Using templates with firewall and NAT settings
One of the major problems is that vApp templates do not keep their vApp router settings when they are templated and redeployed. Using templates with firewall and NAT settings is a way around it.
Getting ready
We need a vApp that has been configured with a vApp router and contains some firewall and NAT rules. You can use the vApp you created in the Forwarding an RDP (or SSH) session into an isolated vApp recipe in this chapter.
How to do it...
- Make sure the vApp that you want as a template is stopped.
- Right-click on the vApp and choose Copy to....
- Choose a new Name, OvCD, and a Storage Profile for the vApp:
- The vApp will now be copied.
- After the vApp is copied, you can deploy it. It is now a full copy, including the vApp router rules of the original vApp.
How it works...
It is not the most ideal way to do this, but it works. There are several downsides of this solution. One is that you will need these templates in each organization; you cannot use them centrally. The other one is that users would be able to delete, alter, or otherwise use these templates' VMs. You can use sharing to resolve this problem, but then you lose the user's ability to self provision.
For sharing, see the Sharing a vApp recipe in Chapter 3, Better vApps.
There's more...
Another solution for this problem is to use vCenter Orchestrator to deploy vApp router rules on demand. There are a lot of scripts out there, and I would recommend googling for them. In the following screenshot you can see the existing scripts in the vCenter Orchestrator (vCO) library:
