Cloud Services NSX-T Terraform VMware Cloud Director VMware Cloud Provider

What’s new in Terraform VMware Cloud Director Provider 3.3.0

We have a new release of Terraform VMware Cloud Director Provider. Version 3.3.0 is now available, with some substantial improvements. We have expanded support for NSX-T with six new resources and corresponding data sources:

Some of these resources like vcd_nsxt_nat_rule are ready to consume new VCD 10.3 features (Reflexive NAT rule)

The release also introduces roles and rights management, with a dedicated operations guide, that explains what providers and tenants can do with the new resources. There are three resources and four data sources:

  • vcd_role allows providers and tenants to create, modify, and delete roles
  • vcd_global_role allows providers to define roles for tenants
  • vcd_rights_bundle allows providers to manage tenants rights allocation
  • vcd_right allows providers and tenants to inspect individual rights (only data source).

IPsec VPN tunnel in action

VMware Cloud Director (starting with 10.1) supports IPSec VPN. IPSec VPN offers site-to-site connectivity between an edge gateway and remote sites which also use NSX-T Data Center or which have either third-party hardware routers or VPN gateways that support IPSec.

Here is a quick minimal example to configure IPSec VPN Tunnel on NSX-T Edge Gateway using Terraform:

This example uses default security profile, but it can be customized using security_profile_customization block.

A taste of roles management

Global roles are roles templates defined at provider level and inherited by tenants, Using a combination of the new resources and a built-in Terraform function, we can create a new global role by combining the rights of two existing roles, and adding a custom right:

Further information

This 3.3.0 release is hosted in the Terraform registry and supports the latest Terraform 1.0 version.

Provider is available in the registry as of 3.0.0 release.

Documentation can be accessed on the site.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *