vRealize Automation 7.3 Dual NIC Support

This post was originally published on this site

VMware vRealize Automation 7.3 introduces the support for two NICs on all nodes. In this blog post, we will cover the steps to configure your vRA environment with dual NICs and look at two vRA 7.3 dual NIC use cases. This blog should be helpful for anyone looking to deploy vRealize Automation 7.3 with dual NICs. The two use cases we will look at are:

  1. Separate User and Infrastructure Networks
  2. Additional NIC for IaaS nodes to join Active Directory Domain

Configure vRealize Automation 7.3 environment with Dual NICs

 

Configuring your vRA environment with dual NICs is easy!

 

Configure Dual NICs on your VA’s:

  1. Add a second NIC to your VA’s. If you’re hosting your VA’s in a vCenter environment, follow these steps:
    1. Log into vCenter
    2. Right click the VA and click Edit Settings
    3. Add an additional “VMXNET 3” NIC to the VA.
  2. Reboot the VA (if it’s currently powered on).
  3. After rebooting, perform the following steps:
    1. Log into the VAMI of your vRA appliance
    2. Click the Network Tab. You will now see two NICs available. Cool!
    3. Click the Address tab
    4. Configure the NIC’s IP address.
  4. If you are deploying an HA environment, make sure you load balance the IP addresses for the second NICs. Details regarding vRA load balancing can be found in the vRealize Automation 7.3 Load Balancing
  5. Make sure your DNS is configured properly so that both VRA IPs on the appliance map to the same FQDN. Both Load Balancer VIPs should also map to the same FQDN. You may need to configure Split DNS on your environment for this. See the tables in the Use Case examples below for a clearer picture of the FQDN to IP mappings.

 

Configure Dual NICs on your IaaS VMs:

  1. Add a second NIC to the IaaS nodes. If you are hosting your IaaS nodes in a vCenter environment, follow these steps:
    1. Log into vCenter
    2. Right click the IaaS VM and click Edit Settings
    3. Add an additional NIC to the VM.
  2. Follow steps from Microsoft to configure the second NIC and its IP address on your Windows IaaS VMs

 

For additional details regarding installing and configuring your vRealize Automation 7.3 environment, refer to the vRealize Automation documentation.

 

Use Case 1: Separate User and Infrastructure networks

 

For this use case, we look at a vRA setup which is configured on a network used to host an organization’s Infrastructure that end users do not have access to. A second NIC is added to the vRA VA’s to provide end users with access to vRA, and prevent them from gaining access to resources configured on the “Infrastructure network”.

 

Topology:

 

Hostname and IP examples:

NOTE: The FQDN of the vRA appliances and VIP must be the same on both networks. Split DNS may be required so that the vRA node’s and VIP’s FQDN on the Infrastructure network resolve to the Infrastructure network IPs, and the vRA node’s and VIP’s FQDN on the User network resolve to the User network IP addresses. See the above table for clarification.

 

Firewall:

In this use case, we are using NSX security policies to block all traffic from the user network to the vRA Nodes and VIP on the User Network side, except for ports 443 (HTTPS) and 8444 (Remote Console).

 

We also configure firewall rules on our NSX Edge Load Balancer for additional security.

 

These settings allow end users to access and use vRealize Automation, and access the remote console for any managed VMs they provision with vRealize Automation. All other ports are blocked to prevent end users from gaining unnecessary access to the VAs.

 

Configuration:

To configure this topology with a vRA HA setup, proceed with the normal vRA HA installation but add the following steps before installing:

  1. Configure your vRA nodes with a second NIC for the User Network and make sure to load balance them
  2. Make sure to set the appropriate firewall rules on the User Network so that users can only access port 443 and 8444 from the user network
  3. Make sure to use the same FQDN’s for both IPs on your vRA appliances, and the same FQDN for both VIPs. Split DNS may be required in order for you to implement this.

If you already have a vRealize Automation 7.3 environment installed and configured, you can add a second NIC to your nodes following the same steps above.

 

Use Case 2: Additional NIC for IaaS nodes to join Active Directory

 

In this Use Case, all nodes in a distributed vRA setup are deployed on an Infrastructure network, but there is no Active Directory server on the Infrastructure network. vRA requires the IaaS nodes be joined to a domain and use domain service accounts to run the IaaS services. So here we have Active Directory deployed on a separate network and need to add a second NIC to our IaaS nodes and attach it to that network, so they can join the domain and use domain service accounts.

Topology:

Hostname and IP examples:

NOTE: The FQDN of all nodes must be the same for both IP addresses in DNS. See the above table.

 

Configuration:

To configure this topology:

  1. Add a second NIC to the IaaS nodes before installing vRA
  2. Join the IaaS nodes to the domain
  3. Ensure the FQDN for each node is the same on both networks in DNS.
  4. When installing vRA, use domain users from the Active Directory you joined your IaaS nodes to, to run the IaaS services.

 

Wrapping things up

 

vRealize Automation 7.3 provides the ability to add a second NIC to your vRA and IaaS nodes. We highlighted two use cases here although using dual NICs is applicable to many different use cases.

For additional details regarding installing and configuring your vRealize Automation 7.3 environment, refer to the vRealize Automation documentation.

 

 

 

The post vRealize Automation 7.3 Dual NIC Support appeared first on VMware Cloud Management.

Leave a Reply

Your email address will not be published. Required fields are marked *