System Administration vRealize Automation 6.
System Administration You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2008–2016 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents System Administration Updated Information 5 6 1 Configuring vRealize Automation 7 Configuring System Settings 7 Configure Branding for the vRealize Automation Console Configuring Global Email Servers for Notifications Configuring IaaS 7 8 10 Setting Resource-Intensive Concurrency Limits 10 Configuring Templates for Automatic IaaS Emails Enabling Remote Desktop Connections 14 18 Enabling Users to Select Datacenter Locations Enabling Visual Basic Scripts in Provisioning The Customer Expe
System Administration Brand Tenant Login Pages Install a Hotfix 47 48 Updating vRealize Automation Certificates 49 Extracting Certificates and Private Keys 50 Update vRealize Automation Certificates when all are Expired Updating the Identity Appliance Certificate 51 Updating the vRealize Appliance Certificate Updating the IaaS Certificate 54 58 Replace the Identity Appliance Management Site Certificate Updating the vRealize Appliance Management Site Certificate Replace a Management Agent Certif
System Administration System Administration tells you how to customize, configure, and manage vRealize Automation. It includes information about customizing the vRealize Appliance and VMware Infrastructure as a Service servers as well as information about managing tenants, using the bulk import feature, and performing backup and restore procedures. Note Not all features and capabilities of vRealize Automation are available in all editions. For a comparison of feature sets in each edition, see https://www.
Updated Information This System Administration guide for vRealize Automation is updated with each release of the product or when necessary. This table provides the update history of the System Administration guide. Revision EN-001648-08 Description n Updated Modify an Existing Automatic Email Template. n Updated Customize the Date for Email Notification for Machine Expiration. n Added Install a Hotfix. n Added Resolve Certificate Revocation Errors.
Configuring vRealize Automation 1 System administrators can change the appearance of the vRealize Automation console, configure notifications for the vRealize Automation appliance, and configure Infrastructure as a Service features.
System Administration 3 Create a banner. a Click Choose File to upload a logo image. b Follow the prompts to finish creating the banner. 4 Click Next. 5 Type the copyright information in the Copyright notice text box and press Enter to preview your selection. 6 (Optional) Type the URL to your privacy policy in the Privacy policy link text box and press Enter to preview your selection.
System Administration 9 Type the name of the server in the Server Name text box. 10 Type the server port number in the Server Port text box. 11 Type the folder name for emails in the Folder Name text box. This option is required only if you choose IMAP server protocol. 12 Enter a user name in the User Name text box. 13 Enter a password in the Password text box. 14 Type the email address that vRealize Automation users can reply to in the Email Address text box.
System Administration 10 (Optional) Select the Required check box if the server requires authentication. a Type a user name in the User Name text box. b Type a password in the Password text box. 11 Type the email address that vRealize Automation emails should appear to originate from in the Sender Address text box. This email address corresponds to the user name and password you supplied. 12 Choose whether vRealize Automation can accept self-signed certificates from the email server.
System Administration n Any limit within the virtualization platform or cloud service account on the number of vRealize Automation work items (resource-intensive or not) that can be executed concurrently. For example, the default limit in vCenter Server is four, with work items beyond this limit being queued. By default, vRealize Automation limits concurrent virtual provisioning activities for hypervisors that use proxy agents to two per proxy agent.
System Administration Depending on the resources and circumstances at your site, however, it may be possible to raise the configured limit while maintaining fast enough performance to take advantage of concurrency in proxy data collection. Although raising the limit can increase the time required for a single data collection, this might be outweighed by the ability to collect more information from more compute resources and machines at one time.
System Administration 4 Save and close the file. 5 Select Start > Administrative Tools > Services. 6 Stop and then restart the vRealize Automation service. 7 (Optional) If vRealize Automation is running in High Availability mode, any changes made to the ManagerService.exe.config file after installation must be made on both the primary and failover servers.
System Administration 5 Stop and then restart the vCloud Automation Center service. 6 (Optional) If vRealize Automation is running in High Availability mode, any changes made to the ManagerService.exe.config file after installation must be made on both the primary and failover servers. Configuring Templates for Automatic IaaS Emails You can configure the templates for automatic notification emails sent to machine owners by the IaaS service about events involving their machines.
System Administration The WebsiteURIInbox object returns the URL of the Inbox tab on the vRealize Automation console, for example https://vcac.mycompany.com/shell-ui-app/org/mytenant/#cafe.work.items.list. To use this object to provide a link to the My Inbox page in the console, consider the following sample lines. Click here for your assigned tasks.
System Administration If the machine does not have the Image.WIM.Name property, nothing is returned. The VirtualMachineTemplateEx object returns a specific item of information about the source blueprint of the machine associated with the even triggering the email. The information is determined by the attribute provided with the object; see the table Selected Attributes of the VirtualMachineTemplateEx Email Object for more information.
System Administration n Examples for customizing email templates in vRealize Automation (2102019) To modify the email notification setting for machine expirations, use the vRealize Automation Global Properties page. See Customize the Date for Email Notification for Machine Expiration.
System Administration 4 Change the value of DaysNotificationBeforeExpire to the number of days prior to machine expiration that you want the email sent. The default is 7. This setting requires that the LeaseExpired option is set to true. You can set separate values for owners and managers. Enabling Remote Desktop Connections A system administrator can create a custom remote desktop protocol file that tenant administrators and business group managers use in blueprints to configure RDP settings.
System Administration 4 Add RDP settings to the file. For example, connect to console:i:1. 5 If you are working in a distributed environment, log in as a user with administrative privileges to the IaaS Host Machine where the Model Manager Website component is installed. 6 Copy the Console.rdp file to the directory \Website\Rdp. What to do next See Enabling Remote Desktop Connections for an overview of steps and options for making RDP connections available.
System Administration 3 Save and close the file. 4 Restart the manager service. A fabric administrator can edit a compute resource to associate it with a location. See IaaS Configuration for Cloud Platforms or IaaS Configuration for Virtual Platforms. Removing Datacenter Locations To remove a datacenter location from a user menu, a system administrator must remove the location information from the locations file and a fabric administrator must remove location information from the compute resource.
System Administration 2 A system administrator creates Visual Basic scripts and places them on the system where the EPI agent is installed. 3 Gather the following information for tenant administrators and business group managers for each Visual Basic script: n The complete path to the Visual Basic script, including the filename and extension. For example, %System Drive%Program Files (x86)\VMware\vCAC Agents\EPI_Agents\Scripts\SendEmail.vbs.
System Administration Configure Data Collection Time You can set the day and time when the Customer Experience Improvement Program (CEIP) sends data to VMware. Procedure 1 Log in to a console session on the vRealize Appliance as root. 2 Open the following file in a text editor. /etc/telemetry/telemetry-collector-vami.properties 3 Edit the properties for day of week (dow) and hour of day (hod). Property Description frequency.dow= Day when data collection occurs. frequency.
Configure the vRealize Automation Appliance Database 2 The vRealize Automation system has been updated to use an internal database that now offers clustering and streaming replication. Users must update new and existing vRealize Automation 6.x systems to use this new Appliance Database. Designate one vRealize Appliance as the primary Appliance Database machine and the second as the secondary Appliance Database machine. When configured correctly, each appliance can support the Appliance Database as needed.
System Administration 5 Test Appliance Database Failback Test that failback from the secondary appliance database machine to the primary machine functions. Configure Database Virtual IP Configure the database virtual IP (VIP) as appropriate for your system configuration in accordance with VMware guidelines. The appropriate virtual IP for your system depends upon numerous factors, including whether or not it uses a load balancer. Most distributed production systems use a load balancer.
System Administration 5 Unzip the 2108923_dbCluster.zip file that you downloaded from the VMware Knowledge Base and copy the 2108923_dbCluster.tar file to the appliance. 6 Extract the configureDisk.sh and pgClusterSetup.sh files using the tar xvf 2108923_dbCluster.tar command. # tar xvf 2108923_dbCluster.tar configureDisk.sh pgClusterSetup.sh 7 Locate the disk you added using the parted -1 command. Note For a fresh vRealize Automation deployment, the disk name should be /dev/sdd.
System Administration For example, ./pgClusterSetup.sh -d pgCluster.domain.local -w changeMe1! -r changeMe1! -p changeMe1! Note If you are using a load balancer virtual IP, specify the -D parameter using the IP address of the virtual IP. # ./pgClusterSetup.sh -d dbCluster.domain.local -w changeMe1! -r changeMe1! -p changeMe1! ... 11.
System Administration Option Value [-W] Prompt for the password of the user performing the replication. [-U] The user performing the replication. Generally this user is replicate. For example: # su - postgres /opt/vmware/vpostgres/current/share/run_as_replica -h app1.domain.local -b -W -U replicate 3 Enter the replicate user password when prompted. 4 Type "yes" after verifying the thumb print of the primary machine when prompted. 5 Enter the postgres user password when prompted.
System Administration 4 Run the /opt/vmware/vpostgres/current/share/promote_replica_to_primary command as the postgres user to promote the replica database to master. su - postgres /opt/vmware/vpostgres/current/share/promote_replica_to_primary server promoting Note After running this command, the replica database on the secondary appliance becomes the master. The appliance database on the original primary appliance does not become an actual replica until you run the run_as_replica command.
System Administration For this test, the appliance database is failed back from the secondary appliance to the original primary appliance. Prerequisites The appliance database is installed and configured as described in vRealize Automation Installation and Configuration. Procedure 1 Log in to the replica appliance machine, which currently contains the master appliance database, as root using SSH. 2 Stop the vpostgres service using the service postgres stop command.
Perform an Appliance Database Failover 3 If your designated primary Appliance Database fails, implement a failover to the designated replica database on the secondary appliance to maintain system operation. Prerequisites Configure the Appliance Database as applicable for your system configuration. See Chapter 2 Configure the vRealize Automation Appliance Database. Procedure 1 If possible, log in to the appliance hosting the primary Appliance Database as root using SSH.
System Administration 4 Configure the database virtual IP for the new Appliance Database configuration. VIP Configuration Option Procedure If you are using a DNS entry for the Appliance Database, change the DNS entry point as appropriate for your system. 1 Modify the IP of the DNS entry to point at the new primary appliance. 2 Log in to each vRealize Appliance as root and execute a service network restart. 1 Disable the old primary node. 2 Enable the new primary node.
Validate Appliance Database Replication 4 When testing failover or failback of the Appliance Database, validate that the database was replicated correctly. After configuring the Appliance Database on designated master and replica appliance host machines, test that the database on either machine can function with your system. Prerequisites Procedure 1 Log in to the appliance that contains the primary or master database. 2 Run the ps -ef |grep wal command to validate that the WAL process is running.
System Administration 6 Run the pg_is_in_recovery command to validate that the replica database is read only. su - postgres /opt/vmware/vpostgres/current/bin/psql vcac SELECT pg_is_in_recovery () ; The command returns t for true. vcac=# SELECT pg_is_in_recovery () ; pg_is_in_recovery ---------------------t (1 row) 7 Quit psql using the \q command. VMware, Inc.
Bulk Import, Update, or Migrate Virtual Machines 5 You can use the Bulk Import feature to import one or more virtual machines to a vRealize Automation deployment. You can also use ths feature to update one or more virtual machines without the need to reimport them or to migrate machines from one environment to another. The Bulk Import feature imports virtual machines intact with defining data such as reservation, storage path, blueprint, owner, and any custom properties.
System Administration 3 Import, Update, or Migrate One or More Virtual Machines After you edit the virtual machine CSV data file, you can import, update, or migrate one or more virtual machines into a vRealize Automation deployment. Generate Virtual Machine CSV Data File You generate a virtual machine CSV data file to import, update, or migrate virtual machines to a vRealize Automation deployment.
System Administration 8 Select the name of the virtual machine resource from the Name drop-down menu. 9 Click OK. Edit Virtual Machine CSV Data File Before you import or update one or more virtual machines, you must edit the virtual machine CSV data file so that each machine value matches a value that exists in the target deployment. If you are migrating a virtual machine from one environment to another, editing is optional.
System Administration Custom properties ensure that each managed machine is imported with all of the machine properties from the previous environment. The custom properties vary from machine to machine, and there is no standard set of custom properties that appear for each machine by default. 2 If you are importing a virtual machine with a static IP address, append a command in the following form to the CSV file. ,VirtualMachine.Network#.Address, w.x.y.
System Administration 5 Import the file using these options. n Select Now to begin the import, update, or migrate process immediately. n Select a start date and time in the Start time drop-down menu. Note The specified start time is the server's local time and not the local time of the user's workstation. n Select the number of seconds to delay each virtual machine registration in the Delay (seconds) drop-down menu. Note To specify no delay, leave the option blank.
Managing vRealize Automation 6 The system administrator configures a default tenant for the vRealize Automation. They can update SSL certificates and licenses, and monitor logs, services, and license usage.
System Administration Table 6‑1. Tenant Configuration Configuration Area Description Login URL Each tenant has a unique URL to the vRealize Automation console.
System Administration The system administrator performs the initial configuration of single sign-on and basic tenant setup, including designating at least one identity store and a tenant administrator for each tenant. Thereafter, a tenant administrator can configure additional identity stores and assign roles to users or groups from the identity stores. Tenant administrators can also create custom groups within their own tenant and add users and groups defined in the identity store to custom groups.
System Administration Figure 6‑1. Single-Tenant Example http://vra.mycompany.com/vcac/ Default Tenant (Tenant config) Business group mgr Tenant admin Business Group • User management • Tenant branding • Tenant notification providers • Approval policies • Catalog management Business goup mgr Business Group http://vra.mycompany.
System Administration Table 6‑2. Multitenant Deployment Examples Example Description Manage infrastructure configuration only in the default tenant In this example, all infrastructure is centrally managed by IaaS administrators and fabric administrators in the default tenant. The shared infrastructure resources are assigned to the users in each tenant by using reservations.
System Administration The following diagram shows a multitenant deployment where each tenant manages their own infrastructure. The system administrator is the only user who logs in to the default tenant to manage system-wide configuration and create tenants. Each tenant has an IaaS administrator, who can create fabric groups and appoint fabric administrators with their respective tenants.
System Administration 2 Configure Identity Stores Each tenant must be associated with at least one identity store. Identity stores can be OpenLDAP or Active Directory. Use of Native Active Directory is also supported for the default tenant. 3 Appoint Administrators You can appoint one or more tenant administrators and IaaS administrators from the identity stores you configured for a tenant.
System Administration Procedure 1 Click the Add icon ( 2 Enter a name in the Name text box. 3 Select the type of identity store from the Type drop-down menu. 4 Enter the URL for the identity store in the URL text box. ). For example, ldap://ldap.mycompany.com:389 . 5 Enter the domain for the identity store in the Domain text box. 6 (Optional) Enter the domain alias in the Domain Alias text box.
System Administration Prerequisites n Configure Identity Stores. n Before you appoint IaaS administrators, you must install IaaS. For more information about installation, see Installation and Configuration. Procedure 1 Enter the name of a user or group in the Tenant Administrators search box and press Enter. For faster results, enter the entire user or group name, for example myAdmins@mycompany.domain. Repeat this step to appoint additional tenant administrators.
System Administration What to do next Verify that the tenant login page is appropriately branded by logging in and accessing the updated tenant. Install a Hotfix Technical support for your vRealize Automation installation might involve a software patch, or hotfix, that you can install using the vRealize Appliance management interface. The hotfix installer cannot patch the following vRealize Automation components.
System Administration Updating vRealize Automation Certificates A system administrator can replace certificates for vRealize Automation components. Typically, you replace a certificate to switch from self-signed certificates to certificates provided by a certificate authority or when a certificate expires. When you replace a certificate for a vRealize Automation component, components that have a dependency on this certificate are affected.
System Administration In addition to certificates for the Identity Appliance, the vRealize Appliance, IaaS Website components, and Manager Service components, your deployment can have certificates for the Identity Appliance management site and the vRealize Appliance management site. Management Agents also have certificates. Each IaaS machine runs a Management Agent.
System Administration 2 Replace the Identity Appliance certificate. See Update the vRealize Appliance with the Identity Appliance Certificate. 3 Update the Identity Appliance trust relationship. See . Update the vRealize Appliance with the Identity Appliance Certificate 4 Replace the vRealize Appliance certificate on all appliances. See Replace a Certificate in the vRealize Appliance. 5 Update SSO registration for all instances of the vRealize Appliance.
System Administration 2 Update the vRealize Appliance with the Identity Appliance Certificate After the Identity Appliance certificate is updated, the system administrator updates the vRealize Appliance with the new certificate information. This process reestablishes trusted communications between the virtual appliances. Replace a Certificate in the Identity Appliance The system administrator can replace a self-signed certificate with one from a certificate authority.
System Administration 4 Select the certificate type from the Choose Action menu. If you are using a PEM-encoded certificate, for example for a distributed environment, select Import PEM Encoded Certificate. Certificates that you import must be trusted and must also be applicable to all instances of vRealize Appliance and any load balancer by using Subject Alternative Name (SAN) certificates.
System Administration Prerequisites Replace a Certificate in the Identity Appliance. Procedure 1 Start Putty or another Unix SSL remote login tool. 2 Log in to the vRealize Appliance with user name root and the password you specified when deploying the appliance. 3 Execute the import-certificate command: /usr/sbin/vcac-config import-certificate --alias websso --url https://identityhostname.domain.
System Administration Replace a Certificate in the vRealize Appliance The system administrator can replace a self-signed certificate with a trusted one from a certificate authority. You can use Subject Alternative Name (SAN) certificates, wildcard certificates, or any other method of multi-use certification appropriate for your environment as long as you satisfy the trust requirements.
System Administration 5 Select the certificate type from the Certificate Action menu. If you are using a PEM-encoded certificate, for example for a distributed environment, select Import. Certificates that you import must be trusted and must also be applicable to all instances of vRealize Appliance and any load balancer through the use of Subject Alternative Name (SAN) certificates.
System Administration Prerequisites Replace a Certificate in the vRealize Appliance. Procedure 1 Navigate to the vRealize Appliance management console by using its fully qualified domain name, https://vra-va-hostname.domain.name:5480/. 2 Log in with user name root and the password you specified when deploying the Identity Appliance. 3 Go to vRA Settings > SSO. 4 Verify that the fully qualified name for the Identity Appliance, identity-va-hostname.domain.name, appears in the SSO Host text box.
System Administration Procedure 1 Open a command prompt as an administrator and navigate to the Cafe directory on the Model Manager Data installation machine. C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe 2 Type the following command to update the IaaS database with the certificate information in one step. Supply the IaaS database name (vcac, by default) and the fully qualified domain name of the database server. vcac-Config.
System Administration Replace the Internet Information Services Certificate The system administrator can replace an expired certificate or a self-signed certificate with one from a certificate authority to ensure security in a distributed deployment environment. You can use a Subject Alternative Name (SAN) certificate on multiple machines.
System Administration As part of updating an IaaS certificate, you must register the new certificate with the vRealize Appliance. You can use the hostname or IP address of the IaaS machines in the following commands. If you are using a load balancer, supply the host name of the load balancer instead. Note that URL paths are casesensitive. If you encounter errors, see the troubleshooting section in the installation documentation. Prerequisites Replace the Internet Information Services Certificate.
System Administration Prerequisites n Obtain the server name and IP address of the server that runs the IaaS Manager Service. n If necessary, convert the template on which the Guest Agent is installed to a virtual machine. Procedure 1 Run the operating system appropriate commands in an elevated command prompt. Option Description Windows Run the following commands: Linux 2 a cd c:\vrmguestagent b echo | openssl s_client -connect manager_service_load_balancer.mycompany.
System Administration 4 Run the following command to restart the lighttpd server. service vami-lighttp restart 5 Login to the management console and validate that the certificate is replaced. You might need to restart your browser. The new Identity Appliance management site certificate is installed.
System Administration Replace the vRealize Automation Appliance Management Site Certificate The vRealize Appliance uses lighttpd to run its own management site. You can replace the SSL certificate of the management site service if your certificate expires or if you are using a self-signed certificate and your company security policy requires you to use its SSL certificates. You secure the management site service on port 5480.
System Administration For information about automatic update, see Automatically Update Management Agents in a Distributed Environment to Recognize a vRealize Appliance Management Site Certificate.
System Administration 4 Change the thumbprint to the SHA1 thumbprint of the new certificate. For example: 5 If there are other managementEndpoint entries, delete them. 6 Start the VMware vCloud Automation Center Management Agent service.
System Administration Each IaaS host runs its own Management Agent. Repeat this procedure on each IaaS node whose Management Agent you want to update. Prerequisites n Before you replace a Management Agent certificate, remove its entry from the Distributed Deployment Information table. Note the Management Agent identifier in the Node ID column before you remove the record. You use this identifier when you create the new Management Agent certificate and when you register it.
System Administration 3 Register the Management Agent certificate with the vRealize Appliance management site. a Open a command prompt as an administrator and navigate to the Cafe directory on the machine on which the Management Agent is installed at \Management Agent\Tools\Cafe, typically C:\Program Files (x86)\VMware\vCAC\Management Agent\Tools\Cafe b Type the Vcac-Config.
System Administration Certificate revocation errors will result in certificates not being trusted which prevents your remote server from authenticating. You can determine if certificate revocation errors are causing problems by running the Windows vcac-config command CheckServerCertificates and then examining the log files. If you make this change to configure your deployment to accept revoked certificates, these certificates are accepted until their expiration date.
System Administration View the Event Log The Event Log displays alert and audit events for tenants. Advanced search capabilities are available. Prerequisites n Log in to the vRealize Automation console as a system administrator. Procedure 1 Select Administration > Event Logs. 2 (Optional) Click Advanced Search, specify information for the event you are looking for and click the Search icon. 3 Select an event and click View Details.
System Administration You can use this table to monitor activity in your deployment. For example, if the Last Connected column indicates a host has not connected recently, that can be an indication of a problem with the host server. Log Collection You can create a zip file that contains log files for all hosts in your deployment. For more information, see Collect Logs for Clusters and Distributed Deployments.
System Administration 5 Open a command prompt and type a command of the following form, using the node ID you previously copied. /usr/sbin/vcac-config cluster-config-node --action delete --id node-UID 6 Click Refresh. The node no longer appears in the display. vRealize Automation Services A system administrator can view the status of vRealize Automation services from the Event Log on the system administrator console. Subsets of services are required to run individual product components.
System Administration Table 6‑9. Service Catalog Group (Governance Services) (Continued) Service Description approval-service Approval Service catalog-service Service Catalog Table 6‑10. IaaS Services Group Service Description iaas-proxy-provider IaaS Proxy iaas-server IaaS Windows machine Table 6‑11.
System Administration 4 (Optional) If you are running a distributed deployment, start the secondary virtual appliances and wait for the startup to finish. You must wait for one appliance to boot before you start up another appliance. Make sure that all services, besides IaaS and vRealize Orchestrator, are running on the appliance before you start another appliance. 5 Start the primary Web node and wait for the startup to finish.
System Administration 2 Restart the primary vRealize Appliance and wait for the start up to finish. The primary vRealize Appliance is the one containing the writeable Appliance Database, if applicable, and the last appliance that you shut down in an ordered shut down procedure. 3 For distributed deployments, restart secondary virtual appliances, and wait for all appliances to restart. You do not need to wait for one appliance to finish booting up before you restart another appliance.
System Administration 6 Shut down the primary vRealize Appliance and wait for the shutdown to finish. If applicable, the primary vRealize Appliance is the one that contains the master, or writeable, Appliance Database. Make a note of the name of the primary vRealize Appliance. You use this information when you restart vRealize Automation. 7 Shut down the MSSQL virtual machines in any order and wait for the shutdown to finish.
System Administration When enabled, the data rollover workflow runs once a day at a predetermined time of 3 a.m. according to the vRealize Appliance time zone configuration. Using the DataRollover MaximumAgeInDays setting, you can set the maximum number of days that you want to retain the data. If archive is set to True, data older than that specified in the DataRollover MaximumAgeInDays is moved to the archive tables. If archive is set to False, data is permanently deleted and no data archiving occurs.
System Administration Procedure u Run the following command on the target Identity Appliance host server machine. cd opt/likewise/bin./domainjoin-cli leave The targeted Identity Appliance is removed from the domain. VMware, Inc.
Backup and Recovery for vRealize Automation Installations 7 To minimize system downtime and data loss in the event of failures, administrators back up the entire vRealize Automation installation on a regular basis. If your system fails, you can recover by restoring the last known working backup and reinstalling some components.
System Administration Guidelines for Planning Backups Use these guidelines to plan backups: n When you back up a complete system, back up the Identity Appliance, all instances of the vRealize Appliance, and databases at the same time. n Minimize the number of active transactions before you begin a backup. n Back up all databases at the same time. n Back up the virtual appliance load balancer at the same time you back up the Identity Appliance.
System Administration Appliance Database or Legacy PostgreSQL Database If you are using an Appliance Database or a legacy PostgreSQL database embedded in a vRealize Appliance, you can back up the database by backing up the entire appliance with one of the methods described in Backing Up the vRealize Appliance. If you are using a legacy PostgreSQL database, you can also backup the database separately.
System Administration n Cloning. n VMware vSphere Data Protection, to create backups of the entire appliance. n vSphere Replication, to replicate the virtual appliance to another site. n VMware Recovery Manager, to enable high availability by backing up the appliance to a different data center. You can use snapshots to backup virtual appliances only if you store or replicate them to a location other than the appliance location.
System Administration Follow your site policy for backing up load balancers, keeping in mind the preservation of network topology and vRealize Automation backup planning. As a best practice, always back up your load balancer when you back up the Identity Appliance. Backing Up IaaS Components The system administrator backs up IaaS components. Use these guidelines to plan backups. You can back up IaaS components by taking a snapshot or by copying configuration files to a second location.
System Administration For Web components, back up the following files: 1 For the primary Web node only, in the Model Manager Data folder (\Server ) - ConfigTool folder (applicable only for the primary Web node) - policy.config file 2 The following files located in the installation folder (\Server\Website\): - Web.config file 3 The following files located in the installation folder (\Web API\): - Web.config file - policy.
System Administration 4 Restart vCloud Automation Center services. a Select Start > Administrative Tools > Services. b Start the vCloud Automation Center service, the Distributed Execution Manager services, and vCloud Automation Center agent services, in that order. c Wait five minutes and check that the services you started are running. vRealize Automation System Recovery A system administrator uses backups to restore vRealize Automation to a functional state after a system failure.
System Administration n If one database fails, restore it and revert the functional database to the version that was in use when the backup used to restore the failed database was created. The backup time for each database can differ. The greater the gap between the last working time of the databases, the greater the potential for data loss.
System Administration 2 For each machine not being reinstalled that contains a Web site component, update the host name in the configuration file. a Open the C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Web\Web.config file in an editor. b Locate the repository element and make the following changes: n Modify the value of the server attribute for the database hostname. For example: server=DB-repository-hostname.domain.
System Administration You can restore the Identity Appliance either by redeploying it or by importing a snapshot of the appliance. n To restore the Identity Appliance by redeploying, see Installation and Configuration documentation for vRealize Automation. n If you have tenants other than the default tenant, reconfigure them. n If you change the hostname of the Identity Appliance, reconfigure the SSO settings on each vCloud Automation Center Appliance management console to point to the new name.
System Administration 3 Check the file permissions and owners for the restored files. a Verify that the vcac user owns the files in the vcac directory and that only the vcac user has read and write permissions. Update any settings that have changed. b Verify that the root user owns the files in the apache2 directory and that only the owner has read and write permissions. Update any settings that have changed.
System Administration Restoring the IaaS Website, Manager Services, and Their Load Balancers A system administrator restores the IaaS Website and Manager Service and their associated load balancers. If you change a host name or IP address for a load balancer, you must update this information in associated configuration files.
System Administration 4 File Path Machine Type \Distributed Execution Manager\\DynamicOps.DEM.exe.config Machines that have DEM Worker or DEM Orchestrator installed. \Agents\\ All machines and agents that are installed. For each file, locate the key="repositoryAddress" line, and change the value of the value attribute to point to your Web site address. For example: value="https://myWebsite.myhostname.
System Administration 2 If the Manager Service hostname or load balancer hostname has changed, update all DEM configuration files. a On the server that hosts the agent or DEM, open the DynamicOps.DEM.exe.config file in an editor. The file location is as follows, where DEO is the name of the Distributed Execution Manager Orchestrator for the Distributed Execution Manager Worker. C:\Program Files (x86)\VMware\vCAC\Distributed Execution Manager\DEO Name\DynamicOps.DEO.exe.
System Administration When you reinstall a DEM worker or orchestrator you might want to use the same names as used previously. If you specify names that were used previously, you receive a message similar to the following message. DEM name already exists. Click yes to enter a different name for this DEM. Click No if you are restoring or reinstalling a DEM with the same name. Click No to reuse the name and continue with the installation. What to do next Reinstall the IaaS Agents.
