Network Designer workspace overview

The Network Designer workspace enables you to create, edit, and delete network blueprints. 


A network blueprint is a topology blueprint used to carve out logical network isolations from physical devices. You can create simple network blueprints that set up a public-facing subnet to host a web application, or more complex blueprints that connect public cloud resources in a private, non-Internet facing corporate datacenter.

The following video (5:39) presentation provides an overview of the Network Designer workspace.

 https://youtu.be/mjouizmShYk

To create a network blueprint

Follow this procedure to create a new network blueprint.

  1. From the BMC Cloud Lifecycle Management Administration Console, click the vertical Workspaces menu on the left side of the window and select Network Designer.

     
  2. In the Network Designer workspace, click Create New.

    The Network Designer canvas is displayed. The following icons indicate the available components you can use to build your network blueprint. 

    IconDescription

     

    Isolation boundary - Represents the scope of the logical hosting environment being modeled by the network blueprint. Entries in the route table are managed automatically based on connections drawn between networks in the network blueprint.  

    In AWS, the Isolation Boundary represents the Virtual Private Cloud (VPC). Note that within every AWS VPC, there is an implicit router responsible for traffic between all VPC subnets. 

    Internet - Creates an object representing the Internet, which can be configured to allow nodes inside the Isolation Boundary to access nodes outside of it using the Internet.

    By default, the Internet object has a value for the address range that represents the entire addressable space. However, a more restrictive (single) address range can be specified, perhaps representing a particular external network (when not using a VPN tunnel).

    Network - Represents a contiguous address range to which workloads can be attached. At least one network must be included in the Isolation Boundary. A network can be public or private, and can be configured for Network Address Translation (NAT).

    In AWS, a network represents a VPC subnet, designated as Public or Private.

    Note

    Routing for networks is driven by an implicit router (which is not represented in a network blueprint). Routing rules are managed by the Layer 3 connectivity lines you draw between networks, which are then applied to the routing table(s) for the networks.

    Edge gateway - Provides egress from and ingress into the Isolation Boundary, either to the Internet or to a corporate network using a VPN tunnel (based on settings). Place this object within the Isolation Boundary.

    For an AWS environment, this object represents an Internet Gateway or a VPN Gateway object within the VPC, depending on the type specified.

    Enterprise gateway - Represents the enterprise end of a VPN tunnel. Place the gateway outside the Isolation Boundary and connect it to an Edge Gateway within the Isolation Boundary to model a VPN tunnel.

    You configure the settings of the VPN by selecting the connection line on the canvas. Attach a subnet to the gateway to represent address ranges in the enterprise network that will have access to subnets within the Isolation Boundary.  

    For an AWS environment, this object represents a Customer Gateway.

    Perimeter firewall - Represents a logical, stateless, edge firewall service with visibility into network traffic (as opposed to workload-specific traffic).  

    For an AWS environment, a single Perimeter Firewall object represents (potentially multiple) AWS Network ACLs.

    Distributed firewall - Represents a logical, stateful distributed firewall service with visibility into workload-specific traffic (as opposed to network traffic).  

    For an AWS environment, a single Distributed Firewall object represents (potentially multiple) AWS Security Groups.

    Load balancer - Represents a logical load balancer, which distributes traffic across multiple server workloads for scalability and redundancy. These objects are connected on the:

    • Server side to subnets, where the server workloads reside
    • Client side to subnets (or edge gateways) from which clients connect to the load balanced service

    In AWS, these objects do not represent an Elastic Load Balancer (ELB), but are Load Balancer Pools in service blueprints that actually correlate to AWS ELBs. AWS obviates the component that equates to an on-premise logical load balancer. However, BMC Cloud Lifecycle Management still requires the creation of these logical load balancers to:

    • Identify Network Containers and Logical Hosting Environments that allow load balancing services (bronze versus silver level containers)
    • Govern the networks to which the Load Balancer Pools (or ELBs, in the case of AWS) may be connected during service instance provisioning.

    Domain Name System – Represents a domain name system (DNS), which is used to resolve the host name of a server.

    Servers provisioned in AWS are registered in the DNS that exists in the on-premises data center by using their public or private IP addresses. The servers are also enrolled in BMC Server Automation by using the same host name that was used to register in the DNS. This configuration ensures that BMC Server Automation can communicate to the servers using their host names instead of IP addresses. Using host names allows for the public IP addresses of such servers to change without affecting their connectivity with the BMC Server Automation server.

    Notes about DNS:

    • DNS support is provided on the isolation boundary and at the network level.
    • A DNS cannot connect to more than one data center or network.
    • Only one DNS can be connected to one network or isolation boundary. 
    • The DNS you enter in a network blueprint or when creating a logical hosting environment (LHE) cannot be modified. If you want to modify a DNS, you must delete the existing DNS entry first. In the network blueprint, you can modify the DNS details anytime. For the LHE level, you must delete existing DNS details and then, without saving, enter new DNS details in DNS Registration Details tab and at the LHE network level.
    • In a network blueprint, you cannot add more than one DNS for more than one network. (For example, Network 1 includes DNS 1, and Network 2 include DNS 2.) But you can add a different DNS when creating the LHE at the network level. 
    • At the LHE level, you can change the Enable DNS Registration check box (on a Create or Modify Logical hosting environment dialog box) even after workload is running on that LHE, but you cannot change the Enable External DNS check box if workload is running on the network.

    For information about creating an LHE (also called a logical data center) as mentioned in the notes above, see Creating a Logical Data Center for Amazon Web Services.

  3. Add, define, and connect components in the network blueprint. Use either of the following methods to add a network component on the canvas:
    1. Click the network component icon from the component list on the left; the network component icon appears on the canvas.
    2. Drag a network component icon from the component list and drop the component icon to the desired location on the canvas.
  4. Ensure that the icons are positioned in the desired location on the canvas.
  5. Draw connection lines between the objects.
  6. Check the Design Issues label to ensure that the network blueprint has been properly configured. If there are design issues, hover over the Design Issues label to see a list of the issues. 

    You can save a blueprint with Design Issues, but will not be able to check it in until the issues are resolved.
  7. Click Save.
  8. Enter a unique name for your blueprint to describe the network.
  9. Click Create.

Related topic

Creating and managing network blueprints using the Network Designer

Was this page helpful? Yes No Submitting... Thank you

Comments