In order to get a complete view of your network traffic flows between applications inside Network Insight, it should know things about your application stacks. This post will go into how to create an integration with vRealize Automation in order to get all new application stacks into Network Insight. This will happen on the moment that an application is deployed from a blueprint, instantly transferring info so every greenfield application will give context in Network Insight.

Disclaimer: This is something I built, it is not officially supported by VMware.

As you may know by now, Network Insight listens to everything going on inside your network and creates intelligible information out of it. You get a crystal clear donut-shaped diagram that tells you, in one view, exactly which applications and workloads communicate with each other. Furthermore, it gives you a set of recommended firewall rules that are applicable to your applications using an advanced learning engine. These recommended firewall rules can be used to create a micro-segmented environment and accelerating the security of your applications significantly.

vRealize Automation

Assuming you already know about vRealize Automation (if not, go read up first 🙂), I’ll dive straight in. As an example, I’ll be using a 3 tiered application blueprint that contains a web server, application server, and database server tier. Of the web and application tiers, there can be multiple VMs deployed but there’s just one database server. They are linked to vSphere templates which will be cloned when a deployment is requested.

We can use this blueprint design to extract the application stack structure and automatically insert that information into Network Insight using its open API. The Blueprint name will be used for the application name and the VM tier names will be used as the tier names inside Network Insight.

Below is a demonstration video on how this process works:

* The first 8,5 minute is around applications within Network Insight. If you want to skip to vRA, skip to 8:23

vRealize Orchestrator

Doing anything that takes information from vRA and pushes it to another system, usually uses vRealize Orchestrator (vRO) as the orchestration/execution engine. This case is no different. There’s currently no vRO plugin that presents you with standard actions that can be used for Network Insight, so I’ll show you the code that can be used in a scripted task. Roughly, this is what happens from a deployment to talking to the Network Insight API:

vRO Workflow

Create a new workflow inside vRO and give it a name that you can remember. This workflow consists only of scripted tasks and will first retrieve information from vRA about the new deployment: name and VMs with tier names. Here’s how it’ll look:

First scriptable task:

  • IN Parameter: payload (Properties type)
  • OUT Parameters: deploymentName (String type), tierInfo (Array type)
  • Script can be found here.

Second scriptable task:

  • IN Parameters: deploymentName (String type), tierInfo (Array type)
  • Script can be found here.

vRealize Automation has to be added into the Orchestrator instance for it to connect to it and get information about the deployments. Use the workflow vRealize Automation -> Configuration -> Add a vRA host to do so.

If you want to make it easier, you can also import it into vRO from this file:
vRA-New-Application-to-NetworkInsight.workflow
(md5 checksum = 41759bbe4952200a514e2d2601a5c6ff)

Workflow Step-by-Step

I’ll explain exactly what I’m doing here, going through the scriptable tasks step by step.

Scriptable Task 1

This uses the built-in functions to connect to vRA and retrieve information on the deployment that is given to the workflow. The payload variable contains a key named catalogRequestId, which contains the ID of the deployment. The response variable will contain the deployment info, including the VMs.

Here we parse the response variable and look for VM components and the deployment name and store these in variables.

We’ve stored info VM specific so far, but we want to be tier specific. The Network Insight API calls are going to be per tier. After structuring the right variables, deploymentName and tierInfo will be passed onto the second scriptable task.

Scriptable Task 2

This first part creates a few objects to manage REST calls and then requests a authentication from Network Insight. Don’t forgot to modify the first 2 lines and point them towards your own Network Insight instance.

We’ve now created the application container inside Network Insight and saved the appEntityID which is returned on a successfull creation.

The final piece creates the tiers using the appEntityID to create them under. It received the wanted tier names and the included VMs and builds a VM name filter to use in this new tier, referencing the VMs that were created.

vRealize Automation Event Broker

vRO is called when vRA finishes the deployment of the VMs and the infrastructure (networking, storage, compute) via the Event Broker. This is a model inside vRA where you can subscribe to certain events and start vRO workflows when that event happens. In our case, we need the Blueprint request completed event, which will execute when a deployment has finished and all VMs are running.

To create this subscription, go to AdministrationEvents and then Subscriptions. Create a subscription there with the above mentioned event and select your workflow.

 

Watch it in action!

Once you’ve set up the workflow and subscribed it to the Event Broker, go ahead and do a deployment to see if it works. In the end, you should see something like this in both vRA and Network Insight:

App in vRA App in Network Insight

Conclusion

If you’ve come this far; thanks for sticking with me! Network Insight integrations are an important part of gaining control of your application landscape and help keep it secure. This (long) post was based on customer demand which involved vRealize Automation. However, because the Network Insight API can be called from anything that supports HTTP calls; you can integrate any automation/orchestration product.

Let me know if you looking at other integrations, always good to see what you’re doing with the Network Insight API! 🙂



Share the wealth!