Delighted
i am delighted to have the opportunity to see you once more..
This is Part 2 of the Blog Series on NSX Integration with Aria Automation, named “Part-02”.
In Part 1, the focus was primarily on establishing the groundwork and obtaining a fundamental comprehension of deployment types and initial configuration.
Below is the link to Part-01 in case you missed it.
NSX integration with Aria Automation-Part-01
NSX Integration with Aria Automation-Part-02
NSX Integration with Aria Automation-Part-03
Note: – As I craft this blog, I want to share the specific products and their versions that I am utilizing.
| Sr. No | Product Name | Version | Build |
| 1 | VMware vSphere | 8.0.2 | 22617221 |
| 2 | VMware Aria Automation | 8.14.0.33079 | 22618990 |
| 3 | VMware Identity Manager™ | 3.3.7.0 | 21173100 |
| 4 | VMware NSX | 4.1.2.1.0 | 22667789 |
| 5 | VMware ESXi | 8.0.2 | 2330554 |
Pre-Requisite
Prior to commencing work as a cloud administrator at VMware Aria Automation, it is essential to obtain pertinent information concerning your public and private cloud accounts. Utilize the following checklist to facilitate your setup process before integrating with the services.
- The VAPI service on the vCenter Server management must be actively running and its health status should be reported as healthy.
- It is important to ensure that the VSAN Health service is activated on the vCenter Server management and that it is reporting a healthy status.
- To access VMware by Broadcom Customer Connect, you can create an account by utilizing your corporate email address to sign up at the provided URL https://support.broadcom.com/.
- VMware Aria Automation services require that outgoing traffic through HTTPS port 443 be allowed access through the firewall to the following domains: **vmwareidentity.com, gaz.csp-vidm-prod.com, vmware.com.**
- It is essential for all vCenter-based cloud accounts, which encompass NSX-V, NSX-T, vCenter, VMware Cloud on AWS, VMware Cloud Director, and VMware Cloud Foundation, to have vSphere endpoint credentials. These credentials are required to grant the administrator administrative access to the host vCenter. Alternatively, the credentials under which the agent service operates within vCenter must be provided to ensure proper access.
- In order for the vSphere agent to effectively manage the vCenter instance, it is essential to provide an account with the necessary read and write privileges. Please ensure that the account has access to the vCenter’s IP address or FQDN.
- Access privileges are necessary for the management of NSX-V, NSX-T, vCenter, VMware Cloud on AWS, VMware Cloud Director, and VMware Cloud Foundation cloud accounts. It’s important to ensure that permissions are activated for all clusters within the vCenter, rather than just for clusters that host endpoints.
- To set up the NSX-T Cloud account, ensure that it is configured with the enterprise administrator role using the NSX-T IP address or FQDN. Furthermore, it’s important to include the Auditor role for read-only access.
Setting UP Initial Configuration Roadmap
In order to enable the provisioning with VMware Aria Automation, populate the self-service catalog with NSX infrastructure, and deploy our template within our on-premises SDDC, it is important to understand the two available methods for setup.
- Quick Start: This method prioritizes speed, allowing for the swift creation and deployment of our template. However, it may not support the creation of complex projects with custom networks.
- Guided Setup: As the name suggests, this method involves a more detailed and comprehensive approach.
Throughout this blog, we will take an extensive look at each Phase involved in this setup, providing an in-depth understanding of the process.
Phase-1 Cloud Account: –
Capture 1: –
Step 1 : login as an enterprise admin right creds user. As shown in capture 1 i used the configurationadmin user name. This user name is configured in the VIDM.
Step 2: Click on Services
Step 3 : Click on Assembler
Capture 1.2: –
As shown in capture 1.2 we are trying to integrate the vcenter and NSX accounts as a cloud account in aria automation.
Step 1: – Click on Infrastructure
Step 2: – Click on Cloud Accounts under connections
Step 3: – Click on ADD Cloud Account under Cloud account.
Capture 1.3: –
As shown in capture 1.3, we are configuring the 02 nos of cloud accounts which meet this blog requirement.
Step 1:- We will configure the vCenter Server.
Step 2:- We will configure the NSX-T Manager
Step 1:- Configuring the vCenter Server
Step 1: – Give the rememberable name under the Name.
Step 2 : – Fill the FQDN or IP address of the vcenter server.
Step 3: – Fill the enterprise access user name under the Username.
Step 4: – Fill the Password.
Step 5: – Click on validate.
Note: – once it is validated we can see the “credential validated successfully” and after validation we can see the step from 6 to 8.
Step 6: – Tik or Select the radio button.
Note: – Datacenters will be auto popup under this tab.
Step 7: – This Radio button is optional.
Step 8: – NSX manager FQDN should be filled.
Step 9 :- Click on ADD.
Step 10. Status —> ok.
Step 2:- Configuring the NSX-T Manager
Step 1: – Give the rememberable name under the Name.
Step 2 : – Fill the FQDN or IP address of the NSX.
Step 3: – Fill the enterprise access user name under the Username.
Step 4: – Fill the Password.
Step 5: – Manager type should be Local if we are not using federation else we should select Global.
Step 6: – NSX Mode should be Policy.
Note:- Manager mode is deprecated. Use this mode to support NSX-T Manager API capabilities in VMware Aria Automation. VMware intends to remove Manager mode in a future version of NSX-T You cannot change the mode after you create the cloud account.
Step 7: – Click on validate.
Step 8: – We will see the certificate acceptance popup msg. Click on Accept.
Step 9: – Click on +ADD and associate the vCenter Server cloud account.
Step 10: – Click on ADD
Step 11: – Status —> ok.
Phase-2 Cloud Zone
Capture 1: –
Step 1: – Click on Infrastructure
Step 2: – Click on Cloud Zones under configure
Step 3: – Click on New Cloud Zone.
Capture 1.2: –
Step 1: – Click on Summary
Step 2: – Search and select the vCenter Server account
Step 3: – Give the rememberable name under the Name.
Step 4: – I select the Default placement policy.
Note:– There are 04 types of placement policies. Apply one of the following placement strategies:: –
| Sr. No | Policy | Description |
| 1 | DEFAULT | Assigns compute resources to the first applicable host. |
| 2 | BINPACK | Allocates computes to the most heavily loaded host with sufficient resources to accommodate the given compute. |
| 3 | SPREAD | Distributes compute resources at a deployment level to the cluster or host with the fewest number of virtual machines. In the context of vCenter Server, the Distributed Resource Scheduler (DRS) allocates the virtual machines across the hosts. |
| 4 | SPREAD BY MEMORY | In the public cloud, apportions compute resources at a deployment level to the cluster or host with the greatest amount of available memory. This pertains to the host/cluster with the least amount of allocated memory. In the private cloud, this method assigns compute resources at a deployment level to the cluster or host with the smallest ratio of allocated memory to total memory. If all hosts/clusters are empty, the largest one is given priority. |
Step 5: – Folder option is optional. As shown in capture i selected the Workloads
Step 6: – click on Compute
Step 7: – As shown in capture we selected “Manual Compute Resource”.
Note:– There are 03 ways to select the compute resources:
| Sr. No | Type | Description |
| 1 | Include all unassigned | – Adds all unassigned compute resources for the account/region to the cloud zone. |
| 2 | Manually Select | Select from the list to add or remove compute resources manually. |
| 3 | Filter by tags | Add tags to dynamically include compute resources in this zone. Unassigned computes with tags that match the filter are included in this zone. |
Step 8: – Click on ADD and add the cluster where we want to deploy the compute resources.
Step 9: – Click on Create.
Phase-03 Projects
Capture 1: –
Step 1: – Click on Infrastructure
Step 2: – Click on Projects under Administration
Step 3: – Click on New Project
Capture 1.1: –
Step 1: – Click on Summary
Step 2: – Give the rememberable name under the Name
Step 3: – Click on Users
Step 4: – As per my current use case i uncheck the radio button of the deployment sharing.
Note: – As per your case you can add the user or groups under the user role. I added the administrator, supervisor and Member, viewer groups.
| Sr. No | User Role | Description |
| 1 | Administrator | Can change the project configuration, add or remove users, and add or remove cloud zones. |
| 2 | Member | Can use the project services and deploy VMware Aria Automation Templates. |
| 3 | Viewer | Can only view VMware Aria Automation Templates and the deployments in this project but cannot deploy VMware Aria Automation Templates. |
| 4 | Supervisor | Can approve policies in Service Broker if a policy is defined with the project supervisor as an approver. |
Step 5: – Click on Provisioning
Step 6: – Click on +ADD Zone
Step 7: – Click on Cloud Zone
Step 8: – Select vSphere cloud Zone.
Note: – In order to effectively manage resources, it is necessary for each project to have at least one cloud zone allocated to it. Additionally, it is possible to connect multiple cloud zones to a single project, with these zones being of various types including vCenter, Google, Amazon Web Services (AWS), and others. Each zone can be assigned a priority and the usage of resources for the project can be limited. These restrictions can include the number of instances, the number of CPUs, and the amount of memory.
Step 9: – Storage limit i set 0 (means unlimited instances)
Note: – In vSphere cloud zones, administrators have the ability to define specific storage limits for their virtualized environments. By default, when the storage limit is set to 0, it means that there are no restrictions on the number of instances that can be created. This provides administrators with the flexibility to allocate storage resources based on their requirements.
Step 10: – Click on ADD
Step 11: – Click on SAVE.
Step 12: – Project-01 successfully created.
Phase-04 Network profiles
Network profiles control placement decisions to select a network during virtual machine provisioning.
Capture 1: –
Step 1: – Click on Infrastructure
Step 2: – Click on network profiles under configure
Step 3: – Click on New Network Profile.
Capture 1.1: –
Step 4: – click on Summary
Step 5: – Select the vCenter Server
Step 6: – Give the rememberable name under the Name
Step 7: – Gives the rememberable name under the Capability Tags.
Step 8:- Click on Networks
Capture 1.2: –
Step 9: – Click on + Add Network
Step 10: – Select the network (I selected the Overlay-Segment)
Note: – Origin we can see Discovered, its mean this will auto popup from the NSX.
Step 11: – Click on Manage IP Ranges
Capture 1.3: –
Step 12:- Click on + NEW IP Range
Step 13: – Give the rememberable name under the Name
Step 14: – Gives the start IP address
Step 15: – Gives the End IP address
Step 16: – Click on Save.
Note: -Upon provisioning of virtual machines, network profiles are employed to configure network interfaces and define the configuration of NSX Edge devices required for the provisioning of multiple machines. These network profiles make use of the networkType property within the VMware Aria Automation template. Moreover, network profiles provide compatibility with third-party IP Address Management (IPAM) providers, such as Infoblox. Upon configuring a network profile for IPAM, the provisioned machines can obtain IP address data, along with pertinent information such as DNS and gateway details, from the specified IPAM solution. Below is the high level view of Network type with use cases & network profile isolation policy.
Capture 1.4: –
Step 17: – click on Network Policies
Step 18: -I have chosen the Isolation policy “None” because I want to utilize the network that is defined under the “Network & I am using the NSX IPAM, rather than the Aria automation IPAM”. It’s important to note that steps 12 to 16 are only relevant when the isolation policy -On Demand-Network is being used.
Note : -Below are high level summary of Isolation Policy: –
| Sr. No | Isolation Policy Type | Description |
| 1 | None | Templates that require an outbound or private network are not matched to this profile. |
| 2 | On-demand network | A subnet is created for each deployment using these settings. This method may be better for smaller networks with fewer IP addresses. |
| 3 | On-demand security group | Traffic rules for the deployment are defined by a security group. This method may be more efficient for large networks, but uses more IP addresses. |
Step 19: – Click on Save.
Capture 1.5: –
Step 20: – Click on Security groups
Note: – During writing this blog , my scenario needs to associate Overlay-VMs should be associated with the Overlay-VM-Group.
Step 21: – Click on + ADD Security Group.
Step 22: – Click on Save.
Capture 1.6: –
In Capture 1.6, I was able to create 02 network profiles and I followed the provided steps to successfully create the Web-segment-profile.
- NSX-Overlay-Profile is successfully created.
- Web-Segment-Profile is also successfully created.
Phase-05 Storage Profiles
Storage management is a critical aspect of resource management. Unlike CPUs and memory, storage is not uniform.
Capture 1: –
Step 1:- Click on Infrastructure
Step 2: – Click on Storage Profiles under configure
Step 3: – Click on + NEW STORAGE PROFILE
Step 4: – Select the Region
Step 5: – Give the rememberable name under the Name
Step 6: – Disk type-Standard disk
Step 7: – Storage policy-vSAN Default Storage policy
Note: – there are other storage policies are there under storage policy. Need more careful during attending the storage policy.
Step 8: – Datastore/cluster —vsan Datastore
Step 9: – Provisioning Type-Thin
Note: – There are 04 options are there under provisioning (Unspecified, Thin, thick, Eager Zeroed thick)
Step 10: – Create.
Phase-06 Flavor Mapping
Flavor mappings play a crucial role in determining the size configurations available for virtual machines. They allow you to set specific limits for CPU count and memory size, thereby creating a range of options to suit your needs. Additionally, you have the ability to specify the cloud account that is compatible with each flavor. It’s also possible to link multiple cloud accounts with the same flavor by using the plus sign (+) icon.
Capture 1: –
Step 1: – Click on Infrastructure
Step 2: – Click on Flavor mappings
Step 3: – Click on + NEW FLAVOR MAPPING
Step 4: – Give the rememberable name under the Flavor Name
Step 5: – Select the Region
Step 6: – Give the numeric value of number of CPUs requires.
Step 7: – Give the numeric value of memory.
Step 8: – Give the numeric value of cores per socket requires.
Step 9:- Click on save
As we can see we have created 02 flavor mappings(Gold Flavor & Medium Flavor).
Phase-07 Image Mapping
In the process of image mapping, a standard language is utilized to define target deployment images for a specific cloud account. These images can be associated with various templates, including predefined web servers, predefined database servers, or predefined application systems. In the case of a vCenter cloud account, the target deployment image takes the form of a virtual machine template. Notably, it is feasible to link images from multiple cloud accounts to a singular image mapping.
Capture 1: –
Step 1: – Click on Infrastructure
Step 2: – Click on Image mappings
Step 3: – Click on + NEW IMAGE MAPPING
Step 4: – Give the rememberable name under the image Name
Step 5: – Select the Region
Step 6: – Search and select your template under the image
Step 7: – Click on Create
As we can see we have a single image. This image i am using for my blog demo purpose.
Phase-08 Design/Configuration Pane
The design canvas serves as the platform for arranging components and establishing their connections to visually construct your VMware Aria Automation template. Positioned at the top of the design canvas, the icons provide essential functions including deletion, duplication, zooming, and the ability to undo or redo actions. VMware Aria Automation automatically generates YAML code in response to the placement of components on the design canvas, presenting it in the Configuration pane.
Capture 1: –
Step 1: – Click on Design
Step 2: – Click on templates
Step 3: – Click on NEW FROM drop down
Step 4: – Click on blank canvas
Note : Terraform: -You can create the template with your terraform script but your project includes a repository integration for terraform configurations.
Upload: – You can upload your YAML file for creating your template.
Step 5: – Give the rememberable name under the Name
Step 6: – Search and select your project
Step 7: – Select your template accessing and sharing authentication.
Step 8: – Click on Create
Capture 1.1: –
As shown in capture 1.1, the below detail
Resource Pane: – The Resources pane of the VMware Aria Automation template comprises various components, including machines, networks, NSX components, disks, volumes, and cloud components for Amazon Web Services (AWS), Microsoft Azure, and Google Compute Platform (GCP). Additionally, it contains components for establishing Kubernetes clusters, Kubernetes namespaces, and supervisor clusters, as well as components for configuration management technologies such as Ansible, Ansible Tower, Puppet, and Terraform.
Design Pane: – The design canvas serves as the platform for arranging components and creating visual designs for your VMware Aria Automation template. Utility icons located at the top of the design canvas facilitate functions such as deletion, duplication, zooming, undo and redo operations. As components are placed on the design canvas, VMware Aria Automation dynamically generates the corresponding YAML code, which is then displayed in the Configuration pane.
Configuration Pane: -The configuration pane features three tabs designated for the configuration of components placed on the design canvas. Upon selecting a component within the design canvas, the Code tab will highlight the YAML code responsible for implementing the component’s functionality, while the Properties tab will facilitate the adjustment of the component’s settings. Additionally, the Inputs tab allows for the definition of inputs, thereby granting end users control over the configuration of the VMware Aria Automation template deployment.
Conclusion
Thank you for taking the time to engage with this insightful blog post. In Part 2, we will delve into a more in-depth exploration of the various elements comprising the initial configuration, providing a comprehensive understanding of this complex subject. This will encompass the intricate process of integrating Cloud accounts, cloud zones, creating projects, network profiles, storage profiles, image mapping, flavor mapping & design, and configuration pane. In Part 3, we will be immersed in the thorough testing and deployment phases under the pivotal pane, providing a detailed and hands-on perspective.
Puneet Sharma 
Leave a comment