VMware’s vRealize and NSX: Better Together

VMwarevRealizeNSXBlogVMware vRealize Automation allows for unified cloud management by automating personalized infrastructure delivery. VMware NSX is a component of the software-defined data center (SDDC) that provides a network virtualization platform. NSX abstracts security and networking functionality and embeds it into the hypervisor rather than handling it in the hardware.

While both of these products work well standing on their own, NSX and vRealize Automation are better together. Together, NSX and vRealize Automation provide a way to deploy applications as well as network and security services at time of provisioning. These network and security policies can be used to ensure compliance with required corporate policies.

Some key benefits include:

  • NSX configuration directly from within the vRealize Automation interface
  • Application context for micro-segmentation
  • Deployment-specific configuration extensibility

Integration work began with previous versions of both products but has made massive leaps forward in the newer releases (vRealize Automation 7.x and NSX 6.2.x).

As of the vRealize Automation 7.0 release, NSX network and security features are available. The configuration process can be easily created and managed through the drag and drop canvas as a part of the Converged Blueprint Designer. The graphical canvas allows for the visualization of the topology as it is being created, demonstrating the relationships between network and security components. This visualization helps ensure that the configuration is correct prior to publishing to the catalog for deployment.

The combination of vRealize Automation’s service catalog and resource management capabilities paired with NSX’s Layer 2 to Layer 7 logical security and networking services, ensures repeatable, on demand delivery of applications. Most of this functionality is exposed to the vRealize Automation administrator in the form of the Network Profiles construct.

There are three different types of network profiles available in vRealize Automation 7:

  1. Routed
  2. NAT
  3. External

The selection of the network profile is important as it determines the automation actions and the application’s end topology.

Using vRealize Automation with NSX has the configurable controls needed for deploying a variety of network configurations and topologies (multi-tier, single-tier, and shared networks) in order to meet any requirements. There is also an integrated firewall, resulting in deploying an isolated network or segmented network, along with any additional integrated network services, being much easier than a more traditional deployment manner.

vRealize Automation leverages vRealize Orchestrator to provides “run books” to automate IT processes. The use of vRealize Orchestrator gives greater extensibility is available to meet environment or deployment specific requirements. Creating and inserting workflows within the provisioning lifecycle augments native NSX integration. This may significantly reduces the amount of customization needed, thereby reducing the time of deployment for an integrated solution.

Knowing the limitations of a product is as equally as important as knowing its features. Here’s a quick list of NSX actions that cannot be performed through vRealize Automation (as of September 13):

  • Creation of distributed logical routers
  • Naming NSX objects created by vRealize Automation (Edges may be renamed to an extent using blueprint names but not customized for each deployment.)
  • Advanced configuration of the NSX Edge Gateway (VPN configuration, advanced load balancer settings, dynamic routing protocol configuration, L2 bridging, and so forth)

vRealize Automation delivers a deep integration and automation for a large majority of NSX’s services. These services are taken, built and deployed around applications and bound to policies that dictate requirements. NSX’s integration with vRealize Automation give access to improved security features that be leveraged to design systems with advanced networking.

More information may be found in the following VMware courses:

In this article

Join the Conversation