In this recipe, we take a look at automating NSX with Orchestrator.
You need NSX installed and connected to your vCenter. There are some good YouTube videos that show the essential setup. For more information, refer to https://www.youtube.com/watch?v=CATcY254pP8 .
You will need the latest version of the NSX plugin (as of writing, version 1.0.4) and to install it in your Orchestrator. You can find it here by logging into www.vmware.com and then selecting NSX and then under Drivers & Tools.
To understand NSX, there is a wonderful Hands-on Labs from VMware that you may like to work through: http://www.vmware.com/products/nsx/nsx-hol.html .
This recipe is broken up into two sections: configuring and an example.
- Run the workflow Library | NSX | Configuration | Create NSX endpoint.
- Enter a name for the endpoint.
- The user must be defined as an NSX user (you can also use the admin user you defined when installing the NSX appliance).
- The URL is
https://[FQDNNSX appliance]. - The default settings are fine for the time being. They define how often and how long Orchestrator should try with an NSX operation.
- We need to check if everything has worked. In the Orchestrator Client, click on Inventory and then expand the NSX entry. You should see some items, as shown in the following screenshot:
We will now create a new logical switch in NSX with default settings (unicast and IP discovery). You need an existing Transport Zone for this to work.
- First we need to get the MoRef of the Transport Zone (for MoRefs, see the Introduction to Chapter 12, Working with Vsphere). In Orchestrator Client, click on NSX and browse to the Transport Zone you need.
- The objectId is what you're looking for:
- You can mark and copy this using Ctrl + C.
- Run the workflow Library | NSX | NSX workflows | Create logical switch.
- Select the NSX endpoint you have defined.
- Paste (Ctrl + V) the Transport Zone MoRef.
- Give the network a name and description.
- The Tenant id can be left empty; this is a value that vRealize Automation uses:
- After submitting the workflow, check your NSX in vCenter.
The NSX plugin is a useful tool for automating; however, the workflows that come with the plugin are mostly designed for vRealize Automation. It's important to understand that they return mostly an NSX object, meaning that they need to be modified before they can be used in vSphere or vRA XaaS:
If you want to use the workflows for some kind of automation, you need to use some extra programming. As we saw earlier, you need to provide all the MoRefs of each object. Here is an example of how to do this:
To get all the scopes (Transport Zones) use the following code:
scopes=NSXVdnScopeManager.getVdnScopes(connection);
To show-case this, I have provided an example workflow 11.01 Create logical switch and its two actions: getAllScopes and getScopeIDFromName.
NSX is directly integrated into vRA and is configured and used through the vCenter Endpoint.
To integrate NSX, you need to configure the vCenter Endpoint to allow for NSX integration as well as create a vRO Infrastructure Endpoint, follow these instructions:
- In the vCenter Endpoint, click on the box Specify manager for network and security platform.
- Enter the address of your NSX manager in the form of
https://[FQDN NSX]. - The credentials should be a user who has the rights to manage your NSX.
- Follow the recipe Adding Orchestrator as an Infrastructure Endpoint in Chapter 13, Working with vRealize Automation to add Orchestrator as an Infrastructure endpoint.
For vRA to be able to use the NSX, we need to have at least one transport zone as well as one Distributed Logical Router (DLR).
Please note that you could attach the DLR directly onto the external network if this network would have a VLAN ID other than 0. In my example, I used an extra Edge.
The following is an example of the setup that allows me to create NSX networks that can connect to iNet (see the following figure):
- You need to create a Unicast Transport Zone.
- Create a Unicast Logical Switch on this Transport Zone with the default settings.
- Create an Edge Service Gateway with two interfaces:
- An Uplink to an external network on a Distributed Port Group (
220Net). Use an IP from your external network (192.168.220.90). - An Internal to the Logical Switch you created (
Transport), use the IP that will be the gateway for the Logical Network (192.168.10.1)As the Gateway, you select the Uplink and enter the IP of your external Network Gateway (
192.168.220.2).
- An Uplink to an external network on a Distributed Port Group (
- Create a Distributed Logical Router (DLR) with one interface:
- Connect the HA interface to the Logical Network (
Transport) - Create an Uplink to the Logical Network (
Transport), and use an IP from the Logical Network (192.168.10.10)
- Connect the HA interface to the Logical Network (
- In vRA, go to Infrastructure | Reservation | Network Profiles.
- Create an External Network Profile that matches your External network settings.
- Create an External Network Profile for your Logical network (
Transport) with the DNS setting of your External Network (220Net – Mylab.local). Set the IP of your Edge (192.168.10.1) as the Gateway. - Make sure that you update your data collection so that vRA sees the new DLR you created.
- Assign in the reservation the Transport Zone as well as the DLR with its Logical Network and the External Network Profile.
- You can now create Routed and NATed Network profiles, which you can connect directly to the External Network (
220Net) using its Gateway.