Integrate NSX-T with VRA 8 and build 3 Tier Blueprint

Step By Step for Integration of NSX with VRA 8 and build 3 Tier Blueprint

Integrating the NSX-T / NSX-V with the VRA provide the flexibility of provisioning the network tiering with the security segmentations consideration. So, we can get dynamic routing, load balancers and firewall roles.

To see these capabilities, The below 3 steps we will build the 3-teir application using the NSX-T.

  1. Add the NSX as a cloud account in the VRA.
  2. Create network profile.
  3. Create the 3-tier Blueprint.

Add the NSX-T in the VRA

Open the VRA Portal and login.

Under My Services select cloud Assembly

Select Infrastructure Tab. From the left panel under the Connections select Cloud Accounts. And click Add Cloud Account.

Select NSX-T icon.

Write all the details of the credentials to connect to the NSX manager and click Validate.

Accept the Certificate.

Name the connection and select the vsphere endpoint that already added in the NSX-T manager.

Creating Network Profile

In the Same Tab Infrastructure tab . In the left pane under Configure Select Network Profile.

Click New Network Profile.

In the Summary tab, select the account (the vcenter or the cloud account that you want to configure the vm with this network profile), And define the name with the Tags needed

In the Network Policies, Select Create an on-demand network

Define the Transport Zone and define the CIDR and the subnet size and the IP range assignment

Define the network resources to define the resources will be consumed by the NSX

Repeat the previous steps to create the Application tier profile

Repeat the same for the DB Tier

Build 3 Tier Blueprint in VRA With NSX-T

From cloud Assembly Select Blueprint Tab. Click +New.

Configure the Name and the project and click Create.

From the left pane under vSphere, Select machine and Drag it to the topology in the middle.

Rename the “Cloud_vSphere_Machine_1” to “Web-Cluster” after Properties add new line with two space bar and write “count: 2” and this to Add two virtual machines in the same tier and will ably the same configurations on both VMs. To be as below screen shot

Add the required features like the image and flavor and if there are any additional customization you need as below:

From the left panel under cloud agnostic select the load balancer and drag it to the topology diagram. And change the name of the load balancer to “Web-LB”, Delete the pracets “[ ]” in the routes line under the properties and enter new line.

In the new line under the “routes:” add two spaces and write “–” for each line to define and add all the properties required to add the load balancer. Like: port, protocol, health check, instance port and instance protocol.

To be as the below screen

Now, to connect the load balancer with the server instance. From the LB box side select the black bolt botton and drag it to the VMs. You will find one line added in the yaml code ” instances: ‘${resource[“Web-Cluster”][*].id}’ ” automatically.

Add the network by selecting Network box under NSX or under cloud Agnostic. And drag it to the diagram.

Change the router name and network type to routed and add constraints tag to define the network profile that we already add the tag in it.

Connect the router to the load balancer and the VMs by selecting the black bolt point in the network box and drag it to the LB box and repeat it to drag it to the VM box. And you will find the line of the connection added automatically in the LB properties and the VMs properties.

Finally, Add the security Group under the Cloud Agnostic by dragging it to the diagram

connect it to the VMs related to it by dragging the black bold point to connect it to the VMs related.

This make us finish the first tier (Web tier) with load balancing.

Repeat all the steps previously with for the APP and the DB tiers and you can remove the LB if you don’t need as I did for resource saving only.

Below the full diagram with the full YAML Code.

formatVersion: 1

inputs: {}

resources:

Web-Routed:

type: Cloud.NSX.Network

properties:

networkType: routed

constraints:

– tag: ‘net:web’

App-Routed:

type: Cloud.NSX.Network

properties:

networkType: routed

constraints:

– tag: ‘net:app’

DB-Routed:

type: Cloud.NSX.Network

properties:

networkType: routed

constraints:

– tag: ‘net:db’

Web-SG:

type: Cloud.SecurityGroup

dependsOn:

– Web-cluster

properties:

securityGroupType: existing

constraints:

– tag: ‘sg:web’

App-SG:

type: Cloud.SecurityGroup

dependsOn:

– App-VM

properties:

securityGroupType: existing

constraints:

– tag: ‘sg:app’

DB-SG:

type: Cloud.SecurityGroup

dependsOn:

– DB-VM

properties:

securityGroupType: existing

constraints:

– tag: ‘sg:db’

Web-LB:

type: Cloud.NSX.LoadBalancer

properties:

routes:

– protocol: HTTP

port: 80

instanceProtocol: HTTP

instancePort: 80

healthCheckConfiguration:

protocol: HTTP

port: 80

urlPath: /index.html

intervalSeconds: 60

timeoutSeconds: 5

unhealthyThreshold: 5

healthyThreshold: 2

network: ‘${resource[“Web-Routed”].id}’

instances: ‘${resource[“Web-cluster”][*].id}’

internetFacing: false

Web-cluster:

type: Cloud.Machine

properties:

name: Web-Node

count: 2

image: VMW-Photon

flavor: VMW-Small

customizationSpec: Lin-Cust

networks:

– network: ‘${resource[“Web-Routed”].id}’

App-VM:

type: Cloud.Machine

properties:

name: App-Node

image: VMW-Photon

flavor: VMW-Small

customizationSpec: Lin-Cust

networks:

– network: ‘${resource[“App-Routed”].id}’

DB-VM:

type: Cloud.Machine

properties:

name: DB-Node

image: VMW-Photon

flavor: VMW-Small

customizationSpec: Lin-Cust

networks:

– network: ‘${resource[“DB-Routed”].id}’

Finally Deploy the blueprint to test the deployment and the connectivity.