This is a topic that seems to come up a lot – I’ve added the vShield Manager details in my vSphere Endpoint, so how do I now deploy Multi-Machine Blueprints that can sit behind an Edge? Do the Edges deploy dynamically or do I need to provision them beforehand with vShield Manager? There is a lot to go into around this integration, and this post is really just one part of a huge topic – vCNS and NSX integration. More on that later :)
Please note that I may use the term “vNS Manager” in this post. It’s not a typo, but my shorthand for VMware Network and Security Manager which is to imply that I’m talking about either vCNS Manager or NSX Manager interchangeably.
Topology One – Not Using a Routed Gateway
This topology lends itself to a single “tenant” from a vSphere perspective. Multiple Edges can be attached to a single portgroup (or many portgroups).
Prerequisites
-
vNS Manager is installed and configured.
-
The cluster associated with your vCAC Compute Resource is VXLAN enabled, including definition of a Network Scope.
-
External Network Profile Defined.
-
One or more of NAT/Routed/Private Network Profile Defined.
**Details
** Object 1 – dvSwitch, and Portgroup. Object manually created prior to multi-machine blueprint (MMBP) deployment.
Object 2 – Network segment between the Portgroup and the External Interface of the Edge. Object provisioned dynamically during (Multi-Machine Blueprint) MMBP deployment.
Object 3 – The Edge associated with the MMBP. External Interface connects to Object 2. External IP defined by the next available IP Address from the allocated vCAC External Network Profile. Internal IP defined by the Default Gateway value of the vCAC Routed/NAT/Private Network Profile. Object provisioned dynamically during MMBP deployment.
Object 4 – vWire attaching MMBP component VMs to Blueprint Edge (Object 3). Object provisioned dynamically during MMBP deployment.
Topology Two – Using a Routed Gateway
This topology lends itself more towards a multitenanted solution. The Routed Gateway isolates the network beneath it, allowing for consumption of workloads south from it’s internal interface.
Prerequisites
-
vNS Manager is installed and configured.
-
The cluster associated with your vCAC Compute Resource is VXLAN enabled, including definition of a Network Scope and a Network.
-
You have one Edge deployed, connected to a dvSwitch Portgroup on it’s uplink, and a vWire attached to an internal interface.
-
External Network Profile Defined.
-
One or more of NAT/Routed/Private Network Profile Defined.
**Details
** Object 1 – dvSwitch, and Portgroup. Object manually created prior to MMBP deployment.
Object 2 – Network segment between the Portgroup and the External Interface of the Routed Gateway (Object 3). Object configured prior to MMBP deployment.
Object 3 – In vCAC speak this is a “Routed Gateway”. It’s External Interface IP is configured during deployment, as is the Internal Interface IP. Object configured prior to MMBP deployment.
Object 4 – The vWire created as part of the prerequisites, attached to the Internal Interface of the Routed Gateway. Object configured prior to MMBP deployment, consumed dynamically by Blueprint Edges during MMBP deployment.
Object 5 – The Edge associated with the MMBP. External Interface connects to vWire (object 4). External IP defined by the next available IP Address from the allocated vCAC External Network Profile. Internal IP defined by the Default Gateway value of the vCAC Routed/NAT/Private Network Profile. Object provisioned dynamically during MMBP deployment.
Object 6 – vWire attaching MMBP component VMs to Blueprint Edge (Object 5). Object provisioned dynamically during MMBP deployment.
I’ll tackle the effects of different Network Profiles in an upcoming post, as well as their effects on the configuration of the Blueprint Edges deployed as part of the MMBP. If you have any questions please leave a comment!