7.2

ManualsBrandsVMware ManualsApplicationsvRealize Automation

Table Of Contents

Configuring vRealize Automation

Conﬁguring vRealize

Automation

vRealize Automation 7.2

Summary of content (535 pages)

PAGE 1
Configuring vRealize Automation vRealize Automation 7.
PAGE 2
Configuring vRealize Automation You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2015–2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
PAGE 3
Contents Configuring vRealize Automation Updated Information 7 8 1 External Preparations for Provisioning 9 Preparing Your Environment for vRealize Automation Management 9 Checklist for Preparing NSX Network and Security Configuration Checklist for Preparing For Third-Party IPAM Provider Support Checklist for Configuring Containers for vRealize Automation 10 13 16 Preparing Your vCloud Director Environment for vRealize Automation Preparing Your vCloud Air Environment for vRealize Automation Preparin
PAGE 4
Configuring vRealize Automation Join a Connector Machine to a Domain About Domain Controller Selection Managing Access Policies 112 113 117 Integrating Alternative User Authentication Products with Directories Management Upgrading External Connectors for Directories Management Preparing to Upgrade an External Connector 122 142 143 Upgrade an External Connector Online 144 Upgrade an External Connector Offline 145 Configuring Settings After Upgrading an External Connector Troubleshooting External
PAGE 5
Configuring vRealize Automation Override a System Default Outbound Email Server Override a System Default Inbound Email Server Revert to System Default Email Servers Configure Notifications 183 184 185 185 Customize the Date for Email Notification for Machine Expiration Configuring Templates for Automatic IaaS Emails Subscribe to Notifications 185 186 186 Create a Custom RDP File to Support RDP Connections for Provisioned Machines Scenario: Add Datacenter Locations for Cross Region Deployments Conf
PAGE 6
Configuring vRealize Automation Installing Additional Plug-Ins on the Default vRealize Orchestrator Server Working With Active Directory Policies 317 317 Create and Apply Active Directory Policies 318 4 Providing On-Demand Services to Users 322 Designing Blueprints 322 Exporting and Importing Blueprints 324 Scenario: Importing the Dukes Bank for vSphere Sample Application and Configuring for Your Environment 325 Scenario: Test the Dukes Bank Sample Application Building Your Design Library 330
PAGE 7
Configuring vRealize Automation Configuring vRealize Automation provides information about configuring vRealize Automation and your external environments to prepare for vRealize Automation provisioning and catalog management. For information about supported integrations, see https://www.vmware.com/pdf/vrealize-automation-72support-matrix.pdf.
PAGE 8
Updated Information This Configuring vRealize Automation is updated with each release of the product or when necessary. This table provides the update history of the Configuring vRealize Automation. Revision Description EN-002290-05 n EN-002290-04 EN-002290-03 EN-002290-02 Updated Managing Connectors and Connector Clusters. n Updated Configure Connector Settings. n Updated Create a Microsoft Azure Endpoint. n Updated Create a Blueprint for Microsoft Azure.
PAGE 9
1 External Preparations for Provisioning You may need to create or prepare some elements outside of vRealize Automation to support catalog item provisioning. For example, if you want to provide a catalog item for provisioning a clone machine, you need to create a template on your hypervisor to clone from.
PAGE 10
Configuring vRealize Automation Table 1‑1. Preparing Your Environment for vRealize Automation Integration (Continued) Environment vCloud Air Amazon AWS Red Hat OpenStack SCVMM Preparations Register for your vCloud Air account, set up your vCloud Air environment, and identify or create appropriate credentials to provide vRealize Automation with access to your environment. See Preparing for vCloud Air and vCloud Director Provisioning.
PAGE 11
Configuring vRealize Automation Table 1‑2. Preparing NSX Networking and Security Checklist Task Location Details Install and configure the NSX plug-in. Install the NSX plug-in in vRealize Orchestrator. See Install the NSX Plug-In on vRealize Orchestrator and the NSX Administration Guide. Configure NSX network settings, including gateway and transport zone settings. Configure network settings in NSX. See the NSX Administration Guide. Create NSX security policies, tags, and groups.
PAGE 12
Configuring vRealize Automation n Verify that you installed the vRealize Orchestrator client and that you can log in with Administrator credentials. Procedure 1 Download the plug-in file to a location accessible from the vRealize Orchestrator server. The plug-in installer file name format, with appropriate version values, is o11npluginnsx-1.n.n.vmoapp. Plug-in installation files for the NSX networking and security product are available from the VMware product download site at http://vmware.
PAGE 13
Configuring vRealize Automation n Log in to the vRealize Orchestrator client as an administrator. n Verify that you ran the Create NSX endpoint vRO work flow. Procedure 1 Click the Workflow tab and select NSX > NSX workflows for VCAC. 2 Run the Create NSX endpoint workflow and respond to prompts. 3 Run the Enable security policy support for overlapping subnets workflow. 4 Select the NSX endpoint as the input parameter for the workflow.
PAGE 14
Configuring vRealize Automation Before you can create and use an external IPAM provider endpoint in a vRealize Automation network profile, you must download or otherwise obtain a vRealize Orchestrator IPAM provider plug-in or package, import the plug-in or package and run required workflows in vRealize Orchestrator, and register the IPAM solution as a vRealize Automation endpoint.
PAGE 15
Configuring vRealize Automation Prerequisites n Log in to vRealize Orchestrator with administrator privileges for importing, configuring, and registering a vRealize Orchestrator plug-in or package. Procedure 1 Open the VMware Solution Exchange site at https://solutionexchange.vmware.com/store. 2 Select Cloud Management Marketplace. 3 Locate and download the plug-in or package. For example, import the Infoblox plug-in that supports the Infoblox third-party IPAM endpoint in vRealize Automation.
PAGE 16
Configuring vRealize Automation Procedure 1 In vRealize Orchestrator, click the Design tab, select Administrator > Library, and select IPAM Service Package SDK. Each IPAM provider package is uniquely named and contains unique workflows. Each provider supplies their own registration workflow. While the workflow names might be similar between provider packages, the location of the workflows in vRealize Orchestrator can be different and is providerspecific.
PAGE 17
Configuring vRealize Automation Configuring Containers Using the vRealize Automation Automation Appliance Xenon service information is accessible in the vRealize Automation vRealize Automation appliance (vRA Settings > Xenon. It contains information about the Xenon host VM, listening port, and service status. It also displays information about clustered Xenon nodes. You can manage the Xenon Linux service with the following CLI commands in the vRealize Automation appliance.
PAGE 18
Configuring vRealize Automation Configure Your Environment Configure your vSphere resources and cloud resources, including virtual datacenters and networks. For more information, see the vCloud Director documentation. Required Credentials for Integration Create or identify either organization administrator or system administrator credentials that your vRealize Automation IaaS administrators can use to bring your vCloud Director environment under vRealize Automation management as an endpoint.
PAGE 19
Configuring vRealize Automation Amazon AWS User Roles and Credentials Required for vRealize Automation You must configure credentials in Amazon AWS with the permissions required for vRealize Automation to manage your environment. You must have certain Amazon access rights to successfully provision machines by using vRealize Automation.
PAGE 20
Configuring vRealize Automation Using Amazon Security Groups Specify at least one security group when creating an Amazon reservation. Each available region requires at least one specified security group. A security group acts as a firewall to control access to a machine. Every region includes at least the default security group.
PAGE 21
Configuring vRealize Automation When you provision using Amazon VPC, vRealize Automation expects there to be a VPC subnet from which Amazon obtains a primary IP address. This address is static until the instance is terminated. You can also use the elastic IP pool to also attach an elastic IP address to an instance in vRealize Automation. That would allow the user to keep the same IP if they are continually provisioning and tearing down an instance in Amazon Web Services.
PAGE 22
Configuring vRealize Automation The elastic IP address is associated with your Amazon Web Services account, not a particular machine, but only one machine at a time can use the address. The address remains associated with your Amazon Web Services account until you choose to release it. You can release it to map it to a specific machine instance. An IaaS architect can add a custom property to a blueprint to assign an elastic IP address to machines during provisioning.
PAGE 23
Configuring vRealize Automation Network-to-Amazon VPC connectivity is only required if you want to use the guest agent to customize provisioned machines, or if you want to include Software components in your blueprints. For a production environment, you would configure this connectivity officially through Amazon Web Services, but because you are working in a proof of concept environment, you want to create temporary network-to-Amazon VPC connectivity.
PAGE 24
Configuring vRealize Automation 6 Invoke the SSH Tunnel from the local network machine to the Amazon AWS tunnel machine. ssh -N -v -o "ServerAliveInterval 30" -o "ServerAliveCountMax 40" -o "TCPKeepAlive yes” \ -R 1442:vRealize_automation_appliance_fqdn:5480 \ -R 1443:vRealize_automation_appliance_fqdn:443 \ -R 1444:manager_service_fqdn:443 \ User of Amazon tunnel machine@Public IP Address of Amazon tunnel machine You configured port forwarding to allow your Amazon AWS tunnel machine to access vRealize A
PAGE 25
Configuring vRealize Automation You must entitle the Associate Floating IP and Disassociate Floating IP actions to machine owners. The entitled users can then associate a floating IP address to a provisioned machine from the external networks attached to the machine by selecting an available address from the floating IP address pool.
PAGE 26
Configuring vRealize Automation Preparing for Machine Provisioning Depending on your environment and your method of machine provisioning, you might need to configure elements outside of vRealize Automation. For example, you might need to configure machine templates or machine images. You might also need to configure NSX settings or run vRealize Orchestrator workflows.
PAGE 27
Configuring vRealize Automation Table 1‑5. Choosing a Machine Provisioning Method to Prepare (Continued) Scenario Supported Endpoint Agent Support Provisioning Method Pre-provisioning Preparations Basic No required pre-provisioning preparations outside of vRealize Automation. Linked Clone You must have an existing vSphere virtual machine. Provision machines with no guest operating system. You can install an operating system after provisioning. All virtual machine endpoints.
PAGE 28
Configuring vRealize Automation Table 1‑5. Choosing a Machine Provisioning Method to Prepare (Continued) Scenario Supported Endpoint Agent Support Provisioning Method Pre-provisioning Preparations Guest agent is installed as part of the preparation instructions. SCCM Preparing for SCCM Provisioning Guest agent is required. You can use PEBuilder to create a WinPE image that includes the guest agent. You can create the WinPE image by using another method, but you must manually insert the guest agent.
PAGE 29
Configuring vRealize Automation Table 1‑6. Running Visual Basic Scripts During Provisioning Checklist Task Location Details Install and configure the EPI agent for Visual Basic scripts. Typically the Manager Service host See Installing vRealize Automation 7.2. Machine where EPI agent is installed vRealize Automation includes a sample Visual Basic script PrePostProvisioningExample.vbs in Create your visual basic scripts. the Scripts subdirectory of the EPI agent installation directory.
PAGE 30
Configuring vRealize Automation You can write your own custom scripts for the guest agent to run on deployed machines, and use custom properties on the machine blueprint to specify the location of those scripts and the order in which to run them. You can also use custom properties on the machine blueprint to pass custom property values to your scripts as parameters.
PAGE 31
Configuring vRealize Automation Table 1‑7. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent (Continued) Custom Property Description VirtualMachine.SoftwareN.ScriptPath Specifies the full path to an application's install script. The path must be a valid absolute path as seen by the guest operating system and must include the name of the script filename.
PAGE 32
Configuring vRealize Automation Table 1‑7. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent (Continued) Custom Property Description n Set custom property VirtualMachine.Software0.ScriptPath as VirtualMachine.Software0.ScriptPath = c:\dosomething.bat [MyPassword]. If you set VirtualMachine.ScriptPath.Decrypt to false, or do not create the VirtualMachine.ScriptPath.Decrypt custom property, then the string inside the square brackets ( [ and ]) is not decrypted.
PAGE 33
Configuring vRealize Automation n For SCCM installation, the cert.pem file must reside in the VRMGuestAgent folder. n For Linux vSphere installs, the cert.pem file must reside in the /usr/share/gugent folder. Note You can optionally install software and guest agents together by downloading the following script from https://APPLIANCE/software/index.html. The script allows you to handle acceptance of SSL certificate fingerprints as you create the templates. n Linux prepare_vra_template.
PAGE 34
Configuring vRealize Automation 4 Unpack the downloaded LinuxGuestAgentPkgs.zip file to create the VraLinuxGuestAgent folder. 5 Install the guest agent package that corresponds to the guest operating system you are deploying during provisioning. a Navigate to the VraLinuxGuestAgent subdirectory that corresponds to the guest operating system to deploy during provisioning, for example rhel32. b Locate your preferred package format or convert a package to your preferred package format.
PAGE 35
Configuring vRealize Automation 7 If deployed machines are not already configured to trust the Manager Service SSL certificate, you must install the cert.pem file on your reference machine to establish trust. n For the most secure approach, obtain the cert.pem certificate and manually install the file on the reference machine. n For a more convenient approach, you can connect to the manager service load balancer or manager service machine and download the cert.pem certificate.
PAGE 36
Configuring vRealize Automation Procedure 1 Navigate to the vCloud Automation Center Appliance management console page. For example: https://va-hostname.domain.com. 2 Click Guest and software agents page in the vRealize Automation component installation section of the page. For example: https://va-hostname.domain.com/software/index.html. The Guest and Software Agent Installers page opens, displaying links to available downloads.
PAGE 37
Configuring vRealize Automation Checklist for Preparing to Provision by Cloning You must perform some preparation outside of vRealize Automation to create the template and the customization objects used to clone Linux and Windows virtual machines. Cloning requires a template to clone from, created from a reference machine. Identify or create a reference machine. Are you working in vCenter Server? Yes Install VMware Tools. No Install the guest agent and the software bootstrap agent.
PAGE 38
Configuring vRealize Automation If you are provisioning a Windows machine by cloning, the only way to join the provisioned machine to an Active Directory domain is by using the customization specification from vCenter Server or by including a guest operating system profile with your SCVMM template. Machines provisioned by cloning cannot be placed in an Active Directory container during provisioning. You must do this manually after provisioning. Table 1‑8.
PAGE 39
Configuring vRealize Automation Required Template and Reservation Information Table 1‑9. Template and Reservation Information Worksheet Required Information My Value Details Template name Reservations on which the template is available, or reservation policy to apply To avoid errors during provisioning, ensure that the template is available on all reservations or create reservation policies that architects can use to restrict the blueprint to reservations where the template is available.
PAGE 40
Configuring vRealize Automation Visual Basic Script Information If you configured vRealize Automation to run your custom Visual Basic scripts as additional steps in the machine life cycle, you must include information about the scripts in the blueprint. Note A fabric administrator can create a property group by using the property sets ExternalPreProvisioningVbScript and ExternalPostProvisioningVbScript to provide this required information.
PAGE 41
Configuring vRealize Automation Table 1‑12. Linux Guest Agent Customization Script Information Worksheet Custom Property My Value Linux.ExternalScript.Name Description Specifies the name of an optional customization script, for example config.sh, that the Linux guest agent runs after the operating system is installed. This property is available for Linux machines cloned from templates on which the Linux agent is installed.
PAGE 42
Configuring vRealize Automation Table 1‑13. Custom Properties for Customizing Cloned Machines with a Guest Agent Worksheet Custom Property VirtualMachine.Admin.AddOwnerToAd mins My Value Description Set to True (default) to add the machine’s owner, as specified by the VirtualMachine.Admin.Owner property, to the local administrators group on the machine. VirtualMachine.Admin.
PAGE 43
Configuring vRealize Automation Table 1‑13. Custom Properties for Customizing Cloned Machines with a Guest Agent Worksheet (Continued) Custom Property VirtualMachine.DiskN.Size My Value Description Defines the size in GB of disk N. For example, to give a size of 150 GB to a disk G, define the custom property VirtualMachine.Disk0.Size and enter a value of 150. Disk numbering must be sequential. By default a machine has one disk referred to by VirtualMachine.Disk0.
PAGE 44
Configuring vRealize Automation Table 1‑13. Custom Properties for Customizing Cloned Machines with a Guest Agent Worksheet (Continued) Custom Property My Value Description VirtualMachine.Admin.CustomizeGue stOSDelay Specifies the time to wait after customization is complete and before starting the guest operating system customization. The value must be in HH:MM:SS format. If the value is not set, the default value is one minute (00:01:00).
PAGE 45
Configuring vRealize Automation Table 1‑13. Custom Properties for Customizing Cloned Machines with a Guest Agent Worksheet (Continued) Custom Property My Value VirtualMachine.SoftwareN.ISOName Description Specifies the path and filename of the ISO file relative to the datastore root. The format is /folder_name/subfolder_name/file_ name.iso. If a value is not specified, the ISO is not mounted. VirtualMachine.SoftwareN.
PAGE 46
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VirtualMachine.NetworkN.MacAddr ess My Value Description Specifies the MAC address of a network device N. This property is available for cloning. If the value of VirtualMachine.NetworkN.MacAddres sType is generated, this property contains the generated address. If the value of VirtualMachine.NetworkN.MacAddres sType is static, this property specifies the MAC address.
PAGE 47
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VirtualMachine.NetworkN.Name My Value Description Specifies the name of the network to connect to, for example the network device N to which a machine is attached. This is equivalent to a network interface card (NIC). By default, a network is assigned from the network paths available on the reservation on which the machine is provisioned. Also see VirtualMachine.NetworkN.AddressTy pe.
PAGE 48
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VirtualMachine.NetworkN.Profile Name My Value Description Specifies the name of a network profile from which to assign a static IP address to network device N or from which to obtain the range of static IP addresses that can be assigned to network device N of a cloned machine, where N=0 for the first device, 1 for the second, and so on. When you use the VirtualMachine.NetworkN.
PAGE 49
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VCNS.LoadBalancerEdgePool.Names. name My Value Description Specifies the NSX load balancing pools to which the virtual machine is assigned during provisioning. The virtual machine is assigned to all service ports of all specified pools. The value is an edge/pool name or a list of edge/pool names separated by commas. Names are casesensitive.
PAGE 50
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VCNS.SecurityGroup.Names.name My Value Description Specifies the NSX security group or groups to which the virtual machine is assigned during provisioning. The value is a security group name or a list of names separated by commas. Names are casesensitive. Appending a name allows you to create multiple versions of the property, which can be used separately or in combination.
PAGE 51
Configuring vRealize Automation Templates that are to be shared across organizations must be public. Only reserved templates are available to vRealize Automation as a cloning source. Note When you create a blueprint by cloning from a template, that template's unique identifier becomes associated with the blueprint. When the blueprint is published to the vRealize Automation catalog and used in the provisioning and data collection processes, the associated template is recognized.
PAGE 52
Configuring vRealize Automation 3 Edit the isolinux/isolinux.cfg or loader/isolinux.cfg to specify the name and location of the configuration file and the appropriate Linux distribution source. 4 Create the boot ISO image and save it to the location required by your virtualization platform. See the documentation provided by your hypervisor for information about the required location. 5 (Optional) Add customization scripts.
PAGE 53
Configuring vRealize Automation 7 Replace all instances of the string host=dcac.example.net with the IP address or fully qualified domain name and port number for the Manager Service or the load balancer for the Manager Service. 8 Platform Required Format vSphere ESXi IP Address, for example: --host=172.20.9.59 vSphere ESX IP Address, for example: --host=172.20.9.58 SUSE 10 IP Address, for example: --host=172.20.9.57 All others FQDN, for example: --host=mycompany-host1.mycompany.
PAGE 54
Configuring vRealize Automation 5 Modify the post-installation section of the configuration file to copy or install your script into the /usr/share/gugent/site/workitem directory of your choice. Custom scripts are most commonly run for virtual kickstart/autoYaST with the work items SetupOS (for create provisioning) and CustomizeOS (for clone provisioning), but you can run scripts at any point in the workflow. For example, you can modify the configuration file to copy the script 11_addusers.
PAGE 55
Configuring vRealize Automation b The fully qualified domain name of the SCCM server on which the collection containing the sequence resides. c The site code of the SCCM server. d Administrator-level credentials for the SCCM server. e (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to provisioned machines. Note You can create a property group with the SCCMProvisioningProperties property set to include all of this required information.
PAGE 56
Configuring vRealize Automation 2 Ensure that a DHCP server is available on the network. vRealize Automation cannot provision machines by using a WIM image unless DHCP is available. 3 Identify or create the reference machine within the virtualization platform you intend to use for provisioning. For vRealize Automation requirements, see Reference Machine Requirements for WIM Provisioning. For information about creating a reference machine, see the documentation provided by your hypervisor.
PAGE 57
Configuring vRealize Automation f (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to provisioned machines. Note You can create a property group to include all of this required information. Using a property group makes it easier to include all the information correctly in blueprints. 1 Reference Machine Requirements for WIM Provisioning WIM provisioning involves creating a WIM image from a reference machine.
PAGE 58
Configuring vRealize Automation 3 If the reference machine operating system is Windows Server 2003 or Windows XP, reset the administrator password to be blank. (There is no password.) 4 (Optional) If you want to enable XenDesktop integration, install and configure a Citrix Virtual Desktop Agent.
PAGE 59
Configuring vRealize Automation Table 1‑16. Required SysPrep Settings for reference machine that are not using Windows Server 2003 or Windows XP: (Continued) AutoLogon Settings Value Username username (username and password are the credentials used for auto logon when the newly provisioned machine boots into the guest operating system. Administrator is typically used.
PAGE 60
Configuring vRealize Automation 5 Follow the prompts to install PEBuilder. 6 (Optional) Replace the Windows 32-bit guest agent files located in \PE Builder\Plugins\VRM Agent\VRMGuestAgent with the 64-bit files to include the 64-bit agent in your WinPE. You can use PEBuilder to create a WinPE for use in WIM provisioning. Specify Custom Scripts in a PEBuilder WinPE You can use PEBuilder to customize machines by running custom bat scripts at specified points in the provisioning workflow.
PAGE 61
Configuring vRealize Automation 3 Upload the WinPE image ISO to the Red Hat Enterprise Virtualization ISO storage domains using the rhevm-iso-uploader command. For more information about managing ISO images in RHEV refer to the Red Hat documentation. 4 Create a KVM (RHEV) blueprint for WIM provisioning and select the WinPE ISO option. The custom property VirtualMachine.Admin.DiskInterfaceType must be included with the value VirtIO.
PAGE 62
Configuring vRealize Automation 4 Enter the output path for the ISO file you are creating in the ISO Output Path text box. This location should be on the staging area you prepared. 5 Click File > Advanced. Note Do not change the WinPE Architecture or Protocol settings. 6 Select the Include vCAC Guest Agent in WinPE ISO check box. 7 Click OK. 8 Click Build. What to do next Place the WinPE image in the location required by your integration platform.
PAGE 63
Configuring vRealize Automation Procedure 1 Install the Guest Agent in a WinPE. 2 Configure the doagent.bat File. 3 Configure the doagentc.bat File. 4 Configure the Guest Agent Properties Files. Install the Guest Agent in a WinPE If you choose not to use the vRealize Automation PEBuilder to create you WinPE, you must install PEBuilder to manually copy the guest agent files to your WinPE image. PEBuilder has a 32 bit guest agent.
PAGE 64
Configuring vRealize Automation Configure the doagent.bat File If you choose not to use the vRealize Automation PEBuilder, you must manually configure the doagent.bat file. Prerequisites Install the Guest Agent in a WinPE. Procedure 1 Navigate to the VRMGuestAgent directory within your WinPE Image. For example: C:\Program Files (x86)\VMware\PE Builder\Plugins\VRM Agent\VRMGuestAgent. 2 Make a copy of the file doagent-template.bat and name it doagent.bat. 3 Open doagent.bat in a text editor.
PAGE 65
Configuring vRealize Automation Prerequisites Configure the doagent.bat File. Procedure 1 Navigate to the VRMGuestAgent directory within your WinPE Image. For example: C:\Program Files (x86)\VMware\PE Builder\Plugins\VRM Agent\VRMGuestAgent. 2 Make a copy of the file doagentsvc-template.bat and name it doagentc.bat. 3 Open doagentc.bat in a text editor. 4 Remove all instance of the string #Comment#.
PAGE 66
Configuring vRealize Automation Procedure 1 Navigate to the VRMGuestAgent directory within your WinPE Image. For example: C:\Program Files (x86)\VMware\PE Builder\Plugins\VRM Agent\VRMGuestAgent. 2 Make a copy of the file gugent.properties and name it gugent.properties.template. 3 Make a copy of the file gugent.properties.template and name it gugentc.properties. 4 Open gugent.properties in a text editor. 5 Replace all instances of the string GuestAgent.log the string X:/VRMGuestAgent/GuestAgent.
PAGE 67
Configuring vRealize Automation Preparing for Amazon Machine Image Provisioning Prepare your Amazon Machine Images and instance types for provisioning in vRealize Automation. Understanding Amazon Machine Images You can select an Amazon machine image from a list of available images when creating Amazon machine blueprints. An Amazon machine image is a template that contains a software configuration, including an operating system. They are managed by Amazon Web Services accounts.
PAGE 68
Configuring vRealize Automation n To allow remote Microsoft Windows Management Instrumentation (WMI) requests on cloud machines provisioned in Amazon Web Services accounts, enable a Microsoft Windows Remote Management (WinRM) agent to collect data from Windows machines managed by vRealize Automation. See Installing vRealize Automation 7.2. n A private Amazon machine image can be seen across tenants. For related information, see Amazon Machine Images (AMI) topics in Amazon documentation.
PAGE 69
Configuring vRealize Automation 3 Add a new instance type, specifying the following parameters. Information about the available Amazon instances types and the setting values that you can specify for these parameters is available from Amazon Web Services documentation in EC2 Instance Types Amazon Web Services (AWS) at aws.amazon.com/ec2 and Instance Types at docs.aws.amazon.com.
PAGE 70
Configuring vRealize Automation Procedure 1 Scenario: Convert Your CentOS Reference Machine into a Template for Rainpole Using the vSphere Client, you convert your existing CentOS reference machine into a vSphere template for your vRealize Automation IaaS architects to reference as the base for their clone blueprints.
PAGE 71
Configuring vRealize Automation What to do next To prevent any conflicts that might arise from deploying multiple virtual machines with identical settings, you create a general customization specification that you and your Rainpole architects can use to create clone blueprints for Linux templates.
PAGE 72
Configuring vRealize Automation Preparing for Software Provisioning Use Software to deploy applications and middleware as part of the vRealize Automation provisioning process for vSphere, vCloud Director,vCloud Air, and Amazon AWS machines. You can deploy Software on machines if your blueprint supports Software and if you install the guest agent and software bootstrap agent on your reference machines before you convert them into templates, snapshots, or Amazon Machine Images. Table 1‑17.
PAGE 73
Configuring vRealize Automation Prepare a Windows Reference Machine to Support Software You install the supported Java Runtime Environment, the guest agent, and the Software bootstrap agent on your Windows reference machine to create a template, snapshot, or Amazon Machine Instance that supports Software components. Software supports scripting with Windows CMD and PowerShell 2.0.
PAGE 74
Configuring vRealize Automation 2 Download and install the supported Java Runtime Environment from https://vRealize_VA_Hostname_fqdn/software/index.html. a Download the Java SE Runtime Environment .zip file https://vRealize_VA_Hostname_fqdn/software/download/jre-version-win64.zip. b Create a c:\opt\vmware-jre folder and unzip the JRE .zip file to the folder. c Open a command prompt window and enter c:\opt\vmware-jre\bin\java -version to verify the installation. The installed version of Java appears.
PAGE 75
Configuring vRealize Automation 5 Install the Software bootstrap agent. a Open a Windows CMD console and navigate to the c:\temp folder. b Enter the command to install the agent bootstrap. install.bat password=Password managerServiceHost=manager_service_machine.mycompany.com managerServicePort=443 httpsMode=true cloudProvider=ec2|vca|vcd|vsphere The default port number for the Manager Service is 443. Accepted values for cloudprovider are ec2, vca, vcd, and vsphere. The install.
PAGE 76
Configuring vRealize Automation Prerequisites n Identify or create a Linux reference machine and verify that the following commands are available depending on your Linux system: n yum or apt-get n wget or curl n python n dmidecode as required by cloud providers n Common requirements such as sed, awk, perl, chkconfig, unzip, and grep depending on your Linux distribution For related information about Linux prerequisites, see the prepare_vra_template.sh script.
PAGE 77
Configuring vRealize Automation The script removes any previous installations of the Software bootstrap agent and installs the supported versions of the Java Runtime Environment, the guest agent, and the Software bootstrap agent. What to do next On your hypervisor or cloud provider, turn your reference machine into a template, snapshot, or Amazon Machine Image that your infrastructure architects can use when creating blueprints.
PAGE 78
Configuring vRealize Automation Procedure 1 Scenario: Prepare Your Reference Machine for Guest Agent Customizations and Software Components So that your template can support software components, you install the software bootstrap agent and its prerequisite, the guest agent, on your reference machine. The agents ensure that vRealize Automation architects who use your template can include software components in their blueprints.
PAGE 79
Configuring vRealize Automation Procedure 1 In your Web browser, open the following URL. https://vrealize-automation-appliance-FQDN/software/index.html 2 Save the prepare_vra_template.sh script to your reference machine. 3 On the reference machine, make prepare_vra_template.sh executable. chmod +x prepare_vra_template.sh 4 Run prepare_vra_template.sh. ./prepare_vra_template.sh 5 Follow the prompts. If you need non-interactive information about options and values, enter ./prepare_vra_template.
PAGE 80
Configuring vRealize Automation c If you rebooted or reconfigured the reference machine after installing the software bootstrap agent, reset the agent. /opt/vmware-appdirector/agent-bootstrap/agent_reset.sh d Power down the machine. shutdown -h now 2 Log in to the vSphere Web Client as an administrator. 3 Right-click your reference machine and select Edit Settings. 4 Enter cpb_centos_63_x84 in the VM Name text box.
PAGE 81
Configuring vRealize Automation 6 Set computer name. a Select Use the virtual machine name. b Enter the domain on which cloned machines are going to be provisioned in the Domain name text box. c Click Next. 7 Configure time zone settings. 8 Click Next. 9 Select Use standard network settings for the guest operating system, including enabling DHCP on all network interfaces.
PAGE 82
Configuring vRealize Automation Procedure 1 Scenario: Prepare Your Reference Machine for the Dukes Bank vSphere Sample Application You want your template to support the Dukes Bank sample application, so you must install both the guest agent and the software bootstrap agent on your reference machine so vRealize Automation can provision the software components.
PAGE 83
Configuring vRealize Automation 4 Run the prepare_vra_template.sh installer script. ./prepare_vra_template.sh You can run the help command ./prepare_vra_template.sh --help for information about noninteractive options and expected values. 5 Follow the prompts to complete the installation. You see a confirmation message when the installation is successfully completed. If you see an error message and logs in the console, resolve the errors and run the installer script again.
PAGE 84
Configuring vRealize Automation d If you rebooted or reconfigured the reference machine after installing the software bootstrap agent, reset the agent. /opt/vmware-appdirector/agent-bootstrap/agent_reset.sh e Power down the machine. shutdown -h now 2 Log in to the vSphere Web Client as an administrator. 3 Right-click your reference machine and select Edit Settings. 4 Enter dukes_bank_template in the VM Name text box.
PAGE 85
Configuring vRealize Automation 5 Set computer name. a Select Use the virtual machine name. b Enter the domain on which you want to provision the Dukes Bank sample application in the Domain name text box. c Click Next. 6 Configure time zone settings. 7 Click Next. 8 Select Use standard network settings for the guest operating system, including enabling DHCP on all network interfaces.
PAGE 86
2 Configuring Tenant Settings Tenant administrators configure tenant settings such as user authentication, and manage user roles and business groups. System administrators and tenant administrators configure options such as email servers to handle notifications, and branding for the vRealize Automation console. You can use the Configuring Tenant Settings Checklist to see a high-level overview of the sequence of steps required to configure tenant settings. Table 2‑1.
PAGE 87
Configuring vRealize Automation Table 2‑1. Checklist for Configuring Tenant Settings (Continued) vRealize Automation Role Details (Optional) Create a custom remote desktop protocol file that IaaS architects use in blueprints to configure RDP settings.
PAGE 88
Configuring vRealize Automation Table 2‑2. Choosing Directories Management Configuration Options Configuration Option Procedure Configure a link to your Active Directory. 1 Configure a link to your Active Directory. See Configure an Active Directory over LDAP/IWA Link. 2 If you configured vRealize Automation for high availability, see Configure Directories Management for High Availability.
PAGE 89
Configuring vRealize Automation Table 2‑3. Directories Management Settings (Continued) Setting Description Identity Providers The Identity Providers page lists identity providers that are available on your system. vRealize Automation systems contain a connector that serves as the default identity provider and that suffices for many user needs. You can add third-party identity provider instances or have a combination of both. See Configure an Identity Provider Instance.
PAGE 90
Configuring vRealize Automation n Active Directory, Integrated Windows Authentication. Create this directory type if you plan to connect to a multi-domain or multi-forest Active Directory environment. The connector binds to Active Directory using Integrated Windows Authentication. The type and number of directories that you create varies depending on your Active Directory environment, such as single domain or multi-domain, and on the type of trust used between domains.
PAGE 91
Configuring vRealize Automation See Configure an Active Directory over LDAP/IWA Link. When you add a directory for this environment, select the Active Directory (Integrated Windows Authentication) option. Multi-Forest Active Directory Environment with Trust Relationships A multi-forest Active Directory deployment with trust relationships allows you to sync users and groups from multiple Active Directory domains across forests where two-way trust exists between the domains.
PAGE 92
Configuring vRealize Automation Prerequisites n Connector installed and the activation code activated. n Select the required default attributes and add additional attributes on the User Attributes page. See Select Attributes to Sync with Directory. n List of the Active Directory groups and users to sync from Active Directory. n For Active Directory over LDAP, information required includes the Base DN, Bind DN, and Bind DN password.
PAGE 93
Configuring vRealize Automation 5 Configure the connector that synchronizes users from the Active Directory to the VMware Directories Management directory in the Directory Sync and Authentication section. Option Description Sync Connector Select the appropriate connector to use for your system. Each vRealize Automation appliance contains a default connector. Consult your system administrator if you need help in choosing the appropriate connector.
PAGE 94
Configuring vRealize Automation 7 In the Bind User Details section, enter the appropriate credentials to facilitate directory synchronization. For Active Directory over LDAP: Option Description Base DN Enter the search base distinguished name. For example, cn=users,dc=corp,dc=local. Bind DN Enter the bind distinguished name.
PAGE 95
Configuring vRealize Automation 14 Click to select the groups you want to sync from Active Directory to the directory. When you add a group from Active Directory, if members of that group are not in the Users list, they are added. When you sync a group, any users that lack Domain Users as their primary group in Active Directory are not synced.
PAGE 96
Configuring vRealize Automation n Review the default access policy. The default access policy is configured to allow all appliances in all network ranges to access the Web browser, with a session time out set to eight hours or to access a client app with a session time out of 2160 hours (90 days). You can change the default access policy and when you add Web applications to the catalog, you can create new ones.
PAGE 97
Configuring vRealize Automation n In your LDAP directory, a domain attribute must exist for all users and groups. You map this attribute to the Directories Management domain attribute when you create the Directories Management directory. n User names must not contain spaces. If a user name contains a space, the user is synced but entitlements are not available to the user. n If you use certificate authentication, users must have values for userPrincipalName and email address attributes.
PAGE 98
Configuring vRealize Automation Option Description LDAP Configuration Specify the LDAP search filters and attributes that Directories Management can use to query your LDAP directory. Default values are provided based on the core LDAP schema. Filter Queries n Groups: The search filter for obtaining group objects. For example: (objectClass=group) n Bind user: The search filter for obtaining the bind user object, that is, the user that can bind to the directory.
PAGE 99
Configuring vRealize Automation 7 In the Map Attributes page, verify that the Directories Management attributes are mapped to the correct LDAP attributes. These attributes will be synced for users. Important You must specify a mapping for the domain attribute. You can add attributes to the list from the User Attributes page. 8 Click Next. 9 Click + to select the groups you want to sync from the LDAP directory to the Directories Management directory on Select the groups (users) you want to sync page.
PAGE 100
Configuring vRealize Automation 11 Click + to add additional users. For example, enter CN=username,CN=Users,OU=myUnit,DC=myCorp,DC=com. You can add organizational units as well as individual users here. You can create a filter to exclude some types of users. Select the user attribute to filter by, the query rule, and the value. 12 Click Next. 13 Review the page to see how many users and groups will sync to the directory and to view the default sync schedule.
PAGE 101
Configuring vRealize Automation n If you plan to add both Active Directory and LDAP directories, ensure that you do not mark any attributes required in the User Attributes page, except for userName, which can be marked required. The settings in the User Attributes page apply to all directories in the service. If an attribute is marked required, users without that attribute are not synced to the Directories Management service.
PAGE 102
Configuring vRealize Automation 3 Click the Identity Provider that is currently in use for your system. The existing directory and connector that provide basic identity management for your system appears. 4 On the Identity Provider properties page, click the Add a Connector drop-down list, and select the connector that corresponds to your secondary vRealize Automation appliance. 5 Enter the appropriate password in the Bind DN Password text box that appears when you select the connector.
PAGE 103
Configuring vRealize Automation 2 Search for the word logout, and edit the location of each instance to point to https://servername.domain/adfs/ls/logout.aspx For example, the following: SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://servername.domain/adfs/ls/ "/> Should be changed to: SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://servername.domain/adfs/ls/logout.
PAGE 104
Configuring vRealize Automation c Click the + icon under the Policy Rules heading to add a new rule. Use the fields on the Add a Policy Rule page to create a rule that specifies the appropriate primary and secondary authentication methods to use for a specific network range and device.
PAGE 105
Configuring vRealize Automation Setting up SAML between SSO2 and Directories Management involves configuration on the Directories Management and SSO components. Table 2‑4. SAML Federation Component Configuration Component Configuration Directories Management Configure SSO2 as a third-party Identity Provider on Directories Management and update the default authentication policy. You can create an automated script to set up Directories Management.
PAGE 106
Configuring vRealize Automation c Click Add Identity Provider and provide the configuration information. Option Action Identity Provider Name Enter a name for the new Identity Provider. Identity Provider Metadata (URI or XML) text box Paste the contents of your SSO2 idp.xml metadata file in the text box and Name ID Policy in SAML Request (Optional) Enter http://schemas.xmlsoap.org/claims/UPN. Users Select the domains to which you want users to have access privileges.
PAGE 107
Configuring vRealize Automation any unneeded applications and ensure that your deployment has appropriate memory allocated to Active Directory. If problems persist, increase the Active Directory memory allocation as needed. For deployments with large numbers of users and groups, you may need to increase the Active Directory memory allocation to as much as 24 GB.
PAGE 108
Configuring vRealize Automation To edit the user configuration: u To add users, click the + icon to add a new line for user DN definition and enter the appropriate user DN. If you want to delete a user DN definition, click the x icon for the desired user DN. 5 Click Save to save your changes without synchronizing to make your updates immediately, or click Save & Sync to save your changes and synchronize to implement your updates immediately.
PAGE 109
Configuring vRealize Automation Add Memory to Directories Management You may need to allocate additional memory to Directories Management if you have Active Directory connections that contain a large number of users or groups. By default, 4 GB of memory is allocated to the Directories Management service. This is sufficient for many small to medium sized deployments. If you have an Active Directory connection that uses a large number of users or groups, you may need to increase this memory allocation.
PAGE 110
Configuring vRealize Automation Procedure 1 From the appliance-va command line, log in as the user with root privileges. 2 Change directories to /usr/local/horizon/conf and create a file called domain_krb.properties. 3 Edit the domain_krb.properties file to add the list of the domain to host values. Add the information as =, , . For example, enter the list as example.com=examplehost.com:636, examplehost2.example.
PAGE 111
Configuring vRealize Automation The User Attributes page lists the default directory attributes that can be mapped to Active Directory attributes. You select the attributes that are required, and you can add other Active Directory attributes that you want to sync to the directory. Table 2‑7.
PAGE 112
Configuring vRealize Automation n In the Identity Provider column, select the IdP to view, edit or disable. See Configure an Identity Provider Instance. n In the Associated Directory column, access the directory associated with this worker. n Click Join Domain to join the connector to a specific Active Directory domain.
PAGE 113
Configuring vRealize Automation If you do not have the rights to join a domain, or if your company policy requires a custom location for the computer object, you must ask your administrator to create the object and then join the connector machine to the domain. Procedure 1 Ask your Active Directory administrator to create the computer object in Active Directory in a location determined by your company policy. You must provide the host name of the connector.
PAGE 114
Configuring vRealize Automation You must also update the file manually for any other changes. The following rules apply. n The domain_krb.properties file is created in the virtual machine that contains the connector. In a typical deployment, with no additional connectors deployed, the file is created in the Directories Management service virtual machine. If you are using an additional connector for the directory, the file is created in the connector virtual machine.
PAGE 115
Configuring vRealize Automation If the subnet cannot be determined or if your Active Directory configuration is not site aware, DNS Service Location lookup is used to find domain controllers, and the file is populated with a few domain controllers that are reachable. Note that these domain controllers may not be at the same geographical location as the connector, which can result in delays or timeouts while communicating with Active Directory. In this case, edit the domain_krb.
PAGE 116
Configuring vRealize Automation 3 Save and close the file. 4 Restart the service. service horizon-workspace restart Edit the domain_krb.properties file The /usr/local/horizon/conf/domain_krb.properties file determines the domain controllers to use for directories that have DNS Service Location lookup enabled. You can edit the file at any time to modify the list of domain controllers for a domain, or to add or delete domain entries. Your changes will not be overridden.
PAGE 117
Configuring vRealize Automation 5 Restart the service. service horizon-workspace restart Troubleshooting domain_krb.properties Use this information to troubleshoot the domain_krb.properties file. "Error resolving domain" error If the domain_krb.properties file already includes an entry for a domain, and you try to create a new directory of a different type for the same domain, an "Error resolving domain" error occurs. You must edit the domain_krb.
PAGE 118
Configuring vRealize Automation Network Range For each rule, you determine the user base by specifying a network range. A network range consists of one or more IP ranges. You create network ranges from the Identity & Access Management tab, Setup > Network Ranges page prior to configuring access policy sets. Device Type Select the type of device that the rule manages. The client types are Web Browser, Identity Manager Client App, iOS, Android, and All device types.
PAGE 119
Configuring vRealize Automation Custom Access Denied Error Message When users attempt to sign in and fail because of invalid credentials, incorrect configuration, or system error, an access denied message is displayed. The default message is Access denied as no valid authentication methods were found. You can create a custom error message for each access policy rule that overrides the default message. The custom message can include text and a link for a call to action message.
PAGE 120
Configuring vRealize Automation 2 When a user attempts to access a resource, except for Web applications covered by a Webapplication-specific policy, the default portal access policy applies. For example, the re-authentication time for such resources matches the re-authentication time of the default access policy rule.
PAGE 121
Configuring vRealize Automation 3 The service checks the rules in the policy and applies the policy with the ALL RANGES network range since the user request is coming from a Web browser and from the ALL RANGES network range. The user logs in using the RSA SecurID authentication method, but the session just expired. The user is redirected for reauthentication. The reauthentication provides the user with another four hour session and the ability to launch the application.
PAGE 122
Configuring vRealize Automation n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > Directories Management > Policies. 2 Click Edit Policy to add a new policy. 3 Add a policy name and description in the respective text boxes. 4 In the Applies To section, click Select and in the page that appears, select the Web applications that are associated with this policy. 5 In the Policy Rules section, click + to add a rule.
PAGE 123
Configuring vRealize Automation Table 2‑8. User Authentication Types Supported by Directories Management Authentication Types Description Password (on-premise deployment) Without any configuration after Active Directory is configured, Directories Management supports Active Directory password authentication. This method authenticates users directly against Active Directory. Kerberos for desktops Kerberos authentication provides domain users with single sign-in access to their apps portal.
PAGE 124
Configuring vRealize Automation Configuring SecurID for Directories Management When you configure RSA SecurID server, you must add the Directories Management service information as the authentication agent on the RSA SecurID server and configure the RSA SecurID server information on the Directories Management service. When you configure SecurID to provide additional security, you must ensure that your network is properly configured for your Directories Management deployment.
PAGE 125
Configuring vRealize Automation 2 Download the compressed configuration file and extract the sdconf.rec file. Be prepared to upload this file later when you configure RSA SecurID in Directories Management. What to do next Go to the administration console and in the Identity & Access Management tab Setup pages, select the connector and in the AuthAdapters page configure SecurID.
PAGE 126
Configuring vRealize Automation 6 Option Action Server Configuration Upload the RSA SecurID server configuration file. First, you must download the compressed file from the RSA SecurID server and extract the server configuration file, which by default is named sdconf.rec. Node Secret Leaving the node secret field blank allows the node secret to auto generate. It is recommended that you clear the node secret file on the RSA SecurID server and intentionally do not upload the node secret file.
PAGE 127
Configuring vRealize Automation You can set up a secondary Radius authentication server to be used for high availability. If the primary RADIUS server does not respond within the server timeout configured for RADIUS authentication, the request is routed to the secondary server. When the primary server does not respond, the secondary server receives all future authentication requests. Configure RADIUS Authentication in Directories Management You enable RADIUS software on an authentication manager server.
PAGE 128
Configuring vRealize Automation Option Action Number of attempts to Radius server Specify the total number of retry attempts. If the primary server does not respond, the service waits for the configured time before retrying again. Radius server hostname/addr ess Enter the host name or the IP address of the RADIUS server. Authentication port Enter the Radius authentication port number. This is usually 1812. Accounting port Enter 0 for the port number. The accounting port is not used at this time.
PAGE 129
Configuring vRealize Automation The smart card certificates are copied to the local certificate store on the user's computer. The certificates in the local certificate store are available to all the browsers running on this user's computer, with some exceptions, and therefore, are available to a Directories Management instance in the browser. n Using User Principal Name for Certificate Authentication You can use certificate mapping in Active Directory.
PAGE 130
Configuring vRealize Automation If a user cannot authenticate, the root CA and intermediate CA might not be set up correctly, or the service has not been restarted after the root and intermediate CAs were uploaded to the server. In these cases, the browser cannot show the installed certificates, the user cannot select the correct certificate, and certificate authentication fails.
PAGE 131
Configuring vRealize Automation n (Optional) A list of the Object Identifiers (OID) of valid certificate policies for certificate authentication. n For revocation checking, the file location of the certificate revocation list and the URL of the OCSP server. n (Optional) OCSP Response Signing certificate file location. n Consent form content, if a consent form is required to display before authentication.
PAGE 132
Configuring vRealize Automation 5 Option Description OCSP URL If you enabled OCSP revocation, enter the OCSP server address for revocation checking. OCSP responder's signing certificate Enter the path to the OCSP certificate for the responder, /path/to/file.cer. Enable consent form before authentication Select this check box to include a consent form page to appear before users log in to their My Apps portal using certificate authentication.
PAGE 133
Configuring vRealize Automation Prerequisites n Configure the network ranges that you want to direct to this identity provider instance for authentication. See Add or Edit a Network Range. n Access to the third-party metadata document. This can be either the URL to the metadata or the actual metadata. n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Navigate to the Administration > Directories Management > Identity Providers.
PAGE 134
Configuring vRealize Automation n Add the authentication method of the identity provider to the services default policy. See the Setting Up Resources in Directories Management guide for information about adding and customizing resources that you add to the catalog.
PAGE 135
Configuring vRealize Automation 2 3 Edit an existing network range or add a new network range. Option Description Edit an existing range Click the network range name to edit. Add a range Click Add Network Range to add a new range. Complete the form. Form Item Description Name Enter a name for the network range. Description Enter a description for the Network Range. View Pods The View Pods option only appears when the View module is enabled. Client Access URL Host.
PAGE 136
Configuring vRealize Automation 5 In the Attributes section, add the Directories Management directory attribute name to the list. 6 Click Save. The default attribute status is updated and attributes you added are added on the directory's Mapped Attributes list. 7 After the directory is created, go to the Identity Stores page and select the directory. 8 Click Sync Settings > Mapped Attributes.
PAGE 137
Configuring vRealize Automation 3 To open a policy rule page to edit, click the authentication name in the Authentication Method column, or to add a new policy rule, click the + icon. a Verify that the network range is correct. If adding a new rule, select the network range for this policy rule. b Select which type of device that this rule manages from the and the user is trying to access content from... drop-down menu. c Configure the authentication order.
PAGE 138
Configuring vRealize Automation Configuring Kerberos for Directories Management Kerberos authentication provides users who are successfully signed in to their Active Directory domain to access their apps portal without additional credential prompts. You enable Windows authentication to allow the Kerberos protocol to secure interactions between users' browsers and the Directories Management service. You do not need to directly configure Active Directory to make Kerberos function with your deployment.
PAGE 139
Configuring vRealize Automation 3 On the Join Domain page, enter the information for the Active Directory domain. Option Description Domain Enter the fully qualified domain name of the Active Directory. The domain name you enter must be the same Windows domain as the connector server. Domain User Enter the user name of an account in the Active Directory that has permissions to join systems to that Active Directory domain. Domain Password Enter the password associated with the AD Username.
PAGE 140
Configuring vRealize Automation Kerberos authentication works in conjunction with Directories Management on Windows operating systems. Note Do not implement these Kerberos-related steps on other operating systems. Prerequisites Configure the Internet Explorer browser for each user or provide users with the instructions after you configure Kerberos. Procedure 1 Verify that you are logged into Windows as a user in the domain. 2 In Internet Explorer, enable automatic log in.
PAGE 141
Configuring vRealize Automation 5 Verify that Internet Explorer is allowed to pass the Windows authentication to the trusted site. a In the Internet Options dialog box, click the Advanced tab. b Select Enable Integrated Windows Authentication. This option takes effect only after you restart Internet Explorer. c 6 Click OK. Log in to the Web interface to check access. If Kerberos authentication is successful, the test URL goes to the Web interface.
PAGE 142
Configuring vRealize Automation The Kerberos protocol secures all interactions between this Firefox browser instance and Directories Management. Now, users can use single sign-on access their My Apps portal. Configure the Chrome Browser to Access the Web Interface You must configure the Chrome browser if Kerberos is configured for your deployment and if you want to grant users access to the Web interface using the Chrome browser.
PAGE 143
Configuring vRealize Automation If your connector instance does not have an Internet connection, you can perform the upgrade offline. For an offline upgrade, you download the upgrade package and set up a local Web server to host the upgrade file. Intended Audience This information is intended for anyone who installs, upgrades, and configures Directories Management. The information is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology.
PAGE 144
Configuring vRealize Automation Enable your proxy to handle only Internet traffic. To ensure that the proxy is set up correctly, set the parameter for internal traffic to no-proxy within the domain. Note Proxy servers that require authentication are not supported. Prerequisites n Verify that you have the root password for the connector appliance. n Verify that you have the proxy server information. Procedure 1 Log in to the connector appliance as the root user.
PAGE 145
Configuring vRealize Automation Procedure 1 Log in to the connector appliance as the root user. 2 Run the following command. /usr/local/horizon/update/updatemgr.hzn updateinstaller 3 Run the following command to check that on online upgrade exists. /usr/local/horizon/update/updatemgr.hzn check 4 Run the following command to update the appliance. /usr/local/horizon/update/updatemgr.hzn update Messages that occur during the upgrade are saved to the update.log file at /opt/vmware/var/log/update.log.
PAGE 146
Configuring vRealize Automation n Configure the connector appliance to user a local Web server to host the upgrade file. See Prepare a Local Web Server for Offline Upgrade. Procedure 1 Prepare a Local Web Server for Offline Upgrade Before you start the offline connector upgrade, prepare the local Web server by creating a directory structure that includes a subdirectory for the connector appliance.
PAGE 147
Configuring vRealize Automation Prerequisites Prepare a local Web server for offline upgrade. Procedure 1 Log in to the connector appliance as the root user. 2 Run the following command to configure an upgrade repository that uses a local Web server. /usr/local/horizon/update/updatelocal.hzn seturl http://YourWebServer/VM/ Note To undo the configuration and restore the ability to perform an online upgrade, you can run the following command. /usr/local/horizon/update/updatelocal.
PAGE 148
Configuring vRealize Automation The connector upgrade is complete. Configuring Settings After Upgrading an External Connector After upgrading to connector 2016.3.1.0 or later, you may need to configure some settings. Rejoin Domain with Kerberos Authentication If you use Kerberos authentication or Active Directory (Integrated Windows Authentication) directories, you must leave the domain and then rejoin it. This is required for all the connector virtual appliances in your deployment.
PAGE 149
Configuring vRealize Automation Troubleshooting External Connector Upgrade Errors You can troubleshoot vRA Directories Management external connector upgrade problems by reviewing the error logs. If the connector does not start, you can revert to a previous instance by rolling back to a snapshot. n Checking the Upgrade Error Logs Resolve errors that occur during upgrade by reviewing the error logs. Upgrade log files are in the /opt/vmware/var/log directory.
PAGE 150
Configuring vRealize Automation Collecting a Log File Bundle You can collect a bundle of log files to send to VMware support. You obtain the bundle from the connector configuration page. The following log files are collected in the bundle. Table 2‑9. Log Files Component Location of Log File Description Apache Tomcat Logs (catalina.log) /opt/vmware/horizon/workspace/logs/catal ina.log Apache Tomcat records messages that are not recorded in other log files. Configurator Logs (configurator.
PAGE 151
Configuring vRealize Automation Prerequisites n Install a distributed vRealize Automation deployment with appropriate load balancers. See Installing vRealize Automation 7.2. n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > Directories Management > Directories. 2 Click Add Directory. 3 Enter your specific Active Directory account settings, and accept the default options.
PAGE 152
Configuring vRealize Automation f Click to add additional users. For example, enter as CN-username,CN=Users,OU-myUnit,DC=myCorp,DC=com. To exclude users, click + to create a filter to exclude some types of users. You select the user attribute to filter by, the query rule, and the value. g 9 Click Next. Review the page to see how many users and groups are syncing to the directory and click Sync Directory.
PAGE 153
Configuring vRealize Automation Directories Management supports multiple identity providers and connector clusters for each configured Active Directory. To use smart card authentication, you can set up either a single external connector or a connector cluster with an appropriate identity provider behind a load balancer that permits SSL passthrough. There are various certificate configuration options available for use with smart card authentication.
PAGE 154
Configuring vRealize Automation You can configure a single connector or a connector cluster. If you want to use a connector cluster, repeat this procedure for each connector that you need. Prerequisites n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > Directories Management > Connectors 2 Type a name for the new connector in the Connector ID Name text box. 3 Press Enter.
PAGE 155
Configuring vRealize Automation Page Description Disk Format Select the disk format for the files. For production environments, select a Thick Provision format. Use the Thin Provision format for evaluation and testing. Network Mapping Map the networks in your environment to the networks in the OVF template. Properties a In the Timezone setting field, select the correct time zone. b The Customer Experience Improvement Program checkbox is selected by default.
PAGE 156
Configuring vRealize Automation 3 Create strong passwords for the following connector virtual appliance administrator accounts. Strong passwords should be at least eight characters long and include uppercase and lowercase characters and at least one digit or special character. Option Description Appliance Administrator Create the appliance administrator password. The user name is admin and cannot be changed.
PAGE 157
Configuring vRealize Automation Procedure 1 Log in to the connector appliance administrative page as an admin user at the following location: Https://myconnector.mycompany:8443/cfg 2 In the administration console, click Appliance Settings. VA configuration is selected by default. 3 Click Manage Configuration. 4 In the dialog box that appears, enter the Directories Management server admin user password. 5 Select Install Certificate.
PAGE 158
Configuring vRealize Automation Certificate Chain Example dR9Vpg3WQTjlQvt9W5+C3HU17bUOwvhp/r0+ ... ... ... 5j5xsxzDJfWr1lqW53+O0BlFF/OkIYCPcyK1 -----END CERTIFICATE----Private Key Example -----BEGIN RSA PRIVATE KEY----jlQvtg3WQT5+C3HU17bU9WdR9VpOwvhp/r0+ ... ... ... 1lqBlFFW53+O05j5xsxzDJfWr/OkIYCPcyK1 -----END RSA PRIVATE KEY----- Create a Workspace Identity Provider You must create a Workspace identity provider for use with an external connector.
PAGE 159
Configuring vRealize Automation Configure Certificate Authentication and Configure Default Access Policy Rules You must configure your external connection for use with your vRealize Automation Active Directory and domain. Prerequisites Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > Directories Management > Connectors. 2 Select the Desired connector in the Worker column.
PAGE 160
Configuring vRealize Automation Procedure 1 Select Administration > Directories Management > Directories. 2 Click Add Directory. 3 On the Add Directory page, specify a name for the Active Directory server in the Directory Name text box. 4 Select Active Directory (Integrated Windows Authentication) under the Directory Name heading.
PAGE 161
Configuring vRealize Automation 13 Click to select the groups you want to sync from Active Directory to the directory. When you add an Active Directory group, if members of that group are not in the Users list, they are added. Note The Directories Management user authentication system imports data from Active Directory when adding groups and users, and the speed of the system is limited by Active Directory capabilities.
PAGE 162
Configuring vRealize Automation 2 Enter a user or group name in the Search box and press Enter. Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain. 3 Click the name of the user or group to which you want to assign roles. 4 Select one or more roles from the Add Roles to this User list. The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
PAGE 163
Configuring vRealize Automation 7 Add users and groups to create your custom group. a Enter a user or group name in the Search box and press Enter. Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain. b 8 Select the user or group to add to your custom group. Click Add.
PAGE 164
Configuring vRealize Automation 3 Configure the business group details. Option Description Name Enter the name for the business group. Description Enter the description. Send manager emails to Enter one or more user names or group names. Separate multiple entries with a comma. For example, JoeAdmin@mycompany.com,WeiMgr@mycompany.com. Active Directory Policy Select the default Active Directory policy for the business group. 4 Add custom properties.
PAGE 165
Configuring vRealize Automation What to do next n Create a reservation for your business group based on where the business group provisions machines. See Choosing a Reservation Scenario. n If the catalog items are published and the services exist, you can create an entitlement for the business group members. See Entitle Users to Services, Catalog Items, and Actions.
PAGE 166
Configuring vRealize Automation 2 Scenario: Connect Your Corporate Active Directory to vRealize Automation for Rainpole As a tenant administrator, you want vRealize Automation to authenticate logins against your corporate active directory. You configure a connection between vRealize Automation and your single domain active directory over LDAP.
PAGE 167
Configuring vRealize Automation 8 Click OK. 9 Click the New icon ( ). 10 Create a local user account that you and your architects can later configure for testing blueprints and catalog access. Option Input First Name test Last Name user Email Enter an email address or use the placeholder test_user@rainpole.com. Username test_user Password VMware1! 11 Click OK. 12 Click the Administrators tab. 13 Enter Rainpole in the Tenant administrators search box and press Enter.
PAGE 168
Configuring vRealize Automation 5 Enter your specific Active Directory account settings, and accept the default options. Option Sample Input Directory Name Add the IP address of your active directory domain name. Sync Connector vra01svr01.rainpole.local Base DN Enter the Distinguished Name (DN) of the starting point for directory server searches. For example, cn=users,dc=rainpole,dc=local.
PAGE 169
Configuring vRealize Automation Scenario: Configure Branding for the Default Tenant for Rainpole Using your tenant administrator privileges, you customize the look and feel of the vRealize Automation console. You upload a new logo, change the colors, update the header and footer information, and configure the login screen branding. Procedure 1 Select Administration > Branding > Header & Footer Branding. 2 Deselect the Use default check box. 3 Follow the prompts to create a header. 4 Click Next.
PAGE 170
Configuring vRealize Automation 4 Select roles from the Add Roles to this Group list. You cannot assign IaaS administrator, fabric administrator, business group manager, or business user roles on this page. You assign those roles while you configure vRealize Automation. Option Description Tenant administrator Responsible for user and group management, tenant branding and notifications, and business policies such as approvals and entitlements.
PAGE 171
Configuring vRealize Automation 7 Search for Rainpole architects in the IaaS administrators search box and select your custom group. 8 Click Finish. 9 Log out of the console. Any member of your custom group can now manage cloud, virtual, networking, and storage infrastructure for all tenants in your vRealize Automation instance. You can update membership of the group at any time to grant or revoke these privileges.
PAGE 172
Configuring vRealize Automation Specify Tenant Information The first step to configuring a tenant is to name the new tenant and add it to vRealize Automation and create the tenant-specific access URL. Prerequisites Log in to the vRealize Automation console as a system administrator. Procedure 1 Select Administration > Tenants. 2 Click the New icon ( 3 Enter a name in the Name text box. 4 (Optional) Enter a description in the Description text box.
PAGE 173
Configuring vRealize Automation 4 Enter the user ID and password for the user in the User name and Password fields. 5 Click the Add button. 6 Repeat these steps as applicable for all local users of the tenant. The specified local users are created for the tenant. Appoint Administrators You can appoint one or more tenant administrators and IaaS administrators from the identity stores you configured for a tenant.
PAGE 174
Configuring vRealize Automation Procedure 1 Select Administration > Tenants. 2 Select the tenant that you want to delete. Do not click the actual name to select the tenant. Doing so will open the tenant for editing. 3 Click Delete. The tenant is deleted from your vRealize Automation deployment. (Optional) Configuring Custom Branding vRealize Automation enables you to apply custom branding to tenant login and application pages.
PAGE 175
Configuring vRealize Automation 6 If desired, click Upload beneath the Image (optional) field, then navigate to the appropriate folder and select an additional image file. 7 If desired, enter the appropriate hex codes in the Background color, Masthead color, Login button background color and Login button foreground color fields. Search the internet for a list of hex color codes if needed. 8 Click Save to apply your settings. Tenant users see the custom branding on their login pages.
PAGE 176
Configuring vRealize Automation d Enter the appropriate hex color code for the application perimeter background color in the Background hex color field. Search the internet for a list of hex color codes if needed. e Enter the appropriate hex code for the text color in the Text hex color field. Search the internet for a list of hex text color codes if needed. 7 f Click Next to activate the Footer tab. g Type the desired statement into the Copyright notice field.
PAGE 177
Configuring vRealize Automation Configure an outbound mail server to send notifications. Do you want users to be able to respond to notifications? Yes Configure an inbound mail server to receive notifications. No Enable notifications for any events you want to allow users to receive updates for. Do you want to customize the templates for IaaS notifications? Yes TEMPLATE Edit the configuration files that control IaaS notifications.
PAGE 178
Configuring vRealize Automation Table 2‑10. Checklist for Configuring Notifications Task Configure an outbound email server to send notifications. (Optional) Configure an inbound email server so that users can complete tasks by responding to notifications. Required Role n System administrators configure default global servers. n Tenant administrators configure servers for their tenants. n System administrators configure default global servers.
PAGE 179
Configuring vRealize Automation Configuring Global Email Servers for Notifications Tenant administrators can add email servers as part of configuring notifications for their own tenants. As a system administrator, you can set up global inbound and outbound email servers that appear to all tenants as the system defaults. If tenant administrators do not override these settings before enabling notifications, vRealize Automation uses the globally configured email servers.
PAGE 180
Configuring vRealize Automation 18 Click Add. Create a Global Outbound Email Server System administrators create a global outbound email server to handle outbound email notifications. You can create only one outbound server, which appears as the default for all tenants. If tenant administrators do not override these settings before enabling notifications, vRealize Automation uses the globally configured email server. Prerequisites Log in to the vRealize Automation console as a system administrator.
PAGE 181
Configuring vRealize Automation Add a Tenant-Specific Outbound Email Server Tenant administrators can add an outbound email server to send notifications for completing work items, such as approvals. Each tenant can have only one outbound email server. If your system administrator has already configured a global outbound email server, see Override a System Default Outbound Email Server. Prerequisites n Log in to the vRealize Automation console as a tenant administrator.
PAGE 182
Configuring vRealize Automation 12 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 13 Click Test Connection. 14 Click Add. Add a Tenant-Specific Inbound Email Server Tenant administrators can add an inbound email server so that users can respond to notifications for completing work items, such as approvals.
PAGE 183
Configuring vRealize Automation 9 (Optional) Select Delete From Server to delete from the server all processed emails that are retrieved by the notification service. 10 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 11 Click Test Connection. 12 Click Add.
PAGE 184
Configuring vRealize Automation 11 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 12 Click Test Connection. 13 Click Add. Override a System Default Inbound Email Server If the system administrator has configured a system default inbound email server, tenant administrators can override this global setting.
PAGE 185
Configuring vRealize Automation 10 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 11 Click Test Connection. 12 Click Add. Revert to System Default Email Servers Tenant administrators who override system default servers can revert the settings back to the global settings.
PAGE 186
Configuring vRealize Automation You can change the setting that defines the number of days before a machine's expiration date that vRealize Automation sends an expiration notification email. The email notifies users of a machine's expiration date. By default, the setting is 7 days prior to machine expiration. Procedure 1 Log in to the vRealize Automation server by using credentials with administrative access. 2 Navigate to and open the /etc/vcac/setenv-user file.
PAGE 187
Configuring vRealize Automation Procedure 1 Click Preferences. 2 Select the Enabled check box for the Email protocol in the Notifications table. 3 Click Apply. 4 Click Close. (Optional) Create a Custom RDP File to Support RDP Connections for Provisioned Machines System administrators create a custom remote desktop protocol file that IaaS architects use in blueprints to configure RDP settings.
PAGE 188
Configuring vRealize Automation You have a datacenter in London, and a datacenter in Boston, and you do not want users in Boston provisioning machines on your London infrastructure or vice versa. To ensure that Boston users provision on your Boston infrastructure, and London users provision on your London infrastructure, you want to allow users to select an appropriate location for provisioning when they request machines.
PAGE 189
Configuring vRealize Automation Configuring vRealize Orchestrator and Plug-Ins VMware vRealize ™ Orchestrator ™ is an automation and management engine that extends vRealize Automation to support XaaS and other extensibility. vRealize Orchestrator allows administrators and architects to develop complex automation tasks by using the workflow designer, and then access and run the workflows from vRealize Automation.
PAGE 190
Configuring vRealize Automation What to do next Repeat the procedure for all of the tenants for which you want to define a default workflow folder. Configure an External vRealize Orchestrator Server You can set up vRealize Automation to use an external vRealize Orchestrator server. System administrators can configure the default vRealize Orchestrator server globally for all tenants. Tenant administrators can configure the vRealize Orchestrator server only for their tenants.
PAGE 191
Configuring vRealize Automation 8 Click Update. You configured the connection to the external vRealize Orchestrator server, and the vCAC workflows folder and the related utility actions are automatically imported. The vCAC > ASD workflows folder contains workflows for configuring endpoints and creating resource mappings. What to do next Configure the vRealize Orchestrator plug-ins as endpoints. See Configuring XaaS Resources.
PAGE 192
Configuring vRealize Automation Procedure 1 Navigate to the vRealize Automation appliance management console by using its fully qualified domain name, https://vra-va-hostname.domain.name. 2 Click vRealize Orchestrator Client. The client file is downloaded. 3 Click the download and following the prompts. 4 On the vRealize Orchestrator log in page, enter the IP or the domain name of the vRealize Automation appliance in the Host name text box, and 443 as the default port number.
PAGE 193
Configuring Resources 3 You can configure resources such as endpoints, reservations, and network profiles to support vRealize Automation blueprint definition and machine provisioning.
PAGE 194
Configuring vRealize Automation Table 3‑1. Checklist for Configuring IaaS Resources Task Store administrator-level credentials to your infrastructure. vRealize Automation Role Details IaaS administrator Store User Credentials.
PAGE 195
Configuring vRealize Automation 5 Enter the user name in the User name text box. Platform Format and Details vSphere domain\username Provide credentials with permission to modify custom attributes. username as specified in the endpoint user interface vCloud Air Provide credentials for an organization administrator with rights to connect by using VMware Remote Console.
PAGE 196
Configuring vRealize Automation What to do next Now that your credentials are stored, you are ready to create an endpoint. See Choosing an Endpoint Scenario. Choosing an Endpoint Scenario You create the endpoints that allow vRealize Automation to communicate with your infrastructure. Depending on your machine provisioning needs, the procedure to create an endpoint differs. Choose an endpoint scenario based on the target endpoint type. Table 3‑2.
PAGE 197
Configuring vRealize Automation Prerequisites n Log in to the vRealize Automation console as an IaaS administrator. n You must install a vSphere proxy agent to manage your vSphere endpoint, and you must use exactly the same name for your endpoint and agent. For information about installing the agent, see Installing vRealize Automation 7.2. n If your system administrator did not configure the proxy to use integrated credentials, you must store administrator-level credentials for your endpoint.
PAGE 198
Configuring vRealize Automation Create a vSphere Endpoint with Network and Security Integration You can create endpoints that allow vRealize Automation to communicate with the vSphere environment, and an NSX instance. Prerequisites n Log in to the vRealize Automation console as an IaaS administrator. n You must install a vSphere proxy agent to manage your vSphere endpoint, and you must use exactly the same name for your endpoint and agent.
PAGE 199
Configuring vRealize Automation 9 Click OK. vRealize Automation collects data from your endpoint and discovers your compute resources. Important Do not rename vSphere data centers after the initial data collection or provisioning might fail. What to do next Add the compute resources from your endpoint to a fabric group. See Create a Fabric Group.
PAGE 200
Configuring vRealize Automation Configuring vRealize Orchestrator Endpoints for Networking If you are using vRealize Automation workflows to call vRealize Orchestrator workflows, you must configure the vRealize Orchestrator instance or server as an endpoint. For information about adding a vRealize Orchestrator endpoint, see Create a vRealize Orchestrator Endpoint.
PAGE 201
Configuring vRealize Automation Procedure 1 Select Infrastructure > Endpoints > Endpoints. 2 Select New > IPAM. Select a registered external IPAM provider endpoint type such as Infoblox. External IPAM provider endpoints are only available if you imported a third-party vRealize Orchestrator package, and run the package workflows to register the endpoint type. For Infoblox IPAM, only primary IPAM endpoint types are listed. You can specify secondary IPAM endpoint types by using custom properties.
PAGE 202
Configuring vRealize Automation For information about vCloud Air Management Console, see vCloud Air documentation. Note Reservations defined for vCloud Air endpoints and vCloud Director endpoints do not support the use of network profiles for provisioning machines. Prerequisites n Log in to the vRealize Automation console as an IaaS administrator. n Verify that you have Virtual Infrastructure Administrator authorization for your vCloud Air subscription service or OnDemand account.
PAGE 203
Configuring vRealize Automation Create a vCloud Director Endpoint You can create a vCloud Director endpoint to manage all of the vCloud Director virtual data centers (vDCs) in your environment, or you can create separate endpoints to manage each vCloud Director organization. For information about Organization vDCs, see vCloud Director documentation. Do not create a single endpoint and individual organization endpoints for the same vCloud Director instance.
PAGE 204
Configuring vRealize Automation 6 If you are an organization administrator, you can enter a vCloud Director organization name in the Organization text box. Option Description Discover all Organization vCDs If you have implemented vCloud Director in a private cloud, you can leave the Organization text box blank to allow the application to discover all the available Organization vDCs. Separate endpoints for each Organization vCD Enter a vCloud Director organization name in the Organization text box.
PAGE 205
Configuring vRealize Automation For related information, see Preparing Your SCVMM Environment. Procedure 1 Select Infrastructure > Endpoints > Endpoints. 2 Select New > Virtual > Hyper-V (SCVMM). 3 Enter a name in the Name text box. 4 (Optional) Enter a description in the Description text box. 5 Enter the URL for the endpoint in the Address text box. The URL must be of the type: FQDN or IP_address. For example: mycompany-scvmm1.mycompany.local.
PAGE 206
Configuring vRealize Automation What to do next Add the compute resources from your endpoint to a fabric group. See Create a Fabric Group. Create a NetApp ONTAP Endpoint You can create endpoints to allow vRealize Automation to communicate with storage devices that use Net App FlexClone technology. Prerequisites n Log in to the vRealize Automation console as an IaaS administrator. n Store User Credentials. Procedure 1 Select Infrastructure > Endpoints > Endpoints.
PAGE 207
Configuring vRealize Automation Procedure 1 Select Infrastructure > Endpoints > Endpoints. 2 Select New > Virtual > KVM (RHEV). 3 Enter a name in the Name text box. 4 (Optional) Enter a description in the Description text box. 5 Enter the URL for the endpoint in the Address text box. The URL must be of the type: https://FQDN or https://IP_address For example, https://mycompany-kvmrhev1.mycompany.local.
PAGE 208
Configuring vRealize Automation 4 (Optional) Enter a description in the Description text box. 5 Click OK. vRealize Automation collects data from your endpoint and discovers your compute resources. What to do next Add the compute resources from your endpoint to a fabric group. See Create a Fabric Group. Create a XenServer Endpoint You can create endpoints to allow vRealize Automation to communicate with the XenServer environment and discover compute resources, collect data, and provision machines.
PAGE 209
Configuring vRealize Automation 3 Enter a name and, optionally, a description. Typically this name indicates the Amazon Web Services account that corresponds to this endpoint. 4 Click Credentials and select the administrative-level credentials you stored for this endpoint. Only one endpoint can be associated with an Amazon access key ID. 5 (Optional) Click the Use proxy server checkbox to configure additional security and force connections to Amazon Web Services to pass through a proxy server.
PAGE 210
Configuring vRealize Automation 3 Add a new instance type, specifying the following parameters. Information about the available Amazon instances types and the setting values that you can specify for these parameters is available from Amazon Web Services documentation in EC2 Instance Types Amazon Web Services (AWS) at aws.amazon.com/ec2 and Instance Types at docs.aws.amazon.com.
PAGE 211
Configuring vRealize Automation Prerequisites n Configure a Microsoft Azure instance and obtain a valid Microsoft Azure subscription from which you can use the subscription ID. See http://www.vaficionado.com/2016/11/using-new-microsoft-azure-endpoint-vrealize-automation-7-2/ for more information about configuring Azure and obtaining a subscription ID. n Your vRealize Automation deployment must have at least one tenant and one business group.
PAGE 212
Configuring vRealize Automation Parameter Description Azure subscription id The identifier for your Azure subscription. The ID defines the storage accounts, virtual machines and other Azure resources to which you have access. Resource manager settings Azure service URI The URI through which you gain access to your Azure instance. The default value of https://management.azure.com/ is appropriate for many typical implementations. Tenant Id The Azure tenant ID that you want the endpoint to use.
PAGE 213
Configuring vRealize Automation Action Options Create an Azure resource group n Create the resource group using the Azure portal. See the Azure documentation for specific instructions. n Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Resource/Create resource group. Create an Azure storage account n In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow.
PAGE 214
Configuring vRealize Automation 3 Enter a name and, optionally, a description. 4 Enter the URL for the endpoint in the Address text box. Option PowerVC Description The URL must be of the format https://FQDN/powervc/openstack/service. For example: https://openstack.mycompany.com/powervc/openstack/admin. Openstack The URL must be of the format FQDN:5000 or IP_address:5000. Do not include the /v2.0 suffix in the endpoint address. For example: https://openstack.mycompany.com:5000.
PAGE 215
Configuring vRealize Automation 5 Click Open. A CSV file opens that contains a list of endpoints in the following format: InterfaceType,Address,Credentials,Name,Description vCloud,https://abxpoint2vco,svc-admin,abxpoint2vco,abxpoint 6 Click Import. You can edit and manage your endpoints through the vRealize Automation console.
PAGE 216
Configuring vRealize Automation Problem Data collection fails for a vSphere endpoint. The log messages return an error similar to the following: This exception was caught: The attached endpoint 'vCenter' cannot be found. Cause The endpoint name you configure in vRealize Automation must match the endpoint name provided to the vSphere proxy agent during installation. Data collection fails for a vSphere endpoint if there is a mismatch between the endpoint name and the proxy agent name.
PAGE 217
Configuring vRealize Automation Procedure 1 Log in to vCloud Air console with administrative privileges. 2 From the vCloud Air dashboard, select your virtual data center. 3 Click the link to display a URL for the virtual data center for use in API commands. For example: https://mycompany.com:443/cloud/org/vCloudAutomation/.
PAGE 218
Configuring vRealize Automation Users who are currently logged in to the vRealize Automation console must log out and log back in to the vRealize Automation console before they can navigate to the pages to which they have been granted access. Configure Machine Prefixes You can create machine prefixes that are used to create names for machines provisioned through vRealize Automation. A machine prefix is required when defining a machine component in the blueprint design canvas.
PAGE 219
Configuring vRealize Automation Managing Key Pairs Key pairs are used to provision and connect to a cloud instance. A key pair is used to decrypt Windows passwords or to log in to a Linux machine. Key pairs are required for provisioning with Amazon AWS. For Red Hat OpenStack, key pairs are optional. Existing key pairs are imported as part of data collection when you add a cloud endpoint. A fabric administrator can also create and manage key pairs by using the vRealize Automation console.
PAGE 220
Configuring vRealize Automation Prerequisites n Log in to the vRealize Automation console as a fabric administrator. n You must already have a key pair. See Create a Key Pair. Procedure 1 Select Infrastructure > Reservations > Key Pairs. 2 Locate the key pair for which you want to upload a private key. 3 Click the Edit icon ( 4 Use one of the following methods to upload the key. ). n Browse for a PEM-encoded file and click Upload.
PAGE 221
Configuring vRealize Automation Network profiles are used to configure network settings when machines are provisioned. Network profiles also specify the configuration of NSX Edge devices that are created when you provision machines. You identify a network profile when you create reservations and blueprints. In a reservation, you can assign a network profile to a network path and specify any one of those paths for a machine component in a blueprint.
PAGE 222
Configuring vRealize Automation Table 3‑4. Available Network Types for a vRealize Automation Network Profile Network Type Description External Existing network configured on the vSphere server. They are the external part of the NAT and routed networks types. An external network profile can define a range of static IP addresses available on the external network.
PAGE 223
Configuring vRealize Automation You can assign a network profile to a vSphere machine component in a blueprint by adding an existing, on-demand NAT, or on-demand routed network component to the design canvas and selecting a network profile to which to connect the vSphere machine component. You can also assign network profiles to blueprints by using the custom property VirtualMachine.NetworkN.ProfileName, where N is the network identifier.
PAGE 224
Configuring vRealize Automation You can add or change the IP addresses in a network profile range by importing from a CSV file or by entering values manually. Or you can allow an external IPAM provider to supply IP addresses.
PAGE 225
Configuring vRealize Automation d n Enter the end IP address of the range. Click Import from CSV. a Browse to and select the CSV file or drag the CSV file into the Import from CSV dialog box. A row in the CSV file has the format ip_address, machine_name, status, NIC offset. For example: 100.10.100.1,mymachine01,Unallocated b CSV Field Description ip_address An IP address in IPv4 format. machine_name Name of a managed machine in vRealize Automation. If the field is empty, the default is no name.
PAGE 226
Configuring vRealize Automation Create an External Network Profile By Using the Supplied IPAM Endpoint You can create an external network profile to define network properties and a range of static IP addresses for use when provisioning machines on an existing network. You can define one or more network ranges of static IP addresses in the network profile for use in provisioning a machine.
PAGE 227
Configuring vRealize Automation 5 Enter an IP subnet mask in the Subnet mask text box. The subnet mask specifies the size of the entire routable address space that you want to define for your network profile. For example, enter 255.255.0.0. 6 Enter an Edge or routed gateway address in the Gateway text box. Use a standard IPv4 address format. For example, enter 10.10.110.1. The gateway IP address defined in the network profile is assigned to the NIC during allocation.
PAGE 228
Configuring vRealize Automation Procedure 1 Click the Network Ranges tab. 2 Click New to enter a new network range name and IP address range manually or click Import from CSV to import the IP address information from a properly formatted CSV file. n n Click New. a Enter a network range name. b Enter a network range description. c Enter the start IP address of the range. d Enter the end IP address of the range. Click Import from CSV.
PAGE 229
Configuring vRealize Automation 6 (Optional) Select a status type from the IP status drop-down menu to filter IP address entries to only those that match the selected IP status. Status settings are allocated, unallocated, destroyed, and expired. For IP addresses that are in an expired or destroyed state, you can click Reclaim to make those IP address ranges available for allocation. You must save the profile for the reclamation to take effect.
PAGE 230
Configuring vRealize Automation Specify External Network Profile Information By Using a Third-Party IPAM Endpoint An external network profile identifies network properties and settings for an existing network. An external network profile is a requirement of NAT and routed network profiles. If you registered and configured an IPAM endpoint in vRealize Orchestrator, you can specify that IP address information be supplied by an IPAM provider.
PAGE 231
Configuring vRealize Automation vRealize Automation only saves external IPAM range IDs in the database, not range details. If you edit a network profile on this page or on a blueprint, vRealize Automation calls the IPAM service to get range details based on the selected range IDs. Note There is a known issue with some third-party IPAM providers in which a query can time out when returning network ranges, resulting in an empty list.
PAGE 232
Configuring vRealize Automation 5 Click OK to complete the network profile. What to do next You can assign a network profile to a network path in a reservation or a blueprint architect can specify the network profile in a blueprint. Creating a Routed Network Profile For an On-Demand Network You can create an on-demand routed network profile that uses either the supplied vRealize Automation IPAM endpoint or a properly configured and registered third-party IPAM endpoint.
PAGE 233
Configuring vRealize Automation Prerequisites n Log in to the vRealize Automation console as a fabric administrator. n Create an external network profile. See Create an External Network Profile By Using the Supplied IPAM Endpoint. Procedure 1 Select Infrastructure > Reservations > Network Profiles. 2 Click New and select Routed from the drop-down menu. 3 Enter a name and, optionally, a description.
PAGE 234
Configuring vRealize Automation 10 Enter DNS and WINS values as needed. DNS values are used for DNS name registration and resolution. The DNS and WINS fields are optional if you are using an internal IPAM endpoint. If you are using an external IPAM endpoint, the DNS and WINS values are provided by the third-party IPAM provider. a (Optional) Enter a Primary DNS server value. b (Optional) Enter a Secondary DNS server value. c (Optional) Enter a DNS suffixes value.
PAGE 235
Configuring vRealize Automation You can use IP ranges obtained from the supplied VMware IPAM endpoint or from a third-party IPAM service provider endpoint that you have registered and configured in vRealize Orchestrator, such as Infoblox IPAM. An IP range is created from an IP block during allocation.
PAGE 236
Configuring vRealize Automation 6 Select a value in the Range subnet mask text box drop-down menu to determine how many network subnets are created for provisioning. For example, enter 255.255.255.0. The range subnet mask defines how you want to partition that space into individual address blocks that are allocated to every deployment instance of that network profile. When choosing a value for the range subnet mask, consider the number of deployments that you expect to use the routed network.
PAGE 237
Configuring vRealize Automation c Enter search syntax or select one or more IP blocks from the drop-down menu. d Click OK. 3 Click Apply. 4 Click OK. Create a NAT Network Profile for an On-Demand Network You can create an on-demand NAT network profile, relative to an external network profile. You can assign ranges of static IP and DHCP addresses to a NAT network profile. NAT networks use one set of IP addresses for external communication and another set of IP addresses for internal communication.
PAGE 238
Configuring vRealize Automation 5 Select an existing external network profile from the External Network Profile drop-down menu. Only external network profiles that are configured to use the specified IPAM endpoint are listed and available to select. 6 7 Select a one-to-one or one-to-many network address translation type from the NAT type drop-down menu. Option Description One-to-One Assign an external static IP address to each network adapter.
PAGE 239
Configuring vRealize Automation e (Optional) Enter a Preferred WINS server value. f (Optional) Enter an Alternate WINS server value. What to do next Configure NAT Network Profile IP Ranges. Configure NAT Network Profile IP Ranges You can define one or more ranges of static IP addresses for use in provisioning a network. You cannot overlap the start and end network range IP addresses with the DHCP addresses.
PAGE 240
Configuring vRealize Automation b 3 CSV Field Description status Allocated or Unallocated, case-sensitive. If the field is empty, the default value is Unallocated. If the status is Allocated, the machine_name field cannot be empty. NIC_offset A non-negative integer. Optional. Click Apply. Click OK. The IP range name appears in the defined ranges list. The IP addresses in the range appear in the defined IP addresses list.
PAGE 241
Configuring vRealize Automation Configuring Reservations and Reservation Policies A vRealize Automation reservation can define policies, priorities, and quotas that determine machine placement for provisioning requests. Reservation policies restrict machine provisioning to a subset of available reservations. Storage reservation policies allow blueprint architects to assign machine volumes to different datastores.
PAGE 242
Configuring vRealize Automation Choosing a Reservation Scenario You can create reservations to allocate resources to business groups. Depending on your scenario, the procedure to create a reservation differs. Choose a reservation scenario based on the target endpoint type. Each business group must have at least one reservation for its members to provision machines of that type. For example, a business group with an OpenStack reservation but not an Amazon reservation, cannot request a machine from Amazon.
PAGE 243
Configuring vRealize Automation The allocation model for a reservation depends on the allocation model in the associated datacenter. Available allocation models are Allocation Pool, Pay As You Go, and reservation pool. For information about allocation models, see thevCloud Director or vCloud Air documentation. In addition to defining the share of fabric resources allocated to the business group, a reservation can define policies, priorities, and quotas that determine machine placement.
PAGE 244
Configuring vRealize Automation n If the blueprint specifies a reservation policy, the reservation must belong to that reservation policy. Reservation policies are a way to guarantee that the selected reservation satisfies any additional requirements for provisioning machines from a specific blueprint. For example, if a blueprint uses a specific machine image, you can use reservation policies to limit provisioning to reservations associated with the regions that have the required image.
PAGE 245
Configuring vRealize Automation When you create an Amazon reservation or configure a machine component in the blueprint, you can choose from the list of security groups that are available to the specified Amazon account region. Security groups are imported during data collection. For information about creating and using security groups in Amazon Web Services, see Amazon documentation.
PAGE 246
Configuring vRealize Automation Prerequisites n Log in to the vRealize Automation console as a fabric administrator. n Verify that a tenant administrator created at least one business group. n Verify that a compute resource exists. n Configure network settings. n (Optional) Configure network profile information. n Verify that you have access to a desired Amazon network. For example, if you want to use VPC, verify that you have access to an Amazon Virtual Private Cloud (VPC) network.
PAGE 247
Configuring vRealize Automation For related information about load balancers, see Configuring vRealize Automation. Prerequisites Specify Amazon Reservation Information. Procedure 1 Click the Resouces tab. 2 Select a compute resource on which to provision machines from the Compute resource drop-down menu. Available Amazon regions are listed. 3 (Optional) Enter a number in the Machine quota text box to set the maximum number of machines that can be provisioned on this reservation.
PAGE 248
Configuring vRealize Automation 8 Select one or more security groups that can be assigned to a machine during provisioning from the Security groups list. Select each security group that can be assigned to a machine during provisioning. 9 Select one or more available load balancers from the Load balancers list. If you are using the elastic load balancer feature, select one or more available load balancers that apply to the selected locations or subnets. You can save the reservation now by clicking Save.
PAGE 249
Configuring vRealize Automation 11 Select Send alerts to group manager to include group managers in the email alerts. 12 Specify a reminder frequency (days). 13 Click Save. The reservation is saved and appears in the Reservations list. What to do next You can configure optional reservation policies or begin preparing for provisioning. Users who are authorized to create blueprints can create them now.
PAGE 250
Configuring vRealize Automation n Verify that any optional security groups or floating IP addresses are configured. n Verify that any required key pairs exist. See Managing Key Pairs. n Verify that a compute resource exists. n Configure network settings. Procedure 1 Select Infrastructure > Reservations > Reservations. 2 Click the New icon ( ) and select the type of reservation to create. Select OpenStack.
PAGE 251
Configuring vRealize Automation 2 Select a compute resource on which to provision machines from the Compute resource drop-down menu. Only templates located on the cluster you select are available for cloning with this reservation. During provisioning, machines are placed on a host that is connected to the local storage. If the reservation uses local storage, all the machines that are provisioned by the reservation are created on the host that contains that local storage.
PAGE 252
Configuring vRealize Automation 8 Configure a network path for machines provisioned by using this reservation. a (Optional) If the option is available, select a storage endpoint from the Endpoint drop-down menu. The FlexClone option is visible in the endpoint column if a NetApp ONTAP endpoint exists and if the host is virtual. If there is a NetApp ONTAP endpoint, the reservation page displays the endpoint assigned to the storage path.
PAGE 253
Configuring vRealize Automation 6 (Optional) Add any additional custom properties. 7 Click the Alerts tab. 8 Enable the Capacity Alerts check box to configure alerts to be sent. 9 Use the slider to set thresholds for available resource allocation. 10 Enter one or more user email addresses or group names to receive alert notifications in the Recipients text box. Press Enter to separate multiple entries. 11 Select Send alerts to group manager to include group managers in the email alerts.
PAGE 254
Configuring vRealize Automation Specify vCloud Air Reservation Information You can create a reservation for each vCloud Air machine subscription or OnDemand resource. Each reservation is configured for a specific business group to grant them access to request machines. You can control the display of reservations when adding, editing, or deleting by using the Filter By Category option on the Reservations page.
PAGE 255
Configuring vRealize Automation 9 (Optional) Deselect the Enable this reservation check box if you do not want this reservation active. Do not navigate away from this page. Your reservation is not complete. Specify Resources and Network Settings for a vCloud Air Reservation Specify resource and network settings available to vCloud Air machines that are provisioned from this vRealize Automation reservation.
PAGE 256
Configuring vRealize Automation 6 Select one or more listed storage paths. The available storage path options are derived from your compute resource selection. a Enter a value in the This Reservation Reserved text box to specify how much storage to allocate to this reservation. b Enter a value in the Priority text box to specify the priority value for the storage path relative to other storage paths that pertain to this reservation. The priority is used for multiple storage paths.
PAGE 257
Configuring vRealize Automation If configured, alerts are generated daily, rather than when the specified thresholds are reached. Important Notifications are only sent if email alerts are configured and notifications are enabled. Alerts are not available for Pay As You Go reservations that were created with no specified limits. Prerequisites Specify Resources and Network Settings for a vCloud Air Reservation Procedure 1 Click the Properties tab. 2 Click New. 3 Enter a valid custom property name.
PAGE 258
Configuring vRealize Automation Procedure 1 Specify vCloud Director Reservation Information You can create a reservation for each vCloud Director organization virtual datacenter (VDC). Each reservation is configured for a specific business group to grant them access to request machines on a specified compute resource.
PAGE 259
Configuring vRealize Automation 3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu. Data from the selected reservation appears. You can make changes as required for your new reservation. 4 Enter a name in the Name text box. 5 Select a tenant from the Tenant drop-down menu. 6 Select a business group from the Business group drop-down menu. Only users in this business group can provision machines by using this reservation.
PAGE 260
Configuring vRealize Automation Procedure 1 Click the Resouces tab. 2 Select a compute resource on which to provision machines from the Compute resource drop-down menu. Only templates located on the cluster you select are available for cloning with this reservation. 3 Select an allocation model. 4 (Optional) Enter a number in the Machine quota text box to set the maximum number of machines that can be provisioned on this reservation. Only machines that are powered on are counted towards the quota.
PAGE 261
Configuring vRealize Automation 8 Configure a network path for machines provisioned by using this reservation. a (Optional) If the option is available, select a storage endpoint from the Endpoint drop-down menu. The FlexClone option is visible in the endpoint column if a NetApp ONTAP endpoint exists and if the host is virtual. If there is a NetApp ONTAP endpoint, the reservation page displays the endpoint assigned to the storage path.
PAGE 262
Configuring vRealize Automation 5 (Optional) Check the Encrypted check box to encrypt the property value. 6 (Optional) Check the Prompt User check box to require that the user enter a value. This option cannot be overridden when provisioning. 7 Click Save. 8 (Optional) Add any additional custom properties. 9 Click the Alerts tab. 10 Enable the Capacity Alerts check box to configure alerts to be sent. 11 Use the slider to set thresholds for available resource allocation.
PAGE 263
Configuring vRealize Automation Configure Microsoft Azure Basic Reservation Information Specify basic information for a Microsoft Azure reservation. All information on the Reservation Information page are required except the Reservation Policy. All information on subsequent Azure reservation pages is optional. Procedure 1 Select Infrastructure > Administration > Reservations. 2 Click the New icon ( ) and select the type of reservation to create. Select Azure.
PAGE 264
Configuring vRealize Automation 2 Select the location for the reservation by clicking the Location drop-down. You can leave this field blank to create a location agnostic reservation, but if you do location information must be specified either when creating a blueprint or when provisioning an Azure virtual machine. 3 Click New in the Resource Groups table. a Paste the appropriate Resource Group name information from your Azure instance in the Name text box. Note The Name box cannot be left empty.
PAGE 265
Configuring vRealize Automation Procedure 1 Click New in the Networks table to configure the appropriate Azure virtual network to use with your virtual machine. a Paste the appropriate vNet name information from your Azure instance into the vNet text box. b Paste the appropriate Subnet name information from your Azure instance into the Subnet text box. The Subnet specification is optional. If you leave this box empty, the subnet of the specified vNet is used by default.
PAGE 266
Configuring vRealize Automation Scenario: Create an Amazon Reservation for a Proof of Concept Environment Because you used an SSH tunnel to temporarily establish network-to-Amazon VPC connectivity for your proof of concept environment, you have to add custom properties to your Amazon reservations to ensure the Software bootstrap agent and guest agent run communications through the tunnel.
PAGE 267
Configuring vRealize Automation Procedure 1 Select Infrastructure > Reservations > Reservations. 2 Click the New icon ( ) and select the type of reservation to create. Select Amazon. 3 Enter Amazon Tunnel POC in the Name text box. 4 Select the business group you created for your blueprint architects from the Business Group dropdown menu. 5 Enter a 1 in the Priority text box to set this reservation as the highest priority.
PAGE 268
Configuring vRealize Automation Scenario: Specify Custom Properties to Run Agent Communications Through Your Tunnel When you configured network-to-Amazon VPC connectivity, you configured port forwarding to allow your Amazon AWS tunnel machine to access vRealize Automation resources. You need to add tunnel custom properties on the reservation to configure the agents to access those ports.
PAGE 269
Configuring vRealize Automation Understanding Selection Logic for Reservations When a member of a business group create a provisioning request for a virtual machine, vRealize Automation selects a machine from one of the reservations that are available to that business group. The reservation for which a machine is provisioned must satisfy the following criteria: n The reservation must be of the same platform type as the blueprint from which the machine was requested.
PAGE 270
Configuring vRealize Automation Reservation policies are a way to guarantee that the selected reservation satisfies any additional requirements for provisioning machines from a specific blueprint. For example, you can use reservation policies to limit provisioning to compute resources with a specific template for cloning. If no reservation is available that meets all of the selection criteria, provisioning fails.
PAGE 271
Configuring vRealize Automation When vRealize Automation provisions machines with NAT or routed networking, it provisions a routed gateway as the network router. The Edge or routed gateway is a management machine that consumes compute resources. It also manages the network communications for the provisioned machine components. The reservation used to provision the Edge or routed gateway determines the external network used for NAT and routed network profiles.
PAGE 272
Configuring vRealize Automation 2 Specify Resource and Networking Settings for a Virtual Reservation Specify resource and network settings for provisioning machines from this vRealize Automation reservation. 3 Specify Custom Properties and Alerts for Virtual Reservations You can associate custom properties with a vRealize Automation reservation. You can also configure alerts to send email notifications when reservation resources are low.
PAGE 273
Configuring vRealize Automation 7 (Optional) Select a reservation policy from the Reservation policy drop-down menu. This option requires that one or more reservation policies exist. You can edit the reservation later to specify a reservation policy. You use a reservation policy to restrict provisioning to specific reservations. 8 Enter a number in the Priority text box to set the priority for the reservation. The priority is used when a business group has more than one reservation.
PAGE 274
Configuring vRealize Automation 5 Select one or more listed storage paths. The available storage path options are derived from your compute resource selection. For integrations that use Storage Distributed Resource Scheduler (SDRS) storage, you can select a storage cluster to allow SDRS to automatically handle storage placement and load balancing for machines provisioned from this reservation. The SDRS automation mode must be set to Automatic.
PAGE 275
Configuring vRealize Automation You can add as many custom properties as apply to your needs. Important Notifications are only sent if email alerts are configured and notifications are enabled. If configured, alerts are generated daily, rather than when the specified thresholds are reached. Prerequisites Specify Resource and Networking Settings for a Virtual Reservation. Procedure 1 Click the Properties tab. 2 Click New. 3 Enter a valid custom property name.
PAGE 276
Configuring vRealize Automation You can also assign a network profile to a blueprint by using the custom property VirtualMachine.NetworkN.ProfileName on the Properties tab of the New Blueprint or Blueprint Properties page. If you specify a network profile in a reservation and a blueprint, the blueprint value takes precedence. For example, if you specify a network profile in the blueprint by using the VirtualMachine.NetworkN.
PAGE 277
Configuring vRealize Automation You can use a reservation policy to collect resources into groups for different service levels, or to make a specific type of resource easily available for a particular purpose. When a user requests a machine, it can be provisioned on any reservation of the appropriate type that has sufficient capacity for the machine.
PAGE 278
Configuring vRealize Automation Create a Reservation Policy You can use reservation policies to group similar reservations together. Create the reservation policy first, then add the policy to reservations to allow a blueprint creator to use the reservation policy in a blueprint. The policy is created as an empty container. You can control the display of reservation policies when adding, editing, or deleting by using the Filter By Type option on the Reservation Policies page.
PAGE 279
Configuring vRealize Automation Assigning the volumes of a virtual machine to different datastores or to a different storage profile allows blueprint architects to control and use storage space more effectively. For example, they might deploy the operating system volume to a slower, less expensive datastore, or storage profile, and the database volume to a faster datastore or storage profile. Some machine endpoints only support a single storage profile, while others support multi-level disk storage.
PAGE 280
Configuring vRealize Automation 2 Assign a Storage Reservation Policy to a Datastore You can associate a storage reservation policy to a compute resource. After the storage reservation policy is created, populate it with datastores. A datastore can belong to only one storage reservation policy. Add multiple datastores to create a group of datastores for use with a blueprint.
PAGE 281
Configuring vRealize Automation 6 Select a storage reservation policy from the Storage Reservation Policy column drop-down menu. After you provision a machine, you cannot change its storage reservation policy if doing so would change the storage profile on a disk. 7 Click the Save icon ( 8 Click OK. 9 (Optional) Assign additional datastores to your storage reservation policy. ).
PAGE 282
Configuring vRealize Automation You do not need to create a vSphere endpoint, because you already created one when you requested the initial content catalog item. Procedure 1 Select Infrastructure > Fabric Groups. 2 Click the New icon ( 3 Enter Rainpole fabric in the Name text box. 4 Search for Rainpole architects in the Fabric administrators search box and select your custom ). group. 5 Select the compute resource from your vSphere environment to include in your fabric group. 6 Click OK.
PAGE 283
Configuring vRealize Automation Procedure 1 Select Administration > Users and Groups > Business Groups. 2 Click the New icon ( 3 Enter Rainpole business group in the Name text box. 4 Enter one or more email addresses in the Send manager emails to text box. ). For example, enter your own email address, or the email address of your IT manager. 5 Add a custom property to assist your architects with troubleshooting their blueprints.
PAGE 284
Configuring vRealize Automation Procedure 1 Select Infrastructure > Reservations > Reservations. 2 Click the New icon ( 3 Select vSphere from the drop-down menu. 4 Enter the reservation information. ). Option Input Name Rainpole reservation Tenant vsphere.local Business Group Rainpole business group Priority 1 5 Select the Resources tab. 6 Enter the resources information from your deployment environment.
PAGE 285
Configuring vRealize Automation You have a datacenter in London, and a datacenter in Boston, and you don't want users in Boston provisioning machines on your London infrastructure or vice versa. To ensure that Boston users provision on your Boston infrastructure, and London users provision on your London infrastructure, you want to allow users to select an appropriate location for provisioning when they request machines. Prerequisites n Log in to the vRealize Automation console as a fabric administrator.
PAGE 286
Configuring vRealize Automation Table 3‑6. Preparing for Provisioning a vRealize Automation Deployment Using Infoblox IPAM Checklist Task Location Details Obtain, import, and configure the external IPAM solution provider plug-in or package. Obtain and import the vRealize Orchestrator plug-in, run the vRealize Orchestrator configuration workflows, and register the IPAM provider endpoint type in vRealize Orchestrator. See Checklist for Preparing For Third-Party IPAM Provider Support.
PAGE 287
Configuring vRealize Automation When you add a vRealize Orchestrator plug-in as an endpoint by using the vRealize Automation UI, you run a configuration workflow in the default vRealize Orchestrator server. The configuration workflows are located in the vRealize Automation > XaaS > Endpoint Configuration workflows folder. Important Configuring a single plug-in in vRealize Orchestrator and in the vRealize Automation console is not supported and results in errors.
PAGE 288
Configuring vRealize Automation c Enter the root element of the Active Directory service in the Root text box. For example, if your domain name is mycompany.com, then your root Active Directory is dc=mycompany,dc=com. This node is used for browsing your service directory after entering the appropriate credentials. For large service directories, specifying a node in the tree narrows the search and improves performance.
PAGE 289
Configuring vRealize Automation Procedure 1 Select Administration > vRO Configuration > Endpoints. 2 Click the New icon ( 3 Select HTTP-REST from the Plug-in drop-down menu. 4 Click Next. 5 Enter a name and, optionally, a description. 6 Click Next. 7 Provide information about the REST host. ). a Enter the name of the host in the Name text box. b Enter the address of the host in the URL text box.
PAGE 290
Configuring vRealize Automation 10 Select the authentication type. Option Action None No authentication is required. OAuth 1.0 Uses OAuth 1.0 protocol. You must provide the required authentication parameters under OAuth 1.0. OAuth 2.0 a Enter the key used to identify the consumer as a service provider in the Consumer key text box. b Enter the secret to establish ownership of the consumer key in the Consumer secret text box.
PAGE 291
Configuring vRealize Automation You configured the endpoint and added a REST host. XaaS architects can use XaaS to publish HTTPREST plug-in workflows as catalog items and resource actions. Configure the PowerShell Plug-In as an Endpoint You can add an endpoint and configure the PowerShell plug-in to connect to a running PowerShell host, so that you can call PowerShell scripts and cmdlets from vRealize Orchestrator actions and workflows, and work with the result.
PAGE 292
Configuring vRealize Automation 10 Click Finish. You added an Windows PowerShell host as an endpoint. XaaS architects can use the XaaS to publish PowerShell plug-in workflows as catalog items and resource actions. Configure the SOAP Plug-In as an Endpoint You can add an endpoint and configure the SOAP plug-in to define a SOAP service as an inventory object, and perform SOAP operations on the defined objects. Prerequisites n Verify that you have access to a SOAP host. The plug-in supports SOAP Version 1.
PAGE 293
Configuring vRealize Automation 8 9 (Optional) Specify the proxy settings. a To use a proxy, select Yes from the Proxy drop-down menu. b Enter the IP of the proxy server in the Address text box. c Enter the port number to communicate with the proxy server in the Port text box. Click Next. 10 Select the authentication type. Option Action None No authentication is required. Basic Provides basic access authentication. The communication with the host is in shared session mode.
PAGE 294
Configuring vRealize Automation Prerequisites n Install and configure vCenter Server. See vSphere Installation and Setup. n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > vRO Configuration > Endpoints. 2 Click the New icon ( 3 Select vCenter Server from the Plug-in drop-down menu. 4 Click Next. 5 Enter a name and, optionally, a description. 6 Click Next. 7 Provide information about the vCenter Server instance. a ).
PAGE 295
Configuring vRealize Automation Create a Microsoft Azure Endpoint You can create a Microsoft Azure endpoint to facilitate a credentialed connection between vRealize Automation and an Azure deployment. An endpoint establishes a connection to a resource, in this case an Azure instance, that you can use to create virtual machine blueprints. You must have an Azure endpoint to use as the basis of blueprints for provisioning Azure virtual machines.
PAGE 296
Configuring vRealize Automation n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > vRO Configuration > Endpoints. 2 Click the New icon ( 3 On the Plug-in tab, click the Plug-in drop-down menu and select Azure Plug-in. 4 Click Next. 5 Enter a name and, optionally, a description. 6 Click Next. 7 Populate the text boxes on the Details tab as appropriate for the endpoint. Parameter ).
PAGE 297
Configuring vRealize Automation What to do next Create appropriate resource groups, storage accounts, and network security groups in Azure. You should also create load balancers if appropriate for your implementation. Action Options Create an Azure resource group n Create the resource group using the Azure portal. See the Azure documentation for specific instructions. n Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Resource/Create resource group.
PAGE 298
Configuring vRealize Automation View and Manage Container Hosts You can view and manage the hosts that you add. In the context of Containers, the host is a virtual machine or infrastructure that lets you run containers. The Hosts tab contains the controls for adding new hosts, monitoring the state of the provision requests of existing hosts, viewing event logs for your containers, and performing data collection on hosts. Procedure 1 Log in to vRealize Automation as a container administrator.
PAGE 299
Configuring vRealize Automation When you add or create hosts in Containers, you can click one of the four icons on the right to expand toolbars with additional options. You can add or manage placement zones, credentials, certificates, and deployment placements. Procedure 1 Log in to the vRealize Automation console as a container administrator. 2 Click the Containers tab. 3 Click Add a Host. 4 Enter your host IP address or host name using the format http(s)://:.
PAGE 300
Configuring vRealize Automation n Verify that at least one host is configured and available for container network configuration. Procedure 1 Click the Containers tab. 2 Click Placements. 3 Click Add on the Placements page. 4 Enter a name for your placement. 5 Assign the placement to a group. 6 Select a placement zone from the list. 7 (Optional) Select a deployment placement from the list. 8 (Optional) Enter a priority value for the placement.
PAGE 301
Configuring vRealize Automation Prerequisites Procedure 1 Create or edit a policy. 2 Click Placements on the right to display the Placements page. 3 From the Deployment Policy drop-down list, select an existing policy. This drop-down list also includes controls for searching for a policy, creating a new policy, and managing policies. You can also click the Deployment Policy icon on the right side of the Placements page to access controls for configuring policies.
PAGE 302
Configuring vRealize Automation n Exposed services n Cluster size and scale in-and scale out parameters Configure Health Checks in Containers You can configure a health check method to update the status of a container based on custom criteria. You can use HTTP or TCP protocols when executing a command on the container. You can also specify a health check method. Prerequisites n Verify that Containers for vRealize Automation is enabled in your supported vRealize Automation deployment.
PAGE 303
Configuring vRealize Automation 8 Select a health mode. Table 3‑7. Health Configuration Modes Mode Description None Default. No health checks are configured. HTTP If you select HTTP, you must provide an API to access and an HTTP method and version to use . The API is relative and you do not need to enter the address of the container. You can also specify a timeout period for the operation and set health thresholds.
PAGE 304
Configuring vRealize Automation For example, if you have an application that contains a Web and database service and you define a link in the Web service to the database service by using an alias of my-db, the Web service application opens a TCP connection to my-db:{PORT_OF_DB}. The PORT_OF_DB is the port that the database listens to, regardless of the public port that is assigned to the host by the container settings.
PAGE 305
Configuring vRealize Automation 8 In the Services text box, enter a comma-separated list of services that the container is dependant on. 9 In the Alias text box, enter a descriptive name for the service or comma-separated list of services. 10 Click Save. Configure Exposed Services in Containers You can use a unique host name for a load balancer by providing an address and a placeholder in your container settings. The placeholder determines the location of an automatically generated part of the URL.
PAGE 306
Configuring vRealize Automation The Provision a Container or Edit Container Definition page appears, providing access to categorized sets of editable properties and settings. 9 In the Address text box, enter the location of the placeholder. The address host acts as a virtual host. To access the address host, you can add mapping information in the etc/hosts file or use a DNS that maps the container address to the host name.
PAGE 307
Configuring vRealize Automation The Provision a Container or Edit Container Definition page appears, providing access to categorized sets of editable properties and settings. 9 Set the container cluster size. 10 Click Save. Configuring and Using Templates and Images in Containers Containers uses templates to provision containers. A template is a reusable configuration for provisioning a container or a suite of containers.
PAGE 308
Configuring vRealize Automation 5 6 Select a template from the Views pane. a Click Templates to open the Template view. b Click Edit in the upper-right section of the template that you want to customize. Import a YAML template. a Click the Import template or Docker Compose icon. The Import Template page appears. b c Provide the YAML file content. Option Description Load from File Click Load from File to browse to and select the YAML file from a directory.
PAGE 309
Configuring vRealize Automation Procedure 1 Click the Containers tab. 2 Click Templates in the left pane. A list displays the templates and images that are available for provisioning. n Configured templates in the Images view. n Existing or custom templates in the Template view. n All available templates and images based on your specified registries in the All view. The Import and Export options are also available to import or export templates and images.
PAGE 310
Configuring vRealize Automation 2 Click Templates in the left pane. A list displays the templates and images that are available for provisioning. n Configured templates in the Images view. n Existing or custom templates in the Template view. n All available templates and images based on your specified registries in the All view. The Import and Export options are also available to import or export templates and images.
PAGE 311
Configuring vRealize Automation Procedure 1 Click the Containers tab. 2 Click Templates in the left pane. A list displays the templates and images that are available for provisioning. n Configured templates in the Images view. n Existing or custom templates in the Template view. n All available templates and images based on your specified registries in the All view. The Import and Export options are also available to import or export templates and images.
PAGE 312
Configuring vRealize Automation Containers can interact with both Docker Registry HTTP API V1 and V2 in the following manner: V1 over HTTP (unsecured, plain HTTP registry) You can freely search this kind of registry, but you must manually configure each Docker host with the --insecure-registry flag to provision containers based on images from insecure registries. You must restart the Docker daemon after setting the property. V1 over HTTPS Use behind a reverse proxy, such as NGINX.
PAGE 313
Configuring vRealize Automation 3 Click Manage Registry. The Existing Registries page appears. 4 Click Add. 5 Enter an IP or host name for the registry. 6 (Optional) Enter a name for the registry. 7 Select your login credentials from the drop-down list. 8 (Optional) Click Verify to confirm that the configured parameters are valid. 9 Click the checkmark icon to create the registry.
PAGE 314
Configuring vRealize Automation 5 (Optional) To add more detailed configuration settings, click the Advanced check box. Additional network configuration settings appear in the Add Network panel. 6 Complete the network configuration settings. Option IPAM configuration Custom properties Description Subnet Provide subnet and gateway values that are unique to this network configuration. They must not overlap with any other networks on the same container host.
PAGE 315
Configuring vRealize Automation 7 Click Create Network. The Add Network panel disappears and the added network appears as a horizontal icon below the container icons in the Edit Template page. A network connector icon also displays on the bottom border of the container icons. 8 (Optional) To connect a container to the newly added network, drag the network connector icon from the container to any point on the horizontal icon representing the network.
PAGE 316
Configuring vRealize Automation The Add Network panel disappears and the added network appears as a horizontal icon below the container icons in the Edit Template page. A network connector icon also displays on the bottom border of the container icons. 9 (Optional) Configure and add a new network. a In the Name field, enter any string value. When you save the new configuration, the name value will be appended with a unique identifier. b Click the Advanced check box.
PAGE 317
Configuring vRealize Automation 10 To connect a container to the newly added network, drag the network connector icon from the container to any point on the horizontal icon representing the network. Installing Additional Plug-Ins on the Default vRealize Orchestrator Server You can install additional packages and plug-ins on the default vRealize Orchestrator server by using the vRealize Orchestrator configuration interface.
PAGE 318
Configuring vRealize Automation In addition to the provided properties, you can create your own custom properties. You must prefix you custom properties with ext.policy.activedirectory. For example, ext.policy.activedirectory.domain.extension or ext.policy.activedirectory.yourproperty. The properties are passed to your custom vRealize Orchestrator Active Directory workflows. For more information about custom properties, see Custom Properties Reference.
PAGE 319
Configuring vRealize Automation n If you use an external vRealize Orchestrator server, verity that it is set up correctly. See Configure an External vRealize Orchestrator Server. n Log in to the vRealize Automation console as a tenant administrator. Procedure 1 Select Administration > AD Policies. 2 Click the New icon ( 3 Configure the Active Directory policy details. ). Option Description ID Enter the permanent value. The value cannot include any spaces or special characters.
PAGE 320
Configuring vRealize Automation You have an existing policy that is applied to the development business group. The policy adds machine records to ou=development,dc=corp,dc=domain,dc=com. You want all database machines to be added to ou=databases,dc=corp,dc=domain,dc=com. In a blueprint that includes a database server, you override the Active Directory organizational unit to add the database machine record to ou=databases,dc=corp,dc=domain,dc=com.
PAGE 321
Configuring vRealize Automation What to do next Request your test blueprint. Verify that the record for the database machine was added to the database organizational unit, and that the record for the application machine is added to the development organizational unit. When you are satisfied with the results, you can add the custom property to your production blueprints. VMware, Inc.
PAGE 322
Providing On-Demand Services to Users 4 You deliver on-demand services to users by creating catalog items and actions, then carefully controlling who can request those services by using entitlements and approvals.
PAGE 323
Configuring vRealize Automation Software Components You can create and publish software components to install software during the machine provisioning process and support the software life cycle. For example, you can create a blueprint for developers to request a machine with their development environment already installed and configured. Software components are not catalog items by themselves, and you must combine them with a machine component to create a catalog item blueprint. VMware, Inc.
PAGE 324
Configuring vRealize Automation Machine Blueprints You can create and publish simple blueprints to provision single machines or you can create more complex blueprints that contain additional machine components and optionally any combination of the following component types: n Software components n Existing blueprints n NSX network and security components n XaaS components n Containers components n Custom or other components XaaS Blueprints You can publish your vRealize Orchestrator workflows as
PAGE 325
Configuring vRealize Automation n IaaS machine blueprints n Software components n XaaS blueprints n Property groups Property group information is tenant-specific and is only imported with the blueprint if the property group already exists in the target vRealize Automation instance.
PAGE 326
Configuring vRealize Automation Prerequisites n Prepare a CentOS 6.x Linux reference machine, convert it to a template, and create a customization specification. See Scenario: Prepare for Importing the Dukes Bank for vSphere Sample Application Blueprint. n Create an external network profile to provide a gateway and a range of IP addresses. See Create an External Network Profile by Using A Third-Party IPAM Provider. n Map your external network profile to your vSphere reservation.
PAGE 327
Configuring vRealize Automation 2 Download the Dukes Bank for vSphere sample application from your vRealize Automation appliance to /tmp. wget --no-check-certificate https://vRealize_VA_Hostname_fqdn: 5480/blueprints/DukesBankAppForvSphere.zip Do not unzip the package. 3 Download Cloud Client version 4.x from http://developercenter.vmware.com/tool/cloudclient to /tmp. 4 Unzip the cloudclient-4x-dist.zip package. 5 Run Cloud Client under the /bin directory. $>./bin/cloudclient.
PAGE 328
Configuring vRealize Automation This scenario configures the machine components to clone machines from the template you created in the vSphere Web Client. If you want to create space-efficient copies of a virtual machine based on a snapshot, the sample application also supports linked clones. Linked clones use a chain of delta disks to track differences from a parent machine, are provisioned quickly, reduce storage cost, and are ideal to use when performance is not a high priority.
PAGE 329
Configuring vRealize Automation c Click the Build Information tab. d Select Cloneworkflow from the Provisioning workflow drop-down menu. e Select your dukes_bank_template from the Clone from dialog. f Enter your Customspecs_sample in the Customization spec text box. This field is case sensitive. g Click the Machine Resources tab. h Verify that memory settings are at least 2048 MB. 6 Repeat for the database-node machine component. 7 Click Save and Finish.
PAGE 330
Configuring vRealize Automation 3 Locate the Dukes Bank sample application catalog item and click Request. 4 Fill in the required request information for each component that has a red asterisk. 5 a Navigate to the JBossAppServer component to fill in the required request information. b Enter the fully qualified domain name of your vRealize Automation appliance in the app_content_server_ip text box. c Navigate to the Dukes_Bank_App software components to fill in the required request information.
PAGE 331
Configuring vRealize Automation Build out a library of the smallest blueprint design components: single machine blueprints, Software components, and XaaS blueprints, then combine these base building blocks in new and different ways to create elaborate catalog items that deliver increasing levels of functionality to your users. Table 4‑2. Building Your Design Library Catalog Item Role Components Description Details Machines Infrastructur e architect Create machine blueprints on the Blueprints tab.
PAGE 332
Configuring vRealize Automation Table 4‑2. Building Your Design Library (Continued) Catalog Item Role Components Description Details Custom IT Services XaaS architects Create and publish XaaS blueprints on the XaaS tab. You can create XaaS catalog items that extend vRealize Automation functionality beyond machine, networking, security, and software provisioning.
PAGE 333
Configuring vRealize Automation Thin Provisioning Thin provisioning is supported for all virtual provisioning methods. Depending on your virtualization platform, storage type, and default storage configuration, thin provisioning might always be used during machine provisioning. For example, for vSphere ESX Server integrations using NFS storage, thin provisioning is always employed.
PAGE 334
Configuring vRealize Automation Procedure 1 Select Design > Blueprints. 2 Click the New icon ( 3 Follow the prompts on the New Blueprint dialog box to configure general settings. 4 Click OK. 5 Click Machine Types in the Categories area to display a list of available machine types. 6 Drag the type of machine you want to provision onto the design canvas. 7 Follow the prompts on each of the tabs to configure machine provisioning details. 8 Click Finish.
PAGE 335
Configuring vRealize Automation Table 4‑3. General Tab Settings (Continued) Setting Description Archive days You can specify an archival period to temporarily retain deployments instead of destroying deployments as soon as their lease expires. Specify 0 (default) to destroy the deployment when its lease expires. The archival period begins on the day the lease expires. When the archive period ends, the deployment is destroyed.
PAGE 336
Configuring vRealize Automation Table 4‑4. Properties Tab Settings (Continued) Tab Setting Description Custom Properties You can add individual custom properties instead of property groups. Name For a list of custom property names and behaviors, see Custom Properties Reference. Value Enter the value for the custom property. Encrypted You can choose to encrypt the property value, for example, if the value is a password.
PAGE 337
Configuring vRealize Automation Table 4‑5. General Tab Settings (Continued) Setting Description Reservation policy Apply a reservation policy to a blueprint to restrict the machines provisioned from that blueprint to a subset of available reservations.
PAGE 338
Configuring vRealize Automation Table 4‑6. Build Information Tab Setting Description Blueprint type For record-keeping and licensing purposes, select whether machines provisioned from this blueprint are classified as Desktop or Server. Action The options you see in the action drop-down menu depend on the type of machine you select. The following actions are available: n Create Create the machine component specification without use of a cloning option.
PAGE 339
Configuring vRealize Automation Table 4‑6. Build Information Tab (Continued) Setting Description Provisioning workflow The options you see in the provisioning workflow drop-down menu depend on the type of machine you select, and the action you select. n BasicVmWorkflow Provision a machine with no guest operating system. n ExternalProvisioningWorkflow Create a machine by starting from either a virtual machine instance or cloud-based image.
PAGE 340
Configuring vRealize Automation Table 4‑6. Build Information Tab (Continued) Setting Description Clone from snapshot For Linked Clone, select an existing snapshot to clone from based on the selected machine template. Machines only appear in the list if they already have an existing snapshot, and if you manage that machine as a tenant administrator or business group manager. If you select Use current snapshot, the clone is defined with the same characteristics as the latest state of the virtual machine.
PAGE 341
Configuring vRealize Automation Table 4‑7. Machine Resources Tab Setting Description CPUs: Minimum and Maximum Enter a minimum and maximum number of CPUs that can be provisioned by this machine component. Memory (MB): Minimum and Maximum Enter a minimum and maximum amount of memory that can be consumed by machines that are provisioned by this machine component.
PAGE 342
Configuring vRealize Automation Network Tab You can configure network settings for a vSphere machine component based on NSX network and load balancer settings that are configured outside vRealize Automation. You can use settings from one or more existing and on-demand NSX network components in the design canvas.
PAGE 343
Configuring vRealize Automation Table 4‑10. Security Tab Settings Setting Description Name Display the name of an NSX security group or tag. The names are derived from security components in the design canvas. Select the check box next to a listed security group or tag to use that group or tag for provisioning from this machine component. Type Indicate if the security element is an on-demand security group, an existing security group, or a security tag.
PAGE 344
Configuring vRealize Automation You can use the Property Groups tab to add and configure settings for existing custom property groups. You can create your own property groups or use property groups that have been created for you. Table 4‑12. Properties > Property Groups Tab Settings Setting Description Name Select an available property group from the drop-down menu. Move Up and Move Down Control the precedence level of listed property groups in descending order.
PAGE 345
Configuring vRealize Automation Table 4‑13. General Tab Settings (Continued) Setting Description Machine prefix Machine prefixes are created by fabric administrators and are used to create the names of provisioned machines. If you select Use group default, machines provisioned from your blueprint are named according to the machine prefix configured as the default for the user's business group. If no machine prefix is configured, one is generated for you based on the name of the business group.
PAGE 346
Configuring vRealize Automation Table 4‑14. Build Information Tab (Continued) Setting Description Provisioning workflow The options you see in the provisioning workflow drop-down menu depend on the type of machine you select, and the action you select. The only provisioning action available for a vCloud Air machine component is CloneWorkflow. n CloneWorkflow Make copies of a virtual machine, either by Clone, Linked Clone, or NetApp Flexclone. Clone from Select a machine template to clone from.
PAGE 347
Configuring vRealize Automation Table 4‑16. Storage Tab Settings (Continued) Setting Description Drive Letter/Mount Path Enter a drive letter or mount path for the storage volume. Label Enter a label for the drive letter and mount path for the storage volume. Storage Reservation Policy Enter the existing storage reservation policy to use with this storage volume. Custom Properties Enter any custom properties to use with this storage volume.
PAGE 348
Configuring vRealize Automation Table 4‑17. Properties > Custom Properties Tab Settings (Continued) Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
PAGE 349
Configuring vRealize Automation Table 4‑19. General Tab Settings (Continued) Setting Description Reservation policy Apply a reservation policy to a blueprint to restrict the machines provisioned from that blueprint to a subset of available reservations.
PAGE 350
Configuring vRealize Automation Table 4‑20. Build Information Tab (Continued) Setting Description Amazon machine image Select an available Amazon machine image. An Amazon machine image is a template that contains a software configuration, including an operating system. Machine images are managed by Amazon Web Services accounts. You can refine the list of Amazon machine image names in the display by using the Filters option in the AMI ID column drop-down menu.
PAGE 351
Configuring vRealize Automation Table 4‑21. Machine Resources Tab Setting Description CPUs: Minimum and Maximum Enter a minimum and maximum number of CPUs that can be provisioned by this machine component. Memory (MB): Minimum and Maximum Enter a minimum and maximum amount of memory that can be consumed by machines that are provisioned by this machine component.
PAGE 352
Configuring vRealize Automation Table 4‑22. Properties > Custom Properties Tab Settings (Continued) Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
PAGE 353
Configuring vRealize Automation Table 4‑24. General Tab Settings (Continued) Setting Description Reservation policy Apply a reservation policy to a blueprint to restrict the machines provisioned from that blueprint to a subset of available reservations.
PAGE 354
Configuring vRealize Automation Table 4‑25. Build Information Tab Setting Description Blueprint type For record-keeping and licensing purposes, select whether machines provisioned from this blueprint are classified as Desktop or Server.
PAGE 355
Configuring vRealize Automation Table 4‑25. Build Information Tab (Continued) Setting Description Key pair Key pairs are optional for provisioning with OpenStack. Key pairs are used to provision and connect to a cloud instance. They are also used to decrypt Windows passwords and to log in to a Linux machine. The following key pair options are available: n Not specified Controls key pair behavior at the blueprint level rather than at the reservation level.
PAGE 356
Configuring vRealize Automation Table 4‑26. Machine Resources Tab Setting Description CPUs: Minimum and Maximum Enter a minimum and maximum number of CPUs that can be provisioned by this machine component. Memory (MB): Minimum and Maximum Enter a minimum and maximum amount of memory that can be consumed by machines that are provisioned by this machine component.
PAGE 357
Configuring vRealize Automation Table 4‑27. Properties > Custom Properties Tab Settings (Continued) Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
PAGE 358
Configuring vRealize Automation Cause There are multiple possible causes for common clone and linked clone blueprint problems. Table 4‑29. Causes for Common Clone and Linked Clone Blueprints Problems Problem Cause Solution Machines missing You can only create linked clone blueprints by using machines you manage as a tenant administrator or business group manager. A user in your tenant or business group must request a vSphere machine. If you have the appropriate roles, you can do this yourself.
PAGE 359
Configuring vRealize Automation Table 4‑29. Causes for Common Clone and Linked Clone Blueprints Problems (Continued) Problem Cause Solution Linked clone provisioning fails when using SDRS When using linked clone provisioning and SDRS, the new machine must reside on the same cluster. A provisioning error occurs if the source machine's disks are on one cluster and you request to provision a machine on a different cluster.
PAGE 360
Configuring vRealize Automation Table 4‑30. General Tab Settings Setting Description Name Enter a name for your blueprint. Identifier The identifier field automatically populates based on the name you entered. You can edit this field now, but after you save the blueprint you can never change it. Because identifiers are permanent and unique within your tenant, you can use them to programmatically interact with blueprints and to create property bindings.
PAGE 361
Configuring vRealize Automation Table 4‑31. NSX Settings Tab Settings Setting Description Transport zone Select an existing NSX transport zone to contain the network or networks that the provisioned machine deployment can use. A transport zone defines which clusters the networks can span. When provisioning machines, if a transport zone is specified in a reservation and in a blueprint, the transport zone values must match. A transport zone is only required for blueprints that have an on-demand network.
PAGE 362
Configuring vRealize Automation Table 4‑32. Properties Tab Settings Tab Setting Property Groups Property groups are reusable groups of properties that are designed to simplify the process of adding custom properties to blueprints. Your tenant administrators and fabric administrators can group properties that are often used together so you can add the property group to a blueprint instead of individually inserting custom properties.
PAGE 363
Configuring vRealize Automation Applying an NSX Edge or Routed Gateway Reservation Policy to a Blueprint You can specify a reservation policy to manage the network communications for machines provisioned by the blueprint. When requesting machine provisioning, the reservation policy is used to group the reservations that can be considered for the deployment. The routed gateway reservation policy is also referred to as an edge reservation policy. Networking information is contained in each reservation.
PAGE 364
Configuring vRealize Automation When using an NSX app isolation policy, only internal traffic between the machines provisioned by the blueprint is allowed. When you request provisioning, a security group is created for the machines to be provisioned. An app isolation security policy is created in NSX and applied to the security group. Firewall rules are defined in the security policy to allow only internal traffic between the components in the deployment.
PAGE 365
Configuring vRealize Automation Configuring Network and Security Component Settings vRealize Automation supports virtualized networks based on the NSX platform. Integrated Containers for vRealize Automation networks are also supported. To integrate network and security with vRealize Automation, an IaaS administrator must install the NSX plug-ins in vRealize Orchestrator and create vRealize Orchestrator and vSphere endpoints. For information about external preparation, see Configuring vRealize Automation.
PAGE 366
Configuring vRealize Automation Using Security Components in the Design Canvas You can add NSX security components to the design canvas to make their configured settings available to one or more vSphere machine components in the blueprint. Security groups, tags, and policies are configured outside of vRealize Automation in the NSX application.
PAGE 367
Configuring vRealize Automation App Isolation When App isolation is enabled, a separate security policy is created. App isolation uses a logical firewall to block all inbound and outbound traffic to the applications in the blueprint. Component machines that are provisioned by a blueprint that contains an app isolation policy can communicate with each other but cannot connect outside the firewall unless other security groups are added to the blueprint with security policies that allow access.
PAGE 368
Configuring vRealize Automation Prerequisites n Create and configure a security policy in NSX. See NSX Administration Guide. n Verify that the NSX plug-in for vRealize Automation is installed and that the NSX inventory has executed successfully for your cluster . To use NSX configurations in vRealize Automation, you must install the NSX plug-in and run data collection. n Log in to the vRealize Automation console as an infrastructure architect.
PAGE 369
Configuring vRealize Automation n Verify that the NSX plug-in for vRealize Automation is installed and that the NSX inventory has executed successfully for your cluster . To use NSX configurations in vRealize Automation, you must install the NSX plug-in and run data collection. n Log in to the vRealize Automation console as an infrastructure architect. n Open a new or existing blueprint in the design canvas by using the Design tab.
PAGE 370
Configuring vRealize Automation For machine components that do not have a Network or Security tab, you can add network and security custom properties, such as VirtualMachine.Network0.Name, to their Properties tab in the design canvas. NSX network, security, and load balancer properties are only applicable to vSphere machines. Prerequisites n Create and configure network settings for NSX. See Configuring vRealize Automation and NSX Administration Guide.
PAGE 371
Configuring vRealize Automation What to do next You can continue configuring network settings by adding additional network components and by selecting settings in the Network tab of a vSphere machine component in the design canvas. Add an On-Demand NAT or On-Demand Routed Network Component You can add an NSX on-demand NAT network component or NSX on-demand routed network component to the design canvas in preparation for associating their settings to one or more vSphere machine components in the blueprint.
PAGE 372
Configuring vRealize Automation The following network settings are populated based on your network profile selection. Changes to these values must be made in the network profile: n External network profile name n NAT type (On-Demand NAT Network) n Subnet mask n Range subnet mask (On-Demand Routed Network) n Range subnet mask (On-Demand Routed Network) n Base IP address (On-Demand Routed Network) 5 (Optional) Enter a component description in the Description text box.
PAGE 373
Configuring vRealize Automation What to do next You can continue configuring network settings by adding additional network components and by selecting settings in the Network tab of a vSphere machine component in the design canvas. Using Load Balancer Components in the Design Canvas You can add one or more on-demand NSX load balancer components to the design canvas to configure vSphere machine component settings in the blueprint.
PAGE 374
Configuring vRealize Automation n Verify that at least one vSphere machine component exists in the design canvas. Procedure 1 Click Network & Security in the Categories section to display the list of available network and security components. 2 Drag an On-Demand Load Balancer component onto the design canvas. 3 Enter a component name in the ID text box to uniquely label the component in the design canvas. 4 Select a machine name from the Machine drop-down menu.
PAGE 375
Configuring vRealize Automation Add a Container Network Component You can add container network information to a vRealize Automation blueprint that contains container components. You can configure containers in Containers for vRealize Automation by using the vRealize Automation Containers tab. You can add those containers and their network settings as components in a blueprint by using options on the vRealize Automation Design tab.
PAGE 376
Configuring vRealize Automation Table 4‑33. Properties Tab Settings for Custom Properties 8 Setting Description Name Enter the name of a custom property or select an available custom property from the drop-down menu. Value Enter or edit a value to associate with the custom property name. Encrypted You can choose to encrypt the property value, for example, if the value is a password.
PAGE 377
Configuring vRealize Automation After a container administrator has created container definitions in Containers for vRealize Automation, a container architect can add and configure container components for vRealize Automation blueprints in the design canvas. Container Component Settings You can configure blueprint settings and options for a Containers for vRealize Automation container component in the vRealize Automation design canvas.
PAGE 378
Configuring vRealize Automation Table 4‑35. Network Tab Settings (Continued) Setting Description Host name Specify the container host name. If no name is specified, the value defaults to the name of the container component in the blueprint. Network mode Specify the networking stack of the container. If no value is specified, the container is configured in Bridge network mode. Storage Tab Configure storage settings for the blueprint container component in the design canvas. Table 4‑36.
PAGE 379
Configuring vRealize Automation Table 4‑37. Policy Tab Settings (Continued) Settings Description Memory swap Affinity constraints Defines rules for provisioning of containers on the same or different hosts. n Affinity type For anti-affinity, the containers are placed on different hosts, otherwise they are placed on the same host . n Service The service name that is available from the drop-down menu matches the container component name specified in the Name field on the General tab.
PAGE 380
Configuring vRealize Automation Table 4‑39. Properties Tab Settings for Custom Properties Setting Description Name Enter the name of a custom property or select an available custom property from the drop-down menu. Value Enter or edit a value to associate with the custom property name. Encrypted You can choose to encrypt the property value, for example, if the value is a password.
PAGE 381
Configuring vRealize Automation Log Config Tab Specify a logging mode, and optional logging options, for the blueprint container component in the design canvas. Table 4‑41. Log Config Tab Settings Setting Description Driver Select a logging format from the drop-down menu. Options Enter driver options using a name and value format that adheres to the logging format.
PAGE 382
Configuring vRealize Automation Table 4‑42. Containers Custom Properties Property Description containers.ipam.driver For use with containers only. Specifies the IPAM driver to be used when adding a Containers network component to a blueprint. The supported values depend on the drivers that are installed in the container host environment in which they are used. For example, a supported value might be infoblox or calico depending on the IPAM plug-ins that are installed on the container host. containers.
PAGE 383
Configuring vRealize Automation Pushing Container Templates for Use in Blueprints You can make a container template available for use in a vRealize Automation blueprint. A container template can include multiple containers. When you push a multi-container template to vRealize Automation, the template is created as a multi-component blueprint in vRealize Automation. The container-specific properties that you add to the container template are recognized in the vRealize Automation blueprint.
PAGE 384
Configuring vRealize Automation You can define a vRealize Automation blueprint to contain specific custom properties that designate a machine as a container host when provisioned using the blueprint. When a machine with the required blueprint properties is successfully provisioned, it is registered in the Containers and receives events and actions from vRealize Automation.
PAGE 385
Configuring vRealize Automation Procedure 1 Select Design > Blueprints. 2 Click the New icon ( 3 Enter a blueprint name in the Name text box. ). The name you enter also populates the ID text box. For most cases, you can ignore the NSX Settings and Properties tabs. 4 Click OK. 5 Click Machine Types in the Categories menu. 6 Drag the Azure Machine virtual machine template to the Design canvas.
PAGE 386
Configuring vRealize Automation Tab Description Important Parameters General Select basic connection information for the Azure virtual machine such as the endpoint to be used. ID - Identifies the Azure virtual machine you are creating. If you change this name, the Azure virtual machine image on the Design Canvas is also updated automatically. Description - Identifies the virtual machine you are creating and whether or not it is required.
PAGE 387
Configuring vRealize Automation Tab Description Important Parameters Size - Defines the specific virtual machine instance size within a series. Size is related to the selected Series. If you have a valid connection to an Azure instance, the available sizes fare populated dynamically based on the subscription and selected location and series. See the Azure documentation for size information. Instance Size Details - Optional information about the virtual machine instance series and size.
PAGE 388
Configuring vRealize Automation Tab Description Important Parameters Storage Enables you to organize Azure storage accounts. A storage account provides access to the different types of Azure storage, such as Azure Blob, Queue Table, and File storage. For most blueprints, you can accept the defaults. Storage account - Enter the storage account name for the virtual machine if appropriate. The Azure virtual machine operating system disk is deployed to this storage account.
PAGE 389
Configuring vRealize Automation Tab Description Important Parameters n n 8 Public IP Address Name - The optional name for the public IP address construct in Azure that should be associated with the applicable network interface. If you select Use Network Profile, the network configuration is detached from underlying Azure constructs and is instead coupled with the vRealize Automation networking profile.
PAGE 390
Configuring vRealize Automation 5 Configure the action for your needs as you would any other XaaS resource action. Scenario: Create a vSphere CentOS Blueprint for Cloning in Rainpole Using your IaaS architect privileges, you create and publish a basic blueprint for cloning vSphere CentOS machines. Configure Tenant Configure IaaS Resources Design OnDemand Services You are here After you publish your blueprint, other architects can reuse it as a component in new blueprints.
PAGE 391
Configuring vRealize Automation Procedure 1 Select Design > Blueprints. 2 Click the New icon ( 3 Enter Centos on vSphere in the Name text box. 4 Review the generated unique identifier. ). You can edit this field now, but after you save the blueprint you can never change it. Because identifiers are permanent and unique within your tenant, you can use them to programmatically interact with blueprints and to create property bindings.
PAGE 392
Configuring vRealize Automation Scenario: Specify Build Information for Your Rainpole Machine Component Using your IaaS architect privileges, you configure your blueprint to clone machines from the CentOS template you created in vSphere. You configure your machine component to perform the clone action, and select the template you created as the object to clone from.
PAGE 393
Configuring vRealize Automation 3 Specify memory settings for provisioned machines. a Enter 1024 in the Minimum text box. This field is automatically populated based on the memory of your template. b 4 Enter 4096 in the Maximum text box. Specify storage settings for provisioned machines. Some storage information is populated based on the configuration of your template, but you can add additional storage. a Click the New icon ( b Enter 10 in the Capacity (GB) text box. c Click OK. ).
PAGE 394
Configuring vRealize Automation Procedure 1 Scenario: Install the Guest Agent and Software Bootstrap Agent on Your Rainpole Machine Using your business group manager privileges, you log in to the Rainpole001 machine you provisioned as the test user. You install the guest agent and the Software bootstrap agent on your machine to prepare for Software provisioning. When you finish, take a snapshot of the machine to use as the base for cloning machines to use with Software components.
PAGE 395
Configuring vRealize Automation 8 Follow the prompts to complete the installation. You see a confirmation message when the installation is successfully completed. If you see an error message and logs in the console, resolve the errors and run the installer script again. 9 Return to the vRealize Automation console and create the snapshot. a Click Create Snapshot from the Actions menu on the right and follow the prompts. b Click the Snapshots tab to monitor the process.
PAGE 396
Configuring vRealize Automation What to do next Use your software architect privileges to create a Software component for installing MySQL. Add RDP Connection Support to Your Windows Machine Blueprints If you want to allow your catalog administrators to entitle users to the Connect using RDP action for your Windows blueprints, you must add the RDP custom properties to your machine blueprint, and reference the custom RDP file your system administrator prepared.
PAGE 397
Configuring vRealize Automation 6 Configure RDP settings. a Click New Property. b Enter the RDP custom property names in the Name text box and the corresponding values in the Value text box. Option Description and Value (Required)RDP.File.Name Specifies an RDP file from which to obtain settings, for example My_RDP_Settings.rdp. The file must reside in the Website\Rdp subdirectory of the vRealize Automation installation directory. (Required) VirtualMachine.Rdp.
PAGE 398
Configuring vRealize Automation n Gather the following information about your Active Directory environment: n An Active Directory account user name and password with sufficient rights to delete, disable, rename, or move AD accounts. The user name must be in domain\username format. n n (Optional) The name of the OU to which to move destroyed machines. n (Optional) The prefix to attach to destroyed machines. Create a machine blueprint.
PAGE 399
Configuring vRealize Automation Scenario: Allow Requesters to Specify Machine Host Name As a blueprint architect, you want to allow your users to choose their own machine names when they request your blueprints. So you edit your existing CentOS vSphere blueprint to add the Hostname custom property and configure it to prompt users for a value during their requests.
PAGE 400
Configuring vRealize Automation Scenario: Enable Users to Select Datacenter Locations for Cross Region Deployments As a blueprint architect, you want to allow your users to choose whether to provision machines on your Boston or London infrastructure, so you edit your existing vSphere CentOS blueprint to enable the locations feature. You have a datacenter in London, and a datacenter in Boston, and you don't want users in Boston provisioning machines on your London infrastructure or vice versa.
PAGE 401
Configuring vRealize Automation Designing Software Components As the software architect, you create reusable software components, standardizing configuration properties and using action scripts to specify exactly how components are installed, configured, uninstalled, or updated during deployment scale operations. You can rewrite these action scripts at any time and publish live to push changes to provisioned software components.
PAGE 402
Configuring vRealize Automation Property Types and Setting Options You can design your action scripts to be generic and reusable by defining and consuming name and value pairs called software properties and passing them as parameters to your action scripts. You can create software properties that expect string, array, content, boolean, or integer values. You can supply the value yourself, require someone else to supply the value, or retrieve the value from another blueprint component by creating a binding.
PAGE 403
Configuring vRealize Automation Table 4‑44. Scripting Examples for the Computed Property Option Sample String Property Script Sytax my_unique_id = "" Bash - $my_unique_id Sample Usage export my_unique_id="012345678 9" Windows CMD - %my_unique_id% set my_unique_id=0123456789 Windows PowerShell - $my_unique_id $my_unique_id = "0123456789" String Property String properties expect string values.
PAGE 404
Configuring vRealize Automation These load balancer service configure scripts use the array property to configure the appropriate load balancing scheme on the Red Hat, Windows, and Ubuntu operating systems.
PAGE 405
Configuring vRealize Automation Integer Property Use the integer property type for zeros, and positive or negative integers. Decimal Property Use the decimal property type for values representing non-repeating decimal fractions. When Your Software Component Needs Information from Another Component In several deployment scenarios, a component needs the property value of another component to customize itself. You can do this with vRealize Automation by creating property bindings.
PAGE 406
Configuring vRealize Automation Table 4‑45. Examples of String Property Bindings (Continued) Sample Property Type Property Type to Bind Binding Outcome (A binds to B) String (property A) Array (property B=["1","2"]) A="["1","2"]" String (property A) Computed (property B="Hello") A="Hello" See the Examples of Array Property Bindings table for examples of an array property value when binding to different types of properties. Table 4‑46.
PAGE 407
Configuring vRealize Automation n Some installers might need access to the tty console. Redirect the input from /dev/console. For example, a RabbitMQ Software component might use the ./rabbitmq_rhel.py --setuprabbitmq < /dev/console command in its install script. n When a component uses multiple life cycle stages, the property value can be changed in the INSTALL life cycle stage. The new value is sent to the next life cycle stage.
PAGE 408
Configuring vRealize Automation 4 (Optional) If you want to control how your Software component is included in blueprints, select a container type from the Container drop-down menu. Option Description Machines Your Software component must be placed directly on a machine. One of your published Software components If you are designing a Software component specifically to install on top of another Software component that you created, select that Software component from the list.
PAGE 409
Configuring vRealize Automation 7 Follow the prompts to provide a script for at least one of the software life cycle actions. Table 4‑47. Life Cycle Actions Life Cycle Actions Description Install Install your software. For example, you might download Tomcat server installation bits and install a Tomcat service. Scripts you write for the Install life cycle action run when software is first provisioned, either during an initial deployment request or as part of a scale out.
PAGE 410
Configuring vRealize Automation Scenario: Create a MySQL Software Component for Rainpole Using your software architect privileges, create a MySQL Software component to install MySQL on vSphere CentOS machines. When you design the MySQL Software component for a CentOS virtual machine, you configure the install, configure, and start parameters, and the scripts for Linux operating systems. Procedure 1 Select Design > Software Components.
PAGE 411
Configuring vRealize Automation 9 Encrypted Allow Override Required Computed String No Yes No No HTTPS proxy URL, if any. Not required. String No Yes No No Server max allowed packet size Integer No Yes No No Name Description Type global_http_proxy HTTP proxy URL, if any. Not required. global_https_proxy max_allowed_packet_size Value 1024 Click Next. 10 Configure the Install action. a Select Bash from the Script Type drop-down menu. b Click Click here to edit.
PAGE 412
Configuring vRealize Automation c Paste the following script.
PAGE 413
Configuring vRealize Automation echo "" fi export PATH=$PATH:$JAVA_HOME/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin set -e # Tested on CentOS if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then # SELinux can be disabled by setting "/usr/sbin/setenforce Permissive" echo 'SELinux in enabled on this VM template.
PAGE 414
Configuring vRealize Automation c Paste the following script.
PAGE 415
Configuring vRealize Automation echo "" fi export PATH=$PATH:$JAVA_HOME/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin set -e # Locate the my.cnf file my_cnf_file= if [ -f /etc/my.cnf ]; then my_cnf_file=/etc/my.cnf elif [ -f /etc/mysql/my.cnf ]; then my_cnf_file=/etc/mysql/my.cnf fi if [ "x$my_cnf_file" = "x" ]; then echo "Neither /etc/my.cnf nor /etc/mysql/my.cnf can be found, stopping configuration" exit 1 fi # update mysql configuration to handle big packets sed -ie "s/\[mysqld\]/\[my
PAGE 416
Configuring vRealize Automation c Paste the following script. #!/bin/sh echo "The maximum allowed packet size is: " d Place the cursor between the colon and the quote mark. e Select max_allowed_packet_size from the Select a property to insert drop-down menu. The script now includes the property. #!/bin/sh echo "The maximum allowed packet size is: $max_allowed_packet_size" f Click OK. 13 Click Next. 14 Click Finish. 15 Select the row that contains MySQL for Linux Virtual Machines and click Publish.
PAGE 417
Configuring vRealize Automation Table 4‑48. New Software General Settings Setting Description Name Enter a name for your Software component. ID Using the name you specified for your Software component, vRealize Automation creates an ID for the Software component that is unique within your tenant. You can edit this field now, but after you save the blueprint you can never change it.
PAGE 418
Configuring vRealize Automation Table 4‑49. New Software Properties (Continued) Setting Description Value n To use the value you supply: n n Select Required. n Deselect Overridable. To require architects to supply a value: n n Encrypted Enter a Value. n (Optional) Enter a Value to provide a default. n Select Overridable. n Select Required. Allow architects to supply a value or leave the value blank: n (Optional) Enter a Value to provide a default. n Select Overridable.
PAGE 419
Configuring vRealize Automation Table 4‑50. Life Cycle Actions (Continued) Life Cycle Actions Description Start Start your software. For example, you might start the Tomcat service using the start command in the Tomcat server. Start scripts run after the configure action completes. Update If you are designing your software component to support scalable blueprints, handle any updates that are required after a scale in or scale out operation.
PAGE 420
Configuring vRealize Automation The vRealize Orchestrator server distributed with vRealize Automation is preconfigured, and therefore when your system administrator deploys the vRealize Automation Appliance, the vRealize Orchestrator server is up and running. Figure 4‑2.
PAGE 421
Configuring vRealize Automation Figure 4‑3.
PAGE 422
Configuring vRealize Automation System administrators can install vRealize Orchestrator or deploy the VMware vRealize ™ Orchestrator Appliance™ separately to set up an external vRealize Orchestrator instance and configure vRealize Automation to work with that external vRealize Orchestrator instance. System administrators can also configure vRealize Orchestrator workflow categories per tenant and define which workflows are available to each tenant.
PAGE 423
Configuring vRealize Automation Table 4‑52. Plug-Ins Included by Default in vRealize Orchestrator (Continued) Plug-In Purpose XML A complete Document Object Model (DOM) XML parser that you can implement in workflows. Alternatively, you can use the ECMAScript for XML (E4X) implementation in the vRealize Orchestrator JavaScript API. Mail Uses Simple Mail Transfer Protocol (SMTP) to send email from workflows. Net Wraps the Jakarta Apache Commons Net Library.
PAGE 424
Configuring vRealize Automation XaaS Blueprint Workflow The workflow that you follow to create an XaaS blueprint and any optional resource actions varies depending on how you intend to use the blueprint. The following workflow provides the basic process. VMware, Inc.
PAGE 425
Configuring vRealize Automation Does your XaaS blueprint provision a resource? No Yes Create a custom resource type. Design > XaaS > Custom Resources > New Create a blueprint that runs a workflow but does not provision resources. Design > XaaS > XaaS Blueprints > New Create a blueprint to provision a resource. Design > XaaS > XaaS Blueprints > New Publish the blueprint.
PAGE 426
Configuring vRealize Automation XaaS Blueprint Terminology XaaS blueprints are vRealize Orchestrator workflows that can provision resources, make changes to provisioned resources, or behave as a service that performs a task in your environment. The blueprints and the resource actions have several nuances that you must understand when you design blueprints for your service catalog users. The following definitions help you understand the terms used when working with XaaS blueprints.
PAGE 427
Configuring vRealize Automation entitlement to make it available to the service catalog users, it is listed as a Composite Blueprint. A composite blueprint can have one blueprint component, or it can include an entire application with multiple machines, software, and networking. Resource action A workflow that you can run on a deployed provisioning blueprint.
PAGE 428
Configuring vRealize Automation Add an XaaS Custom Resource You create a custom resource to define the XaaS item for provisioning. Before you can create an XaaS blueprint or action, you must have a custom resource that is compatible with the object type of the blueprint or action workflow. By creating a custom resource, you map an object type exposed through the API of a vRealize Orchestrator plug-in as a resource.
PAGE 429
Configuring vRealize Automation n Create an XaaS resource action. See Create an XaaS Resource Action. XaaS Custom Resource Wizard Options You use these custom resource options to create or modify a custom resource so that you can run XaaS blueprint and resource action workflows that provision resources or modify provisioned resources. You can create only one custom resource for an object type. You can use the custom resource for multiple blueprints and resource actions.
PAGE 430
Configuring vRealize Automation Table 4‑55. Where Used Options Option Description XaaS Blueprints A list of the blueprints that are configured to use this custom resource. From this page you can perform the following actions: Resource Actions n Edit. Opens the blueprint so that you can see how it is configured or to modify it. n Publish/Unpublish. Change the state of the blueprint by making it available to use in a composite blueprint or to add to a service.
PAGE 431
Configuring vRealize Automation Add an XaaS Blueprint An XaaS blueprint is a specification to run a vRealize Orchestrator workflow that makes a change to a target system in your environment. The blueprint includes the workflow, and it can include the input parameters, submission and read-only forms, sequence of actions, and the provisioning or nonprovisioning operation. You can create XaaS blueprints that you use in one or more of the following ways: n Create an XaaS blueprint component.
PAGE 432
Configuring vRealize Automation 4 On the General tab, configure the options and click Next. a In the Name text box, enter a name that differentiates this blueprint from similar blueprints. b If you do not want to use this blueprint as a component in a composite blueprint, deselect the Make available as a component in the design canvas check box. 5 On the Blueprint Form tab, edit the form as needed and click Next. 6 On the Provisioned Resource page, select a value and click Next.
PAGE 433
Configuring vRealize Automation Figure 4‑4. Workflow Tab in the XaaS Blueprint Wizard Review the input and output parameters to ensure that you or your service catalog users can provide the correct values under the following circumstances: n If you customize the blueprint form in this wizard or in the blueprint design canvas. n If you leave all the input parameters blank, the service catalog users can set the values. General Tab Configure the metadata about and the behavior of the blueprint.
PAGE 434
Configuring vRealize Automation Table 4‑56. General Tab Options (Continued) Option Description Version The supported format extends to major.minor.micro-revision. Make available as a component in the design canvas If you plan to use the blueprint as a component in a design canvas blueprint, select this option. When it is published, the blueprint is available in the category you selected when you configured the custom resource.
PAGE 435
Configuring vRealize Automation Table 4‑57. Provisioned Resource Options Option Description A custom resource that you previously created Select the custom resource that defines the vRealize Orchestrator resource type required to run the provisioning blueprint. A provisioning blueprint runs a vRealize Orchestrator workflow to provision resources on the target endpoint using the vRealize Orchestrator plug-in API for the endpoint. For example, add virtual NICs to a network device in vSphere.
PAGE 436
Configuring vRealize Automation Table 4‑58. Component Lifecycle Options Option Description Scalable Select the option to allow the service catalog user to change the number of instances of this blueprint component after it is deployed as part of a scale-in or scale-out operation. This option is available if you selected a custom resource on the Provisioned Resource tab. It is not available if you selected the No provisioning option.
PAGE 437
Configuring vRealize Automation Table 4‑58. Component Lifecycle Options (Continued) Option Description Update workflow Select the workflow that runs during update operations, including scale-in or scale out where a component is not scalable, but it can be updated. For example, a load balancer is updated with the new configuration created with the scale-in or scale-out operation for any of the components in the composite blueprint.
PAGE 438
Configuring vRealize Automation Table 4‑58. Component Lifecycle Options (Continued) Option Description Deallocation workflow Select the workflow that runs after any destroy or scale-in operation. If the deallocation fails during the operation, the destroy workflow still runs as expected. Deallocation is the final process when you scale-in or destroy a composite blueprint. It runs after to the destroy operation, releasing resources. This life cycle workflow type is available for Azure allocations.
PAGE 439
Configuring vRealize Automation 3 In the Categories list, locate the blueprint. 4 Drag your blueprint to the canvas. 5 Configure the default values on the General and Create tabs. These are the default values that appear in the service catalog form when a user requests the item. 6 Click Finish. 7 Select the blueprint and click Publish. The XaaS blueprint is now part of the composite blueprint. What to do next Add the composite blueprint to a service. See Managing the Service Catalog.
PAGE 440
Configuring vRealize Automation Prerequisites n Log in to the vRealize Automation console as an XaaS architect. n Create a custom resource corresponding to the input parameter of the resource action. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the New icon ( 3 Navigate through the vRealize Orchestrator workflow library and select a workflow relevant to your custom resource. ).
PAGE 441
Configuring vRealize Automation 13 (Optional) Edit the form of the resource action on the Form tab. The form of the resource action maps the vRealize Orchestrator workflow presentation. You can change the form by deleting, editing, and rearranging the elements. You can also add a new form and form pages and drag the necessary elements to the new form and form page. Option Add a form Edit a form Action Click the New Form icon ( ) next to the form name, provide the required information, and click Submit.
PAGE 442
Configuring vRealize Automation The status of the resource action changes to Published. What to do next Assign an icon to the resource action. See Assign an Icon to an XaaS Resource Action. Business group managers and tenant administrators can then use the action when they create an entitlement. Assign an Icon to an XaaS Resource Action After you create and publish a resource action, you can edit it and assign an icon to the action. A known issue exists when updating the icon for XaaS resource actions.
PAGE 443
Configuring vRealize Automation When you create a resource action that runs on a deployed composite blueprint that uses a vRealize Orchestrator workflow with vCACAFE:CatalogResource as an input parameter, the Deployment mapping is applied as the input resource type. The Deployment mapping is applied only if the selected workflow includes vCACAFE:CatalogResource as an input parameter.
PAGE 444
Configuring vRealize Automation 5 Enter the type of the catalog resource in the Catalog Resource Type text box and press enter. The type of catalog resource appears on the details view of the provisioned item. 6 Enter the vRealize Orchestrator object type in the Orchestrator Type text box and press enter. This is the output parameter of the resource mapping workflow. 7 (Optional) Add target criteria to restrict the availability of resource actions created by using this resource mapping.
PAGE 445
Configuring vRealize Automation Table 4‑59. XaaS Object Types and Associated Forms Object Type Default Form Additional Forms Custom resource Resource details form based on the attributes of the vRealize Orchestrator plug-in inventory type (read-only). n None XaaS blueprint Request submission form based on the presentation of the selected workflow.
PAGE 446
Configuring vRealize Automation you also want to restrict the options to ports that are open. You can add an external value definition to a dual list field and select a custom vRealize Orchestrator script action that queries for open ports. When the request form loads, the script actions runs, and the open ports are presented as options to the user.
PAGE 447
Configuring vRealize Automation Table 4‑60. New Fields in the Resource Action or XaaS Blueprint Form (Continued) Field Description Tree Tree that consumers use to browse and select available objects Map Map table that consumers use to define key-value pairs for properties You can also use the Section header form field to split form pages in sections with separate headings and the Text form field to add read-only informational texts.
PAGE 448
Configuring vRealize Automation Table 4‑61. Constraints in the forms designer (Continued) Constraint Description Maximum value Allows you to set a maximum value of the number input element. Increment Allows you to set an increment for an element such as a Decimal or Integer field. For example, when you want an Integer field to be rendered as a Slider, you can use the value of the step. Minimum count Allows you to set a minimum count of items of the element that can be selected.
PAGE 449
Configuring vRealize Automation You can use external value definitions to supply default or read-only values, to build boolean expressions, to define constraints, or to provide options for consumers to select from lists, check boxes, and so on. Working With the Form Designer When you create XaaS blueprints, custom resource actions, and custom resources, you can edit the forms of the blueprints, actions, and resources by using the form designer.
PAGE 450
Configuring vRealize Automation You can edit how an object is represented in the form designer. For example, you can edit the default VC:VirtualMachine representation and make it a tree instead of a search box. You can also add new fields such as check boxes, drop-down menus, and so on, and apply various constraints.
PAGE 451
Configuring vRealize Automation Edit a Custom Resource Element You can edit some of the characteristics of an element on the custom resource Details Form page. Each default field on the page represents a property of the custom resource. You cannot change the type of a property or the default values, but you can edit the name, size, description. Prerequisites n Log in to the vRealize Automation console as a tenant administrator or XaaS architect. n Add an XaaS Custom Resource.
PAGE 452
Configuring vRealize Automation 7 Configure the form. 8 Click Finish. You can delete some of the elements from the original form page and insert them in the new form page, or you can add new fields that use external value definitions to provide information to consumers that is not directly exposed by the vRealize Orchestrator workflow. Insert a Section Header in a Custom Resource Form You can insert a section header to split the form into sections.
PAGE 453
Configuring vRealize Automation Insert an Externally Defined Field in a Custom Resource Form You can insert a new field and assign it an external value definition to dynamically provide read-only information that consumers can see on the item details page when they provision a custom resource. Prerequisites n Log in to the vRealize Automation console as a tenant administrator or XaaS architect. n Add an XaaS Custom Resource.
PAGE 454
Configuring vRealize Automation n Add a New XaaS Blueprint Form When you edit the default generated form of a workflow that you want to publish as a XaaS blueprint, you can add a new XaaS blueprint form. n Edit an XaaS Blueprint Element You can edit some of the characteristics of an element on the Blueprint Form page of a XaaS blueprint. You can change the type of an element, its default values, and apply various constraints and values.
PAGE 455
Configuring vRealize Automation 6 7 Select the screen type from the Screen type menu. Option Description Catalog item details A catalog item details page that consumers see when they click a catalog item. Request form The default XaaS blueprint form. The consumers see the request form when they request the catalog item. Submitted request details A request details page that consumers see after they request the item and want to view the request details on the Request tab. Click Submit.
PAGE 456
Configuring vRealize Automation 11 Edit the default value of the element. Option Description Not set Gets the value of the element you are editing from the vRealize Orchestrator workflow presentation. Constant Sets the default value of the element you are editing to a constant value that you specify. Field Binds the default value of the element to a parameter of another element from the representation. Conditional Applies a condition.
PAGE 457
Configuring vRealize Automation 14 Click Submit. 15 Click Finish. Add a New Element When you edit the default generated form of a XaaS blueprint, you can add a predefined new element to the form. For example, if you do not want to use a default generated field, you can delete it and replace it with a new one. Prerequisites n Log in to the vRealize Automation console as a tenant administrator or XaaS architect. n Add an XaaS Blueprint. Procedure 1 Select Design > XaaS > XaaS Blueprints.
PAGE 458
Configuring vRealize Automation What to do next You can edit the element to change the default settings and apply various constraints or values. Insert a Section Header in a XaaS Blueprint Form You can insert a section header to split the form into sections. Prerequisites n Log in to the vRealize Automation console as a tenant administrator or XaaS architect. n Add an XaaS Blueprint. Procedure 1 Select Design > XaaS > XaaS Blueprints. 2 Click the XaaS blueprint you want to edit.
PAGE 459
Configuring vRealize Automation Designing a Resource Action Form When you create a resource action, you can edit the form of the action by adding new fields to the form, modifying the existing fields, deleting, or rearranging fields. You can also create new forms and form pages, and drag and drop new fields to them. Add a New Resource Action Form When you edit the default generated form of a workflow you want to publish as a resource action, you can add a new resource action form.
PAGE 460
Configuring vRealize Automation n Create a Resource Action. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the resource action you want to edit. 3 Click the Form tab. 4 Drag an element from the New Fields pane and drop it to the Form page pane. 5 Enter the ID of a workflow input parameter in the ID text box. 6 Enter a label in the Label text box. Labels appear to consumers on the forms. 7 (Optional) Select a type for the field from the Type drop-down menu.
PAGE 461
Configuring vRealize Automation Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the resource action you want to edit. 3 Click the Form tab. 4 Locate the element you want to edit. 5 Click the Edit icon ( 6 Enter a new name for the field in the Label text box to change the label that consumers see. 7 Edit the description in the Description text box. 8 Select an option from the Type drop-down menu to change the display type of the element. ).
PAGE 462
Configuring vRealize Automation 13 Add one or more values for the element on the Values tab. The options available depend on the type of element you are editing. Option Description Not set Gets the value of the element you are editing from the vRealize Orchestrator workflow presentation. Predefined values Select values from a list of related objects from the vRealize Orchestrator inventory. Value a Enter a value in the Predefined values search box to search the vRealize Orchestrator inventory.
PAGE 463
Configuring vRealize Automation Prerequisites n Log in to the vRealize Automation console as a tenant administrator or XaaS architect. n Create a Resource Action. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the resource action you want to edit. 3 Click the Form tab. 4 Drag the Text element from the New Fields pane to the Form page pane. 5 Enter the text you want to add. 6 Click outside of the element to save the changes. 7 Click Finish.
PAGE 464
Configuring vRealize Automation 2 Create an XaaS Blueprint for Creating a User You create the Create a user in a group XaaS blueprint so that you can run the workflow that adds an Active Directory user and assigns the user to an Active Directory group. You can create the blueprint as a standalone XaaS blueprint or as a blueprint component. In this scenario, you are creating a standalone blueprint.
PAGE 465
Configuring vRealize Automation What to do next Create an XaaS blueprint. Create an XaaS Blueprint for Creating a User You create the Create a user in a group XaaS blueprint so that you can run the workflow that adds an Active Directory user and assigns the user to an Active Directory group. You can create the blueprint as a standalone XaaS blueprint or as a blueprint component. In this scenario, you are creating a standalone blueprint.
PAGE 466
Configuring vRealize Automation d Click the Visible drop-down arrow, select Constant in the drop-down menu, and select No in the drop-down menu. You made the domain name invisible to the consumer of the catalog item. e Click Apply to save the changes. 8 Click Next. 9 Select newUser [Test User] as an output parameter to be provisioned. 10 Click Next. 11 Click Finish. 12 On the XaaS Blueprints page, select the Create a test user row and click Publish.
PAGE 467
Configuring vRealize Automation 9 Click Next. 10 (Optional) Leave the form as is. 11 Click Finish. 12 On the Resource Actions page, select the Change the password of the Test User row and click Publish. You created a resource action for changing the password of a user, and you made it available to add to an entitlement. What to do next Add the Create a test user blueprint to a service. See Create a Service and Add Creating a Test User Blueprint to the Service.
PAGE 468
Configuring vRealize Automation What to do next You can entitle users to request the blueprint and the run the action. See Entitle the Service and the Resource Action to a Consumer. Entitle the Service and the Resource Action to a Consumer Business group managers and tenant administrators can entitle the service and the resource action to a user or a group of users.
PAGE 469
Configuring vRealize Automation What to do next Log in as user who is entitled to create an Active Directory user. On the Catalog tab, verify that the XaaS blueprint creates the user as expected. After the user is created, run the change password action from the Items tab. Create and Publish an XaaS Action to Migrate a Virtual Machine You can create and publish an XaaS resource action to extend the operations that consumers can perform on IaaS-provisioned vSphere virtual machines.
PAGE 470
Configuring vRealize Automation 11 Click Finish. You created a resource action for migrating a virtual machine and you can see it listed on the Resource Actions page. What to do next Publish the Action for Migrating a vSphere Virtual Machine Publish the Action for Migrating a vSphere Virtual Machine To use the Quick migration of virtual machine resource action as a post-provisioning operation, you must publish it. Procedure 1 Select Design > XaaS > Resource Actions.
PAGE 471
Configuring vRealize Automation 3 Add a Submitted Action Details Form and Save the Action You can add a new form to the Migrate a virtual machine with vMotion resource action to define what the consumers see after they request to run the post-provisioning operation. 4 Publish the Action for Migrating a Virtual Machine with vMotion To use the Migrate a virtual machine with vMotion resource action as a post-provisioning operation, you must publish it.
PAGE 472
Configuring vRealize Automation d Click the Constraints tab. e Select Constant from the Required drop-down menu and select Yes. You made the host field always required. f 3 Click Submit. Edit the priority element. a Click the Edit icon ( b Type Priority of the task in the Label text box. c Select Radio button group from the Type drop-down menu. d Click the Values tab, and deselect the Not set check box. e Enter lowPriority in the Predefined values search text box, and press Enter.
PAGE 473
Configuring vRealize Automation Add a Submitted Action Details Form and Save the Action You can add a new form to the Migrate a virtual machine with vMotion resource action to define what the consumers see after they request to run the post-provisioning operation. Procedure 1 Click the New Form icon ( 2 Type Submitted action in the Name text box. 3 Leave the Description field blank. 4 Select Submitted action details from the Screen type menu. 5 Click Submit.
PAGE 474
Configuring vRealize Automation You created and published a vRealize Orchestrator workflow as a resource action. You can navigate to Administration > Catalog Management > Actions and see the Migrate virtual machine with vMotion resource action in the list of actions. You can assign an icon to the resource action. See Assign an Icon to an XaaS Resource Action. You also edited the presentation of the workflow and defined the look and feel of the action.
PAGE 475
Configuring vRealize Automation 7 Click Next. 8 Leave the name of the resource action and the description as they appear on the Details tab. 9 Click Next. 10 Leave the form as is. 11 Click Add. You created a resource action for taking a snapshot of a virtual machine and you can see it listed on the Resource Actions page. What to do next Publish the Action for Taking a Snapshot.
PAGE 476
Configuring vRealize Automation Procedure 1 Create a Resource Mapping for Amazon Instances You can create a resource mapping to associate Amazon instances provisioned by using IaaS with the vRealize Orchestrator type AWS:EC2Instance exposed by the Amazon Web Services plug-in. 2 Create a Resource Action to Start an Amazon Virtual Machine You can create a resource action so that the consumers can start provisioned Amazon virtual machines.
PAGE 477
Configuring vRealize Automation Prerequisites Log in to the vRealize Automation console as an XaaS architect. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click Add ( 3 Select Orchestrator > Library > Amazon Web Services > Elastic Cloud > Instances and select the Start Instances workflow in the workflows folder. 4 Click Next. 5 Select EC2 Instance from the Resource type drop-down menu. ). This is the name of the resource mapping you previously created.
PAGE 478
Configuring vRealize Automation What to do next Add the start instances action to the entitlement that includes the Amazon catalog item. See Entitle Users to Services, Catalog Items, and Actions. Troubleshooting Incorrect Accents and Special Characters in XaaS Blueprints When you create XaaS blueprints for languages that use non-ASCII strings, the accents and special characters are displayed as unusable strings.
PAGE 479
Configuring vRealize Automation 2 Click Blueprints. 3 Point to the blueprint to publish and click Publish. 4 Click OK. The blueprint is published as a catalog item but you must first entitle it to make it available to users in the service catalog. What to do next Add the blueprint to the catalog service and entitle users to request the catalog item for machine provisioning as defined in the blueprint.
PAGE 480
Configuring vRealize Automation Figure 4‑5. Workflow for Assembling Composite Blueprints Blueprint architects create reusable blueprint components for the design library. Do you want to publish a vRealize Orchestrator workflow as an XaaS blueprint? Yes Identify (or create) a published XaaS blueprint. No Identify (or create) a published Software component.
PAGE 481
Configuring vRealize Automation n Understanding Nested Blueprint Behavior You can reuse blueprints by nesting them in another blueprint as a component. You nest blueprints for reuse and modularity control in machine provisioning, but there are specific rules and considerations when you work with nested blueprints. n Selecting a Machine Component that Supports Software Components You deliver Software components by placing them on top of supported machine components when you assemble blueprints.
PAGE 482
Configuring vRealize Automation n You can apply an approval policy to a blueprint. When approved, the blueprint catalog item and all its components, including nested blueprints, are provisioned. You can also apply different approval policies to different components. All the approval policies must be approved before the requested blueprint is provisioned. n When you edit a published blueprint, you are not changing deployments that are already provisioned by using that blueprint.
PAGE 483
Configuring vRealize Automation Open the nested blueprint and re-add the missing machine component with the original ID or change the machine component ID back to its original ID. Click Save to remove all association history between the missing or changed machine component ID in the nested blueprint and components in the current blueprint.
PAGE 484
Configuring vRealize Automation Selecting a Machine Component that Supports Software Components You deliver Software components by placing them on top of supported machine components when you assemble blueprints. To support Software components, the machine blueprint you select must contain a machine component based on a template, snapshot, or Amazon machine image that contains the guest agent and the Software bootstrap agent, and it must use a supported provisioning method.
PAGE 485
Configuring vRealize Automation You set property bindings when you configure components in a blueprint. On the Blueprint page, you drag your component onto the canvas and click the Properties tab. To bind a property to another property in a blueprint, select the Bind checkbox. You can enter ComponentName~PropertyName in the value text box, or you can use the down arrow to generate a list of available binding options. You use a tilde character ~ as a delimiter between components and properties.
PAGE 486
Configuring vRealize Automation To map a dependency on your design canvas, you draw a line from the dependent component to the component you are depending on. When you are finished, the component you want to build second has an arrow pointing to the component you want to build first. For example, in the Controlling the Build Order by Mapping Dependencies figure, the dependent machine is not provisioned until the primary machine is built.
PAGE 487
Configuring vRealize Automation Procedure 1 Scenario: Create a Container for Your MySQL on CentOS Rainpole Blueprint Using your IaaS, software, or application architect privileges, create a blueprint container and configure the name, description, and unique identifier for your MySQL on CentOS vSphere blueprint.
PAGE 488
Configuring vRealize Automation What to do next Drag your MySQL component and your published CentOS for Software machine blueprint onto the canvas. Scenario: Add Software and a Machine to the MySQL on CentOS Blueprint for Rainpole Using your IaaS, software, or application architect privileges, drag the published CentOS for Software Testing machine blueprint onto your canvas to reuse that blueprint as your machine.
PAGE 489
Configuring vRealize Automation 4 Select CentOS with MySQL. Only published blueprints and components that are not yet associated with a service appear in the list. If you do not see the blueprint, verify that it was published or that it is not included in another service. 5 Click OK. 6 Click Close. Your CentOS with MySQL catalog item is ready for you to request. You do not have to entitle the new catalog item because you entitled your Rainpole business group to the entire Rainpole service.
PAGE 490
Configuring vRealize Automation Blueprints and Actions are published as Catalog Items and Actions Create a Service Add a Catalog Item to a Service Do you want to apply approval policies to one or more catalog items that are included in the Service? No Yes Do you have an approval policy applicable to the Catalog Items in Service? No Create an approval policy now or later? Now Yes Later Create an Approval Policy Create an Entitlement without approval policies Create an Entitlement with approval
PAGE 491
Configuring vRealize Automation Table 4‑64. Configuring the Service Catalog Checklist Task Required Role Details Add a service. tenant administrator or catalog administrator See Add a Service. Add a catalog item to a service. tenant administrator or catalog administrator See Add Catalog Items to a Service. Configure the catalog item in the service. tenant administrator or catalog administrator See Configure a Catalog Item. Create and apply entitlements to the catalog item.
PAGE 492
Configuring vRealize Automation Prerequisites Log in to the vRealize Automation console as a tenant administrator or catalog administrator. Procedure 1 Select Administration > Catalog Management > Services. 2 Click the New icon ( 3 Enter a name and description. ). These values appear in the service catalog for the catalog users. 4 To add a specific icon for the service in the service catalog, click Browse and select an image. The supported image file types are GIF, JPG, and PNG.
PAGE 493
Configuring vRealize Automation 7 Click Add. What to do next Associate catalog items with a service so that you can entitle users to the items. See Add Catalog Items to a Service. Add Catalog Items to a Service Add catalog items to services so that you can entitle users to request the items in the service catalog. A catalog item can be associated with only one service. Prerequisites n Log in to the vRealize Automation console as a tenant administrator or catalog administrator.
PAGE 494
Configuring vRealize Automation Published Catalog Items A catalog item is a published blueprint. Published blueprints can also be used in other blueprints. The reuse of blueprints in other blueprints is not displayed in the catalog items list. The published catalog items can also include items that are only components of blueprints. For example, published software components are listed as catalog items, but they are available only as part of a deployment.
PAGE 495
Configuring vRealize Automation 2 Select the catalog item and click Configure. 3 Configure the catalog item settings. Option Description Icon Browse for an image. The supported image file types are GIF, JPG, and PNG. The displayed image is 40 x 40 pixels. If you do not select a custom image, the default catalog icon appears in the service catalog. Status Possible values include Active, Inactive, and Staging. n Active.
PAGE 496
Configuring vRealize Automation n Verify that you have at least one published action. See Publish a Blueprint and Publish a Resource Action. Procedure 1 Select Administration > Catalog Management > Actions. 2 Select the shared action and click View Details. 3 Browse for an image. 4 To view the entitlements where the action is made available to users, click the Entitlements tab. 5 Click Update. What to do next Entitle Users to Services, Catalog Items, and Actions.
PAGE 497
Configuring vRealize Automation n Actions in Entitlements Actions run on deployed catalog items. Provisioned catalog items, and the actions you are entitled to run on them, appear in your Items tab. To run actions on a deployed item, the action must be included in the same entitlement as the catalog item that provisioned the item from the service catalog. n Approval Policies in Entitlements Approval policies are applied in entitlements so that you can manage resources in your environment.
PAGE 498
Configuring vRealize Automation For example, an item includes a machine and software. The machine is available as a provisionable item and has an approval policy that requires site manager approval. The software is not available as a standalone, provisionable item, only as part of a machine request, but the approval policy for the software requires approval from your organization's software licensing administrator.
PAGE 499
Configuring vRealize Automation n When you entitle service catalog users to the Change Lease, Change Owner, Expire, Reconfigure and other actions that can apply to machines and to deployments, entitle them to both actions. Approval Policies in Entitlements Approval policies are applied in entitlements so that you can manage resources in your environment. To apply an approval policy when you create the entitlement, the policy must already exist.
PAGE 500
Configuring vRealize Automation 3 Configure the Details options. Details determine how the entitlement appears in the entitlement list and which users have access to the items in the service catalog. Option Description Name and Description Information about the entitlement that appears in the entitlements list. Expiration Date Set the date and time if you want the entitlement to become inactive on a particular date. Status Possible values include Active, Inactive, and Deleted.
PAGE 501
Configuring vRealize Automation 5 Click an New icon ( ) to entitle users to services, catalog items, or actions with this entitlement. You can create an entitlement with various combinations of the services, items, and actions. Option Description Entitled Services Add a service when you want to allow entitled users access to all the published catalog items associated with the service. An entitled service is a dynamic entitlement.
PAGE 502
Configuring vRealize Automation 9 Click OK. The service, item, or action is added to the entitlement. 10 Click Finish to save the entitlement. If entitlement status is active, the service and items are added to the service catalog. What to do next Verify that the entitled services and catalog items appear in the service catalog for the entitled users and that the requested items provision the target objects as expected. You can request the item on behalf of the selected users.
PAGE 503
Configuring vRealize Automation Prerequisites Log in to the vRealize Automation console as a tenant administrator or catalog administrator. Procedure 1 Select Administration > Catalog Management > Entitlements. 2 Click the Prioritize icon ( 3 Select a business group from the Business Group drop-down list. 4 Drag an entitlement to a new location in the list to change its priority. 5 Select an update method. ). Option Description Update Saves your changes.
PAGE 504
Configuring vRealize Automation Finally, when a service catalog user requests an item to which an approval policy is applied, the approvers approve or reject the request on their Inbox tab, on Approvals page . The requesting user can track the approval status for a specific request on their Requests tab.
PAGE 505
Configuring vRealize Automation Table 4‑67. Examples of Approval Policies and Results (Continued) Governance Goals Selected Policy Type Pre or Post Approval To manage virtual infrastructure resources and to control costs, you add two preapproval levels because one approval is for machine resources and the other is for cost of machine per day. Service Catalog - Catalog Item Request Virtual Machine Add To Pre Approval tab When is Approval Required Level 1 Select Required based on conditions.
PAGE 506
Configuring vRealize Automation This example uses specific details to build the blueprint and then apply approval policies to actions that you can run from the service catalog on the provisioned blueprint in different entitlements. The blueprint is a composite blueprint that includes another blueprint. The actions used are to destroy the provisioned items, destroy a deployment for the blueprints and destroy a virtual machine for the machine.
PAGE 507
Configuring vRealize Automation User Action in the Service Catalog Selected Action Destroyed Blueprints or Machines Action 1 Destroy - Deployment action runs on Blueprint 1 - Continuous Integration Blueprint Blueprint 1, Blueprint 2, and Virtual Machine 1 Action 2 Destroy - Deployment action runs on the nested Blueprint 2 - Preproduction Blueprint Blueprint 2 and Virtual Machine 1 Action 3 Destroy - Virtual Machine action runs on the machine that is inside a deployment, Virtual Machine 1 - TestAs
PAGE 508
Configuring vRealize Automation Entitlement Name Approval Policy on Actions If Approved, Destroyed Blueprints or Machines User Action Approval Request Triggered Action 2 (Run Destroy Deployment action on the Blueprint 2) Approval requests are triggered for Blueprint 2 only Blueprint 2 and Virtual Machine 1 Action 3 (Destroy - Virtual Machine action runs on Virtual Machine 1) Approval requests are triggered for Virtual Machine 1 only Virtual Machine 1 Example of an Approval Policy in Multiple Ent
PAGE 509
Configuring vRealize Automation Processing Approval Policies in the Service Catalog When a user requests an item in the service catalog that has an approval policy applied, the request is processed by the approver and the requesting user similar to the following workflow Request item in the service catalog Is approval required on item or component? Yes Approval request sent to approver’s Inbox tab Approver approves request? No Requestor notified of rejection on Requests tab No Yes Item is provisi
PAGE 510
Configuring vRealize Automation Procedure 1 Specify Approval Policy Information When you create an approval policy, define the approval policy type, name, description, and status. 2 Create an Approval Level When you create an approval policy, you can add pre-approval and post-approval levels. 3 Configure the Approval Form to Include System and Custom Properties You can add system and custom properties that appear on an approval form.
PAGE 511
Configuring vRealize Automation 3 Select a policy type or software component. Option Description Select an approval policy type Create an approval policy based on the policy request type. Select this option to define an approval policy that is applicable to all catalog items of that type. The request type can be a generic request, a catalog item request, or a resource action request. The available condition configuration options vary depending on the type.
PAGE 512
Configuring vRealize Automation Procedure 1 On the Pre Approval or Post Approval tab, click the New icon ( 2 Enter a name and, optionally, a description. 3 Select an approval requirement. ). Option Description Always Required The approval policy is triggered for every request. Required based on conditions The approval policy is based on one or more condition clauses. If you select this option, you must create the conditions.
PAGE 513
Configuring vRealize Automation What to do next To add properties to the approval form, see Configure the Approval Form to Include System and Custom Properties. Configure the Approval Form to Include System and Custom Properties You can add system and custom properties that appear on an approval form.
PAGE 514
Configuring vRealize Automation 5 d Click Save. e To delete multiple custom properties, select the rows and click Delete. Click OK. What to do next n Add additional pre-approval or post-approval levels. n Save the approval policy. The policy must be active to apply to services, items, or actions in the Entitlements. Approval Policy Settings When you create an approval policy, you configure various options that determine when an item requested by a service catalog users must be approved.
PAGE 515
Configuring vRealize Automation Table 4‑69. Approval Policy Type Options Option Description Select an approval policy type Create an approval policy based on the policy request type. Select this option to define an approval policy that is applicable to all catalog items of that type. The request type can be a generic request, a catalog item request, or a resource action request. The available condition configuration options vary depending on the type.
PAGE 516
Configuring vRealize Automation Table 4‑70. Approval Policy Options (Continued) Option Description Status Possible values include: Policy Type n Draft. The approval policy is not available to apply in entitlements. After you make a policy active, you can never return it to draft. n Active. The approval policy is available to apply in entitlements. n Inactive. The approval policy is not available to apply in entitlements.
PAGE 517
Configuring vRealize Automation To define the basic approval policy information, select Administration > Approval Polices. Click New. Select the policy type and click OK. On the Pre Approval or Post Approval tab, click the New icon ( ). You prioritize levels based on the order that you want them processed. When the approval policy is triggered, if the first level of approval is rejected, the request is rejected. Table 4‑71. Level Information Options Option Description Name Enter a name.
PAGE 518
Configuring vRealize Automation Table 4‑71. Level Information Options (Continued) Option Description Specific Users and Groups Sends the approval request to the selected users. Select the users or user groups that must approve the service catalog request before it is provisioned or an action runs. For example, the request goes to the virtual infrastructure administrator group with Anyone can approve selected.
PAGE 519
Configuring vRealize Automation To select system properties, select Administration > Approval Polices. Click New. Select the policy type and click OK. On the Pre Approval or Post Approval tab, click the New icon ( System Properties tab. ) and click the Table 4‑72. System Properties Options Option Description Properties The list of available system properties depends on the selected request type or catalog item, and whether system properties exist for the item.
PAGE 520
Configuring vRealize Automation Prerequisites Log in to the vRealize Automation console as a tenant administrator or approval administrator. Procedure 1 Select Administration > Approval Policies. 2 Select the row of the approval policy to copy. 3 Click the Copy icon ( ). A copy of the approval policy is created. 4 Select the new approval policy to edit. 5 Enter a name in the Name text box. 6 (Optional) Enter a description in the Description text box.
PAGE 521
Configuring vRealize Automation 2 Click the approval policy name. 3 Click View Linked Entitlements. a In the Replace All With drop-down menu, select the new approval policy. If the list includes more than one entitlement, the new approval policy is applied to all the listed entitlements. b Click OK. 4 After you verify that no entitlements that are linked to the approval policy, select Inactive from the Status drop-menu. 5 Click OK.
PAGE 522
Configuring vRealize Automation Scenario: Configure the Catalog for Rainpole Architects to Test Blueprints Using your tenant administrator privileges, you create a special catalog service that contains very little governance, where your Rainpole architects can efficiently test their work before exporting blueprints into your production environment.
PAGE 523
Configuring vRealize Automation 5 As the tenant administrator who is creating the service, use the search option to add yourself as the Owner and Support Team. 6 Click OK. What to do next Using your tenant administrator privileges, add the published vSphere CentOS machine blueprint to your Rainpole service. Scenario: Add Your vSphere CentOS Catalog Item to the Rainpole Service Using your tenant administrator privileges, you add the published vSphere CentOS machine blueprint to your Rainpole service.
PAGE 524
Configuring vRealize Automation Procedure 1 Select Administration > Catalog Management > Entitlements. 2 Click the New icon ( 3 Configure the details. 4 ). a Enter the name Rainpole architect entitlement b Select Active from the Status drop-down menu. c Select the your Rainpole business group from the Business Group drop-down menu. d Add your Rainpole architects by using the Users & Groups search box. e Click Next. Entitle the Rainpole catalog service.
PAGE 525
Configuring vRealize Automation Scenario: Test Your Rainpole CentOS Machine Using the local test user account you created, you request to provision your vSphere CentOS machine. You log in to the provisioned machine and verify that it is working as expected.
PAGE 526
Configuring vRealize Automation Procedure 1 Select Items > Machines. 2 Select the arrow next to the CentOS on vSphere item. The provisioned machine appears under the expanded item. 3 Click the provisioned machine. 4 Click Remote Log in to Machine on the right-hand panel. 5 Log in to the machine. You installed vRealize Automation in a minimal deployment, set up a proof of concept, and configured your environment for ongoing development of blueprints.
PAGE 527
Configuring vRealize Automation Procedure 1 Scenario: Create a Development and Quality Engineering Catalog Service As the tenant administrator, you want to create a separate catalog service for your development and quality engineering group so your other groups, such as finance and human resources, don't see the specialized catalog items. You create a catalog service called Dev and QE Service to publish all the catalog items development and engineering need to run their test cases.
PAGE 528
Configuring vRealize Automation Scenario: Add CentOS with MySQL to Your Dev and QE Service As the tenant administrator, you want to add the CentOS with MySQL catalog item to the Dev and QE service. Procedure 1 Select Administration > Catalog Management > Services. 2 Select the Dev and QE Service row in the Services list and click Manage Catalog Items. 3 Click the New icon ( 4 Select CentOS with MySQL. ).
PAGE 529
Configuring vRealize Automation d In the Users and Groups area, add one or more users. Add yourself only, unless you are certain that the blueprint is working as intended. If it is, you can add individual users and you can add custom user groups. e 4 Click Next. Add the service.
PAGE 530
Configuring vRealize Automation What to do next After you verify your work by provisioning the CentOS with MySQL catalog item, you can add additional users to the entitlement to make the catalog item publicly available to your development and quality engineering users. If you want to further govern the provisioning of resources in your environment, you can create approval policies for the MySQL Software component and the CentOS for Software Testing machine.
PAGE 531
Configuring vRealize Automation Scenario: Create a CentOS with MySQL Virtual Machine Approval Policy As the tenant administrator you want to ensure that the development and quality engineering group receives virtual machines that are properly provisioned in your environment, so you create an approval policy that requires pre approval for certain types of requests.
PAGE 532
Configuring vRealize Automation i Select the user or group. j Select Anyone can approve. The request only needs one virtual infrastructure administrator to verify the resources and approve the request. 5 6 Click the System Properties tab and select the properties that allow the approver to modify the requested CPU and Memory values before approving a request. a Select the CPUs and Memory (MB) check boxes. b Click OK. Click OK.
PAGE 533
Configuring vRealize Automation 4 Configure the Level Information tab with the triggering criteria and the approval actions. a In the Name text box, enter MySQL software deployment notice. b In the Description text box, enter Software mgr approval of software installation. c Select Always required. d Select Specific Users and Groups. e Enter the name of the software manager in the search text box and click the search icon ( select the user. f Select Anyone can approve.
PAGE 534
Configuring vRealize Automation 4 Add the CentOS with MySQL machine and apply the approval policy. a Click the Add Items icon ( b Select the CentOS with MySQL check box. c Click the Apply this policy to selected items drop-down arrow. ) beside the Entitled Items heading. The CentOS on vSphere CPU and Memory policy is not in the list. d Click Show all and click the down-arrow to view all approval policies.
PAGE 535
Configuring vRealize Automation 6 Add actions that the users can run on the provisioned machine. Approval policies are not applied to actions in this scenario. a Click the Add Actions icon ( b Select the following actions. c 7 ) beside the Entitled Actions heading. Name / Type Description Create Snapshot / Virtual Machine Creates a snapshot of the virtual machine, including the installed software. Allows the developers to create snapshots to which they can revert during development.