You can configure network isolation for your VMware Cloud on AWS deployment needs by specifying and using an on-demand security group in a network profile.

You can specify an isolated network by using a security group or by using on-demand network settings. In this example, you configure network isolation by specifying an on-demand security group in the network profile. Later, you specify the network in a cloud template and use the cloud template in a VMware Cloud on AWS deployment.

Unless otherwise indicated, the step values that you enter in this procedure are for this example workflow only.

Prerequisites

Procedure

  1. Open the network profile that you used in the basic VMware Cloud on AWS workflow, for example vmc-network1. See Configure network and storage profiles for VMware Cloud on AWS deployments in vRealize Automation .
  2. Select the existing network that you used in the basic VMware Cloud on AWS workflow, for example sddc-cgw-network-1. See Configure network and storage profiles for VMware Cloud on AWS deployments in vRealize Automation.
  3. Click the Network Policies tab.
  4. Select the Create an on-demand security group option.

    Network profile UI showing the Create an on-demand security group option selected.

  5. Click Save.

    When you use this network profile, machines are deployed to the selected network and are isolated by a new security group policy. The new security policy allows private or outbound network access.

What to do next

Configure a network component in your cloud template. See Define a network component in a cloud template to support network isolation for VMware Cloud on AWS in vRealize Automation