As you create or edit your vRealize Automation cloud templates, use the most appropriate network resources for your objectives. Learn about the NSX and cloud-agnostic network options that are available in the cloud template.
Select one of the available network resource types based on machine and related conditions in your vRealize Automation cloud template.
Cloud agnostic network resource
Cloud.Networkresource type. The default resource displays as:
Cloud_Network_1: type: Cloud.Network properties: networkType: existing
Use a cloud agnostic network when you want to specify networking characteristics for a target machine type that is not, or might not, be connected to an NSX network.
- Cloud agnostic machine
- Google Cloud Platform (GCP)
- Amazon Web Services (AWS)
- Microsoft Azure
- VMware Cloud on AWS (VMC)
vSphere network resource
Cloud.vSphere.Networkresource type. The default resource displays as:
Cloud_vSphere_Network_1: type: Cloud.vSphere.Network properties: networkType: existing
Use a vSphere network when you want to specify networking characteristics for a vSphere machine type (
The vSphere network resource is only available for a
Cloud.vSphere.Machine machine type.
NSX network resource
Cloud.NSX.Networkresource type. The default resource displays as:
Cloud_NSX_Network_1: type: Cloud.NSX.Network properties: networkType: existing
Use an NSX network when you want to attach a network resource to one or more machines that have been associated to an NSX-V or NSX-T cloud account. The NSX network resource allows you to specify NSX networking characteristics for a vSphere machine resource that is associated to an NSX-V or NSX-T cloud account.
Cloud.NSX.Networkresource is available for these network type (
- routed - Routed networks are only available for NSX-V and NSX-T.
If you want multiple outbound or routed networks to share the same NSX-T Tier-1 router or NSX-V Edge Service Gateway (ESG), connect a single NSX gateway resource (
Cloud.NSX.Gateway) to the connected networks in the template prior to initial deployment. If you add the gateway after deployment as a Day 2 or iterative development operation, each network creates its own router.
You can use the NSX NAT resource in the template to support NAT and DNAT port forwarding rules.
Cloud agnostic network resource with Azure, AWS, or GCP deployment intent
Public cloud provider VMs can require specific cloud template property combinations that are not necessarily required in NSX or vSphere-based machine deployments. For examples of cloud template code that support some of these scenarios, see Networks, security resources, and load balancers in vRealize Automation.
NSX gateway resource
You can reuse or share a single NSX-T Tier-1 router or NSX-V Edge Service Gateway (ESG) within a single deployment by using a gateway resource (
Cloud.NSX.Gateway) in the cloud template. The gateway resource represents the Tier-1 or ESG and can be connected to multiple networks in the deployment. The gateway resource can be used with outbound or routed networks only.
Cloud.NSX.Gateway resource allows you to share the NSX-T Tier-1 router or NSX-V Edge Service Gateway (ESG) among connected outbound or routed networks in a deployment.
The gateway is often attached to a single outbound or routed network. However, if the gateway is attached to multiple networks, the networks must be of the same type, for example all outbound or all routed. The gateway can be connected to multiple machines or load balancers that are connected to the same outbound or routed networks. The gateway must be connected to a load balancer on the shared on-demand network so that it can reuse the NSX-T Tier-1 router or NSX-V Edge Service Gateway (ESG) created by the gateway.
To allow multiple outbound or routed networks to share the same T1 router or Edge, connect a single
Cloud.NSX.Gateway gateway resource to all the networks initially. All the intended networks and the single gateway must be connected together before you deploy the cloud template, otherwise each network creates its own router.
For an NSX network that contains an associated compute gateway resource, the gateway settings are applied to all associated networks in the deployment. A single NSX-T Tier-1 logical router is created for each deployment and shared by all on-demand networks and load balancers in the deployment. A single NSX-V Edge is created for each deployment and shared by all the on-demand networks and load balancers in the deployment.
You can attach the gateway resource to a network as an iterative deployment update. However, doing so does not create a T1 or Edge router - the initial network deployment creates the router.
For NSX-T networks that do not use an associated gateway resource, multiple on-demand networks in the cloud template continue to create multiple Tier-1 logical routers in the deployment.
If the gateway contains NAT rules, you can reconfigure or delete the NAT or DNAT rules for the Tier 1 router or Edge router. If the gateway is initially deployed with no NAT rules, it has no available Day 2 actions.
NSX NAT resource
Cloud.NSX.NAT resource allows DNAT rules and port forwarding to be attached to all the connected outbound networks by way of the gateway resource. You can attach a NAT resource to a gateway resource for which the DNAT rules need to be configured.
Cloud.NSX.Gateway resource was originally available for DNAT rules. However, use of the
Cloud.NSX.Gateway as a means of defining DNAT rules and port forwarding has been deprecated. It does remain available for backward compatibility. Use the
Cloud.NSX.NAT cloud template resource for DNAT rules and port forwarding. A warning appears in the cloud template if you attempt to use the
Cloud.NSX.Gateway resource type with NAT rule specifications.
Cloud.NSX.NAT resource supports DNAT rules and port forwarding when connected to an outbound NSX-V or NSX-T network.
The NAT rules setting in the resource is
natRules:. You can attach the NAT resource to the gateway resource to configure the
natRules: entries on the gateway. DNAT rules that are specified in the resource use the associated machines or load balancers as their target.
You can reconfigure a machine NIC or compute gateway in an existing deployment to modify its
natRules: settings by adding, reordering, editing or deleting DNAT port forwarding rules. You cannot use DNAT rules with clustered machines. You can specify DNAT rules for individual machines within the cluster as part of a Day 2 operation.
External IPAM integration options
For information about properties that are available for use with your Infoblox IPAM integrations in cloud template designs and deployments, see Using Infloblox-specific properties and extensible attributes for IPAM integrations in vRealize Automation cloud templates.
Available day 2 operations
For a list of common day 2 operations that are available for cloud template and deployment resources, see What actions can I run on vRealize Automation Cloud Assembly deployments.
For an example of how to move from one network to another, see How to move a deployed machine to another network.
For related information and examples, see Networks, security resources, and load balancers in vRealize Automation.
For information about defining network resources, see Network resources in vRealize Automation.
For information about defining network profiles, see Learn more about network profiles in vRealize Automation.
For examples of cloud template designs that illustrate sample network resources and settings, see Networks, security resources, and load balancers in vRealize Automation.