NSX - How to automate a 3 Tier App deployment - Part 1
One of the big advantages of the NSX is to a Software Defined Network (SDN) solution given us the ability to code once and execute as many times.
NSX has a really rich and complete REST API documented at VMware API Explorer - NSX 6.4.
There are multiple options to leverage the NSX API:
- Using a REST API Client, as Postman for example
- Going old school with curl
- Using Powershell using cmdlets similar to Invoke-RestMethod or Invoke-WebRequest
- Using python mapping all the API calls similar to what would be done with any other programming language that we would prefer
- Using PowerNSX powershell module that abstracts all the hassle of payload creation and API calls
In these series of posts we will leverage PowerNSX module to simplify the interaction with the NSX Rest API.
Objective
The main objective of this series will be to demonstrate how can we leverage some of the NSX capabilities to facilitate the provision of multiple similar environments in an automated way.
Scenario
We want to be able to deploy and destroy multiple copies of the standardized solution, that we will reference through the series as vPOD. Each of these vPODs will be able to host a 3 Tier App Solution. The main goal is to minimize the deployment/redeployment manual effort to the bare minimum.
Network Diagram
Let us kick this off with a simple network diagram of our vPOD that we will automate in the next few posts:
Requirements
- Each tier will have their own network segment
- Each segment will have their own subnet
- Inter and Intra segment traffic need to be fully secured
- Tiers
- WebApp - Webservers/FrontEnd Servers
- will be the only tier exposed to the public
- tier provides HTTP services
- front-end services will be load balanced across multiple servers
- App - Application/MidTier servers
- tier to host all the app servers
- app servers will be load balanced across multiple servers
- DB- Database tier
- tier hosting all the databases servers with the data used by the app servers
- WebApp - Webservers/FrontEnd Servers
Instead of long post lets divide these in multiple parts
- Create Logical Switches
- Create NSX Edge Service Gateway
- Create NSX Distributed Logic Router
- Configure Distributed Firewall
- Configure NSX Edge Service Gateway
- Configure SNATs & DNATs
- Configure Firewall Rules
The division of the entire process in smaller posts will give some room to detail each step and create a more modular process, where each scripted step can be used individually and re-used.