Network, security group, and load balancer resource examples in Automation Assembler
Automation Assembler
You can use networking, security, and load balancer resources and settings in
Automation Assembler
cloud templates.For a summary of cloud template code options, see VMware Aria Automation Resource Type Schema.
These examples illustrate network, security, and load balancer resources within basic cloud template designs.
Networks
Resource scenario | Example cloud template design code |
---|---|
vSphere machine with multiple NICs connected to vSphere and NSX networks with DHCP IP assignment
|
|
NSX private network using the vlanIds property to specify an array of 3 VLANs - 123, 456, and 7 |
|
Add a private network with a static IP address for an Azure VM deployment |
|
You can use a static IP assignment with VMware Aria
Automation IPAM (internal as supplied with VMware Aria
Automation or external based on the VMware Aria
Automation IPAM SDK such as for one of the Infloblox plug-ins available in the VMware Marketplace). Other uses of assignment: static are not supported, as described in the Caveats section of More about network resources in VMware Aria Automation cloud templates. |
|
Add or edit NAT and DNAT port forwarding rules in a Cloud.NSX.NAT resource for an existing deployment. |
|
Public cloud machine to use an internal IP instead of a public IP. This example uses a specific network ID. Note: The network: option is used in the networks: setting to specify a target network ID. The name: option in the networks: setting has been deprecated and should not be used. |
|
Routed network using the NSX network resource type. |
|
Add a tag to a machine NIC resource in the cloud template. |
|
Tag NSX-T logical switches for an outbound network.Tagging is supported for NSX-T and VMware Cloud
on AWS . For more information on this scenario, see community blog post Creating Tags in NSX. |
|
Security groups
Resource scenario | Example cloud template design code |
---|---|
Existing security group with a constraint tag applied to a machine NIC. To use an existing security group, enter existing for the securityGroupType property. You can assign tags to a Cloud.SecurityGroup resource to allocate existing security groups by using tag constraints. Security groups that do not contain tags cannot be used in the cloud template design. Constraint tags must be set for securityGroupType: existing security group resources. Those constraints must match the tags set on the existing security groups. Constraint tags cannot be set for securityGroupType: new security group resources. |
|
On-demand security group with two firewall rules illustrating the Allow and Deny access options. |
|
Complex cloud template with 2 security groups, including:
This sample illustrates different combinations of protocols and ports, services, IP CIDR as source and destination, IP range as source or destination, and the options for any, IPv6, and (::/0). For machine NICs, you can specify the connected network, and security group(s). You can also specify the NIC index or an IP address. |
|
Load balancers
Resource scenario | Example cloud template design code |
---|---|
Specify a load balancer logging level, algorithm, and size. | Sample NSX load balancer showing use of logging level, algorithm, and size:
|
Associate a load balancer with a named machine or a named machine NIC. You can specify either machine ID or machine network ID to add the machine to the load balancer pool. The instances property supports both machines (machine by ID ) and NICs (machine by network ID ).In the first example, the deployment uses the machine by ID setting to load balance the machine when it is deployed on any network. In the second example, the deployment uses the machine by network ID setting to load balance the machine only when the machine is deployed on the named machine NIC.The third example shows both settings used in the same instances option. | You can use the instances property to define a machine ID or a machine network ID:
|
Add health check settings to an NSX load balancer. Additional options include httpMethod , requestBody , and responseBody . |
|
On-demand network with a 1-arm load balancer. |
|
Existing network with a load balancer. |
|
Learn more
Related information is available in the following VMware blogs:
- Network Automation with NSX – Part 1 (includes use ofNSX-TandvCentercloud accounts and network CIDR)
- Network Automation with NSX – Part 2 (includes use of existing and outbound network types)
- Network Automation with NSX – Part 3 (includes use of existing and on-demand security groups)
- Network Automation with NSX – Part 4 (includes use of existing and on-demand load balancers)