DefinIT

Retrieve Blueprint or Virtual Machine Custom Properties using the vRealize Automation API

Just a quick post today, as I was working with a customer recently and we were trying to retrieve the Custom Properties assigned to a vRealize Automation 7.3 deployed Virtual Machine, similar to the one in the image below. It’s not as intuitive as you’d like it to be because of the split between IaaS APIs and Cafe APIs. Below you can see I’ve deployed a simple CentOS blueprint with a custom property at the Blueprint level (called “BlueprintLevel” with a value of “CustomProperty”) and a custom property at the VM level (called “CustomProperty” and a value of “Test123”).

vRA Blueprint Custom Property

vRA VM Custom Property (more…)

vRealize Automation 7.3 and NSX – Micro-segmentation strategies

vRealize Automation and NSX integration has introduced the ability to deploy multi-tiered applications with network services included. The current integration also enables a method to deploy micro-segmentation out of the box, based on dynamic Security Group membership and the Service Composer. This method does have some limitations, and can be inflexible for the on-going management of deployed applications. It requires in-depth knowledge and understanding of NSX and the Distributed Firewall, as well as access to the Networking and Security manager that is hosted by vCenter Server.

For customers who have deployed a private cloud solution using vRealize Automation, an alternative is to develop a “Firewall-as-a-Service” approach, using automation to allow authorised end users to configure micro-segmentation. This can be highly flexible, and allow the delegation of firewall management to the application owners who have intimate knowledge of the application. There are disadvantages to this approach, including significantly increased effort to author and maintain the automation workflows.

This blog post describes two possible micro-segmentation strategies for vRealize Automation with NSX and compares the two approaches against a common set of requirements.

This post was written based on the following software versions

Software Component Version (Build)
vRealize Automation 7.3 (5604410)
NSX 6.3.5 (7119875) – 6.4
vSphere 6.5 Update 1d (7312210)
ESXi 6.5 Update 1 (5969303)

These are some generic considerations when deploying micro-segmentation with vRealize Automation.

  • An application blueprint is designed to be deployed multiple times from vRealize Automation, the automation shouldn’t break any micro-segmentation or firewall policy when that happens.
  • vRealize Automation blueprints can scale in and out – this should be accommodated within the micro-segmentation strategy to ensure that required micro-segmentation is the same as implemented micro-segmentation.
  • vRealize Automation is a shared platform, so the micro-segmentation of one deployment should be limited in scope, but should also consider intra-deployment communications between applications, for example, of the same business group or tenant.

Application XYZ requirements

For illustration purposes, an example 3-tier application deployment is shown below “Application XYZ“. It consists of a Web, App and DB tier and a load balancer for the Web and App tiers.

Application XYZ Allowed Flows

Application XYZ Allowed Flows

(more…)

vRealize Automation 7.3 Distributed Install – Prerequisites

Pre-requisites - Get your ducks in a row!As a consultant I’ve had the opportunity to design, install and configure dozens of production vRealize Automation deployments, from reasonably small Proof of Concept environments to globally-scaled multi-datacenter fully distributed behemoths. It’s fair to say, that I’ve made mistakes along the way – and learned a lot of lessons as to what makes a deployment a success.

In the end, pretty much everything comes down to getting the pre-requisites right. Nothing that I’ve written here is not already documented in the official documentation, and the installation wizard does a huge amount of the work for you.

For the purposes of this post, I am working with the following components, which have been pre-deployed on a single flat network.

vRA Appliances

Server
CPU
RAM
Disk
vra-app-1
4
18
140
vra-app-2
4
18
140
vRA IaaS Windows Servers
Server
CPU
RAM
Disk
vra-web-1
2
8
60
vra-web-2
2
8
60
vra-man-1
2
8
60
vra-man-2
2
8
60
vra-dem-1
2
4
60
vra-dem-2
2
4
60
vra-sql
2
8
60

(more…)

Sponsors