Create a Network Profile with Isolation
To create a network profile with isolation, you make a POST request and specify the isolation type.
To create either private networks without access to outside networks or outbound networks with one-way access to upstream networks, you create a network profile with isolation enabled by either using a subnet or security groups. This procedure provides the steps to create a network that supports isolation using a subnet, and includes optional steps that show how to create the network using an external subnet or using security groups.
Prerequisites
- Verify that all general prerequisites have been satisfied. See Prerequisites for working with the vRealize Automation Cloud Assembly APIs.
- Verify that you have the cloud account ID for the new cloud account that you added. See Adding Cloud Accounts.
- Verify that you have the region ID for the regions you want to include in the profile. See the procedure Create Network Profiles.
- Verify that you have the IDs for the networks you want to include in the profile. See the procedure in Create Network Profiles.
Procedure
Example: Create three types of network profiles with isolation
The following example includes the requests used to create a network that supports isolation using a subnet, using an external subnet, and using security groups.
$ url='https://appliance.domain.com'
$ api_version='2021-07-15'
$ cloud_account_id='c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c4033013bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d'
$ region_id='37d6c1acf4a8275586468873c739'Filter for network domains associated with the cloud account ID and in the external region ID us-east-1.
curl -X GET -H 'Content-Type: application/json' -H "Authorization: Bearer $access_token" "$url/iaas/api/network-domains?apiVersion=$api_version&"'$filter='"externalRegionId%20eq%20'us-east-1'%20and%20cloudAccountId%20eq%20'$cloud_account_id'" | jq "."
A snippet of the response shows the ID for a network domain that you can include in your network profile.
...
"externalId": "vpc-4511a53d",
"name": "rainpole-dev",
"id": "233df662ec3b4875575931653ef00",
"createdAt": "2021-08-02",
"updatedAt": "2021-08-02",
"organizationId": "8327d53f-91ea-420a-8613-ba8f3149db95",
"orgId": "8327d53f-91ea-420a-8613-ba8f3149db95",
"_links": {
"cloud-accounts": {
"hrefs": [
"/iaas/api/cloud-accounts/c8c3c9bfdb449475-7f703c5265a63d87-f8e705d89b2569e1aac66c6d00bf4fc7ef4b1c44100f0e944af31eb8ba3d2a5a-5a45a4b9d5c72475575931611aa28",
"/iaas/api/cloud-accounts/c8c3c9bfdb449475-7f703c5265a63d87-5fa34c478df36b060e1ca3551254c4033013bf3283908e4661cd1c6fb2f8b9ae-ce5aad01092b47558644f6b6615d"
]
},
"self": {
"href": "/iaas/api/network-domains/233df662ec3b4875575931653ef00"
...
With the IDs of fabric networks that you want to include in your profile and the network domain ID you want to include, create a network profile named example-network-profile-with-isolation-by-subnet.
$ curl -X POST \
$url/iaas/api/network-profiles?apiVersion=$api_version \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $access_token" \
-d '{
"name":"example-network-profile-with-isolation-by-subnet",
"description":"Example Network Profile",
"regionId":"'$region_id'",
"isolationType" : "SUBNET",
"isolationNetworkDomainId" : "233df662ec3b4875575931653ef00",
"isolatedNetworkCIDRPrefix" : "27",
"fabricNetworkIds": [
"c19bd2921af95075575931654066a",
"8fe650cc09d0627558d55c9ba1793"
],
"tags": [ { "key": "env", "value": "prod" } ]
}' | jq "."
A snippet of the response shows the network profile ID.
...
"name": "example-network-profile-with-isolation-by-subnet",
"description": "Example Network Profile",
"id": "2065036880e1c47558f1693558870",
"updatedAt": "2021-08-02",
...
You can also create a network profile named example-network-profile-with-isolation-by-external-subnet.
$ curl -X POST \
$url/iaas/api/network-profiles?apiVersion=$api_version \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $access_token" \
-d '{
"name":"example-network-profile-with-isolation-by-external-subnet",
"description":"Example Network Profile",
"regionId":"'$region_id'",
"isolationType" : "SUBNET",
"isolationNetworkDomainId" : "233df662ec3b4875575931653ef00",
"isolatedNetworkCIDRPrefix" : "27",
"isolationExternalFabricNetworkId": "c19bd2921af95075575931654066a",
"fabricNetworkIds": [
"c19bd2921af95075575931654066a",
"8fe650cc09d0627558d55c9ba1793"
],
"tags": [ { "key": "env", "value": "prod" } ]
}' | jq "."
A snippet of the response shows the network profile ID.
...
"name": "example-network-profile-with-isolation-by-external-subnet",
"description": "Example Network Profile",
"id": "2065036880e1c47558f16bd085288",
"updatedAt": "2021-08-02",
...
You can also create a network profile named example-network-profile-with-isolation-by-security-group. Because this isolation does not use a subnet, this request does not use a network domain ID.
$ curl -X POST \
$url/iaas/api/network-profiles?apiVersion=$api_version \
-H 'Content-Type: application/json' \
-H "Authorization: Bearer $access_token" \
-d '{
"name":"example-network-profile-with-isolation-by-security-group",
"description":"Example Network Profile",
"regionId":"'$region_id'",
"isolationType" : "SECURITY_GROUP",
"fabricNetworkIds": [
"c19bd2921af95075575931654066a",
"8fe650cc09d0627558d55c9ba1793"
],
"tags": [ { "key": "env", "value": "prod" } ]
}' | jq "."
A snippet of the response shows the network profile ID.
...
"name": "example-network-profile-with-isolation-by-security-group",
"description": "Example Network Profile",
"id": "bdab0d4c28af6e7558f16c78f5468",
"updatedAt": "2021-08-02",
...