network |
- All existing networks associated with this VPZ appear in the table on the Networks tab.
- Click Add Network to see all networks associated with the selected region. add a network for use with this zone.
- Select a network and click Tags to add one or more tags to the specified network.
- Select Manage IP Ranges to specify the IP Range through which users can access this network.
- If applicable, click the Network Policies tab and select an isolation policy.
|
Network policies |
If configured, select a network policy to use with this zone to enforce an isolation policy for outbound and private networks.
- Select an isolation policy if desired.
- Select a Tier-0 logical router and an Edge cluster if desired.
|
Load Balancers |
Click Add Load Balancer to configure load balancers for the account/region cloud accounts. |
Security Groups |
Click Add Security Group to use security groups to apply firewall rules to provisioned machines. |
Results
The Virtual Private Zone is created with the specified resource allocations.
What to do next
Cloud administrators can associate the VPZ with a project.
- In Cloud Assembly, select
- Select the Provisioning tab.
- Click Add Zone and choose Add Virtual Private Zone.
- Select the desired VPZ from the list.
- You can set the provision priority and limits on the number of instances, the amount of memory available and the number of CPUs available.
- Click Add.