Configuring vRealize Automation 12 April 2018 vRealize Automation 7.
Configuring vRealize Automation You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2015–2018 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents Configuring vRealize Automation 6 1 External Preparations for Blueprint Provisioning 7 Preparing Your Environment for vRealize Automation Management 7 Checklist for Preparing NSX Network and Security Configuration Checklist For Providing Third-Party IPAM Provider Support 8 12 Checklist for Configuring Containers for vRealize Automation 16 Preparing Your vCloud Director Environment for vRealize Automation Preparing Your vCloud Air Environment for vRealize Automation Preparing Your Amazon AW
Configuring vRealize Automation Create a Multi Domain or Multi Forest Active Directory Link Configuring Groups and User Roles Create Additional Tenants Delete a Tenant 161 163 169 171 Configuring Security Settings for Multi-tenancy Configuring Custom Branding 172 172 Checklist for Configuring Notifications 174 Create a Custom RDP File to Support RDP Connections for Provisioned Machines Scenario: Add Datacenter Locations for Cross Region Deployments Configuring vRealize Orchestrator Configuring Re
Configuring vRealize Automation Working with Catalog Items and Actions Creating Entitlements 550 553 Working with Approval Policies 560 Request Machine Provisioning By Using a Parameterized Blueprint 585 Scenario: Make the CentOS with MySQL Application Blueprint Available in the Service Catalog Managing Deployed Catalog Items 590 Running Actions for Provisioned Resources 590 Specify Machine Reconfiguration Settings and Considerations for Reconfiguration Reconfigure a Load Balancer in a Deploymen
Configuring vRealize Automation Configuring vRealize Automation provides information about configuring vRealize Automation and your external environments to prepare for vRealize Automation provisioning and catalog management.
1 External Preparations for Blueprint Provisioning You may need to create or prepare some elements outside of vRealize Automation to support catalog item provisioning. For example, if you want to provide a catalog item for provisioning a clone machine, you need to create a template on your hypervisor to clone from.
Configuring vRealize Automation Table 1‑1. Preparing Your Environment for vRealize Automation Integration (Continued) Environment vCloud Air Amazon AWS Microsoft Azure Red Hat OpenStack SCVMM Preparations Register for your vCloud Air account, set up your vCloud Air environment, and identify or create appropriate credentials to provide vRealize Automation with access to your environment. See Preparing for vCloud Air and vCloud Director Provisioning.
Configuring vRealize Automation Beginning in vRealize Automation 7.3, you no longer need to install the NSX plug-in to obtain integrated NSX functionality. All integrated NSX functionality is now sourced directly from the NSX APIs, rather than from the NSX plug-in. However, if you want to use XaaS to extend your vRealize Automation and NSX integration, you must install the NSX plug-in in vRealize Orchestrator as described here.
Configuring vRealize Automation Prerequisites Beginning in vRealize Automation 7.3, you no longer need to install the NSX plug-in to obtain integrated NSX functionality. All integrated NSX functionality is now sourced directly from the NSX APIs, rather than from the NSX plug-in. However, if you want to use XaaS to extend your vRealize Automation and NSX integration, you must install the NSX plug-in in vRealize Orchestrator as described here.
Configuring vRealize Automation 10 Start the vRealize Orchestrator client application, log in, and use the Workflow tab to navigate through the library to the NSX folder. You can browse through the workflows that the NSX plug-in provides. What to do next Create a vRealize Orchestrator endpoint in vRealize Automation to use for running workflows. See Create a vRealize Orchestrator Endpoint.
Configuring vRealize Automation The primary NSX manager can create universal objects, such as universal logical switches. These objects are synchronized to the secondary NSX managers. You can view these objects from the secondary NSX managers, but you cannot edit them there. You must use the primary NSX manager to manage universal objects. The primary NSX manager can be used to configure any of the secondary NSX managers in the environment.
Configuring vRealize Automation For an overview of the provisioning process for using an external IPAM provider to supply a range of possible IP addresses, see Provisioning a vRealize Automation Deployment Using a Third-Party IPAM Provider. Table 1‑3. Preparing for External IPAM Provider Support Checklist Task Description Details Obtain and import the supported external IPAM Provider vRealize Orchestrator plugin.
Configuring vRealize Automation n Create your own third-party IPAM solution by obtaining and using a third-party IPAM Solution Provider SDK, supporting documentation, and an associated starter package for vRealize Orchestrator and vRealize Automation from code.vmware.com/web/sdk on the vRealize Automation Third-Party IPAM Integration SDK 7.3 page.
Configuring vRealize Automation Run Workflow to Register Third-Party IPAM Endpoint Type in vRealize Orchestrator Run the registration workflow in vRealize Orchestrator to support vRealize Automation use of the thirdparty IPAM provider and register the IPAM endpoint type for use in vRealize Automation. Prerequisites n Obtain and Import a Third-Party IPAM Provider Package in vRealize Orchestrator n Verify that you are logged in to vRealize Orchestrator with the authority to run registration workflows.
Configuring vRealize Automation What to do next You can now create an IPAM Infloblox type endpoint, or and endpoint for whatever third-party package or plug-in you have just registered, in vRealize Automation. See Create a Third-Party IPAM Provider Endpoint. Checklist for Configuring Containers for vRealize Automation To get started with Containers, you must configure the feature to support vRealize Automation user roles.
Configuring vRealize Automation You can monitor the cluster status on the Xenon tab in the vRealize Automation appliance or by running the following command in a CLI: service xenon-service status_cluster Xenon works on quorum-based clustering. The quorum is calculated by using the (number of nodes / 2) + 1 formula.
Configuring vRealize Automation Required Credentials for Integration Create or identify either virtual infrastructure administrator or account administrator credentials that your vRealize Automation IaaS administrators can use to bring your vCloud Air environment under vRealize Automation management as an endpoint. User Role Considerations vCloud Air user roles in an organization do not need to correspond with roles in vRealize Automation business groups.
Configuring vRealize Automation "ec2:DescribeVpnConnections", "ec2:DescribeRegions", "ec2:DescribeTags", "ec2:DescribeVolumeAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DisassociateAddress", "ec2:GetPasswordData", "ec2:ImportKeyPair", "ec2:ImportVolume", "ec2:CreateVolume", "ec2:DeleteVolume", "ec2:AttachVolume", "ec2:ModifyVolumeAttribute", "ec2:DetachVolume", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses", "ec2:CreateKeyPair", "ec2:DeleteKey
Configuring vRealize Automation When you create an AWS endpoint in vRA, you're prompted to enter a key and secret key. To obtain the access key needed to create the Amazon endpoint, the administrator must either request a key from a user who has AWS Full Access Administrator credentials or be additionally configured with the AWS Full Access Administrator policy. See Create an Amazon Endpoint.
Configuring vRealize Automation Inventory data collection, which occurs automatically once a day, collects data about what is on a compute resource, such as the following data: n Elastic IP addresses n Elastic load balancers n Elastic block storage volumes State data collection occurs automatically every 15 minutes by default. It gathers information about the state of managed instances, which are instances that vRealize Automation creates.
Configuring vRealize Automation Using Elastic Load Balancers for Amazon Web Services Elastic load balancers distribute incoming application traffic across Amazon Web Services instances. Amazon load balancing enables improved fault tolerance and performance. Amazon makes elastic load balancing available for machines provisioned using Amazon EC2 blueprints. The elastic load balancer must be available in the Amazon Web Services, Amazon Virtual Private Network and at the provisioning location.
Configuring vRealize Automation When you use an Amazon elastic block storage volume in conjunction with vRealize Automation, the following caveats apply: n You cannot attach an existing elastic block storage volume when you provision a machine instance. However, if you create a new volume and request more than one machine at a time, the volume is created and attached to each instance. For example, if you create one volume named volume_1 and request three machines, a volume is created for each machine.
Configuring vRealize Automation n Install OpenSSH SSHD Server on both tunnel machines. Procedure 1 Log in to your Amazon AWS tunnel machine as the root user or similar. 2 Disable iptables. # service iptables save # service iptables stop # chkconfig iptables off 3 Edit /etc/ssh/sshd_config to enable AllowTCPForwarding and GatewayPorts. 4 Restart the service. /etc/init.
Configuring vRealize Automation You can specify security groups in a reservation when requesting a machine. You can also specify an existing or on-demand NSX security group in the design canvas. Security groups are imported during data collection. Each available region requires at least one specified security group. When you create a reservation, the available security groups that are available to you in that region are displayed. Every region includes at least the default security group.
Configuring vRealize Automation n Temporary Profile n Profile Required Network Configuration for SCVMM Clusters SCVMM clusters only expose virtual networks to vRealize Automation, so you must have a 1:1 relationship between your virtual and logical networks. Using the SCVMM console, map each logical network to a virtual network and configure your SCVMM cluster to access machines through the virtual network.
Configuring vRealize Automation 2 Disable iptables. # service iptables save # service iptables stop # chkconfig iptables off 3 Edit /etc/ssh/sshd_config to enable AllowTCPForwarding and GatewayPorts. 4 Restart the service. /etc/init.d/sshd restart 5 Log in to the CentOS machine on the same local network as your vRealize Automation installation as the root user. 6 Invoke the SSH Tunnel from the local network machine to the Azure tunnel machine.
Configuring vRealize Automation Choosing a Machine Provisioning Method to Prepare For most machine provisioning methods, you must prepare some elements outside of vRealize Automation. Table 1‑5. Choosing a Machine Provisioning Method to Prepare Scenario Supported Endpoint Agent Support Provisioning Method Pre-provisioning Preparations Depends on the provisioning method you choose.
Configuring vRealize Automation Table 1‑5. Choosing a Machine Provisioning Method to Prepare (Continued) Supported Endpoint Agent Support Provision a space-efficient copy of a virtual machine called a linked clone. Linked clones are based on a snapshot of a VM and use a chain of delta disks to track differences from a parent machine.
Configuring vRealize Automation Table 1‑5. Choosing a Machine Provisioning Method to Prepare (Continued) Scenario Supported Endpoint Agent Support Provisioning Method Pre-provisioning Preparations Guest agent is installed as part of the preparation instructions. SCCM Preparing for SCCM Provisioning Guest agent is required. When you create the WinPE image, you must manually insert the guest agent.
Configuring vRealize Automation Table 1‑6. Running Visual Basic Scripts During Provisioning Checklist Task Location Details Install and configure the EPI agent for Visual Basic scripts. Typically the Manager Service host See Installing vRealize Automation. Machine where EPI agent is installed vRealize Automation includes a sample Visual Basic script PrePostProvisioningExample.vbs in Create your visual basic scripts. the Scripts subdirectory of the EPI agent installation directory.
Configuring vRealize Automation You can write your own custom scripts for the guest agent to run on deployed machines, and use custom properties on the machine blueprint to specify the location of those scripts and the order in which to run them. You can also use custom properties on the machine blueprint to pass custom property values to your scripts as parameters.
Configuring vRealize Automation Table 1‑7. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent Custom Property VirtualMachine.Admin.UseGuestAgent Description Set to true to initialize the guest agent when the provisioned machine is started. VirtualMachine.Customize.WaitComplete VMware, Inc. Set to True to prevent the provisioning workflow from sending work items to the guest agent until all customizations are complete.
Configuring vRealize Automation Table 1‑7. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent (Continued) Custom Property Description VirtualMachine.SoftwareN.ScriptPath Specifies the full path to an application's install script. The path must be a valid absolute path as seen by the guest operating system and must include the name of the script filename.
Configuring vRealize Automation Table 1‑7. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent (Continued) Custom Property Description n Set custom property VirtualMachine.Software0.ScriptPath as VirtualMachine.Software0.ScriptPath = c:\dosomething.bat [MyPassword]. If you set VirtualMachine.ScriptPath.Decrypt to false, or do not create the VirtualMachine.ScriptPath.Decrypt custom property, then the string inside the square brackets ( [ and ]) is not decrypted.
Configuring vRealize Automation n For Linux vSphere installs, the cert.pem file must reside in the /usr/share/gugent folder. Note You can optionally install software and guest agents together by downloading the following script from https://APPLIANCE/software/index.html. The script allows you to handle acceptance of SSL certificate fingerprints as you create the templates. n Linux prepare_vra_template.sh n Windows prepare_vra_template.
Configuring vRealize Automation 5 Install the guest agent package that corresponds to the guest operating system you are deploying during provisioning. a Navigate to the VraLinuxGuestAgent subdirectory that corresponds to the guest operating system to deploy during provisioning, for example rhel32. b Locate your preferred package format or convert a package to your preferred package format. c Install the guest agent package on your reference machine.
Configuring vRealize Automation 8 If you are installing the guest agent on a Ubuntu operating system, create symbolic links for shared objects by running one of the following command sets. Option Description 64-bit systems 32-bit systems cd /lib/x86_64-linux-gnu sudo ln -s libssl.so.1.0.0 libssl.so.10 sudo ln -s libcrypto.so.1.0.0 libcrypto.so.10 cd /lib/i386-linux-gnu sudo ln -s libssl.so.1.0.0 libssl.so.10 sudo ln -s libcrypto.so.1.0.0 libcrypto.so.
Configuring vRealize Automation 4 Configure the guest agent to communicate with the Manager Service. a Open an elevated command prompt. b Navigate to C:\VRMGuestAgent. c Put the trusted Manager Service PEM file in the C:\VRMGuestAgent\ directory to configure the guest agent to trust your Manager Service machine. d Run winservice -i -h Manager_Service_Hostname_fdqn:portnumber -p ssl. The default port number for the Manager Service is 443.
Configuring vRealize Automation Identify or create a reference machine. Are you working in vCenter Server? Yes Install VMware Tools. No Install the guest agent and the software bootstrap agent. Yes Do you want to support software components in your blueprints? No Do you want the ability to customize machines after deployment? Yes Install the guest agent. No Convert your reference machine to a template.
Configuring vRealize Automation Table 1‑8. Checklist for Preparing to Provision by Cloning Task Location Details Hypervisor See the documentation provided by your hypervisor. (Optional) If you want your clone template to support Software components, install the vRealize Automation guest agent and software bootstrap agent on your reference machine. Reference machine For Windows reference machines, see Prepare a Windows Reference Machine to Support Software.
Configuring vRealize Automation Required Template and Reservation Information Table 1‑9. Template and Reservation Information Worksheet Required Information My Value Details Template name Reservations on which the template is available, or reservation policy to apply To avoid errors during provisioning, ensure that the template is available on all reservations or create reservation policies that architects can use to restrict the blueprint to reservations where the template is available.
Configuring vRealize Automation Visual Basic Script Information If you configured vRealize Automation to run your custom Visual Basic scripts as additional steps in the machine life cycle, you must include information about the scripts in the blueprint. Note A fabric administrator can create a property group by using the property sets ExternalPreProvisioningVbScript and ExternalPostProvisioningVbScript to provide this required information.
Configuring vRealize Automation Table 1‑12. Linux Guest Agent Customization Script Information Worksheet Custom Property My Value Linux.ExternalScript.Name Description Specifies the name of an optional customization script, for example config.sh, that the Linux guest agent runs after the operating system is installed. This property is available for Linux machines cloned from templates on which the Linux agent is installed.
Configuring vRealize Automation Table 1‑13. Custom Properties for Customizing Cloned Machines with a Guest Agent Worksheet Custom Property VirtualMachine.Admin.AddOwnerToAd mins My Value Description Set to True (default) to add the machine’s owner, as specified by the VirtualMachine.Admin.Owner property, to the local administrators group on the machine. VirtualMachine.Admin.
Configuring vRealize Automation Table 1‑13. Custom Properties for Customizing Cloned Machines with a Guest Agent Worksheet (Continued) Custom Property My Value Description VirtualMachine.Admin.CustomizeGue stOSDelay Specifies the time to wait after customization is complete and before starting the guest operating system customization. The value must be in HH:MM:SS format. If the value is not set, the default value is one minute (00:01:00).
Configuring vRealize Automation Table 1‑13. Custom Properties for Customizing Cloned Machines with a Guest Agent Worksheet (Continued) Custom Property My Value VirtualMachine.SoftwareN.ISOName Description Specifies the path and filename of the ISO file relative to the datastore root. The format is /folder_name/subfolder_name/file_ name.iso. If a value is not specified, the ISO is not mounted. VirtualMachine.SoftwareN.
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VirtualMachine.NetworkN.MacAddr ess My Value Description Specifies the MAC address of a network device N. This property is available for cloning. If the value of VirtualMachine.NetworkN.MacAddres sType is generated, this property contains the generated address. If the value of VirtualMachine.NetworkN.MacAddres sType is static, this property specifies the MAC address.
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VirtualMachine.NetworkN.Name My Value Description Specifies the name of the network to connect to, for example the network device N to which a machine is attached. This is equivalent to a network interface card (NIC). By default, a network is assigned from the network paths available on the reservation on which the machine is provisioned. Also see VirtualMachine.NetworkN.
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VirtualMachine.NetworkN.PortID My Value Description Specifies the port ID to use for network device N when using a dvPort group with a vSphere distributed switch. VirtualMachine.NetworkN custom properties are specific to individual blueprints and machines. When a machine is requested, network and IP address allocation is performed before the machine is assigned to a reservation.
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property n VirtualMachine.NetworkN.Subn etMask n VirtualMachine.NetworkN.Gate way n VirtualMachine.NetworkN.Prim aryDns n VirtualMachine.NetworkN.Seco ndaryDns n n n n My Value Description Appending a name allows you to create multiple versions of a custom property.
Configuring vRealize Automation Table 1‑14. Custom Properties for Networking Configuration (Continued) Custom Property VCNS.SecurityGroup.Names.name My Value Description Specifies the NSX security group or groups to which the virtual machine is assigned during provisioning. The value is a security group name or a list of names separated by commas. Names are casesensitive. Appending a name allows you to create multiple versions of the property, which can be used separately or in combination.
Configuring vRealize Automation Templates that are to be shared across organizations must be public. Only reserved templates are available to vRealize Automation as a cloning source. Note When you create a blueprint by cloning from a template, that template's unique identifier becomes associated with the blueprint. When the blueprint is published to the vRealize Automation catalog and used in the provisioning and data collection processes, the associated template is recognized.
Configuring vRealize Automation 3 Edit the isolinux/isolinux.cfg or loader/isolinux.cfg to specify the name and location of the configuration file and the appropriate Linux distribution source. 4 Create the boot ISO image and save it to the location required by your virtualization platform. See the documentation provided by your hypervisor for information about the required location. 5 (Optional) Add customization scripts.
Configuring vRealize Automation 7 Replace all instances of the string host=dcac.example.net with the IP address or fully qualified domain name and port number for the Manager Service or the load balancer for the Manager Service. 8 Platform Required Format vSphere ESXi IP Address, for example: --host=172.20.9.59 vSphere ESX IP Address, for example: --host=172.20.9.58 SUSE 10 IP Address, for example: --host=172.20.9.57 All others FQDN, for example: --host=mycompany-host1.mycompany.
Configuring vRealize Automation 5 Modify the post-installation section of the configuration file to copy or install your script into the /usr/share/gugent/site/workitem directory of your choice. Custom scripts are most commonly run for virtual kickstart/autoYaST with the work items SetupOS (for create provisioning) and CustomizeOS (for clone provisioning), but you can run scripts at any point in the workflow. For example, you can modify the configuration file to copy the script 11_addusers.
Configuring vRealize Automation b The fully qualified domain name of the SCCM server on which the collection containing the sequence resides. c The site code of the SCCM server. d Administrator-level credentials for the SCCM server. e (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to provisioned machines.
Configuring vRealize Automation 2 Ensure that the network has a DHCP server. vRealize Automation cannot provision machines with a WIM image unless DHCP is available. 3 Identify or create the reference machine in the virtualization platform you intend to use for provisioning. For vRealize Automation requirements, see Reference Machine Requirements for WIM Provisioning. For information about creating a reference machine, see the documentation provided by your hypervisor.
Configuring vRealize Automation 2 SysPrep Requirements for the Reference Machine A SysPrep answer file contains several required settings that are used for WIM provisioning. 3 Preparing for WIM Provisioning with VirtIO Drivers If you are using VirtIO for network or storage interfaces, you must ensure that the necessary drivers are included in your WinPE image and WIM image. VirtIO generally offers better performance when provisioning with KVM (RHEV).
Configuring vRealize Automation Table 1‑15. Windows Server or Windows XP reference machine SysPrep required settings (Continued) GuiUnattended Settings Value AutoLogonUsername username (username and password are the credentials used for auto logon when the newly provisioned machine boots into the guest operating system. Administrator is typically used.) AutoLogonPassword password corresponding to the AutoLogonUsername. Table 1‑16.
Configuring vRealize Automation 3 Upload the WinPE image ISO to the Red Hat Enterprise Virtualization ISO storage domains using the rhevm-iso-uploader command. For more information about managing ISO images in RHEV refer to the Red Hat documentation. 4 Create a KVM (RHEV) blueprint for WIM provisioning and select the WinPE ISO option. The custom property VirtualMachine.Admin.DiskInterfaceType must be included with the value VirtIO.
Configuring vRealize Automation n Create a WinPE. Procedure u Download and install the vRealize Automation guest agent from https://vRealize_VA_Hostname_fqdn/software/index.html. a Download GugentZip_version to the C drive on the reference machine. Select either GuestAgentInstaller.exe (32-bit) or GuestAgentInstaller_x64.exe (64-bit) depending on which is appropriate for your operating system. b Right-click the file and select Properties. c Click General. d Click Unblock.
Configuring vRealize Automation 5 Replace all instances of the string #Protocol# with the string /ssl. 6 Replace all instances of the string #Comment# with REM (REM must be followed by a trailing space). 7 (Optional) If you are using self-signed certificates, uncomment the openSSL command. echo QUIT | c:\VRMGuestAgent\bin\openssl s_client –connect 8 Save and close the file. 9 Edit the Startnet.cmd script for your WinPE to include the doagent.bat as a custom script.
Configuring vRealize Automation What to do next Configure the Guest Agent Properties Files. Configure the Guest Agent Properties Files You must manually configure the guest agent properties files. Prerequisites Configure the doagentc.bat File. Procedure 1 Navigate to the VRMGuestAgent directory within your WinPE Image. For example: C:\Program Files (x86)\VMware\Plugins\VRM Agent\VRMGuestAgent. 2 Make a copy of the file gugent.properties and name it gugent.properties.template.
Configuring vRealize Automation OpenStack Flavors You can select one or more flavors when creating OpenStack blueprints. OpenStack flavors are virtual hardware templates that define the machine resource specifications for instances provisioned in OpenStack. Flavors are managed by the OpenStack provider and are imported during data collection. vRealize Automation supports several flavors of OpenStack.
Configuring vRealize Automation n vRealize Automation cannot create user accounts on a cloud machine. The first time a machine owner connects to a cloud machine, she must log in as an administrator and add her vRealize Automation user credentials or an administrator must do that for her. She can then log in using her vRealize Automation user credentials. If the Amazon machine image generates the administrator password on every boot, the Edit Machine Record page displays the password.
Configuring vRealize Automation Procedure 1 Click Infrastructure > Administration > Instance Types. 2 Click New. 3 Add a new instance type, specifying the following parameters. Information about the available Amazon instances types and the setting values that you can specify for these parameters is available from Amazon Web Services documentation in EC2 Instance Types Amazon Web Services (AWS) at aws.amazon.com/ec2 and Instance Types at docs.aws.amazon.com.
Configuring vRealize Automation You want to convert an existing CentOS reference machine into a vSphere template so you and your Rainpole architects can create blueprints for cloning CentOS machines in vRealize Automation. To prevent any conflicts that might arise from deploying multiple virtual machines with identical settings, you also want to create a general customization specification that you and your architects can use to create clone blueprints for Linux templates.
Configuring vRealize Automation 7 Right-click your Rainpole_centos_63_x86 reference machine in the vSphere Web Client and select Template > Convert to Template. vCenter Server marks your Rainpole_centos_63_x86 reference machine as a template and displays the task in the Recent Tasks pane.
Configuring vRealize Automation You have a general customization specification that you can use to create blueprints for cloning Linux machines. What to do next Log in to the vRealize Automation console as the configuration administrator you created during the installation and request the catalog items that quickly set up your proof of concept.
Configuring vRealize Automation Table 1‑17. Provisioning Methods that Support Software (Continued) Machine Type Provisioning Method vCloud Air Clone A clone blueprint provisions a complete and independent virtual machine based on a vCenter Server virtual machine template. If you want your templates for cloning to support Software components, install the guest agent and software bootstrap agent on your reference machine as you prepare a template for cloning.
Configuring vRealize Automation Procedure 1 Log in to the Windows reference server as an administrator. 2 Open a browser to the software download page on the vRealize Automation appliance. https://vrealize-automation-appliance-FQDN/software 3 Save the template ZIP to the Windows server. prepare_vra_template_windows.zip 4 Extract the ZIP contents to a folder, and run the batch file. .\prepare_vra_template.bat 5 Follow the prompts. 6 When finished, shut down the Windows virtual machine.
Configuring vRealize Automation n Common requirements such as sed, awk, perl, chkconfig, unzip, and grep depending on your Linux distribution You might also use an editor to inspect the downloaded prepare_vra_template.sh script, which exposes the commands that it uses. n If you plan to remotely access the machine for troubleshooting or other reasons, install OpenSSH. n Remove network configuration artifacts from the network configuration files. Procedure 1 Log in to your reference machine as root.
Configuring vRealize Automation Updating Existing Virtual Machine Templates in vRealize Automation If you are updating your templates, Amazon Machine Images, or snapshots for the latest version of the Windows Software bootstrap agent, or if you are manually updating to the latest Linux Software bootstrap agent instead of using the prepare_vra_template.sh script, you need to remove any existing versions and delete any logs. Linux For Linux reference machines, running the prepare_vra_template.
Configuring vRealize Automation Procedure 1 Scenario: Prepare Your Reference Machine for Guest Agent Customizations and Software Components So that your template can support software components, you install the software bootstrap agent and its prerequisite, the guest agent, on your reference machine. The agents ensure that vRealize Automation architects who use your template can include software components in their blueprints.
Configuring vRealize Automation Procedure 1 In your Web browser, open the following URL. https://vrealize-automation-appliance-FQDN/software/index.html 2 Save the prepare_vra_template.sh script to your reference machine. 3 On the reference machine, make prepare_vra_template.sh executable. chmod +x prepare_vra_template.sh 4 Run prepare_vra_template.sh. ./prepare_vra_template.sh 5 Follow the prompts. If you need non-interactive information about options and values, enter ./prepare_vra_template.
Configuring vRealize Automation c If you rebooted or reconfigured the reference machine after installing the software bootstrap agent, reset the agent. /opt/vmware-appdirector/agent-bootstrap/agent_reset.sh d Power down the machine. shutdown -h now 2 Log in to the vSphere Web Client as an administrator. 3 Right-click your reference machine and select Edit Settings. 4 Enter cpb_centos_63_x84 in the VM Name text box.
Configuring vRealize Automation 6 Set computer name. a Select Use the virtual machine name. b Enter the domain on which cloned machines are going to be provisioned in the Domain name text box. c Click Next. 7 Configure time zone settings. 8 Click Next. 9 Select Use standard network settings for the guest operating system, including enabling DHCP on all network interfaces.
Configuring vRealize Automation Procedure 1 Scenario: Prepare Your Reference Machine for the Dukes Bank vSphere Sample Application You want your template to support the Dukes Bank sample application, so you must install both the guest agent and the software bootstrap agent on your reference machine so vRealize Automation can provision the software components.
Configuring vRealize Automation 4 Run the prepare_vra_template.sh installer script. ./prepare_vra_template.sh You can run the help command ./prepare_vra_template.sh --help for information about noninteractive options and expected values. 5 Follow the prompts to complete the installation. You see a confirmation message when the installation is successfully completed. If you see an error message and logs in the console, resolve the errors and run the installer script again.
Configuring vRealize Automation d If you rebooted or reconfigured the reference machine after installing the software bootstrap agent, reset the agent. /opt/vmware-appdirector/agent-bootstrap/agent_reset.sh e Power down the machine. shutdown -h now 2 Log in to the vSphere Web Client as an administrator. 3 Right-click your reference machine and select Edit Settings. 4 Enter dukes_bank_template in the VM Name text box.
Configuring vRealize Automation 5 Set computer name. a Select Use the virtual machine name. b Enter the domain on which you want to provision the Dukes Bank sample application in the Domain name text box. c Click Next. 6 Configure time zone settings. 7 Click Next. 8 Select Use standard network settings for the guest operating system, including enabling DHCP on all network interfaces.
Tenant and Resource Preparations for Blueprint Provisioning 2 You can configure multiple tenant environments, each with their own groups of users and unique access to resources that you bring under vRealize Automation management.
Configuring vRealize Automation Table 2‑1. Checklist for Configuring Tenant Settings (Continued) Task (Optional) Configure vRealize Automation to send users notifications when specific events occur. (Optional) Configure vRealize Orchestrator to support XaaS and other extensibility.
Configuring vRealize Automation You can manage the following settings from the Administration > Directories Management tab. Table 2‑3. Directories Management Settings Setting Description Directories The Directories page enables you to create and manage Active Directory links to support vRealize Automation tenant user authentication and authorization. You create one or more directories and then sync those directories with your Active Directory deployment.
Configuring vRealize Automation The connector is the default identity provider. For the authentication methods the connector supports, see VMware Identity Manager Administration. You can also use third-party identity providers that support the SAML 2.0 protocol. Use a third-party identity provider for an authentication type the connector does not support or for an authentication type the connector does support, if the third-party identity provider is preferable based on your enterprise security policy.
Configuring vRealize Automation See Configure an Active Directory over LDAP/IWA Link. For this environment, when you add a directory to the service, select the Active Directory over LDAP option. Multi-Domain, Single Forest Active Directory Environment A multi-domain, single forest Active Directory deployment allows you to sync users and groups from multiple Active Directory domains within a single forest.
Configuring vRealize Automation n OpenLDAP - You can use the open source version of LDAP to support Directories Management user authentication. After you select a communication protocol and configure an Active Directory link, you can specify the domains to use with the Active Directory configuration and then select the users and groups to sync with the specified configuration.
Configuring vRealize Automation 5 Configure the connector that synchronizes users from the Active Directory to the VMware Directories Management directory in the Directory Sync and Authentication section. Option Description Sync Connector Select the appropriate connector to use for your system. Each vRealize Automation appliance contains a default connector. Consult your system administrator if you need help in choosing the appropriate connector.
Configuring vRealize Automation 6 Enter the appropriate information in the Server Location text box if you selected Active Directory over LDAP, or enter information in the Join Domain Details text boxes if you selected Active Directory (Integrated Windows Authentication).
Configuring vRealize Automation 7 In the Bind User Details section, enter the appropriate credentials to facilitate directory synchronization. For Active Directory over LDAP: Option Description Base DN Enter the search base distinguished name. For example, cn=users,dc=corp,dc=local. Bind DN Enter the bind distinguished name.
Configuring vRealize Automation 14 Click to select the groups you want to sync from Active Directory to the directory. When you add a group from Active Directory, if members of that group are not in the Users list, they are added. When you sync a group, any users that lack Domain Users as their primary group in Active Directory are not synced.
Configuring vRealize Automation Configure an OpenLDAP Directory Connection You can configure an OpenLDAP Directory connection with Directories Management. Though there are several different LDAP protocols, OpenLDAP is the only protocol that is tested and approved for use with vRealize Automation Directories Management. To integrate your LDAP directory, you create a corresponding Directories Management directory and sync users and groups from your LDAP directory to the Directories Management directory.
Configuring vRealize Automation Procedure 1 Select Administration > Directories Management > Directories. 2 Click Add Directory and select Add LDAP Directory. 3 Enter the required information in the Add LDAP Directory page. Option Description Directory Name Enter a name for the Directories Management directory.
Configuring vRealize Automation Option Description LDAP Configuration Specify the LDAP search filters and attributes that Directories Management can use to query your LDAP directory. Default values are provided based on the core LDAP schema. Filter Queries n Groups: The search filter for obtaining group objects. For example: (objectClass=group) n Bind user: The search filter for obtaining the bind user object, that is, the user that can bind to the directory.
Configuring vRealize Automation 7 In the Map Attributes page, verify that the Directories Management attributes are mapped to the correct LDAP attributes. These attributes will be synced for users. Important You must specify a mapping for the domain attribute. You can add attributes to the list from the User Attributes page. 8 Click Next. 9 Click + to select the groups you want to sync from the LDAP directory to the Directories Management directory on Select the groups (users) you want to sync page.
Configuring vRealize Automation 11 Click + to add additional users. For example, enter CN=username,CN=Users,OU=myUnit,DC=myCorp,DC=com. You can add organizational units as well as individual users here. You can create a filter to exclude some types of users. Select the user attribute to filter by, the query rule, and the value. 12 Click Next. 13 Review the page to see how many users and groups will sync to the directory and to view the default sync schedule.
Configuring vRealize Automation n If you plan to add both Active Directory and LDAP directories, ensure that you do not mark any attributes required in the User Attributes page, except for userName, which can be marked required. The settings in the User Attributes page apply to all directories in the service. If an attribute is marked required, users without that attribute are not synced to the Directories Management service.
Configuring vRealize Automation 3 Click the Identity Provider that is currently in use for your system. The existing directory and connector that provide basic identity management for your system appears. 4 On the Identity Provider properties page, click the Add a Connector drop-down list, and select the connector that corresponds to your secondary vRealize Automation appliance. 5 Enter the appropriate password in the Bind DN Password text box that appears when you select the connector.
Configuring vRealize Automation 2 Search for the word logout, and edit the location of each instance to point to https://servername.domain/adfs/ls/logout.aspx For example, the following: SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://servername.domain/adfs/ls/ "/> Should be changed to: SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://servername.domain/adfs/ls/logout.
Configuring vRealize Automation c Click the + icon under the Policy Rules heading to add a new rule. Use the fields on the Add a Policy Rule page to create a rule that specifies the appropriate primary and secondary authentication methods to use for a specific network range and device. For example, if your network range is My Machine, and you need to access content from All Device Types then, for a typical deployment, you must authenticate by using the following method: ADFS Username and Password.
Configuring vRealize Automation Setting up SAML between SSO2 and Directories Management involves configuration on the Directories Management and SSO components. Table 2‑4. SAML Federation Component Configuration Component Configuration Directories Management Configure SSO2 as a third-party Identity Provider on Directories Management and update the default authentication policy. You can create an automated script to set up Directories Management.
Configuring vRealize Automation c Click Add Identity Provider and provide the configuration information. Option Action Identity Provider Name Enter a name for the new Identity Provider. Identity Provider Metadata (URI or XML) text box Paste the contents of your SSO2 idp.xml metadata file in the text box and Name ID Policy in SAML Request (Optional) Enter http://schemas.xmlsoap.org/claims/UPN. Users Select the domains to which you want users to have access privileges.
Configuring vRealize Automation action. If problems occur, close unneeded applications and verify that your deployment has appropriate memory allocated to Active Directory. If problems continue, increase the Active Directory memory allocation. For deployments with large numbers of users and groups, you might need to increase the Active Directory memory allocation to as much as 24 GB.
Configuring vRealize Automation To edit the user configuration: u To add users, click the + icon to add a line for a user DN definition and enter the appropriate user DN. If you want to delete a user DN definition, click the x icon for the desired user DN. 5 Click Save to save your changes without synchronizing your updates immediately. Click Save & Sync to save your changes and synchronize your updates immediately.
Configuring vRealize Automation Add Memory to Directories Management You may need to allocate additional memory to Directories Management if you have Active Directory connections that contain a large number of users or groups. By default, 4 GB of memory is allocated to the Directories Management service. This is sufficient for many small to medium sized deployments. If you have an Active Directory connection that uses a large number of users or groups, you may need to increase this memory allocation.
Configuring vRealize Automation 2 Change directories to /usr/local/horizon/conf and create a file called domain_krb.properties. 3 Edit the domain_krb.properties file to add the list of the domain to host values. Add the information as =, , . For example, enter the list as example.com=examplehost.com:636, examplehost2.example.com:389 4 Change the owner of the domain_krb.properties file to horizon and group to www.
Configuring vRealize Automation Procedure 1 Create an identity provider for Just-in-Time provisioning. a Select Administration > Directories management > Identity Providers b Click Add Identity Provider and edit the identity provider instance settings as appropriate. n For just in time provisioning, create a third party identity provider. n In the Create Just-in-Time Directory section, enter names for the directory and one or more domains.
Configuring vRealize Automation 4 Configure the vRealize Automation Access Policy. a Select Administration > Policies. b Click the green + icon at the top right of the policy rules table. c Set the policy rule to apply to applicable ranges and device types. d Select the authentication method that you created when configuring the third party identity provider for JIT provisioning for the authentication method.
Configuring vRealize Automation Table 2‑7. Default Active Directory Attributes to Sync to Directory Directory Attribute Name Default Mapping to Active Directory Attribute userPrincipalName userPrincipalName distinguishedName distinguishedName employeeId employeeID domain canonicalName. Adds the fully qualified domain name of the object. disabled (external user disabled) userAccountControl. Flagged with UF_Account_Disable.
Configuring vRealize Automation n Click Join Domain to join the connector to a specific Active Directory domain. For example when you configure Kerberos authentication, you must join the Active Directory domain either containing users or having trust relationship with the domains containing users. n When you configure a directory with an Integrated Windows Authentication Active Directory, the connector joins the domain according to the configuration details.
Configuring vRealize Automation Procedure 1 Ask your Active Directory administrator to create the computer object in Active Directory in a location determined by your company policy. You must provide the host name of the connector. Ensure that you provide the fully-qualified domain name, for example server.example.com. You can find the host name in the Host Name column on the Connectors page in the administrative console. Select Administration > Directories Management > Connectors.
Configuring vRealize Automation n The file is updated only when you create a new directory that has DNS Service Location lookup enabled or when you add a domain to an Integrated Windows Authentication directory. The new domain and a list of domain controllers for it are added to the file. Note that if an entry for a domain already exists in the file, it is not updated. For example, if you created a directory, then deleted it, the original domain entry remains in the file and is not updated.
Configuring vRealize Automation n Edit the domain_krb.properties file The /usr/local/horizon/conf/domain_krb.properties file determines the domain controllers to use for directories that have DNS Service Location lookup enabled. You can edit the file at any time to modify the list of domain controllers for a domain, or to add or delete domain entries. Your changes will not be overridden. n Troubleshooting domain_krb.properties Use this information to troubleshoot the domain_krb.properties file.
Configuring vRealize Automation See also About Domain Controller Selection. Procedure 1 Log in to the virtual machine as the root user. 2 Change directories to /usr/local/horizon/conf. 3 Edit the domain_krb.properties file to add or edit the list of domain to host values. Use the following format: domain=host:port,host2:port,host3:port For example: example.com=examplehost1.example.com:389,examplehost2.example.com:389 List the domain controllers in order of priority.
Configuring vRealize Automation You create the rule as part of a policy. Each rule in a policy can specify the following information. n The network range, where users are allowed to log in from, such as inside or outside the enterprise network. n The device type that can access through this policy. n The order that the enabled authentication methods are applied. n The number of hours the authentication is valid. n Custom access denied message.
Configuring vRealize Automation You can configure access policy rules to require users to pass credentials through two authentication methods before they can sign in. If one or both authentication method fails and fallback methods are also configured, users are prompted to enter their credentials for the next authentication methods that are configured. The following two scenarios describe how authentication chaining can work.
Configuring vRealize Automation 1 2 n For the internal network (Internal Network Range), two authentication methods are configured for the rule, Kerberos and password authentication as the fallback method. To access the apps portal from an internal network, the service attempts to authenticate users with Kerberos authentication first, as it is the first authentication method listed in the rule. If that fails, users are prompted to enter their Active Directory password.
Configuring vRealize Automation 1 To access the service from outside the enterprise network, the user is required to log in with RSA SecurID. The user logs in using a browser and now has access to the apps portal for a four hour session as provided by the default access rule. 2 After four hours, the user tries to launch a Web application with the Sensitive Web Applications policy set applied.
Configuring vRealize Automation 4 After the user successfully logs in, the service launches the application and saves the authentication event. The user can continue to launch this application for up to one hour but is asked to reauthenticate after an hour, as dictated by the policy rule. Manage the User Access Policy vRealize Automation is supplied with a default user access policy that you can use as is or edit as needed to manage tenant access to applications.
Configuring vRealize Automation 7 Click Save. Configuring Additional Identity Provider Connections You can configure additional identity provider connections as needed to support different identity management scenarios, including additional built-in identity providers and third-party identity providers. You can create three types of identity provider connections using Directories Management. n Create Third-Party IDP - Use this item to create a connection to an external third-party identity provider.
Configuring vRealize Automation When using a custom identity provider, Directories Management uses SAML metadata from that provider to establish a trust relationship with the provider. After this relationship is established, Directories Management maps the users from the SAML assertion to the list of internal vRealize Automation users based the subject name ID. Prerequisites n Configure the network ranges that you want to direct to this identity provider instance for authentication.
Configuring vRealize Automation 5 Option Description Authentication Methods Add the authentication methods supported by the third-party identity provider. Select the SAML authentication context class that supports the authentication method. SAML Signing Certificate Click Service Provider (SP) Metadata to see URL to Directories Management SAML service provider metadata URL . Copy and save the URL.
Configuring vRealize Automation Option Description Network The existing network ranges configured in the service are listed. Select the network range for the users based on the IP addresses that you want to direct to this identity provider instance for authentication. Authentication Methods Authentication methods that are configured for the service are displayed. Select the check box for the authentication methods to associate with this identity provider.
Configuring vRealize Automation Integrating Alternative User Authentication Products with Directories Management Typically, when you initially configure Directories Management, you use the connectors supplied with your existing vRealize Automation infrastructure to create an Active Directory connection for user ID and password based authentication and management. Alternatively, you can integrate Directories Management with other authentication solutions such as Kerberos or RSA SecurID.
Configuring vRealize Automation Table 2‑8. User Authentication Types Supported by Directories Management (Continued) Authentication Types Description Mobile SSO (for iOS) Mobile SSO for iOS authentication is used for single sign-on authentication for AirWatchmanaged iOS devices. Mobile SSO (for iOS) authentication uses a Key Distribution Center (KDC) that is part of the Directories Management service.
Configuring vRealize Automation Prerequisites n Verify that one of the following RSA Authentication Manager versions is installed and functioning on the enterprise network: RSA AM 6.1.2, 7.1 SP2 and later, and 8.0 and later. The server uses AuthSDK_Java_v8.1.1.312.06_03_11_03_16_51 (Agent API 8.1 SP1), which only supports the preceding versions of RSA Authentication Manager (the RSA SecurID server).
Configuring vRealize Automation 4 In the Authentication Adapters page SecurIDldpAdapter row, click Edit. 5 Configure the SecurID Authentication Adapter page. Information used and files generated on the RSA SecurID server are required when you configure the SecurID page. 6 Option Action Name A name is required. The default name is SecurIDldpAdapter. You can change this. Enable SecurID Select this box to enable SecurID authentication.
Configuring vRealize Automation When users sign in to their My Apps portal and RADIUS authentication is enabled, a special login dialog box appears in the browser. Users enter their RADUS authentication user name and passcode in the login dialog box. If the RADIUS server issues an access challenge, the identity manager service displays a dialog box prompting for a second passcode. Currently support for RADIUS challenges is limited to prompting for text input.
Configuring vRealize Automation Procedure 1 Select Administration > Directories Management > Connectors. 2 On the Connectors page, select the Worker link for the connector that is being configured for RADIUS authentication. 3 Click Auth Adapters and then click RadiusAuthAdapter. You are redirected to the identity manager sign-in page. 4 Click Edit to configure these fields on the Authentication Adapter page. Option Action Name A name is required. The default name is RadiusAuthAdapter.
Configuring vRealize Automation 5 You can enable a secondary RADIUS server for high availability. Configure the secondary server as described in step 4. 6 Click Save. What to do next Add the RADIUS authentication method to the default access policy. Select Administration > Directories Management > Policies and click Edit Default Policy to edit the default policy rules to add the RADIUS authentication method to the rule in the correct authentication order.
Configuring vRealize Automation You can configure the to use an email address to validate the user account if the UPN does not exist in the certificate. You can also enable an alternate UPN type to be used. Certificate Authority Required for Authentication To enable logging in using certificate authentication, root certificates and intermediate certificates must be uploaded to the . The certificates are copied to the local certificate store on the user's computer.
Configuring vRealize Automation Logging in with OCSP Certificate Checking When you configure Certificate Status Protocol (OCSP) revocation checking, sends a request to an OCSP responder to determine the revocation status of a specific user certificate. The server uses the OCSP signing certificate to verify that the responses it receives from the OCSP responder are genuine. If the certificate is revoked, authentication fails.
Configuring vRealize Automation Option Description Uploaded CA certificates The uploaded certificate files are listed in the Uploaded Ca Certificates section of the form. You must restart the service before the new certificates are made available. Click Restart Web Service to restart the service and add the certificates to the trusted service. Note Restarting the service does not enable certificate authentication. After the service is restarted, continue configuring this page.
Configuring vRealize Automation n When Certificate Authentication is configured, and the service appliance is set up behind a load balancer, make sure that the Directories Management connector is configured with SSL pass-through at the load balancer and not configured to terminate SSL at the load balancer. This configuration ensures that the SSL handshake is between the connector and the client in order to pass the certificate to the connector.
Configuring vRealize Automation 2 Click Add Identity Provider. A menu appears with Identity Provider options. 3 Select Create Third Party IDP. 4 Enter the appropriate information to configure the identity provider. Option Description Identity Provider Name Enter a name for this identity provider instance. SAML Metadata Add the third party IdPs XML-based metadata document to establish trust with the identity provider. 1 Enter the SAML metadata URL or the xml content into the text box.
Configuring vRealize Automation Managing Authentication Methods to Apply to Users The Directories Management service attempts to authenticate users based on the authentication methods, the default access policy, network ranges, and the identity provider instances you configure. When users attempt to log in, the service evaluates the default access policy rules to select which rule in the policy to apply. The authentication methods are applied in the order they are listed in the rule.
Configuring vRealize Automation 2 3 Edit an existing network range or add a new network range. Option Description Edit an existing range Click the network range name to edit. Add a range Click Add Network Range to add a new range. Complete the form. Form Item Description Name Enter a name for the network range. Description Enter a description for the Network Range. IP Ranges Edit or add IP ranges until all desired and no undesired IP addresses are included.
Configuring vRealize Automation 6 Click Save. The default attribute status is updated and attributes you added are added on the directory's Mapped Attributes list. 7 After the directory is created, go to the Identity Stores page and select the directory. 8 Click Sync Settings > Mapped Attributes. 9 In the drop-down menu for the attributes that you added, select the Active Directory attribute to map to. 10 Click Save.
Configuring vRealize Automation 3 To edit a policy rule, click the authentication method to edit in the Policy Rules, Authentication Method column. The add a new policy rule, click the + icon. 4 Click Save and click Save again on the Policy page. 5 Click Save and click Save again on the Policy page.
Configuring vRealize Automation Configure Kerberos Authentication To configure the Directories Management service to provide Kerberos authentication, you must join to the domain and enable Kerberos authentication on the connector. Procedure 1 As a tenant administrator, navigate to Administration > Directories Management > Connectors 2 On the Connectors page, for the connector that is being configured for Kerberos authentication, click Join Domain.
Configuring vRealize Automation What to do next Add the authentication method to the default access policy. Navigate to Administration > Directories Management > Policies and click Edit Default Policy to edit the default policy rules to add the Kerberos authentication method to the rule in the correct authentication order.
Configuring vRealize Automation e Enter the URL in the Add this Web site to the zone text box. https://myconnectorhost.domain/authenticate/ f 5 Click Add > Close > OK. Verify that Internet Explorer is allowed to pass the Windows authentication to the trusted site. a In the Internet Options dialog box, click the Advanced tab. b Select Enable Integrated Windows Authentication. This option takes effect only after you restart Internet Explorer. c 6 Click OK.
Configuring vRealize Automation 9 Test Kerberos functionality by using the Firefox browser to log in to login URL. For example, https://myconnectorhost.domain.com/authenticate/. If the Kerberos authentication is successful, the test URL goes to the Web interface. The Kerberos protocol secures all interactions between this Firefox browser instance and Directories Management. Now, users can use single sign-on access their My Apps portal.
Configuring vRealize Automation By default, the connector uses the VMware Web site for the upgrade procedure, which requires the connector appliance to have Internet connectivity. You must also configure proxy server settings for the connector appliance, if applicable. If your connector instance does not have an Internet connection, you can perform the upgrade offline. For an offline upgrade, you download the upgrade package and set up a local Web server to host the upgrade file.
Configuring vRealize Automation Enable your proxy to handle only Internet traffic. To ensure that the proxy is set up correctly, set the parameter for internal traffic to no-proxy within the domain. Note Proxy servers that require authentication are not supported. Prerequisites n Verify that you have the root password for the connector appliance. n Verify that you have the proxy server information. Procedure 1 Log in to the connector appliance as the root user.
Configuring vRealize Automation Procedure 1 Log in to the connector appliance as the root user. 2 Run the following command. /usr/local/horizon/update/updatemgr.hzn updateinstaller 3 Run the following command to check that on online upgrade exists. /usr/local/horizon/update/updatemgr.hzn check 4 Run the following command to update the appliance. /usr/local/horizon/update/updatemgr.hzn update Messages that occur during the upgrade are saved to the update.log file at /opt/vmware/var/log/update.log.
Configuring vRealize Automation n Configure the connector appliance to user a local Web server to host the upgrade file. See Prepare a Local Web Server for Offline Upgrade. Procedure 1 Prepare a Local Web Server for Offline Upgrade Before you start the offline connector upgrade, prepare the local Web server by creating a directory structure that includes a subdirectory for the connector appliance.
Configuring vRealize Automation Prerequisites Prepare a local Web server for offline upgrade. Procedure 1 Log in to the connector appliance as the root user. 2 Run the following command to configure an upgrade repository that uses a local Web server. /usr/local/horizon/update/updatelocal.hzn seturl http://YourWebServer/VM/ Note To undo the configuration and restore the ability to perform an online upgrade, you can run the following command. /usr/local/horizon/update/updatelocal.
Configuring vRealize Automation The connector upgrade is complete. Configuring Settings After Upgrading an External Connector After upgrading to connector 2016.3.1.0 or later, you may need to configure some settings. Rejoin Domain with Kerberos Authentication If you use Kerberos authentication or Active Directory (Integrated Windows Authentication) directories, you must leave the domain and then rejoin it. This is required for all the connector virtual appliances in your deployment.
Configuring vRealize Automation Troubleshooting External Connector Upgrade Errors You can troubleshoot vRA Directories Management external connector upgrade problems by reviewing the error logs. If the connector does not start, you can revert to a previous instance by rolling back to a snapshot. n Checking the Upgrade Error Logs Resolve errors that occur during upgrade by reviewing the error logs. Upgrade log files are in the /opt/vmware/var/log directory.
Configuring vRealize Automation Collecting a Log File Bundle You can collect a bundle of log files to send to VMware support. You obtain the bundle from the connector configuration page. The following log files are collected in the bundle. Table 2‑9. Log Files Component Location of Log File Description Apache Tomcat Logs (catalina.log) /opt/vmware/horizon/workspace/logs/catal ina.log Apache Tomcat records messages that are not recorded in other log files. Configurator Logs (configurator.
Configuring vRealize Automation n Log in to vRealize Automation as a tenant administrator. Procedure 1 Select Administration > Directories Management > Directories. 2 Click Add Directory. 3 Enter your specific Active Directory account settings, and accept the default options. 4 Option Sample Input Directory Name Add the IP address of your active directory domain name. Sync Connector Every vRealize Automation appliance contains a connector. Use any of the available connectors.
Configuring vRealize Automation f Click to add additional users. For example, enter as CN-username,CN=Users,OU-myUnit,DC=myCorp,DC=com. To exclude users, click + to create a filter to exclude some types of users. You select the user attribute to filter by, the query rule, and the value. g 9 Click Next. Review the page to see how many users and groups are syncing to the directory and click Sync Directory.
Configuring vRealize Automation Directories Management supports multiple identity providers and connector clusters for each configured Active Directory. To use a third-party identity provider or smart card authentication, you can set up either a single external connector or a connector cluster with an appropriate identity provider behind a load balancer that permits SSL passthrough. See Managing Connectors and Connector Clusters for more information.
Configuring vRealize Automation Generate a Connector Activation Token Before you deploy the connector virtual appliance to use for smart card authentication, generate an activation code for the new connector from the vRealize Automation console. The activation code is used to establish communication between Directories Management and the connector. You can configure a single connector or a connector cluster. If you want to use a connector cluster, repeat this procedure for each connector that you need.
Configuring vRealize Automation Page Description Name and Location Enter a name for the virtual appliance. The name must be unique within the inventory folder and can contain up to 80 characters. Names are case sensitive. Select a location for the virtual appliance. Host / Cluster Select the host or cluster to run the deployed template. Resource Pool Select the resource pool. Storage Select the location to store the virtual machine files. Disk Format Select the disk format for the files.
Configuring vRealize Automation Procedure 1 To run the Setup wizard, enter the connector URL that was displayed in the Console tab after the OVA was deployed. 2 On the Welcome Page, click Continue. 3 Create strong passwords for the following connector virtual appliance administrator accounts. Strong passwords should be at least eight characters long and include uppercase and lowercase characters and at least one digit or special character.
Configuring vRealize Automation You only need to specify the CN, or certificate authority's site domain name, if you are generating a CSR for a custom certificate. Prerequisites Generate a Certificate Signing Request (CSR) and obtain a valid, signed certificate from a CA. If your organization provides SSL certificates that are signed by a CA, you can use these certificates. The certificate must be in the PEM format.
Configuring vRealize Automation Certificate Chain Example WdR9Vpg3WQT5+C3HU17bUOwvhp/rjlQvt90+ ... ... ... O05j5xsxzDJfWr1lqBlFF/OkIYCPW53+cyK1 -----END CERTIFICATE---------BEGIN CERTIFICATE----dR9Vpg3WQTjlQvt9W5+C3HU17bUOwvhp/r0+ ... ... ... 5j5xsxzDJfWr1lqW53+O0BlFF/OkIYCPcyK1 -----END CERTIFICATE----Private Key Example -----BEGIN RSA PRIVATE KEY----jlQvtg3WQT5+C3HU17bU9WdR9VpOwvhp/r0+ ... ... ...
Configuring vRealize Automation 6 Select the external connector or connectors that you configured for smart card authentication. Note If the deployment is located behind a load balancer, enter the load balancer URL. 7 Select the network for access to this identity provider. 8 Click Add. Configure Certificate Authentication and Configure Default Access Policy Rules You must configure your external connection for use with your vRealize Automation Active Directory and domain.
Configuring vRealize Automation Prerequisites n Install a distributed vRealize Automation deployment with appropriate load balancers. See Installing vRealize Automation. n Log in to vRealize Automation as a tenant administrator. n Configure the appropriate domains and Active Directory forests for your deployment. Procedure 1 Select Administration > Directories Management > Directories. 2 Click Add Directory.
Configuring vRealize Automation 11 Verify that the Directories Management directory attribute names are mapped to the correct Active Directory attributes. If the directory attribute names are mapped incorrectly, select the correct Active Directory attribute from the drop-down menu. 12 Click Next. 13 Click to select the groups you want to sync from Active Directory to the directory. When you add an Active Directory group, if members of that group are not in the Users list, they are added.
Configuring vRealize Automation To allow users or groups to modify and trigger a pipeline, you must assign permissions to those users and groups. When you assign users and groups the role of Release Manager, they can modify and trigger the pipeline. When you assign users and groups the role of Release Engineer, they can trigger the pipeline. For more information, see the Using vRealize Code Stream guide. Prerequisites Log in to vRealize Automation as a tenant administrator.
Configuring vRealize Automation You can assign roles to your custom group, but it is not necessary in all cases. For example, you can create a custom group called Machine Specification Approvers, to use for all machine pre-approvals. You can also create custom groups to map to your business groups so that you can manage all groups in one place. In those cases, you do not need to assign roles. Prerequisites Log in to vRealize Automation as a tenant administrator.
Configuring vRealize Automation For instance, in the first rule selection box, you can select Domain as a criteria, and then select Matches in the second box. Then, in the third rule box, you can enter a domain. These selections create a rule that establishes just-in-time membership based users that are associated with the specified domain. The third selection box is a free form entry box, and you can enter any information that logically relates to the selections in the first two selection boxes.
Configuring vRealize Automation 8 If you want to exclude users from the group, search for and add those users on the Exclude Users from Group page. 9 Click Next. 10 Review the group configuration on the Review page, and then click Save to save and implement your rules and configuration. Just-in-time users are added based on the rules that you created. Create a Business Group Business groups are used to associate a set of services and resources to a set of users.
Configuring vRealize Automation 3 Configure the business group details. Option Description Name Enter the name for the business group. Description Enter the description. Send manager emails to Enter one or more email addresses of users that must receive capacity alert notifications. Email alias addresses are not supported, each email addresses must be for a specific user. Separate multiple entries with a comma. For example, JoeAdmin@mycompany.com,WeiMgr@mycompany.com.
Configuring vRealize Automation What to do next n Create a reservation for your business group based on where the business group provisions machines. See Choosing a Reservation Scenario. n If the catalog items are published and the services exist, you can create an entitlement for the business group members. See Entitle Users to Services, Catalog Items, and Actions.
Configuring vRealize Automation 2 Configure Local Users The vRealize Automation system administrator must configure local users for each applicable tenant. 3 Appoint Administrators You can appoint one or more tenant administrators and IaaS administrators from the identity stores you configured for a tenant. Specify Tenant Information The first step to configuring a tenant is to name the new tenant and add it to vRealize Automation and create the tenant-specific access URL.
Configuring vRealize Automation Procedure 1 Click the Add button on the Local users tab. 2 Enter the users first and last names into the First name and Last name fields on the User Details dialog. 3 Enter the user email address into the Email field. 4 Enter the user ID and password for the user in the User name and Password fields. 5 Click the Add button. 6 Repeat these steps as applicable for all local users of the tenant. The specified local users are created for the tenant.
Configuring vRealize Automation If you delete a tenant, that tenant will be removed from the vRealize Automation interface immediately, but it may take several hours for the tenant to be completely removed from your deployment. If you delete a tenant and want to create another tenant with the same URL, allow several hours for complete deletion before creating the new tenant. Prerequisites Log in to the vRealize Automation console as a system administrator. Procedure 1 Select Administration > Tenants.
Configuring vRealize Automation This page enables you to configure branding on all tenant login pages. The Login Screen Branding page displays the currently implemented tenant login branding in the Preview pane. Note After saving new tenant login page branding, there may be a delay of up to five minutes before it becomes visible on all login pages. Prerequisites To use a custom logo or other image with your branding, you must have the appropriate files available.
Configuring vRealize Automation Procedure 1 Log in to vRealize Automation as a system or tenant administrator. 2 Click the Administration tab. 3 Select Branding > Application Branding 4 Click the Header tab if it is not already active. 5 If you want to use the default vRealize Automation branding, click the Use Default check box. 6 To implement custom branding, make the appropriate selections in the fields on the Header and Footer tabs.
Configuring vRealize Automation Configure an outbound mail server to send notifications. Do you want users to be able to respond to notifications? Yes Configure an inbound mail server to receive notifications. No Enable notifications for any events you want to allow users to receive updates for. Do you want to customize the templates for IaaS notifications? Yes TEMPLATE Edit the configuration files that control IaaS notifications.
Configuring vRealize Automation Table 2‑10. Checklist for Configuring Notifications Task Configure an outbound email server to send notifications. (Optional) Configure an inbound email server so that users can complete tasks by responding to notifications. Required Role n System administrators configure default global servers. n Tenant administrators configure servers for their tenants. n System administrators configure default global servers.
Configuring vRealize Automation Configuring Global Email Servers for Notifications Tenant administrators can add email servers as part of configuring notifications for their own tenants. As a system administrator, you can set up global inbound and outbound email servers that appear to all tenants as the system defaults. If tenant administrators do not override these settings before enabling notifications, vRealize Automation uses the globally configured email servers.
Configuring vRealize Automation 18 Click Add. Create a Global Outbound Email Server System administrators create a global outbound email server to handle outbound email notifications. You can create only one outbound server, which appears as the default for all tenants. If tenant administrators do not override these settings before enabling notifications, vRealize Automation uses the globally configured email server. Prerequisites Log in to the vRealize Automation console as a system administrator.
Configuring vRealize Automation Add a Tenant-Specific Outbound Email Server Tenant administrators can add an outbound email server to send notifications for completing work items, such as approvals. Each tenant can have only one outbound email server. If your system administrator has already configured a global outbound email server, see Override a System Default Outbound Email Server. Prerequisites n Log in to vRealize Automation as a tenant administrator.
Configuring vRealize Automation 12 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 13 Click Test Connection. 14 Click Add. Add a Tenant-Specific Inbound Email Server Tenant administrators can add an inbound email server so that users can respond to notifications for completing work items, such as approvals.
Configuring vRealize Automation 9 (Optional) Select Delete From Server to delete from the server all processed emails that are retrieved by the notification service. 10 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 11 Click Test Connection. 12 Click Add.
Configuring vRealize Automation 11 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 12 Click Test Connection. 13 Click Add. Override a System Default Inbound Email Server If the system administrator has configured a system default inbound email server, tenant administrators can override this global setting.
Configuring vRealize Automation 10 Choose whether vRealize Automation can accept self-signed certificates from the email server. This option is available only if you enabled encryption. n Click Yes to accept self-signed certificates. n Click No to reject self-signed certificates. 11 Click Test Connection. 12 Click Add. Revert to System Default Email Servers Tenant administrators who override system default servers can revert the settings back to the global settings.
Configuring vRealize Automation You can change the setting that defines the number of days before a machine's expiration date that vRealize Automation sends an expiration notification email. The email notifies users of a machine's expiration date. By default, the setting is 7 days prior to machine expiration. Procedure 1 Log in to the vRealize Automation server by using credentials with administrative access. 2 Navigate to and open the /etc/vcac/setenv-user file.
Configuring vRealize Automation 2 Select the Enabled check box for the Email protocol in the Notifications table. 3 Click Apply. 4 Click Close. (Optional) Create a Custom RDP File to Support RDP Connections for Provisioned Machines System administrators create a custom remote desktop protocol file that IaaS architects use in blueprints to configure RDP settings.
Configuring vRealize Automation You have a datacenter in London, and a datacenter in Boston, and you do not want users in Boston provisioning machines on your London infrastructure or vice versa. To ensure that Boston users provision on your Boston infrastructure, and London users provision on your London infrastructure, you want to allow users to select an appropriate location for provisioning when they request machines.
Configuring vRealize Automation Configuring vRealize Orchestrator vRealize Orchestrator is an automation and management engine that extends vRealize Automation to support XaaS and other extensibility. You can configure and use the vRealize Orchestrator server that is preconfigured in the vRealize Automation appliance, or you can deployvRealize Orchestrator as an external server instance and associate that external instance with vRealize Automation.
Configuring vRealize Automation 3 Click Use the default Orchestrator server. Connections to the embedded vRealize Orchestrator server are now configured. The vCAC workflows folder and the related utility actions are automatically imported. The vCAC > ASD workflows folder contains workflows for configuring endpoints and creating resource mappings.
Configuring vRealize Automation 4 Log in to the vRealize Orchestrator Control Center. The user name is configured by the vRealize Automation appliance administrator. Log in to the vRealize Orchestrator Client To perform general administration tasks or to edit and create workflows in the default vRealize Orchestrator instance, you must log in to the vRealize Orchestrator client.
Configuring vRealize Automation Configure an External vRealize Orchestrator Server You can set up vRealize Automation to use an external vRealize Orchestrator server. System administrators can configure the default vRealize Orchestrator server globally for all tenants. Tenant administrators can configure the vRealize Orchestrator server only for their tenants.
Configuring vRealize Automation 6 Select the authentication type. Option Description Single Sign-On Connects to the vRealize Orchestrator server by using vCenter Single Sign-On. This option is applicable only if you configured the vRealize Orchestrator and vRealize Automation to use a common vCenter Single Sign-On instance. Basic Connects to the vRealize Orchestrator server with the user name and password that you enter in the User name and Password text boxes.
Configuring vRealize Automation Table 2‑11. Checklist for Configuring IaaS Resources vRealize Automation Role Details Create endpoints for your infrastructure to bring resources under vRealize Automation management. IaaS administrator Choosing an Endpoint Scenario. Create a fabric group to organize infrastructure resources into groups and assign one or more administrators to manage those resources as your vRealize Automation fabric administrators. IaaS administrator Create a Fabric Group.
Configuring vRealize Automation n IPAM This category is only visible if you have registered a third-party IPAM endpoint type such as Infoblox IPAM in a vRealize Orchestrator workflow. n Management This category contains the vRealize Operations Manager endpoint only. n Network and Security This category contains the Proxy and NSX endpoint types. A Proxy endpoint can be associated to an Amazon, vCloud Air, or vCloud Director endpoint. An NSX endpoint can be associated to a vSphere endpoint.
Configuring vRealize Automation Table 2‑12.
Configuring vRealize Automation Table 2‑13. General Tab Settings (Continued) Setting Address Description Enter the endpoint address using the endpoint-specific address format. n For a KVM (RHEV) or NetApp ONTAP endpoint, the address must be of one of the following formats: n https://FQDN n https://IP_address For example: https://mycompany-kvmrhev1.mycompany.local or netapp-1.mycompany.local. n For an OpenStack endpoint, the address must be of the format https:// FQDN/powervc/openstack/ service.
Configuring vRealize Automation Table 2‑13. General Tab Settings (Continued) Setting Description Port Enter the port value to connect to on the proxy endpoint address. This setting applies to Proxy endpoints only. Priority Enter a priority value as an integer greater than or equal to 1. The lower value specifies a higher priority. The priority value is associated to the embedded VMware.VCenterOrchestrator.Priority custom property. This setting applies to vRealize Orchestrator endpoints only.
Configuring vRealize Automation n If you plan to use a vSphere endpoint to deploy VMs from OVF templates, verify that your credentials include the vSphere privilege VApp.Import in the vCenter associated with the endpoint. The VApp.Import privilege allows you to deploy a vSphere machine by using settings imported from an OVF. Details about this vSphere privilege are available in the vSphere SDK documentation. If the OVF is hosted on a Web site, see Create a Proxy Endpoint for OVF Host Web Site.
Configuring vRealize Automation 9 (Optional) Click Test Connection to validate the credentials, host endpoint address, and certificate trust. The action also checks that the manager service and agent are running so that endpoint can be data-collected. The OK action tests for these same conditions.
Configuring vRealize Automation For information about validating the NSX connection and certificate trust, see Considerations When Using Test Connection. For related information about creating an NSX endpoint, see public articles such as this vmwarelab blog post. Prerequisites n Log in to vRealize Automation as an IaaS administrator. n You must install a vSphere proxy agent to manage your vSphere endpoint, and you must use the same exact name for your endpoint and agent.
Configuring vRealize Automation 9 (Optional) Click Test Connection to validate the credentials, host endpoint address, and certificate trust. The action also checks that the manager service and agent are running so that endpoint can be data-collected. The OK action tests for these same conditions.
Configuring vRealize Automation For information about vCloud Air Management Console, see vCloud Air documentation. Note Reservations defined for vCloud Air endpoints and vCloud Director endpoints do not support the use of network profiles for provisioning machines. For vCloud Air endpoints, the Organization name and the vDC name must be identical for a vCloud Air subscription instance.
Configuring vRealize Automation What to do next Create a Fabric Group. Create a vCloud Director Endpoint You can create a vCloud Director endpoint to manage all of the vCloud Director virtual data centers (vDCs) in your environment, or you can create separate endpoints to manage each vCloud Director organization. You can optionally associate proxy settings to the vCloud Director endpoint by associating to a Proxy endpoint. For information about Organization vDCs, see vCloud Director documentation.
Configuring vRealize Automation 6 If you are an organization administrator, you can enter a vCloud Director organization name in the Organization text box. Option Description Discover all Organization vCDs If you have implemented vCloud Director in a private cloud, you can leave the Organization text box blank to allow the application to discover all the available Organization vDCs. Separate endpoints for each Organization vCD Enter a vCloud Director organization name in the Organization text box.
Configuring vRealize Automation For information about associating proxy settings to your endpoint, see Create a Proxy Endpoint and Associate to a Cloud Endpoint. Prerequisites n Log in to vRealize Automation as an IaaS administrator. n If you want to configure additional security and force connections to pass through a proxy server, create a Proxy endpoint. You can associate to the Proxy endpoint as you create the Amazon endpoint. See Create a Proxy Endpoint and Associate to a Cloud Endpoint.
Configuring vRealize Automation Prerequisites Log in to vRealize Automation as an IaaS administrator. Procedure 1 Click Infrastructure > Administration > Instance Types. 2 Click New. 3 Add a new instance type, specifying the following parameters. Information about the available Amazon instances types and the setting values that you can specify for these parameters is available from Amazon Web Services documentation in EC2 Instance Types Amazon Web Services (AWS) at aws.amazon.
Configuring vRealize Automation n Create an Amazon Endpoint n Create a vCloud Director Endpoint You must have at least one vCloud Air, vCloud Director, or Amazon endpoint to create an association from the Proxy endpoint. Procedure 1 Select Infrastructure > Endpoints > Endpoints. 2 Select New > Network and Security > Proxy. 3 Enter a name in the Name text box. 4 (Optional) Enter a description in the Description text box. 5 Enter the URL for the installed proxy agent in the Address text box.
Configuring vRealize Automation 3 Enter a name in the Name text box. 4 (Optional) Enter a description in the Description text box. 5 Enter the URL for the Web site that is hosting the OVF in the Address text box. 6 Enter the port number to use for connecting to the Web site proxy server in the Port text box. 7 Enter your administrator-level user name and password. 8 (Optional) Click Properties and add supplied custom properties, property groups, or your own property definitions for the endpoint.
Configuring vRealize Automation To use the default vRealize Orchestrator instance embedded in the vRealize Automation appliance, the user name is administrator@vsphere.local and the password is the administrator password that was specified when configuring SSO. 6 Enter an integer greater than or equal to 1 in Priority text box. A lower value specifies a higher priority. 7 (Optional) Click Properties and add supplied custom properties, property groups, or your own property definitions for the endpoint.
Configuring vRealize Automation 4 Enter the URL for the vRealize Operations Manager server in the Address text box. The URL must be of the format: https://hostname/suite-api. 5 Enter your vRealize Operations Manager user name and password credentials. 6 (Optional) Click Properties and add supplied custom properties, property groups, or your own property definitions for the endpoint. 7 (Optional) Click Test Connection to validate the credentials, host endpoint address, and certificate trust.
Configuring vRealize Automation If you imported a vRealize Orchestrator package for providing an external IPAM solution and registered the IPAM endpoint type in vRealize Orchestrator, you can select that IPAM endpoint type when you create a vRealize Automation endpoint. Note This example is based on use of the Infoblox IPAM plug-in, which is available for download at the VMware Solution Exchange.
Configuring vRealize Automation 5 Enter the user name and password required to access the IPAM solution provider account. The IPAM solution provider account credentials are required to create, configure, and edit the endpoint when working in vRealize Automation. vRealize Automation uses the IPAM endpoint credentials to communicate with the specified endpoint type, for example Infoblox, to allocate IP addresses and perform other operations.
Configuring vRealize Automation n Create an Active Directory application as described in https://azure.microsoft.com/enus/documentation/articles/resource-group-create-service-principal-portal. n Make note of the following Azure related information, as you will need it during endpoint and blueprint configuration.
Configuring vRealize Automation Parameter Description Connection name Unique name for the new endpoint connection. This name appears in the vRealize Orchestrator interface to help you identify a particular connection. Azure subscription id The identifier for your Azure subscription. The ID defines the storage accounts, virtual machines and other Azure resources to which you have access. Resource manager settings Azure service URI The URI through which you gain access to your Azure instance.
Configuring vRealize Automation Action Options Create an Azure resource group n Create the resource group using the Azure portal. See the Azure documentation for specific instructions. n Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Resource/Create resource group. Create an Azure storage account n In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow.
Configuring vRealize Automation Procedure 1 Select Administration > vRO Configuration > Endpoints. 2 Click the New icon ( 3 On the Plug-in tab, click the Plug-in drop-down menu and select Puppet Plug-in. 4 Click Next. 5 Enter a name and, optionally, a description. 6 Click Next. 7 Populate the text boxes on the Details tab as appropriate for the endpoint. 8 ). Parameter Description Display name for this Puppet Master The name of the Puppet Master associated with the endpoint connection .
Configuring vRealize Automation Procedure 1 Select Infrastructure > Endpoints > Endpoints. 2 Select New > Virtual > Hyper-V (SCVMM). 3 Enter a name in the Name text box. 4 (Optional) Enter a description in the Description text box. 5 Enter the URL for the endpoint in the Address text box. The URL must be of the type: FQDN or IP_address. For example: mycompany-scvmm1.mycompany.local. 6 Enter the administrative-level user name and password that you stored for this endpoint.
Configuring vRealize Automation 4 Enter the URL for the endpoint in the Address text box. Option PowerVC Description The URL must be of the format http://myPowerVC.com:5000 or http://FQDN:5000. Openstack The URL must be of the format FQDN:5000 or IP_address:5000. Do not include the /v2.0 suffix in the endpoint address. 5 Enter your administrative-level user name and password. The credentials you provide must have the administrator role in the OpenStack tenant associated with the endpoint.
Configuring vRealize Automation 2 Enter the fully qualified DNS name of your Hyper-V server, Xen server, or Xen pool master in the Compute resource text box. Note For a Xen pool endpoint, you must enter the name of the pool master. To avoid duplicate entries in the vRealize Automation compute resource table, specify an address that matches the configured Xen pool master address. For example, if the Xen pool master address uses the host name, enter the host name and not the FQDN.
Configuring vRealize Automation If you receive errors when running Test Connection on upgraded or migrated endpoints, see Considerations When Working With Upgraded or Migrated Endpoints for steps needed to establish certificate trust. Import or Export Endpoints Programmatically To programmatically import and export endpoints in vRealize Automation 7.3 or later you must use either new vRealize Automation endpoint-configuration-service REST APIs or use vRealize CloudClient.
Configuring vRealize Automation After upgrade or migration, the new Proxy endpoint name is Proxy_YYYYY where YYYYY is a hash of the proxy's URL, port, and credentials. If you used the same proxy settings (for example the same URL, port, and credentials) for a different endpoint (for example, a vCloud Air or Amazon endpoint), after upgrade or migration there is only one Proxy endpoint and an association between the vCloud Air and Amazon endpoint and the new Proxy endpoint.
Configuring vRealize Automation If the Test Connection action is successful but some data collection or provisioning operations fail, you can install the same certificate on all the agent machines that serve the endpoint and on all DEM machines. Alternatively, you can uninstall the certificate from existing machines and repeat the preceding procedure for the failing endpoint. n The vRealize Automation REST APIs that were used to programmatically create, edit, and delete endpoints in vRealize Automation 7.
Configuring vRealize Automation n You can delete endpoints programmatically by using either the new CREATE, EDIT, and DELETE vRealize Automation endpoint-configuration-service REST APIs introduced in vRealize Automation 7.3 or by using vRealize CloudClient. You cannot delete endpoints by using the prevRealize Automation 7.3 endpoint-configuration-service REST APIs.
Configuring vRealize Automation Create a Fabric Group You can organize infrastructure resources into fabric groups and assign one or more fabric administrators to manage the resources in the fabric group. Fabric groups are required for virtual and cloud endpoints. You can grant the fabric administrator role to multiple users by either adding multiple users one at a time or by choosing an identity store group or custom group as your fabric administrator.
Configuring vRealize Automation n No other symbols, punctuation characters, or blank spaces can be used. n No longer than 15 characters, including the digits, to conform to the Windows limit of 15 characters in host names. Longer host names are truncated when a machine is provisioned, and updated the next time data collection is run. However, for WIM provisioning names are not truncated and provisioning fails when the specified name is longer than 15 characters.
Configuring vRealize Automation Network profiles are used to configure network settings when machines are provisioned. Network profiles also specify the configuration of NSX Edge devices that are created when you provision machines. You identify a network profile when you create reservations and blueprints. In a reservation, you can assign a network profile to a network path and specify any one of those paths for a machine component in a blueprint.
Configuring vRealize Automation Table 2‑14. Available Network Types for a vRealize Automation Network Profile Network Type Description External Existing network configured on the vSphere server. They are the external part of the NAT and routed networks types. An external network profile can define a range of static IP addresses available on the external network.
Configuring vRealize Automation You can assign a network profile to a vSphere machine component in a blueprint by adding an existing, on-demand NAT, or on-demand routed network component to the design canvas and selecting a network profile to which to connect the vSphere machine component. You can also assign network profiles to blueprints by using the custom property VirtualMachine.NetworkN.ProfileName, where N is the network identifier.
Configuring vRealize Automation You can add or change the IP addresses in a network profile range by importing from a CSV file or by entering values manually. Alternatively, you can allow a third-party IPAM provider to supply IP addresses. n Import an initial range of IP addresses into a vRealize Automation network profile. n Apply the imported values to create our first named network range in the network profile. n Delete one or more IP addresses from the network range vRealize Automation.
Configuring vRealize Automation d n Enter the end IP address of the range. Click Import from CSV. a Browse to and select the CSV file or drag the CSV file into the Import from CSV dialog box. A row in the CSV file has the format ip_address, machine_name, status, NIC offset. For example: 100.10.100.1,mymachine01,Allocated b CSV Field Description ip_address An IP address in IPv4 format. machine_name Name of a managed machine in vRealize Automation. If the field is empty, the default is no name.
Configuring vRealize Automation Create an External Network Profile By Using the Supplied IPAM Endpoint You can create an external network profile to define network properties and a range of static IP addresses for use when provisioning machines on an existing network. You can define one or more network ranges of static IP addresses in the network profile for use in provisioning a machine.
Configuring vRealize Automation 5 Enter an IP subnet mask in the Subnet mask text box. The subnet mask specifies the size of the entire routable address space that you want to define for your network profile. For example, enter 255.255.0.0. 6 Enter an Edge or routed gateway address in the Gateway text box. Use a standard IPv4 address format. For example, enter 10.10.110.1. The gateway IP address defined in the network profile is assigned to the NIC during allocation.
Configuring vRealize Automation Procedure 1 Click the Network Ranges tab. 2 Click New to enter a new network range name and IP address range manually or click Import from CSV to import the IP address information from a properly formatted CSV file. n n Click New. a Enter a network range name. b Enter a network range description. c Enter the start IP address of the range. d Enter the end IP address of the range. Click Import from CSV.
Configuring vRealize Automation 6 (Optional) Select a status type from the IP status drop-down menu to filter IP address entries to only those that match the selected IP status. Status settings are allocated, unallocated, destroyed, and expired. For IP addresses that are in an expired or destroyed state, you can click Reclaim to make those IP address ranges available for allocation. You must save the profile for the reclamation to take effect.
Configuring vRealize Automation Specify External Network Profile Information By Using a Third-Party IPAM Endpoint An external network profile identifies network properties and settings for an existing network. An external network profile is a requirement of NAT and routed network profiles. If you registered and configured an IPAM endpoint in vRealize Orchestrator, you can specify that IP address information be supplied by an IPAM provider.
Configuring vRealize Automation vRealize Automation only saves external IPAM range IDs in the database, not range details. If you edit a network profile on this page or on a blueprint, vRealize Automation calls the IPAM service to get range details based on the selected range IDs. Note There is a known issue with some third-party IPAM providers in which a query can time out when returning network ranges, resulting in an empty list.
Configuring vRealize Automation 4 Click OK. The IP range name appears in the defined ranges list. The IP addresses in the range appear in the defined IP addresses list. The uploaded IP addresses appear on the IP Addresses page when you click Apply or after you save and then edit the network profile. 5 Click OK to complete the network profile. What to do next You can assign a network profile to a network path in a reservation or a blueprint architect can specify the network profile in a blueprint.
Configuring vRealize Automation 2 Configure Routed Network Profile IP Ranges with the vRealize Automation IPAM Endpoint You can define one or more ranges of static IP addresses for use in provisioning a network. Specify Routed Network Profile Information with the vRealize Automation IPAM Endpoint The network profile information identifies the routed network properties, its underlying external network profile, and other values used in provisioning the network when using the supplied IPAM endpoint.
Configuring vRealize Automation 9 Click the DNS tab. 10 Enter DNS and WINS values as needed. DNS values are used for DNS name registration and resolution. The DNS and WINS fields are optional if you are using an internal IPAM endpoint. If you are using an external IPAM endpoint, the DNS and WINS values are provided by the third-party IPAM provider. a (Optional) Enter a Primary DNS server value. b (Optional) Enter a Secondary DNS server value. c (Optional) Enter a DNS suffixes value.
Configuring vRealize Automation When you use a third-party IPAM endpoint in your routed network profile, the provider creates new IP ranges for each instance of the on-demand network. You can use IP ranges obtained from the supplied VMware IPAM endpoint or from a third-party IPAM service provider endpoint that you have registered and configured in vRealize Orchestrator, such as Infoblox IPAM. An IP range is created from an IP block during allocation.
Configuring vRealize Automation 6 Select a value in the Range subnet mask text box drop-down menu to determine how many network subnets are created for provisioning. For example, enter 255.255.255.0. The range subnet mask defines how you want to partition that space into individual address blocks that are allocated to every deployment instance of that network profile. When choosing a value for the range subnet mask, consider the number of deployments that you expect to use the routed network.
Configuring vRealize Automation 2 Add one or more IP blocks, or IPAM provider ranges, by using the provider-specific search syntax or selecting from the Search drop-down menu. The IP blocks are retrieved from the third-party IPAM provider. Selecting a network range may result in an empty list when using a third-party IPAM provider. For details, see Knowledge Base article 2148656 at http://kb.vmware.com/kb/2148656. a Click Add. b Click Search.
Configuring vRealize Automation Specify NAT Network Profile Information with the vRealize Automation IPAM Endpoint The network profile identifies the NAT network properties, underlying external network profile, NAT type, and other values used to provision the network by using the embedded vRealize Automation IPAM. If you want to create a NAT network profile that uses a third-party IPAM endpoint, see Specify NAT Network Profile Information with a Third-Party IPAM Endpoint.
Configuring vRealize Automation 8 Enter an Edge or routed gateway address in the Gateway text box. Use a standard IPv4 address format. For example, enter 10.10.110.1. The gateway IP address defined in the network profile is assigned to the NIC during allocation. If no value is assigned in the Gateway text box in the network profile, then you must use the VirtualMachine.Network0.Gateway custom property when provisioning the Edge machine.
Configuring vRealize Automation 2 Click New to enter a new network range name and IP address range manually or click Import from CSV to import the IP address information from a properly formatted CSV file. n n Click New. a Enter a network range name. b Enter a network range description. c Enter the start IP address of the range. d Enter the end IP address of the range. Click Import from CSV. a Browse to and select the CSV file or drag the CSV file into the Import from CSV dialog box.
Configuring vRealize Automation 6 (Optional) Select a status type from the IP status drop-down menu to filter IP address entries to only those that match the selected IP status. Status settings are allocated, unallocated, destroyed, and expired. For IP addresses that are in an expired or destroyed state, you can click Reclaim to make those IP address ranges available for allocation. You must save the profile for the reclamation to take effect.
Configuring vRealize Automation n Create an external network profile. See Create an External Network Profile By Using the Supplied IPAM Endpoint or Create an External Network Profile by Using A Third-Party IPAM Provider. n Create and configure a third-party IPAM endpoint. See Create a Third-Party IPAM Provider Endpoint. Procedure 1 Select Infrastructure > Reservations > Network Profiles. 2 Click New and select NAT from the drop-down menu. 3 Enter a name and, optionally, a description.
Configuring vRealize Automation 8 Enter an Edge or routed gateway address in the Gateway text box. Use a standard IPv4 address format. For example, enter 10.10.110.1. The gateway IP address defined in the network profile is assigned to the NIC during allocation. If no value is assigned in the Gateway text box in the network profile, then you must use the VirtualMachine.Network0.Gateway custom property when provisioning the Edge machine. 9 Click the DNS tab. 10 Enter DNS and WINS values as needed.
Configuring vRealize Automation 3 Click OK. The IP range name appears in the defined ranges list. The IP addresses in the range appear in the defined IP addresses list. The uploaded IP addresses appear on the IP Addresses page when you click Apply or after you save and then edit the network profile. 4 Click the IP Addresses tab to display the IP addresses for the named network range. 5 (Optional) Select IP address information from the Network range drop-down menu to filter IP address entries.
Configuring vRealize Automation n How much of that storage is already allocated in vRealize Automation For example, even if the vCenter Server has storage available for the datastore/cluster, if sufficient storage is not reserved in the reservation then provisioning fails with a "No reservation is available to allocate..." error. The allocated storage on a reservation depends on the number of VMs (regardless of their state) on that specific reservation.
Configuring vRealize Automation Choosing a Reservation Scenario You can create reservations to allocate resources to business groups. Depending on your scenario, the procedure to create a reservation differs. Choose a reservation scenario based on the target endpoint type. Each business group must have at least one reservation for its members to provision machines of that type. For example, a business group with an OpenStack reservation but not an Amazon reservation, cannot request a machine from Amazon.
Configuring vRealize Automation The allocation model for a reservation depends on the allocation model in the associated datacenter. Available allocation models are Allocation Pool, Pay As You Go, and reservation pool. For information about allocation models, see thevCloud Director or vCloud Air documentation. In addition to defining the share of fabric resources allocated to the business group, a reservation can define policies, priorities, and quotas that determine machine placement.
Configuring vRealize Automation n For vCloud Air or vCloud Director, if the request specifies an allocation model, the virtual datacenter associated with the reservation must have the same allocation model. n For vCloud Director or vCloud Air, the specified organization must be enabled. n Any blueprint templates must be available on the reservation. If the reservation policy maps to more than one resources, the templates should be public.
Configuring vRealize Automation n If multiple storage paths have the same priority, machines are distributed among storage paths by using round-robin scheduling. Create an Amazon EC2 Reservation You must allocate resources to machines by creating a reservation before members of a business group can request machine provisioning. You can work with Amazon reservations for Amazon Virtual Private Cloud or Amazon non-VPC.
Configuring vRealize Automation Prerequisites n Log in to vRealize Automation as a fabric administrator. n Verify that a tenant administrator created at least one business group. n Verify that a compute resource exists. n Configure network settings. n (Optional) Configure network profile information. n Verify that you have access to a desired Amazon network. For example, if you want to use VPC, verify that you have access to an Amazon Virtual Private Cloud (VPC) network.
Configuring vRealize Automation When you create an Amazon reservation or configure a machine component in the blueprint, you can choose from the list of security groups that are available to the specified Amazon account region. Security groups are imported during data collection. A security group acts as a firewall to control access to a machine. Every region includes at least the default security group.
Configuring vRealize Automation 6 If you are configured for Amazon Virtual Private Cloud, enable the Assign to a subnet in a VPC check mark box. Otherwise, leave the box unchecked. If you select Assign to a subnet in a VPC, the following locations or subnets, security groups, and load balancers options appear in a popup menu rather than on this same page. For a VPC reservation, specify the security groups and subnets for each VPC that is allowed in the reservation.
Configuring vRealize Automation 5 Click Save. 6 (Optional) Add any additional custom properties. 7 Click the Alerts tab. 8 Enable the Capacity Alerts check box to configure alerts to be sent. 9 Use the slider to set thresholds for available resource allocation. 10 Enter the AD user or group names (not email addresses) to receive alert notifications in the Recipients text box. Enter a name on each line. Press Enter to separate multiple entries.
Configuring vRealize Automation Each reservation is configured for a specific business group to grant them access to request machines on a specified compute resource. Note After you create a reservation, you cannot change the business group or compute resource associations. You can control the display of reservations when adding, editing, or deleting by using the Filter By Category option on the Reservations page.
Configuring vRealize Automation 8 Enter a number in the Priority text box to set the priority for the reservation. The priority is used when a business group has more than one reservation. A reservation with priority 1 is used for provisioning over a reservation with priority 2. 9 (Optional) Deselect the Enable this reservation check box if you do not want this reservation active. Do not navigate away from this page. Your reservation is not complete.
Configuring vRealize Automation Option Description Auto-Generated per Machine Each machine has a unique key pair. This is the most secure method because no key pairs are shared among machines. Specific Key Pair Every machine provisioned on this reservation has the same key pair. Browse for a key pair to use for this reservation. 5 If you selected Specific key Pair in the Key pair drop-down menu, select a key pair value from the Specific key pair drop-down menu.
Configuring vRealize Automation Prerequisites Specify Resources and Network Settings for OpenStack Reservations. Procedure 1 Click the Properties tab. 2 Click New. 3 Enter a valid custom property name. 4 If applicable, enter a property value. 5 Click Save. 6 (Optional) Add any additional custom properties. 7 Click the Alerts tab. 8 Enable the Capacity Alerts check box to configure alerts to be sent. 9 Use the slider to set thresholds for available resource allocation.
Configuring vRealize Automation 2 Specify Resources and Network Settings for a vCloud Air Reservation Specify resource and network settings available to vCloud Air machines that are provisioned from this vRealize Automation reservation. 3 Specify Custom Properties and Alerts for a vCloud Air Reservation You can associate custom properties with a vRealize Automation reservation. You can also configure alerts to send email notifications when reservation resources are low.
Configuring vRealize Automation 6 Select a business group from the Business group drop-down menu. Only users in this business group can provision machines by using this reservation. 7 (Optional) Select a reservation policy from the Reservation policy drop-down menu. This option requires that one or more reservation policies exist. You can edit the reservation later to specify a reservation policy. You use a reservation policy to restrict provisioning to specific reservations.
Configuring vRealize Automation 3 Select an allocation model. 4 (Optional) Enter a number in the Machine quota text box to set the maximum number of machines that can be provisioned on this reservation. Only machines that are powered on are counted towards the quota. Leave blank to make the reservation unlimited. 5 Specify the amount of memory, in GB, to be allocated to this reservation from the Memory table. The overall memory value for the reservation is derived from your compute resource selection.
Configuring vRealize Automation Specify Custom Properties and Alerts for a vCloud Air Reservation You can associate custom properties with a vRealize Automation reservation. You can also configure alerts to send email notifications when reservation resources are low. Custom properties and email alerts are optional configurations for the reservation. If you do not want to associate custom properties or set alerts, click Save to finish creating the reservation.
Configuring vRealize Automation The reservation is saved and appears in the Reservations list. Create a vCloud Director Reservation You must allocate resources to machines by creating a vRealize Automation reservation before members of a business group can request machine provisioning. Each business group must have at least one reservation for its members to provision machines of that type.
Configuring vRealize Automation n (Optional) Configure network profile information. Procedure 1 Select Infrastructure > Reservations > Reservations. 2 Click the New icon ( ) and select the type of reservation to create. The available cloud reservation types are Amazon, OpenStack, vCloud Air, and vCloud Director. Select vCloud Director. 3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu. Data from the selected reservation appears.
Configuring vRealize Automation For integrations that use Storage Distributed Resource Scheduler (SDRS) storage, you can select a storage cluster to allow SDRS to automatically handle storage placement and load balancing for machines provisioned from this reservation. The SDRS automation mode must be set to Automatic. Otherwise, select a datastore within the cluster for standalone datastore behavior. SDRS is not supported for FlexClone storage devices.
Configuring vRealize Automation 8 Configure a network path for machines provisioned by using this reservation. a (Optional) If the option is available, select a storage endpoint from the Endpoint drop-down menu. The FlexClone option is visible in the endpoint column if a NetApp ONTAP endpoint exists and if the host is virtual. If there is a NetApp ONTAP endpoint, the reservation page displays the endpoint assigned to the storage path.
Configuring vRealize Automation 5 (Optional) Check the Encrypted check box to encrypt the property value. 6 (Optional) Check the Prompt User check box to require that the user enter a value. This option cannot be overridden when provisioning. 7 Click Save. 8 (Optional) Add any additional custom properties. 9 Click the Alerts tab. 10 Enable the Capacity Alerts check box to configure alerts to be sent. 11 Use the slider to set thresholds for available resource allocation.
Configuring vRealize Automation n Verify that any required key pairs exist. See Configuring vRealize Automation for information about key pairs. n Obtain a valid Azure Subscription ID that matches the one used with the applicable Azure endpoint. If you use multiple Azure subscriptions, you must create a reservation for each subscription. n f your deployment supports single sign-on through a VPN tunnel, you must configure the appropriate VPC connectivity before creating a reservation.
Configuring vRealize Automation You can configure Resource Group and Storage Account information for an Azure virtual machine in the reservation, but you can also choose to leave these fields blank in the reservation. If you leave the fields blank, the default resource group and storage account information related to the specified Azure subscription ID will be used for any related blueprints. You can also update this information when creating a blueprint or when you provision a virtual machine.
Configuring vRealize Automation You must create custom properties that define the appropriate URLs to support VPN tunneling on your network. In addition, you must create properties that define the path to the Azure tunneling configuration scripts downloaded previously. Use the private IP address of your Azure tunnel physical machine and port 1443, which you assigned for vRealize_automation_appliance_fqdn when you invoked the SSH tunnel.
Configuring vRealize Automation 3 Enter the appropriate Name and Value for the custom property in the Properties dialog box. 4 As you create each property, click OK on the dialog box to add that property. 5 When you finish adding all required properties, click OK to save your settings. What to do next After you create the custom properties to support VPN tunneling, you can create software components for your Azure blueprints. See Configuring vRealize Automation for more information.
Configuring vRealize Automation d Assign a numerical priority value in the Priority text box if applicable. This assignment determines priority when a virtual network has more than one reservation, with lower numbers taking precedence. e 2 Click Save to add the Resource Group to the reservation. Click New in the Load Balancers table if you are deploying multiple machines and use a load balancer. a Paste the appropriate load balancer name from your Azure instance into the Name text box.
Configuring vRealize Automation n Configure an SSH tunnel to establish network-to-Amazon VPC connectivity. Make a note of the subnet, security group, and private IP address of your Amazon AWS tunnel machine. See Scenario: Configure Network-to-Amazon VPC Connectivity for a Proof of Concept Environment. n Create a business group for members of your IT organization who need to architect blueprints in your proof of concept environment. See Create a Business Group.
Configuring vRealize Automation You configure the reservation to use the same region and networking settings that your tunnel machine is using, and you restrict the number of machines that can be powered on for this reservation to manage resource usage. Procedure 1 Click the Resouces tab. 2 Select a compute resource on which to provision machines from the Compute resource drop-down menu. Select the Amazon AWS region where your tunnel machine is located.
Configuring vRealize Automation 3 Configure the tunnel custom properties. Use the private IP address of your Amazon AWS tunnel machine and port 1443, which you assigned for vRealize_automation_appliance_fqdn when you invoked the SSH tunnel. 4 Option Value software.ebs.url https://Private_IP:1443/event-broker-service/api software.agent.service.url https://Private_IP:1443/software-service/api agent.download.url https://Private_IP:1443/software-service/resources/nobelagent.jar Click Save.
Configuring vRealize Automation Understanding Selection Logic for Reservations When a member of a business group create a provisioning request for a virtual machine, vRealize Automation selects a machine from one of the reservations that are available to that business group. The reservation for which a machine is provisioned must satisfy the following criteria: n The reservation must be of the same platform type as the blueprint from which the machine was requested.
Configuring vRealize Automation Reservation policies are a way to guarantee that the selected reservation satisfies any additional requirements for provisioning machines from a specific blueprint. For example, you can use reservation policies to limit provisioning to compute resources with a specific template for cloning. If no reservation is available that meets all of the selection criteria, provisioning fails.
Configuring vRealize Automation When vRealize Automation provisions machines with NAT or routed networking, it provisions a routed gateway as the network router. The Edge or routed gateway is a management machine that consumes compute resources. It also manages the network communications for the provisioned machine components. The reservation used to provision the Edge or routed gateway determines the external network used for NAT and routed network profiles.
Configuring vRealize Automation 2 Specify Resource and Networking Settings for a Virtual Reservation Specify resource and network settings for provisioning machines from this vRealize Automation reservation. 3 Specify Custom Properties and Alerts for Virtual Reservations You can associate custom properties with a vRealize Automation reservation. You can also configure alerts to send email notifications when reservation resources are low.
Configuring vRealize Automation 7 (Optional) Select a reservation policy from the Reservation policy drop-down menu. This option requires that one or more reservation policies exist. You can edit the reservation later to specify a reservation policy. You use a reservation policy to restrict provisioning to specific reservations. 8 Enter a number in the Priority text box to set the priority for the reservation. The priority is used when a business group has more than one reservation.
Configuring vRealize Automation During provisioning, machines are placed on a host that is connected to the local storage. If the reservation uses local storage, all the machines that are provisioned by the reservation are created on the host that contains that local storage. However, if you use the VirtualMachine.Admin.ForceHost custom property, which forces a machine to be provisioned to a different host, provisioning fails.
Configuring vRealize Automation 8 Configure a network path for machines provisioned by using this reservation. a (Optional) If the option is available, select a storage endpoint from the Endpoint drop-down menu. The FlexClone option is visible in the endpoint column if a NetApp ONTAP endpoint exists and if the host is virtual. If there is a NetApp ONTAP endpoint, the reservation page displays the endpoint assigned to the storage path.
Configuring vRealize Automation 6 (Optional) Check the Prompt User check box to require that the user enter a value. This option cannot be overridden when provisioning. 7 (Optional) Add any additional custom properties. 8 Click the Alerts tab. 9 Enable the Capacity Alerts check box to configure alerts to be sent. 10 Use the slider to set thresholds for available resource allocation. 11 Enter the AD user or group names (not email addresses) to receive alert notifications in the Recipients text box.
Configuring vRealize Automation Procedure 1 Select Infrastructure > Reservations > Reservations. 2 Point to a reservation and click Edit. 3 Click the Network tab. 4 Assign a network profile to a network path. a Select a network path on which to enable static IP addresses. The network path options are derived from settings on the Resources tab. 5 b Map an available network profile to the path by selecting a profile from the Network Profile dropdown menu.
Configuring vRealize Automation You can add multiple reservations to a reservation policy, but a reservation can belong to only one policy. You can assign a single reservation policy to more than one blueprint. A blueprint can have only one reservation policy. Note Reservations defined for vCloud Air endpoints and vCloud Director endpoints do not support the use of network profiles for provisioning machines.
Configuring vRealize Automation Prerequisites Log in to vRealize Automation as a fabric administrator. Procedure 1 Select Infrastructure > Reservations > Reservation Policies. 2 Click Add. 3 Enter a name in the Name text box. 4 Select Reservation Policy from the Type drop-down menu. 5 Enter a description in the Description text box. 6 Click Update to save the policy.
Configuring vRealize Automation When you create a blueprint, you can assign a single datastore or a storage reservation policy that represents multiple datastores to a volume. When they assign a single datastore, or storage profile, to a volume, vRealize Automation uses that datastore or storage profile at provisioning time, if possible.
Configuring vRealize Automation 2 Assign a Storage Reservation Policy to a Datastore You can associate a storage reservation policy to a compute resource. After the storage reservation policy is created, populate it with datastores. A datastore can belong to only one storage reservation policy. Add multiple datastores to create a group of datastores for use with a blueprint.
Configuring vRealize Automation 6 Select a storage reservation policy from the Storage Reservation Policy column drop-down menu. After you provision a machine, you cannot change its storage reservation policy if doing so would change the storage profile on a disk. 7 Click the Save icon ( 8 Click OK. 9 (Optional) Assign additional datastores to your storage reservation policy. ).
Configuring vRealize Automation Table 2‑16. Considerations to Provision Virtual Machines Consideration Effect Policies The vRealize Automation reservation policy might indicate more than one reservation. Reservations vRealize Automation evaluates the request, and determines which reservations can satisfy the constraints made in the request.
Configuring vRealize Automation Table 2‑18. Users and Roles to Provision Blueprints Step User Action Role Required 1 Cloud Administrator or Virtual Infrastructure (VI) Administrator Ensures that the initial placement of virtual machines meets organizational policies, and that they are optimized according to the operational analytics data. IaaS Admin role 1 Fabric Administrator Defines the reservations, reservation policies, and placement policy in vRealize Automation.
Configuring vRealize Automation Table 2‑18. Users and Roles to Provision Blueprints (Continued) Step User Action Role Required 6 Fabric Administrator Selects the placement policy in vRealize Automation. Fabric Administrator role Use the workload placement policy to have vRealize Automation determine where to place machines when you deploy new blueprints. The placement policy requires input from vRealize Operations Manager 7 Developer Requests a blueprint to provision virtual machines.
Configuring vRealize Automation n Virtual machines with one or more disks, where all specify the same storage reservation policy: Candidate reservations are filtered at the storage level so that vRealize Operations Manager only evaluates datastores that match that storage reservation policy.
Configuring vRealize Automation n For the objects that vRealize Automation manages, the workload placement behavior is as follows: n When a custom data center or data center includes a cluster that vRealize Automation manages, workload placement does not allow you to rebalance the cluster. n When a cluster includes virtual machines that vRealize Automation manages, workload placement does not allow you to move those virtual machines.
Configuring vRealize Automation Locating the Placement Policy In your vRealize Automation instance, select Infrastructure > Reservations > Placement Policy. To use the workload placement analytics that vRealize Operations Manager provides, select Use vRealize Operations Manager for placement recommendations If you do not use the workload placement policy, vRealize Automation uses default placement method.
Configuring vRealize Automation Procedure 1 Configure vRealize Automation for Workload Placement To use workload placement analytics to place machines when you deploy new blueprints, you must prepare the vRealize Automation instance. 2 Configure vRealize Operations Manager for Workload Placement in vRealize Automation To provide workload placement analytics to vRealize Automation to place machines when you deploy new blueprints, you must prepare the vRealize Operations Manager instance.
Configuring vRealize Automation Yes Does an endpoint exist for the vRealize Operations Manager instance? No Create a vRealize Operations Manager endpoint. Infrastructure > Endpoints > Endpoints Does an endpoint exist for the vCenter Server in the vRealize Automation instance used for workload placement? No Yes Create a vSphere endpoint. Infrastructure > Endpoints > Endpoints Add reservations to the vCenter Server endpoint.
Configuring vRealize Automation Procedure 1 In your vRealize Automation instance, add an endpoint for the vRealize Operations Manager instance, and click OK. a Select Infrastructure > Endpoint > Endpoints. b Select New > Management > vRealize Operations Manager. c Enter the general information for the vRealize Operations Manager endpoint. You do not need to specify properties for the endpoint. 2 In your vRealize Automation instance, add an endpoint for the vCenter Server instance, and click OK.
Configuring vRealize Automation 4 5 Create reservations for the compute resources in the vCenter Server instance. a Select Infrastructure > Reservations > Reservations. b Select New > vSphere (vCenter). c On each tab, enter the information for the reservation. Option Action General Select a reservation policy, the priority for the policy, and click Enable this reservation. Resources Select the machine quota, memory, and storage. You do not have to select a resource pool.
Configuring vRealize Automation To allow workload placement to move virtual machines, those virtual machines must reside in a data center or custom data center. Yes Is the vRealize Automation Solution installed and configured in the vRealize Operations Manager instance? Are one or more policies configured to consolidate and balance workloads? No Yes No Install and configure the vRealize Automation Solution in the vRealize Operations Manager instance.
Configuring vRealize Automation n Verify that the vRealize Automation Solution is installed and configured in the vRealize Operations Manager instance that is being used for workload placement. For details about this solution, see the Management Pack for vRealize Automation on Solution Exchange. For information about how workload placement works in vRealize Operations Manager, see Workload Automation Details and related topics in the vRealize Operations Manager documentation.
Configuring vRealize Automation 3 Configure a policy to consolidate and balance workloads on your clusters, and apply that policy to the custom group. You configure a policy in vRealize Operations Manager to establish the settings for consolidation, balance, fill, CPU, memory, and disk space. For example, you modify the setting named Consolidate Workloads to determine the best placement for new managed workloads based on the cluster status and capacity.
Configuring vRealize Automation The vRealize Automation Solution Is Required for Workload Placement to Operate Properly Workload placement is based on individual machines, and placement is done at the machine level. When vRealize Automation and vRealize Operations Manager are installed together, the vRealize Automation Solution must also be installed. The solution, which includes the management pack and adapter, identifies the clusters on which the rebalance container or move VM actions are disabled.
Configuring vRealize Automation If the vRealize Automation solution, which includes the management pack and adapter, is not available in the vRealize Operations Manager, the move VM and rebalance container actions are available. Managing Key Pairs Key pairs are used to provision and connect to a cloud instance. A key pair is used to decrypt Windows passwords or to log in to a Linux machine. Key pairs are required for provisioning with Amazon AWS. For Red Hat OpenStack, key pairs are optional.
Configuring vRealize Automation Upload the Private Key for a Key Pair You can upload the private key for a key pair in PEM format. Prerequisites n Log in to vRealize Automation as a fabric administrator. n You must already have a key pair. See Create a Key Pair. Procedure 1 Select Infrastructure > Reservations > Key Pairs. 2 Locate the key pair for which you want to upload a private key. 3 Click the Edit icon ( 4 Use one of the following methods to upload the key. ).
Configuring vRealize Automation You have a datacenter in London, and a datacenter in Boston, and you don't want users in Boston provisioning machines on your London infrastructure or vice versa. To ensure that Boston users provision on your Boston infrastructure, and London users provision on your London infrastructure, you want to allow users to select an appropriate location for provisioning when they request machines. Prerequisites n Log in to vRealize Automation as a fabric administrator.
Configuring vRealize Automation Table 2‑19. Preparing for Provisioning a vRealize Automation Deployment Using Infoblox IPAM Checklist Task Description Details Obtain, import, and configure the third-party IPAM solution provider plug-in or package. Obtain and import the vRealize Orchestrator plug-in, run the vRealize Orchestrator configuration workflows, and register the IPAM provider endpoint type in vRealize Orchestrator. See Checklist For Providing Third-Party IPAM Provider Support.
Configuring vRealize Automation When you add a vRealize Orchestrator plug-in as an endpoint by using the vRealize Automation UI, you run a configuration workflow in the default vRealize Orchestrator server. The configuration workflows are located in the vRealize Automation > XaaS > Endpoint Configuration workflows folder. Important Configuring a single plug-in in vRealize Orchestrator and in the vRealize Automation console is not supported and results in errors.
Configuring vRealize Automation c Enter the root element of the Active Directory service in the Root text box. For example, if your domain name is mycompany.com, then your root Active Directory is dc=mycompany,dc=com. This node is used for browsing your service directory after entering the appropriate credentials. For large service directories, specifying a node in the tree narrows the search and improves performance.
Configuring vRealize Automation Procedure 1 Select Administration > vRO Configuration > Endpoints. 2 Click the New icon ( 3 Select HTTP-REST from the Plug-in drop-down menu. 4 Click Next. 5 Enter a name and, optionally, a description. 6 Click Next. 7 Provide information about the REST host. ). a Enter the name of the host in the Name text box. b Enter the address of the host in the URL text box.
Configuring vRealize Automation 10 Select the authentication type. Option Action None No authentication is required. OAuth 1.0 Uses OAuth 1.0 protocol. You must provide the required authentication parameters under OAuth 1.0. OAuth 2.0 a Enter the key used to identify the consumer as a service provider in the Consumer key text box. b Enter the secret to establish ownership of the consumer key in the Consumer secret text box.
Configuring vRealize Automation You configured the endpoint and added a REST host. XaaS architects can use XaaS to publish HTTPREST plug-in workflows as catalog items and resource actions. Configure the PowerShell Plug-In as an Endpoint You can add an endpoint and configure the PowerShell plug-in to connect to a running PowerShell host, so that you can call PowerShell scripts and cmdlets from vRealize Orchestrator actions and workflows, and work with the result.
Configuring vRealize Automation 10 Click Finish. You added an Windows PowerShell host as an endpoint. XaaS architects can use the XaaS to publish PowerShell plug-in workflows as catalog items and resource actions. Configure the SOAP Plug-In as an Endpoint You can add an endpoint and configure the SOAP plug-in to define a SOAP service as an inventory object, and perform SOAP operations on the defined objects. Prerequisites n Verify that you have access to a SOAP host. The plug-in supports SOAP Version 1.
Configuring vRealize Automation 8 9 (Optional) Specify the proxy settings. a To use a proxy, select Yes from the Proxy drop-down menu. b Enter the IP of the proxy server in the Address text box. c Enter the port number to communicate with the proxy server in the Port text box. Click Next. 10 Select the authentication type. Option Action None No authentication is required. Basic Provides basic access authentication. The communication with the host is in shared session mode.
Configuring vRealize Automation n Log in to vRealize Automation as a tenant administrator. Procedure 1 Select Administration > vRO Configuration > Endpoints. 2 Click the New icon ( 3 Select vCenter Server from the Plug-in drop-down menu. 4 Click Next. 5 Enter a name and, optionally, a description. 6 Click Next. 7 Provide information about the vCenter Server instance. a ).
Configuring vRealize Automation Create a Microsoft Azure Endpoint You can create a Microsoft Azure endpoint to facilitate a credentialed connection between vRealize Automation and an Azure deployment. An endpoint establishes a connection to a resource, in this case an Azure instance, that you can use to create virtual machine blueprints. You must have an Azure endpoint to use as the basis of blueprints for provisioning Azure virtual machines.
Configuring vRealize Automation n n There are unique settings required for creating and deploying cloud applications for Azure in the China environment. For related information, see https://docs.microsoft.com/en-us/azure/china/chinaget-started-developer-guide. When creating a vRealize Automation Azure endpoint for China, the service URL, login URL, and storage URL must be specified as follows: n Service URL: https://management.chinacloudapi.cn n Login URL: https://login.chinacloudapi.
Configuring vRealize Automation Parameter Description Login URL The URL used to access the Azure instance. The default value of https://login.windows.net/ is appropriate for many typical implementations. Proxy Settings Proxy host If your company uses a proxy Web server, enter the host name of that server. Proxy port If your company uses a proxy Web server, enter the port number of that server.
Configuring vRealize Automation Action Options Create an Azure resource group n Create the resource group using the Azure portal. See the Azure documentation for specific instructions. n Use the appropriate vRealize Orchestrator workflow found under the Library/Azure/Resource/Create resource group. Create an Azure storage account n In vRealize Automation, create and publish an XaaS blueprint that contains the vRealize Orchestrator workflow.
Configuring vRealize Automation The Clusters page, under the Infrastructure tab, contains the controls for adding new clusters and hosts. To add a host in your Containers environment, you must add it to a cluster. You can monitor the state of the provision requests of existing hosts and view event logs for your containers from any page in the Library and Deployments tabs. The Requests and Event Log panels are located on the right side of the pages.
Configuring vRealize Automation Set a Deployment Policy on a Host Set a preference for the specific host and quotas for when you deploy a container. Note Deployment policies are deprecated and will be removed in a future release of vRealize Automation. Prerequisites Add a host to a cluster. Procedure 1 Log in to the vRealize Automation console as a container administrator. 2 Click the Containers tab. 3 Click Infrastructure > Clusters. 4 Click on the cluster that contains the host you want to edit.
Configuring vRealize Automation n Exposed services n Cluster size and scale in-and scale out parameters Configure Health Checks in Containers You can configure a health check method to update the status of a container based on custom criteria. You can use HTTP or TCP protocols when executing a command on the container. You can also specify a health check method. Prerequisites n Verify that Containers for vRealize Automation is enabled in your supported vRealize Automation deployment.
Configuring vRealize Automation Table 2‑20. Health Configuration Modes (Continued) 7 Mode Description TCP connection If you select TCP connection, you must only enter a port for the container. The health check attempts to establish a TCP connection with the container on the provided port. You can also specify a timeout value for the operation and set healthy or unhealthy thresholds as with HTTP. Command If you select Command, you must enter a command to be executed on the container.
Configuring vRealize Automation n Verify that a bridge network is available for linking services. n Verify that the internal port of the target service is published. For cross communication, the service can be mapped to any other port but must be accessible from outside the host. n Verify that the service hosts are able to access each other. Procedure 1 Log in to vRealize Automation. 2 Click Templates in the left pane. 3 Edit the template or image.
Configuring vRealize Automation Procedure 1 Log in to vRealize Automation. 2 Click the Containers tab. 3 Click Templates in the left pane. 4 Edit the template or image. Option Description To edit a template a Click Edit in the upper-right section of the template that you want to open. b Click Edit in the upper-right section of the container that you want to open. To edit an image. Click the arrow next to the image's Provision button, and click Enter additional info.
Configuring vRealize Automation 4 Edit the template or image. Option Description To edit a template a Click Edit in the upper-right section of the template that you want to open. b Click Edit in the upper-right section of the container that you want to open. To edit an image. 5 Click the Policy tab. 6 Set the container cluster size. 7 Click Save. Click the arrow next to the image's Provision button, and click Enter additional info.
Configuring vRealize Automation n Existing or custom templates in the Template view. n All available templates and images based on your specified registries in the All view. The Import and Export options are also available to import or export templates and images. 4 Click the arrow next to the Provision button of an image you want to include in the template. 5 Click Enter additional info.
Configuring vRealize Automation 3 Click the Import template or Docker Compose icon. The Import Template page appears. 4 5 Provide the YAML file content. Option Description Load from File Click Load from File to browse to and select the YAML file from a directory. Enter template or Docker Compose Paste the content of a properly formatted YAML file in the Enter template or Docker Compose text box. Click Import. The new template appears in the Templates view.
Configuring vRealize Automation 4 Provision the template or image. Option Description Provision using existing settings. a Click Provision. The Provision Requests view displays information about provisioning success. Provision by editing settings. a Click the arrow next to the Provision button. b Click Enter additional info. c Enter the additional information for the container in the Provision a Container form.
Configuring vRealize Automation 4 When prompted, select an output format type: n YAML Blueprint This format adheres to the blueprint YAML format used in the vRealize Automation compositionservice API. n Docker Compose This format adheres to the YAML format used in the Docker Compose application. 5 Click Export. 6 Save the file or open it with an appropriate application when prompted. Using Container Registries A Docker registry is a stateless, server-side application.
Configuring vRealize Automation V2 over HTTPS with basic authentication The standard implementation is open sourced at https://github.com/docker/distribution. V2 over HTTPS with authentication through a central service You can run a Docker registry in standalone mode, in which there are no authorization checks. Supported third-party registries are JFrog Artifactory and Harbor.
Configuring vRealize Automation When you provision а container, the network configuration is embedded and available. You can customize the network settings for container components that you added to a vRealize Automation blueprint. Create a New Network for Containers If a suitable network configuration is not available, you can create a new one in vRealize Automation. Prerequisites n Verify that you have container administrator, container architect, or IaaS administrator role privileges.
Configuring vRealize Automation 7 Configure the advanced network configuration settings. Option IPAM configuration Custom properties Description Subnet Provide subnet and gateway addresses that are unique to this network configuration. They must not overlap with any other networks on the same container host. Optionally, specify custom properties for the new network configuration. containers.ipam .driver For use with containers only.
Configuring vRealize Automation Prerequisites n Verify that you have a template available. If not, you must first create one. n Verify that you have container administrator, container architect, or IaaS administrator role privileges. n Verify that at least one host is configured and available for container network configuration. Procedure 1 Log in to vRealize Automation. 2 Click the Containers tab. 3 Click Templates in the left pane.
Configuring vRealize Automation Containers for vRealize Automation uses Docker volumes for persistent data management. With volumes you can perform the following tasks: n Share volumes between different containers within the same host. n Update data instantly. n Save the volume data after the container is deleted. Create a New Volume for Containers To extend your container storage, you must first create a data volume.
Configuring vRealize Automation 10 Click Create. The Create Volume panel disappears and the added volume appears in the Volumes tab. What to do next Add a Volume to a Container Template Add a Volume to a Container Template Connect a volume to a container by adding it to a template. Prerequisites n Verify that you have a template available. If not, you must first create one. n Verify that you have container administrator, container architect, or IaaS administrator role privileges.
Configuring vRealize Automation The Add Volume panel disappears and the added volume appears as a horizontal icon below the container icons in the Edit Template page. A volume icon also displays on the bottom border of the container icons. 9 Connect the volume to a container, by dragging the volume connector icon from the container to any point on the horizontal icon representing the volume. 10 (Optional) Click on the container path to change the location where the volume is mounted.
Configuring vRealize Automation In addition to the provided properties, you can create your own custom properties. You must prefix you custom properties with ext.policy.activedirectory. For example, ext.policy.activedirectory.domain.extension or ext.policy.activedirectory.yourproperty. The properties are passed to your custom vRealize Orchestrator Active Directory workflows. For more information about custom properties, see Custom Properties Reference.
Configuring vRealize Automation Procedure 1 Select Administration > AD Policies. 2 Click the New icon ( 3 Configure the Active Directory policy details. ). Option Description ID Enter the permanent value. The value cannot include any spaces or special characters. You cannot change this value at a later time. You can only re-create the policy with a different ID. Description Describe of the policy.
Configuring vRealize Automation This scenario makes the following assumptions: n Your Active Directory includes organizational units for development and databases. n You have a test blueprint that is included in a service and the service is entitled. In addition to this simple example of how you can override the policy, you can use custom properties with Active Directory policy to make other changes to Active Directory when you deploy blueprints. See Working With Active Directory Policies.
Configuring vRealize Automation To access the user preferences, click Preferences on the toolbar next to your name. The following options are specific to you as the logged in user. Table 2‑21. User Preference Options Option Description Assign Delegates Allows you to reassign your approval requests to other users. For example, you are an approver for catalog requests, but you are going on holiday. You delegate all your approval notifications to one or more approvers.
Providing Service Blueprints to Users 3 You deliver on-demand services to users by creating catalog items and actions, then carefully controlling who can request those services by using entitlements and approvals.
Configuring vRealize Automation Software Components You can create and publish software components to install software during the machine provisioning process and support the software life cycle. For example, you can create a blueprint for developers to request a machine with their development environment already installed and configured. Software components are not catalog items by themselves, and you must combine them with a machine component to create a catalog item blueprint.
Configuring vRealize Automation Machine Blueprints You can create and publish simple blueprints to provision single machines or you can create more complex blueprints that contain additional machine components and optionally any combination of the following component types: n Software components n Existing blueprints n NSX network and security components n XaaS components n Containers components n Custom or other components See Designing Machine Blueprints.
Configuring vRealize Automation Note that sample blueprints are available at the VMware Solution Exchange at https://solutionexchange.vmware.com and at https://code.vmware.com. Table 3‑1. Building Your Design Library Catalog Item Role Components Description Details Machines Infrastructure architect Create machine blueprints on the Blueprints tab. You can create machine blueprints to rapidly deliver virtual, private and public, or hybrid cloud machines to your users.
Configuring vRealize Automation Table 3‑1. Building Your Design Library (Continued) Catalog Item Role Components Description Details Custom IT Services XaaS architects Create and publish XaaS blueprints on the XaaS tab. You can create XaaS catalog items that extend vRealize Automation functionality beyond machine, networking, security, and software provisioning.
Configuring vRealize Automation Thin Provisioning Thin provisioning is supported for all virtual provisioning methods. Depending on your virtualization platform, storage type, and default storage configuration, thin provisioning might always be used during machine provisioning. For example, for vSphere ESX Server integrations using NFS storage, thin provisioning is always employed.
Configuring vRealize Automation For information about adding component profiles and selected value sets for a vSphere machine component in a blueprint, see vSphere Machine Component Settings. For information about adding component profile information by using settings imported from an OVF, see Configuring a Blueprint to Provision from an OVF. For information about using component profiles when requesting machine provisioning, see Request Machine Provisioning By Using a Parameterized Blueprint.
Configuring vRealize Automation n Creating Puppet Enabled vSphere Blueprints Prerequisites n Log in to vRealize Automation as an infrastructure architect. n Complete external preparations for provisioning, such as creating templates, WinPEs, and ISOs, or gather the information about external preparations from your administrators. n Configure your tenant. See Configuring Tenant Settings. n Configure your IaaS resources. See Checklist for Configuring IaaS Resources.
Configuring vRealize Automation General Tab Apply settings across your entire blueprint, including all components you intend to add now or later. Table 3‑2. General Tab Settings Setting Description Name Enter a name for your blueprint. Identifier The identifier field automatically populates based on the name you entered. You can edit this field now, but after you save the blueprint you can never change it.
Configuring vRealize Automation Table 3‑3. Properties Tab Settings Tab Setting Property Groups Property groups are reusable groups of properties that are designed to simplify the process of adding custom properties to blueprints. Your tenant administrators and fabric administrators can group properties that are often used together so you can add the property group to a blueprint instead of individually inserting custom properties.
Configuring vRealize Automation Table 3‑3. Properties Tab Settings (Continued) Tab Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
Configuring vRealize Automation Table 3‑4. General Tab Settings (Continued) Setting Description Machine prefix Machine prefixes are created by fabric administrators and are used to create the names of provisioned machines. If you select Use group default, machines provisioned from your blueprint are named according to the machine prefix configured as the default for the user's business group. If no machine prefix is configured, one is generated for you based on the name of the business group.
Configuring vRealize Automation Table 3‑5. Build Information Tab Setting Description Blueprint type For record-keeping and licensing purposes, select whether machines provisioned from this blueprint are classified as Desktop or Server. Action The options you see in the action drop-down menu depend on the type of machine you select. The following actions are available: n Create Create the machine component specification without use of a cloning option.
Configuring vRealize Automation Table 3‑5. Build Information Tab (Continued) Setting Description Provisioning workflow The options you see in the provisioning workflow drop-down menu depend on the type of machine you select, and the action you select. n BasicVmWorkflow Provision a machine with no guest operating system. n ExternalProvisioningWorkflow Create a machine by starting from either a virtual machine instance or cloud-based image.
Configuring vRealize Automation Table 3‑5. Build Information Tab (Continued) Setting Description Clone from snapshot For Linked Clone, select an existing snapshot to clone from based on the selected machine template. Machines only appear in the list if they already have an existing snapshot, and if you manage that machine as a tenant administrator or business group manager. If you select Use current snapshot, the clone is defined with the same characteristics as the latest state of the virtual machine.
Configuring vRealize Automation Table 3‑6. Machine Resources Tab Setting Description CPUs: Minimum and Maximum Enter a minimum and maximum number of CPUs that can be provisioned by this machine component. Memory (MB): Minimum and Maximum Enter a minimum and maximum amount of memory that can be consumed by machines that are provisioned by this machine component.
Configuring vRealize Automation Network Tab You can configure network settings for a vSphere machine component based on NSX network and load balancer settings that are configured outside vRealize Automation. You can use settings from one or more existing and on-demand NSX network components in the design canvas.
Configuring vRealize Automation Table 3‑9. Security Tab Settings Setting Description Name Display the name of an NSX security group or tag. The names are derived from security components in the design canvas. Select the check box next to a listed security group or tag to use that group or tag for provisioning from this machine component. Type Indicate if the security element is an on-demand security group, an existing security group, or a security tag.
Configuring vRealize Automation You can use the Property Groups tab to add and configure settings for existing custom property groups. You can create your own property groups or use property groups that have been created for you. Table 3‑11. Properties > Property Groups Tab Settings Setting Description Name Select an available property group from the drop-down menu. Move Up and Move Down Control the precedence level of listed property groups in descending order.
Configuring vRealize Automation Table 3‑12. Profiles Tab Settings Setting Description Add Add the Size or Image component profile. Edit Value Sets Assign one or more value sets for the selected component profile by selecting from a list of defined value sets. You can select one of the value sets as the default. Remove Remove the Size or Image component profile.
Configuring vRealize Automation Table 3‑13. General Tab Settings (Continued) Setting Description Machine prefix Machine prefixes are created by fabric administrators and are used to create the names of provisioned machines. If you select Use group default, machines provisioned from your blueprint are named according to the machine prefix configured as the default for the user's business group. If no machine prefix is configured, one is generated for you based on the name of the business group.
Configuring vRealize Automation Table 3‑14. Build Information Tab (Continued) Setting Description Provisioning workflow The options you see in the provisioning workflow drop-down menu depend on the type of machine you select, and the action you select. The only provisioning action available for a vCloud Air machine component is CloneWorkflow. n CloneWorkflow Make copies of a virtual machine, either by Clone, Linked Clone, or NetApp Flexclone. Clone from Select a machine template to clone from.
Configuring vRealize Automation Table 3‑16. Storage Tab Settings (Continued) Setting Description Drive Letter/Mount Path Enter a drive letter or mount path for the storage volume. Label Enter a label for the drive letter and mount path for the storage volume. Storage Reservation Policy Enter the existing storage reservation policy to use with this storage volume. Only the storage reservation policies that are applicable to the current tenant are available.
Configuring vRealize Automation Table 3‑17. Properties > Custom Properties Tab Settings (Continued) Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
Configuring vRealize Automation Table 3‑19. General Tab Settings (Continued) Setting Description Reservation policy Apply a reservation policy to a blueprint to restrict the machines provisioned from that blueprint to a subset of available reservations.
Configuring vRealize Automation Table 3‑20. Build Information Tab (Continued) Setting Description Amazon machine image Select an available Amazon machine image. An Amazon machine image is a template that contains a software configuration, including an operating system. Machine images are managed by Amazon Web Services accounts. You can refine the list of Amazon machine image names in the display by using the Filters option in the AMI ID column drop-down menu.
Configuring vRealize Automation Table 3‑21. Machine Resources Tab Setting Description CPUs: Minimum and Maximum Enter a minimum and maximum number of CPUs that can be provisioned by this machine component. Memory (MB): Minimum and Maximum Enter a minimum and maximum amount of memory that can be consumed by machines that are provisioned by this machine component.
Configuring vRealize Automation Table 3‑22. Properties > Custom Properties Tab Settings (Continued) Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
Configuring vRealize Automation Table 3‑24. General Tab Settings (Continued) Setting Description Reservation policy Apply a reservation policy to a blueprint to restrict the machines provisioned from that blueprint to a subset of available reservations.
Configuring vRealize Automation Table 3‑25. Build Information Tab Setting Description Blueprint type For record-keeping and licensing purposes, select whether machines provisioned from this blueprint are classified as Desktop or Server.
Configuring vRealize Automation Table 3‑25. Build Information Tab (Continued) Setting Description Key pair Key pairs are optional for provisioning with OpenStack. Key pairs are used to provision and connect to a cloud instance. They are also used to decrypt Windows passwords and to log in to a Linux machine. The following key pair options are available: n Not specified Controls key pair behavior at the blueprint level rather than at the reservation level.
Configuring vRealize Automation Table 3‑26. Machine Resources Tab Setting Description CPUs: Minimum and Maximum Enter a minimum and maximum number of CPUs that can be provisioned by this machine component. Memory (MB): Minimum and Maximum Enter a minimum and maximum amount of memory that can be consumed by machines that are provisioned by this machine component.
Configuring vRealize Automation Table 3‑27. Properties > Custom Properties Tab Settings (Continued) Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
Configuring vRealize Automation Troubleshooting Blueprints for Clone and Linked Clone When creating a linked clone or clone blueprint, machine or templates are missing. Using your shared clone blueprint to request machines fails to provision machines. Problem When working with clone or linked clone blueprints, you might encounter one of the following problems: n When you create a linked clone blueprint, no machines appear in the list to clone, or the machine you want to clone does not appear.
Configuring vRealize Automation Table 3‑29. Causes for Common Clone and Linked Clone Blueprints Problems (Continued) Problem Cause Solution Provisioning failure with a shared blueprint For blueprints, no validation is available to ensure that the template you select exists in the reservation used to provision a machine from your shared clone blueprint. Consider using entitlements to restrict the blueprint to users who have a reservation on the compute resource where the template exists.
Configuring vRealize Automation New Blueprint and Blueprint Properties Page Settings with NSX You can specify settings that apply to the entire blueprint, including some NSX settings, by using the New Blueprint page when you create the blueprint. After you create the blueprint, you can edit these settings on the Blueprint Properties page. General Tab Apply settings across your entire blueprint, including all components you intend to add now or later. Table 3‑30.
Configuring vRealize Automation Table 3‑31. NSX Settings Tab Settings Setting Description Transport zone Select an existing NSX transport zone to contain the network or networks that the provisioned machine deployment can use. A transport zone defines which clusters the networks can span. When provisioning machines, if a transport zone is specified in a reservation and in a blueprint, the transport zone values must match. Only the transport zones that are applicable to the current tenant are available.
Configuring vRealize Automation Table 3‑32. Properties Tab Settings Tab Setting Property Groups Property groups are reusable groups of properties that are designed to simplify the process of adding custom properties to blueprints. Your tenant administrators and fabric administrators can group properties that are often used together so you can add the property group to a blueprint instead of individually inserting custom properties.
Configuring vRealize Automation Table 3‑32. Properties Tab Settings (Continued) Tab Setting Description Overridable You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.
Configuring vRealize Automation vRealize Automation provisions a routed gateway, for example an edge services gateway (ESG), for NAT networks and for load balancers. For routed networks, vRealize Automation uses existing distributed routers. A NAT network profile and load balancer enable vRealize Automation to deploy an NSX edge services gateway. A routed network profile uses an NSX logical distributed router (DLR). The DLR must be created in NSX before it can be consumed by vRealize Automation.
Configuring vRealize Automation The app isolation policy has a lower precedence compared to other security policies in NSX. For example, if the provisioned deployment contains a web component machine and an app component machine and the web component machine hosts a web service, then the service must allow inbound traffic on ports 80 and 443. In this case, users must create a web security policy in NSX with firewall rules defined to allow incoming traffic to these ports.
Configuring vRealize Automation If you specify a network profile in a reservation and a blueprint, the blueprint value takes precedence. For example, if you specify a network profile in the blueprint by using the VirtualMachine.NetworkN.ProfileName custom property and in a reservation that is used by the blueprint, the network profile specified in the blueprint takes precedence.
Configuring vRealize Automation For machine components that do not have a Network or Security tab, you can add network and security custom properties, such as VirtualMachine.Network0.Name, to their Properties tab in the design canvas. NSX network, security, and load balancer properties are only applicable to vSphere machines. Only the network profiles that are applicable to the current tenant are exposed when authoring a blueprint.
Configuring vRealize Automation What to do next You can continue configuring network settings by adding additional network components and by selecting settings in the Network tab of a vSphere machine component in the design canvas. Creating and Using NAT Rules You can add NAT rules to a one-to-many NAT network component in a blueprint when the NAT network component is associated to a non-clustered vSphere machine component or an on-demand NSX load balancer component.
Configuring vRealize Automation You can add multiple network and security components to the design canvas. You can have more than one on-demand network component in a single blueprint. However, all of the ondemand network profiles that are used in the blueprint must reference the same external network profile. For machine components that do not have a Network or Security tab, you can add network and security custom properties, such as VirtualMachine.Network0.
Configuring vRealize Automation Depending on the profile type you select, the following network settings are populated based on your network profile selection.
Configuring vRealize Automation n Source port - Select the ANY option, enter a valid port or port range, or specify a valid property binding. n Destination port - Select the ANY option, enter a valid port or port range, or specify a valid property binding. n Protocol - Enter any valid NSX-supported protocol or select the TCP, UDP, or ANY option. n Description - Enter a brief description of what the NAT rule is designed to do.
Configuring vRealize Automation For information about working with load balancer components after upgrade or migration, see Considerations When Working With Upgraded or Migrated Load Balancer Components. Considerations When Working With Upgraded or Migrated Load Balancer Components The following considerations are important to understand and act on relative to NSX load balancer components in the target vRealize Automation release.
Configuring vRealize Automation 3 Define Virtual Server Distribution Settings By selecting the Customize option on the General tab, you can specify information about the pool members such as the port on which the members receive traffic, the protocol type that the NSX load balancer can use for accessing that port, the algorithm used for load balancing, and persistence settings.
Configuring vRealize Automation Procedure 1 Click Network & Security in the Categories section to display the list of available network and security components. 2 Drag an On-Demand Load Balancer component onto the design canvas. 3 Enter a component name in the ID text box to uniquely label the component in the design canvas. 4 Select a vSphere machine component or container component name from the Member drop-down menu.
Configuring vRealize Automation 2 Select the network traffic protocol in the Protocol drop-down menu to use for load balancing the virtual server. The protocol options are HTTP, HTTPS, TCP, and UDP. 3 Enter a port value in the Port text box. The selected protocol determines the default port setting. Protocol Default port HTTP 80 HTTPS 443 TCP 8080 UDP no default The HTTP, HTTPS, and TCP protocols can share a port with UDP.
Configuring vRealize Automation The default member protocol and member port settings match the protocol and port settings on the General page. The pool of member machines is shown in the Member option value in the blueprint load balancer component user interface. The Member entry is set to the pool or cluster of machines. Prerequisites Define Virtual Server General Settings. Procedure 1 (Optional) The Member protocol setting matches the protocol that you specified on the General tab.
Configuring vRealize Automation Option Description and algorithm parameters URI The left part of the URI (before the question mark) is hashed and divided by the total weight of the running servers. The result designates which server receives the request. This ensures that a URI is always directed to the same server as long as no server goes up or down. The URI algorithm parameter has two options -- uriLength= and uriDepth=.
Configuring vRealize Automation Protocol Persistence method supported TCP None, Source IP, MSRDP UDP None, Source IP n Select Cookie to insert a unique cookie to identify the session the first time a client accesses the site. The cookie is referred in subsequent requests to persist the connection to the appropriate server. n Select Source IP to track sessions based on the source IP address.
Configuring vRealize Automation 7 (Optional) Enter the persistence expiration time for the cookie in seconds. As an example, for L7 load balancing with a TCP source IP, the persistence entry times out if no new TCP connections are made for the specified expiration time, even if the existing connections are still live. 8 (Optional) Click the Health Check tab and proceed to the Define Virtual Server Health Check Settings topic to continue defining the virtual server in the NSX load balancer component.
Configuring vRealize Automation 6 Specify additional health check settings based on your selected Health check protocol. a Enter the Method to be used for detecting server status. The options are GET, OPTIONS, and POST. b Enter the URL to be used in the request for detecting server status. This is the URL that is used for by GET and POST ("/" by default) method options. c In the Send text box, enter the string to be sent to the server after a connection is established.
Configuring vRealize Automation 5 Enter a value in the Max connections text box to specify the maximum number of concurrent connections that a single pool member can recognize. If the number of incoming requests is higher than this value, requests are queued and then processed in the order in which they are received as connections are released. Enter a value of 0 to specify no maximum value.
Configuring vRealize Automation 3 n Warning n Notice n Debug Click Save. You can view and download the logs in the vSphere web client by using the Actions menu for the NSX Edge as described in Download Tech Support Logs for NSX Edge in NSX Product Documentation at https://www.vmware.com/support/pubs/nsx_pubs.html.
Configuring vRealize Automation You can add NSX existing or on-demand security groups to a blueprint, in addition to the security groups specified in the reservation. You can create one or more on-demand security groups. You can select one or more security policies to configure on a security group. Security groups are managed in the source resource. For information about managing security groups for various resource types, see the NSX documentation.
Configuring vRealize Automation NSX does not tenant security groups. However, you can control security group availability in vRealize Automation by using the VMware.Endpoint.NSX.HideDiscoveredSecurityObjects custom property. By default, new security objects are available to all tenants for the associated NSX endpoints in which you have a reservation. If the endpoint does not have a reservation in the active tenant, the security objects are not available in the active tenant. If you have not set the VMware.
Configuring vRealize Automation You can use an existing security group component to add an NSX security group to the design canvas and configure its settings for use with vSphere machine components and Software or XaaS components that pertain to vSphere. By default, security groups that are applicable to the current tenant are exposed when authoring a blueprint. Specifically, security groups are made available if the associated endpoint has a reservation in the current tenant.
Configuring vRealize Automation Prerequisites n Create and configure a security policy in NSX. See NSX Administration Guide. n Verify that the NSX inventory has executed successfully for your cluster. To use NSX configurations in vRealize Automation, you must run data collection. n Log in to vRealize Automation as an infrastructure architect. n Review security component concepts. See Using Security Components in the Design Canvas.
Configuring vRealize Automation n Log in to vRealize Automation as an infrastructure architect. n Open a new or existing blueprint in the design canvas by using the Design tab. Procedure 1 Click Network & Security in the Categories section to display the list of available network and security components. 2 Drag a Existing Security Tag component onto the design canvas. 3 Click in the Security tag text box and select an existing security tag. 4 Click OK.
Configuring vRealize Automation Configuring a Blueprint to Provision from an OVF You can use an OVF to define vSphere machine properties and hardware settings that are ordinarily defined on blueprint configuration pages in vRealize Automation or programmatically by using vRealize Automation REST APIs or vRealize CloudClient. You can also import settings from an OVF to define a value set for an image component profile. Parameterized blueprints use the image and size component profile types.
Configuring vRealize Automation This procedure assumes that you have a basic familiarity with the vRealize Automation blueprint creation process. Prerequisites n Log in to vRealize Automation as an infrastructure architect. n Meet the remaining prerequisites specified in Configure a Machine Blueprint. Procedure 1 Select Design > Blueprints. 2 Click the New icon ( 3 Enter a blueprint name and description and click OK.
Configuring vRealize Automation 7 Click Configure. Note If you receive an authentication error message, the server on which the OVF is hosted requires authentication credentials. If this happens, check the Authentication needed check box, enter the Username and Password credentials required to authenticate with the HTTP server on which the OVF resides, and click Configure again.
Configuring vRealize Automation When you import the OVF, user-configurable properties and values in the OVF are not imported as custom properties in the value set. If you want to use new custom properties from the imported OVF in relation to the image value set, you must manually define the new custom properties in the vSphere machine component or overall blueprint. The custom properties created in the parameterized blueprint should be applicable to the value set for each component profile image.
Configuring vRealize Automation h Enter the path to the OVF URL using the format https://server/folder/name.ovf or name.ova. i If you enable authentication with the server that is hosting the OVF, enter the credentials for the authenticating user. j If the OVF is hosted on a Web site, and you have created a Proxy endpoint to use in accessing the Web site, select Use proxy and select the available Proxy endpoint. 5 Click Save. 6 When you are satisfied with your settings, click Finish.
Configuring vRealize Automation You can attach a container to a network. The network is represented as a container network component on the design canvas. Information about available networks is specified in Network page of the container component form. Table 3‑34. Network Tab Settings Setting Description Networks Specify the existing networks that are defined for the selected image. You can also create a new network.
Configuring vRealize Automation Table 3‑36. Policy Tab Settings Settings Description Deployment policy Specify a deployment policy to set preferences for which set of hosts to use for deploying this container. You can associate deployment policies to hosts, policies, and container definitions to set a preference for hosts, policies, and quotas when deploying a container. You can add a deployment policy by using the Containers tab in vRealize Automation.
Configuring vRealize Automation Table 3‑37. Environment Tab Settings Setting Description Name The variable name. Binding Bind the variable to another property, that is a part of the template. When you select binding, you must input a value in the _resource~TemplateComponent~TemplateComponentProper ty syntax. Value The value of the environment variable or if you selected binding, the value of the property you want to bind.
Configuring vRealize Automation Table 3‑39. Health Config Tab Settings Mode setting Description None Default. No health checks are configured. HTTP If you select HTTP, you must provide an API to access and an HTTP method and version to use . The API is relative and you do not need to enter the address of the container. You can also specify a timeout period for the operation and set health thresholds.
Configuring vRealize Automation Containers for vRealize Automation supplied the following two property groups of container-specific custom properties. When you add a container component to a blueprint you can add these property groups to the container to register provisioned machines as container hosts.
Configuring vRealize Automation Table 3‑41. Containers Custom Properties (Continued) Property Description Container.Connection.Protocol For use with containers only. Specifies the communication protocol. The default value is API and is required. Do not modify this property. Container.Connection.Scheme For use with containers only. Specifies the communication scheme. The default is https. Container.Connection.Port For use with containers only. Specifies the Containers connection port.
Configuring vRealize Automation 5 (Optional) Select the External check box if you do not want to specify external IPAM settings. If you select the External check box, the IPAM Configuration tab is removed. 6 Click the IPAM Configuration tab to specify a new or edit an existing subnet, IP range, and gateway for the network specified in a container component in the blueprint.
Configuring vRealize Automation Pushing Container Templates for Use in Blueprints You can make a container template available for use in a vRealize Automation blueprint. A container template can include multiple containers. When you push a multi-container template to vRealize Automation, the template is created as a multi-component blueprint in vRealize Automation. The container-specific properties that you add to the container template are recognized in the vRealize Automation blueprint.
Configuring vRealize Automation You can define a vRealize Automation blueprint to contain specific custom properties that designate a machine as a container host when provisioned using the blueprint. When a machine with the required blueprint properties is successfully provisioned, it is registered in the Containers and receives events and actions from vRealize Automation.
Configuring vRealize Automation Procedure 1 Select Design > Blueprints. 2 Click the New icon ( 3 Enter a blueprint name in the Name text box. ). The name you enter also populates the ID text box. For most cases, you can ignore the NSX Settings and Properties tabs. 4 Click OK. 5 Click Machine Types in the Categories menu. 6 Drag the Azure Machine virtual machine template to the Design canvas.
Configuring vRealize Automation Tab Description Important Parameters General Select basic connection information for the Azure virtual machine such as the endpoint to be used. ID - Identifies the Azure virtual machine you are creating. If you change this name, the Azure virtual machine image on the Design Canvas is also updated automatically. Description - Identifies the virtual machine you are creating and whether or not it is required.
Configuring vRealize Automation Tab Description Important Parameters Size - Defines the specific virtual machine instance size within a series. Size is related to the selected Series. If you have a valid connection to an Azure instance, the available sizes fare populated dynamically based on the subscription and selected location and series. See the Azure documentation for size information. Instance Size Details - Optional information about the virtual machine instance series and size.
Configuring vRealize Automation Tab Description Important Parameters Storage Enables you to organize Azure storage accounts. A storage account provides access to the different types of Azure storage, such as Azure Blob, Queue Table, and File storage. For most blueprints, you can accept the defaults. Storage account - Enter the storage account name for the virtual machine if appropriate. The Azure virtual machine operating system disk is deployed to this storage account.
Configuring vRealize Automation Tab Description Important Parameters Network Enables you to select networking for the virtual machine blueprint. For most blueprints, you can accept the defaults and the consumer will enter the appropriate network information during deployment. Click the table to open a dialog to the right that contains another editable table with the following fields. Note You can create only one virtual machine per interface, but each virtual machine can have up to four interfaces.
Configuring vRealize Automation Tab Description Important Parameters n View properties - Enables you to view the custom properties within the selected group. n View merged properties - If a custom property is included in more than one property group, the value in the property group with the highest priority takes precedence. Viewing these merged properties can assist you in prioritizing property groups. n 8 Custom Properties: Use this tab to add individual custom properties.
Configuring vRealize Automation Create Azure Custom Resource Actions You can create and use custom resource actions to control Azure virtual machines. The vRealize Automation Azure implementation is supplied with two custom resource actions out of the box: n Start virtual machine n Stop virtual machine In addition, you can create custom resource actions using workflows that are accessible through vRealize Orchestrator library available from the vRealize Automation interface.
Configuring vRealize Automation Adding a Puppet component to a vSphere blueprint adds a Puppet agent to virtual machines created from that blueprint. When creating Puppet-enabled vSphere blueprints, you must choose whether to create an early binding or late binding configuration. With early binding, users define the Puppet role and environment settings for all virtual machines based on a particular blueprint when the Puppet component is added to the blueprint.
Configuring vRealize Automation Add RDP Connection Support to Your Windows Machine Blueprints To allow catalog administrators to entitle users to the Connect using RDP action for Windows blueprints, add RDP custom properties to the blueprint and reference the RDP file that the system administrator prepared.
Configuring vRealize Automation 6 Configure RDP settings. a Click New Property. b Enter the RDP custom property names in the Name text box and the corresponding values in the Value text box. Option Description and Value (Required) Specifies an RDP file from which to obtain settings, for example My_RDP_Settings.rdp. The file must reside in the Website\Rdp subdirectory RDP.File.Name of the vRealize Automation installation directory. (Required) VirtualMachine.Rdp.
Configuring vRealize Automation n Gather the following information about your Active Directory environment: n An Active Directory account user name and password with sufficient rights to delete, disable, rename, or move AD accounts. The user name must be in domain\username format. n n (Optional) The name of the OU to which to move destroyed machines. n (Optional) The prefix to attach to destroyed machines. Create a machine blueprint.
Configuring vRealize Automation Scenario: Allow Requesters to Specify Machine Host Name As a blueprint architect, you want to allow your users to choose their own machine names when they request your blueprints. So you edit your existing CentOS vSphere blueprint to add the Hostname custom property and configure it to prompt users for a value during their requests.
Configuring vRealize Automation Scenario: Enable Users to Select Datacenter Locations for Cross Region Deployments As a blueprint architect, you want to allow your users to choose whether to provision machines on your Boston or London infrastructure, so you edit your existing vSphere CentOS blueprint to enable the locations feature. You have a datacenter in London, and a datacenter in Boston, and you don't want users in Boston provisioning machines on your London infrastructure or vice versa.
Configuring vRealize Automation Designing Software Components As the software architect, you create reusable software components, standardizing configuration properties and using action scripts to specify exactly how components are installed, configured, uninstalled, or updated during deployment scale operations. You can rewrite these action scripts at any time and publish live to push changes to provisioned software components.
Configuring vRealize Automation Property Types and Setting Options You can design your action scripts to be generic and reusable by defining and consuming name and value pairs called software properties and passing them as parameters to your action scripts. You can create software properties that expect string, array, content, boolean, or integer values. You can supply the value yourself, require someone else to supply the value, or retrieve the value from another blueprint component by creating a binding.
Configuring vRealize Automation Table 3‑44. Scripting Examples for the Computed Property Option Sample String Property Script Sytax my_unique_id = "" Bash - $my_unique_id Sample Usage export my_unique_id="012345678 9" Windows CMD - %my_unique_id% set my_unique_id=0123456789 Windows PowerShell - $my_unique_id $my_unique_id = "0123456789" String Property String properties expect string values.
Configuring vRealize Automation When you pass large numbers into an array, do not use the grouping format. For example: do not use 4444 444.000 (French), 4.444.444,000 (Italian), or 4,444,444.000 (English), because data files that contain locale-specific formats might be misinterpreted when they are transferred to a machine that has a different locale. The grouping format is not allowed, because a number such as 4,444,444.000 would be considered as three separate numbers. Instead, just enter 4444444.000.
Configuring vRealize Automation Sample String Property Script Syntax cheetah_tgz_url = "http://app_content_server_ip:port/artifacts/software/jboss/cheetah-2.4.4.tar.gz" Bash $cheetah_tgz_url Sample Usage Windows CMD %cheetah_tgz_url% Windows PowerShell - $cheetah_tgz_url tar -zxvf $cheetah_tgz_url start /wait c:\unzip.exe %cheetah_tgz_url% & c:\unzip.exe $cheetah_tgz_url Boolean Property Use the boolean property type to provide True and False choices in the Value drop-down menu.
Configuring vRealize Automation the cluster, but in no particular order. If your users scale the deployment, the order of values could be different for each operation. To make sure you never lose values for clustered components, you can use the array type for any software properties. However, you must design your software components so they don't expect a value array in any specific order.
Configuring vRealize Automation n Windows PowerShell $progress_status="completed" Note Array and content property do not support passing modified property values between action scripts of life cycle stages. Best Practices for Developing Components To familiarize yourself with best practices for defining properties and action scripts, you can download and import Software components and application blueprints from the VMware Solution Exchange.
Configuring vRealize Automation 3 Enter a name and, optionally, a description. Using the name you specified for your Software component, vRealize Automation creates an ID for the Software component that is unique within your tenant. You can edit this field now, but after you save the blueprint you can never change it. Because IDs are permanent and unique within your tenant, you can use them to programmatically interact with blueprints and to create property bindings.
Configuring vRealize Automation d Select the expected type for the value of your property. e Define the value for your property. Option Description Use the value you supply now n Enter a value. n Deselect Overridable. n Select Required. n To provide a default, enter a value. Require architects to supply a value Allow architects to supply a value if they choose n Select Overridable. n Select Required. n To provide a default, enter a value. n Select Overridable. n Deselect Required.
Configuring vRealize Automation 8 Select the Reboot checkbox for any script that requires you to reboot the machine. After the script runs, the machine reboots before starting the next life cycle script. 9 Click Finish. 10 Select your Software component and click Publish. You configured and published a Software component. Other software architects, IaaS architects, and application architects can use this Software component to add software to application blueprints.
Configuring vRealize Automation Table 3‑48. New Software General Settings (Continued) Setting Description Description Summarize your Software component for the benefit of other architects. Container On the design canvas, blueprint architects can only place your Software component inside the container type you select. n Select Machines to require architects to place your Software component directly on a machine component in the design canvas.
Configuring vRealize Automation Table 3‑49. New Software Properties (Continued) Setting Description Value n To use the value you supply: n n Select Required. n Deselect Overridable. To require architects to supply a value: n n Encrypted Enter a Value. n (Optional) Enter a Value to provide a default. n Select Overridable. n Select Required. Allow architects to supply a value or leave the value blank: n (Optional) Enter a Value to provide a default. n Select Overridable.
Configuring vRealize Automation Table 3‑50. Life Cycle Actions (Continued) Life Cycle Actions Description Start Start your software. For example, you might start the Tomcat service using the start command in the Tomcat server. Start scripts run after the configure action completes. Update If you are designing your software component to support scalable blueprints, handle any updates that are required after a scale in or scale out operation.
Configuring vRealize Automation The vRealize Orchestrator server distributed with vRealize Automation is preconfigured, and therefore when your system administrator deploys the vRealize Automation Appliance, the vRealize Orchestrator server is up and running. Figure 3‑2.
Configuring vRealize Automation Figure 3‑3.
Configuring vRealize Automation System administrators can install vRealize Orchestrator or deploy the vRealize Orchestrator Applianceseparately to set up an external vRealize Orchestrator instance and configure vRealize Automation to work with that external vRealize Orchestrator instance. System administrators can also configure vRealize Orchestrator workflow categories per tenant and define which workflows are available to each tenant.
Configuring vRealize Automation Table 3‑52. Plug-Ins Included by Default in vRealize Orchestrator (Continued) Plug-In Purpose XML A complete Document Object Model (DOM) XML parser that you can implement in workflows. Alternatively, you can use the ECMAScript for XML (E4X) implementation in the vRealize Orchestrator JavaScript API. Mail Uses Simple Mail Transfer Protocol (SMTP) to send email from workflows. Net Wraps the Jakarta Apache Commons Net Library.
Configuring vRealize Automation XaaS Blueprint Workflow The workflow that you follow to create an XaaS blueprint and any optional resource actions varies depending on how you intend to use the blueprint. The following workflow provides the basic process. VMware, Inc.
Configuring vRealize Automation Does your XaaS blueprint provision a resource? No Yes Create a custom resource type. Design > XaaS > Custom Resources > New Create a blueprint that runs a workflow but does not provision resources. Design > XaaS > XaaS Blueprints > New Create a blueprint to provision a resource. Design > XaaS > XaaS Blueprints > New Publish the blueprint.
Configuring vRealize Automation XaaS Blueprint Terminology XaaS blueprints are vRealize Orchestrator workflows that can provision resources, make changes to provisioned resources, or behave as a service that performs a task in your environment. The blueprints and the resource actions have several nuances that you must understand when you design blueprints for your service catalog users. The following definitions help you understand the terms used when working with XaaS blueprints.
Configuring vRealize Automation entitlement to make it available to the service catalog users, it is listed as a Composite Blueprint. A composite blueprint can have one blueprint component, or it can include an entire application with multiple machines, software, and networking. Resource action A workflow that you can run on a deployed provisioning blueprint.
Configuring vRealize Automation Add an XaaS Custom Resource You create a custom resource to define the XaaS item for provisioning. Before you can create an XaaS blueprint or action, you must have a custom resource that is compatible with the object type of the blueprint or action workflow. By creating a custom resource, you map an object type exposed through the API of a vRealize Orchestrator plug-in as a resource.
Configuring vRealize Automation n Create an XaaS resource action. See Create an XaaS Resource Action. XaaS Custom Resource Wizard Options You use these custom resource options to create or modify a custom resource so that you can run XaaS blueprint and resource action workflows that provision resources or modify provisioned resources. You can create only one custom resource for an object type. You can use the custom resource for multiple blueprints and resource actions.
Configuring vRealize Automation Table 3‑55. Where Used Options Option Description XaaS Blueprints A list of the blueprints that are configured to use this custom resource. From this page you can perform the following actions: Resource Actions n Edit. Opens the blueprint so that you can see how it is configured or to modify it. n Publish/Unpublish. Change the state of the blueprint by making it available to use in a composite blueprint or to add to a service.
Configuring vRealize Automation Add an XaaS Blueprint An XaaS blueprint is a specification to run a vRealize Orchestrator workflow that makes a change to a target system in your environment. The blueprint includes the workflow, and it can include the input parameters, submission and read-only forms, sequence of actions, and the provisioning or nonprovisioning operation. You can create XaaS blueprints that you use in one or more of the following ways: n Create an XaaS blueprint component.
Configuring vRealize Automation 4 On the General tab, configure the options and click Next. a In the Name text box, enter a name that differentiates this blueprint from similar blueprints. b If you do not want to use this blueprint as a component in a composite blueprint, deselect the Make available as a component in the design canvas check box. 5 On the Blueprint Form tab, edit the form as needed and click Next. 6 On the Provisioned Resource page, select a value and click Next.
Configuring vRealize Automation Figure 3‑4. Workflow Tab in the XaaS Blueprint Wizard Review the input and output parameters to ensure that you or your service catalog users can provide the correct values under the following circumstances: n If you customize the blueprint form in this wizard or in the blueprint design canvas. n If you leave all the input parameters blank, the service catalog users can set the values. General Tab Configure the metadata about and the behavior of the blueprint.
Configuring vRealize Automation Table 3‑56. General Tab Options (Continued) Option Description Version The supported format extends to major.minor.micro-revision. Make available as a component in the design canvas If you plan to use the blueprint as a component in a design canvas blueprint, select this option. When it is published, the blueprint is available in the category you selected when you configured the custom resource.
Configuring vRealize Automation Table 3‑57. Provisioned Resource Options Option Description A custom resource that you previously created Select the custom resource that defines the vRealize Orchestrator resource type required to run the provisioning blueprint. A provisioning blueprint runs a vRealize Orchestrator workflow to provision resources on the target endpoint using the vRealize Orchestrator plug-in API for the endpoint. For example, add virtual NICs to a network device in vSphere.
Configuring vRealize Automation Table 3‑58. Component Lifecycle Options Option Description Scalable Select the option to allow the service catalog user to change the number of instances of this blueprint component after it is deployed as part of a scale-in or scale-out operation. This option is available if you selected a custom resource on the Provisioned Resource tab. It is not available if you selected the No provisioning option.
Configuring vRealize Automation Table 3‑58. Component Lifecycle Options (Continued) Option Description Update workflow Select the workflow that runs during update operations, including scale-in or scale out where a component is not scalable, but it can be updated. For example, a load balancer is updated with the new configuration created with the scale-in or scale-out operation for any of the components in the composite blueprint.
Configuring vRealize Automation Table 3‑58. Component Lifecycle Options (Continued) Option Description Deallocation workflow Select the workflow that runs after any destroy or scale-in operation. If the deallocation fails during the operation, the destroy workflow still runs as expected. Deallocation is the final process when you scale-in or destroy a composite blueprint. It runs after to the destroy operation, releasing resources. This life cycle workflow type is available for Azure allocations.
Configuring vRealize Automation 3 In the Categories list, locate the blueprint. 4 Drag your blueprint to the canvas. 5 Configure the default values on the General and Create tabs. These are the default values that appear in the service catalog form when a user requests the item. 6 Click Finish. 7 Select the blueprint and click Publish. The XaaS blueprint is now part of the composite blueprint. What to do next Add the composite blueprint to a service. See Managing the Service Catalog.
Configuring vRealize Automation Prerequisites n Log in to vRealize Automation as an XaaS architect. n Create a custom resource corresponding to the input parameter of the resource action. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the New icon ( 3 Navigate through the vRealize Orchestrator workflow library and select a workflow relevant to your custom resource. ).
Configuring vRealize Automation 13 (Optional) Edit the form of the resource action on the Form tab. The form of the resource action maps the vRealize Orchestrator workflow presentation. You can change the form by deleting, editing, and rearranging the elements. You can also add a new form and form pages and drag the necessary elements to the new form and form page. Option Add a form Edit a form Action Click the New Form icon ( ) next to the form name, provide the required information, and click Submit.
Configuring vRealize Automation The status of the resource action changes to Published. What to do next Assign an icon to the resource action. See Assign an Icon to an XaaS Resource Action. Business group managers and tenant administrators can then use the action when they create an entitlement. Assign an Icon to an XaaS Resource Action After you create and publish a resource action, you can edit it and assign an icon to the action. Prerequisites Log in to vRealize Automation as an XaaS architect.
Configuring vRealize Automation When you create a resource action that runs on a deployed composite blueprint that uses a vRealize Orchestrator workflow with vCACAFE:CatalogResource as an input parameter, the Deployment mapping is applied as the input resource type. The Deployment mapping is applied only if the selected workflow includes vCACAFE:CatalogResource as an input parameter.
Configuring vRealize Automation 5 Enter the type of the catalog resource in the Catalog Resource Type text box and press enter. The type of catalog resource appears on the details view of the provisioned item. 6 Enter the vRealize Orchestrator object type in the Orchestrator Type text box and press enter. This is the output parameter of the resource mapping workflow. 7 (Optional) Add target criteria to restrict the availability of resource actions created by using this resource mapping.
Configuring vRealize Automation Table 3‑59. XaaS Object Types and Associated Forms Object Type Default Form Additional Forms Custom resource Resource details form based on the attributes of the vRealize Orchestrator plug-in inventory type (read-only). n None XaaS blueprint Request submission form based on the presentation of the selected workflow.
Configuring vRealize Automation you also want to restrict the options to ports that are open. You can add an external value definition to a dual list field and select a custom vRealize Orchestrator script action that queries for open ports. When the request form loads, the script actions runs, and the open ports are presented as options to the user.
Configuring vRealize Automation Table 3‑60. New Fields in the Resource Action or XaaS Blueprint Form (Continued) Field Description Tree Tree that consumers use to browse and select available objects Map Map table that consumers use to define key-value pairs for properties You can also use the Section header form field to split form pages in sections with separate headings and the Text form field to add read-only informational texts.
Configuring vRealize Automation Table 3‑61. Constraints in the Forms Designer (Continued) Constraint Description Visible Indicates whether the consumer can see the element. If you apply a visibility constraint on a display group in the vRealize Orchestrator workflow, the constraint is ignored in the XaaS Submitted Request Details form and the fields that you want hidden appear in the form.
Configuring vRealize Automation For instance, you might want to publish a resource action to install software on a provisioned machine. Instead of providing the consumer with a static list of all software available for download, you can dynamically populate that list with software that is relevant for the machine's operating system, software that the user has not previously installed on the machine, or software that is out of date on the machine and requires an update.
Configuring vRealize Automation The steps in the vRealize Orchestrator presentation are represented as form pages and the vRealize Orchestrator presentation groups are represented as separate sections. The input types of the selected workflow are displayed as various fields in the form. For example, the vRealize Orchestrator type string is represented by a text box.
Configuring vRealize Automation n Insert a Text Element in a Custom Resource Form You can insert a text box to add some descriptive text to the form. n Insert an Externally Defined Field in a Custom Resource Form You can insert a new field and assign it an external value definition to dynamically provide read-only information that consumers can see on the item details page when they provision a custom resource.
Configuring vRealize Automation 3 Click the Details Form tab. 4 Click the New Page icon ( 5 Select the unused screen type and click Submit. ) next to the Form page name. If you already have a resource details or resource list view, you cannot create two of the same type. 6 Click Submit. 7 Configure the form. 8 Click Finish.
Configuring vRealize Automation 3 Click the Details Form tab. 4 Drag the Text element from the Form pane to the Form page pane. 5 Enter the text you want to add. 6 Click outside of the element to save the changes. 7 Click Finish. Insert an Externally Defined Field in a Custom Resource Form You can insert a new field and assign it an external value definition to dynamically provide read-only information that consumers can see on the item details page when they provision a custom resource.
Configuring vRealize Automation When the form is presented to your consumers, the script action retrieves your custom information and displays it to your consumer. Designing an XaaS Blueprint Form When you create an XaaS blueprint, you can edit the form of the blueprint by adding new fields to the form, modifying the existing fields, deleting, or rearranging fields. You can also create new forms and form pages, and drag and drop new fields to them.
Configuring vRealize Automation 5 Enter a name and, optionally, a description. 6 Select the screen type from the Screen type menu. 7 Option Description Catalog item details A catalog item details page that consumers see when they click a catalog item. Request form The default XaaS blueprint form. The consumers see the request form when they request the catalog item.
Configuring vRealize Automation 11 Edit the default value of the element. Option Description Not set Gets the value of the element you are editing from the vRealize Orchestrator workflow presentation. Constant Sets the default value of the element you are editing to a constant value that you specify. Field Binds the default value of the element to a parameter of another element from the representation. Conditional Applies a condition.
Configuring vRealize Automation 14 Click Submit. 15 Click Finish. Add a New Element When you edit the default generated form of a XaaS blueprint, you can add a predefined new element to the form. For example, if you do not want to use a default generated field, you can delete it and replace it with a new one. Prerequisites n Log in to vRealize Automation as a tenant administrator or XaaS architect. n Add an XaaS Blueprint. Procedure 1 Select Design > XaaS > XaaS Blueprints.
Configuring vRealize Automation What to do next You can edit the element to change the default settings and apply various constraints or values. Insert a Section Header in a XaaS Blueprint Form You can insert a section header to split the form into sections. Prerequisites n Log in to vRealize Automation as a tenant administrator or XaaS architect. n Add an XaaS Blueprint. Procedure 1 Select Design > XaaS > XaaS Blueprints. 2 Click the XaaS blueprint you want to edit.
Configuring vRealize Automation Designing a Resource Action Form When you create a resource action, you can edit the form of the action by adding new fields to the form, modifying the existing fields, deleting, or rearranging fields. You can also create new forms and form pages, and drag and drop new fields to them. Add a New Resource Action Form When you edit the default generated form of a workflow you want to publish as a resource action, you can add a new resource action form.
Configuring vRealize Automation n Create a Resource Action. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the resource action you want to edit. 3 Click the Form tab. 4 Drag an element from the New Fields pane and drop it to the Form page pane. 5 Enter the ID of a workflow input parameter in the ID text box. 6 Enter a label in the Label text box. Labels appear to consumers on the forms. 7 (Optional) Select a type for the field from the Type drop-down menu.
Configuring vRealize Automation Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the resource action you want to edit. 3 Click the Form tab. 4 Locate the element you want to edit. 5 Click the Edit icon ( 6 Enter a new name for the field in the Label text box to change the label that consumers see. 7 Edit the description in the Description text box. 8 Select an option from the Type drop-down menu to change the display type of the element. ).
Configuring vRealize Automation 13 Add one or more values for the element on the Values tab. The options available depend on the type of element you are editing. Option Description Not set Gets the value of the element you are editing from the vRealize Orchestrator workflow presentation. Predefined values Select values from a list of related objects from the vRealize Orchestrator inventory. Value a Enter a value in the Predefined values search box to search the vRealize Orchestrator inventory.
Configuring vRealize Automation Prerequisites n Log in to vRealize Automation as a tenant administrator or XaaS architect. n Create a Resource Action. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click the resource action you want to edit. 3 Click the Form tab. 4 Drag the Text element from the New Fields pane to the Form page pane. 5 Enter the text you want to add. 6 Click outside of the element to save the changes. 7 Click Finish.
Configuring vRealize Automation 2 Create an XaaS Blueprint for Creating a User You create the Create a user in a group XaaS blueprint so that you can run the workflow that adds an Active Directory user and assigns the user to an Active Directory group. You can create the blueprint as a standalone XaaS blueprint or as a blueprint component. In this scenario, you are creating a standalone blueprint.
Configuring vRealize Automation What to do next Create an XaaS blueprint. Create an XaaS Blueprint for Creating a User You create the Create a user in a group XaaS blueprint so that you can run the workflow that adds an Active Directory user and assigns the user to an Active Directory group. You can create the blueprint as a standalone XaaS blueprint or as a blueprint component. In this scenario, you are creating a standalone blueprint.
Configuring vRealize Automation d Click the Visible drop-down arrow, select Constant in the drop-down menu, and select No in the drop-down menu. You made the domain name invisible to the consumer of the catalog item. e Click Apply to save the changes. 8 Click Next. 9 Select newUser [Test User] as an output parameter to be provisioned. 10 Click Next. 11 Click Finish. 12 On the XaaS Blueprints page, select the Create a test user row and click Publish.
Configuring vRealize Automation 9 Click Next. 10 (Optional) Leave the form as is. 11 Click Finish. 12 On the Resource Actions page, select the Change the password of the Test User row and click Publish. You created a resource action for changing the password of a user, and you made it available to add to an entitlement. What to do next Add the Create a test user blueprint to a service. See Create a Service and Add Creating a Test User Blueprint to the Service.
Configuring vRealize Automation What to do next You can entitle users to request the blueprint and the run the action. See Entitle the Service and the Resource Action to a Consumer. Entitle the Service and the Resource Action to a Consumer Business group managers and tenant administrators can entitle the service and the resource action to a user or a group of users.
Configuring vRealize Automation What to do next Log in as user who is entitled to create an Active Directory user. On the Catalog tab, verify that the XaaS blueprint creates the user as expected. After the user is created, run the change password action from the Items tab. Create and Publish an XaaS Action to Migrate a Virtual Machine You can create and publish an XaaS resource action to extend the operations that consumers can perform on IaaS-provisioned vSphere virtual machines.
Configuring vRealize Automation 11 Click Finish. You created a resource action for migrating a virtual machine and you can see it listed on the Resource Actions page. What to do next Publish the Action for Migrating a vSphere Virtual Machine Publish the Action for Migrating a vSphere Virtual Machine To use the Quick migration of virtual machine resource action as a post-provisioning operation, you must publish it. Procedure 1 Select Design > XaaS > Resource Actions.
Configuring vRealize Automation 3 Add a Submitted Action Details Form and Save the Action You can add a new form to the Migrate a virtual machine with vMotion resource action to define what the consumers see after they request to run the post-provisioning operation. 4 Publish the Action for Migrating a Virtual Machine with vMotion To use the Migrate a virtual machine with vMotion resource action as a post-provisioning operation, you must publish it.
Configuring vRealize Automation d Click the Constraints tab. e Select Constant from the Required drop-down menu and select Yes. You made the host field always required. f 3 Click Submit. Edit the priority element. a Click the Edit icon ( b Type Priority of the task in the Label text box. c Select Radio button group from the Type drop-down menu. d Click the Values tab, and deselect the Not set check box. e Enter lowPriority in the Predefined values search text box, and press Enter.
Configuring vRealize Automation Add a Submitted Action Details Form and Save the Action You can add a new form to the Migrate a virtual machine with vMotion resource action to define what the consumers see after they request to run the post-provisioning operation. Procedure 1 Click the New Form icon ( 2 Type Submitted action in the Name text box. 3 Leave the Description field blank. 4 Select Submitted action details from the Screen type menu. 5 Click Submit.
Configuring vRealize Automation You created and published a vRealize Orchestrator workflow as a resource action. You can navigate to Administration > Catalog Management > Actions and see the Migrate virtual machine with vMotion resource action in the list of actions. You can assign an icon to the resource action. See Assign an Icon to an XaaS Resource Action. You also edited the presentation of the workflow and defined the look and feel of the action.
Configuring vRealize Automation 7 Click Next. 8 Leave the name of the resource action and the description as they appear on the Details tab. 9 Click Next. 10 Leave the form as is. 11 Click Add. You created a resource action for taking a snapshot of a virtual machine and you can see it listed on the Resource Actions page. What to do next Publish the Action for Taking a Snapshot.
Configuring vRealize Automation Procedure 1 Create a Resource Mapping for Amazon Instances You can create a resource mapping to associate Amazon instances provisioned by using IaaS with the vRealize Orchestrator type AWS:EC2Instance exposed by the Amazon Web Services plug-in. 2 Create a Resource Action to Start an Amazon Virtual Machine You can create a resource action so that the consumers can start provisioned Amazon virtual machines.
Configuring vRealize Automation Prerequisites Log in to vRealize Automation as an XaaS architect. Procedure 1 Select Design > XaaS > Resource Actions. 2 Click Add ( 3 Select Orchestrator > Library > Amazon Web Services > Elastic Cloud > Instances and select the Start Instances workflow in the workflows folder. 4 Click Next. 5 Select EC2 Instance from the Resource type drop-down menu. ). This is the name of the resource mapping you previously created.
Configuring vRealize Automation What to do next Add the start instances action to the entitlement that includes the Amazon catalog item. See Entitle Users to Services, Catalog Items, and Actions. Troubleshooting Incorrect Accents and Special Characters in XaaS Blueprints When you create XaaS blueprints for languages that use non-ASCII strings, the accents and special characters are displayed as unusable strings.
Configuring vRealize Automation 2 Click Blueprints. 3 Point to the blueprint to publish and click Publish. 4 Click OK. The blueprint is published as a catalog item but you must first entitle it to make it available to users in the service catalog. What to do next Add the blueprint to the catalog service and entitle users to request the catalog item for machine provisioning as defined in the blueprint.
Configuring vRealize Automation When you export a blueprint from one vRealize Automation instance tenant into another, the property group information defined for that blueprint is not recognized for the imported blueprint unless the property group already exists in the target tenant instance.
Configuring vRealize Automation n Map your external network profile to your vSphere reservation. See Create a Reservation for Hyper-V, KVM, SCVMM, vSphere, or XenServer. The sample application cannot provision successfully without an external network profile. n Verify that you have both the infrastructure architect and software architect privileges. Both roles are required to import the Dukes Bank sample application and to interact with the Dukes Bank blueprints and software components.
Configuring vRealize Automation 6 If prompted, accept the license agreement. 7 Using vRealize CloudClient, log in to the vRealize Automation appliance as a user with software architect and infrastructure architect privileges. CloudClient>vra login userpass --server https://vRealize_VA_Hostname_fqdn --user --tenant 8 When prompted, enter your login password. 9 Validate that the DukesBankAppForvSphere.zip content is available.
Configuring vRealize Automation 4 Edit the appserver-node so vRealize Automation can provision this machine component in your environment. You configure the blueprint to provision multiple instances of this machine component so you can verify the load balancer node functionality. a Click the appserver-node component on the design canvas. Configuration details appear in the bottom panel. b Select your machine prefix from the Machine prefix drop-down menu.
Configuring vRealize Automation 8 Select the DukesBankApplication blueprint and click Publish. You configured the Dukes Bank sample application blueprint for your environment and published the finished blueprint. What to do next Published blueprints do not appear to users in the catalog until you configure a catalog service, add the blueprint to a service, and entitle users to request your blueprint. See Checklist for Configuring the Service Catalog.
Configuring vRealize Automation 5 Click Submit. Depending on your network and your vCenter Server instance, it can take approximately 15-20 minutes for the Dukes Bank sample application to fully provision. You can monitor the status under the Requests tab, and after the application provisions you can view the catalog item details on the Items tab. 6 7 After the application provisions, locate the IP address of the load balancer server so you can access the Dukes Bank sample application.
Configuring vRealize Automation If the component blueprints have custom forms, the custom request forms are not applied to the new blueprint. You must create new forms for the new blueprint. For more about custom request forms, see Customizing Blueprint Request Forms. Figure 3‑5. Workflow for Assembling Composite Blueprints Blueprint architects create reusable blueprint components for the design library.
Configuring vRealize Automation n Understanding Nested Blueprint Behavior You can reuse blueprints by nesting them in another blueprint as a component. You nest blueprints for reuse and modularity control in machine provisioning, but there are specific rules and considerations when you work with nested blueprints.
Configuring vRealize Automation n When you edit a published blueprint, you are not changing deployments that are already provisioned by using that blueprint. At the time of provisioning, the resulting deployment reads current values from the blueprint, including from its nested blueprints. The only changes you can pass on to provisioned deployments are edits to software components, for example edits to update or uninstall scripts.
Configuring vRealize Automation n When you publish a blueprint, software component data is treated like a snapshot. If you later make changes to the software component's properties, only new properties are recognized by the blueprint in which the software component exists. Updates to properties that existed in the software component at the time you published the blueprint are not updated in the blueprint. Only properties that are added after you have published the blueprint are inherited by the blueprint.
Configuring vRealize Automation n Component settings can change depending on which blueprint the component resides on. For example, if you include security groups, security tags, or on-demand networks at both the inner and outer blueprint levels, the settings in the outer blueprint override those in the inner blueprint. Network and security components are supported only at the outer blueprint level except for existing networks that work at the inner blueprint level.
Configuring vRealize Automation If you need to use nested blueprints in a scalable blueprint, you can manually draw dependencies between components in your nested blueprint to create explicit dependencies that always trigger an update. Note When you publish a blueprint, software component data is treated like a snapshot. If you later make changes to the software component's properties, only new properties are recognized by the blueprint in which the software component exists.
Configuring vRealize Automation Figure 3‑6. Bind a Software Property to the IP address of a machine Creating Dependencies and Controlling the Order of Provisioning If you need information from one of your blueprint components to complete the provisioning of another component, you can draw an explicit dependency on the design canvas to stagger provisioning so the dependent component is not provisioned prematurely.
Configuring vRealize Automation Figure 3‑7. Controlling the Build Order by Mapping Dependencies If you are designing blueprints to be scalable, it is a best practice to create single layer blueprints that do not reuse other blueprints. Normally, update processes during scale operations are triggered by implicit dependencies such as dependencies you create when you bind a software property to a machine property. However, implicit dependencies in a nested blueprint do not always trigger update processes.
Configuring vRealize Automation To create a custom form: 1 Drag elements (1 and 2) onto the design canvas (3). 2 Configure each element using the properties pane (4). 3 Activate the form (5). The custom form designer supports data validation by adding constraints to a field or by using an external validation source. For constraints options that are applied as you create a form, see Custom Form Designer Field Properties.
Configuring vRealize Automation Table 3‑65. Custom Request Form Action Menu Items Action Menu Item Description Generate Form Adds all the fields associated with each blueprint component to the form designer. Each component is added to a tab. If you use this menu item after you created or modified a form, the generated form overwrites your current form. If you use this menu item, you can hide or remove fields that you do not want to present to your users in the catalog.
Configuring vRealize Automation Table 3‑65. Custom Request Form Action Menu Items (Continued) Action Menu Item Description Export CSS Exports your imported CSS. Remove CSS Discards your custom CSS. The discarded CSS is not recoverable. Download format schema Downloads a JSON file that contains the structure and description of the controls and states used in a custom form. You can use this schema to create a form or to modify an existing form. You can import the modified JSON file as the custom form.
Configuring vRealize Automation Procedure 1 Select Design > Blueprints. 2 Highlight the row containing YourCo Machine and User blueprint and click Custom Form > Edit. 3 Rename the General tab. 4 a Click the tab. b In the Title property in the right property pane, enter Configuration. On your new Configuration tab, add and configure the following fields with the provided values. Use the provided Appearance, Values, and Constraints values. Resolves any errors as you build the form. VMware, Inc.
Configuring vRealize Automation Field in Screenshot Deploy Machine with Active Directory User Account Reason for Request Blueprint Element Source Generic Elements > Text Appearance Label and type n Display type = Text Values Default value n Default value = Deploy Machine with Active Directory User Account n Value source = Constant Visibility Blueprint Elements > vSphere_vCenter_Machine > Description n Value source = Constant n Visible = Yes Constraints Label and type Required n Label = R
Configuring vRealize Automation Field in Screenshot Add Active Directory account check box Blueprint Element Source Appearance Generic Elements > Checkbox Label and Type n Label = Add Active Directory account.
Configuring vRealize Automation Field in Screenshot Password Blueprint Element Source Blueprint Elements > Create a user with a password in a group > The password to set for the newly created account Appearance Label and type Values Constraints Required n Label = Password n n Display type = Password Value source = Constant n Required = Yes Visibility Regular expression n Value source = Conditional value n Value source = Constant n Expression = n Regular Expression = "^(? = .
Configuring vRealize Automation Field in Screenshot Blueprint Element Source Email Generic Elements > Text Field Appearance Label and type n Label = Email n Display type = Text Field Visibility n n Value source = Conditional value Values Constraints Default value Regular expression n Value source = Computed value n Operator = Concatenate n Add value = Field. Select Username Expression = Set value = Yes If Add Active Directory account Equals Yes n Add value = Constant. Enter @yourco.
Configuring vRealize Automation 6 Configure the following fields in the Machine Details tab. Use the provided Appearance, Values, and Constraints values.
Configuring vRealize Automation Field in Screenshot Blueprint Elements Source Memory (GB) Generic Elements > Integer Appearance Values Constraints Label and type Default value Minimum value n Label = Memory (GB) n Display type = Integer Visibility Memory (MB) Blueprint Elements > vSphere_vCenter_Machine > Memory (MB) n Value source = Constant n Visibility = Yes Label and type n Label = Memory (MB) n Display type = Integer Visibility n Value source = Constant n Visibility = No n
Configuring vRealize Automation n In the catalog, verify that the request form is similar to the following example. Custom Form Designer Field Properties The fields properties determine how the selected field looks and what default values are presented to the user. And they determine what rules you want to apply to the field to ensure that the user provides a valid entry in the catalog request form in vRealize Automation. You configure each field individually.
Configuring vRealize Automation n Conditional value. The value is based on one or more conditions. The conditions are processed in the order listed. If more than one condition is true, the last condition that is true determines the behavior of the field for that property. For example, you can create a condition that determines if a field is visible based on the value in another field. n External source. The value is based on the results of a vRealize Orchestrator action.
Configuring vRealize Automation Table 3‑66. Appearance Tab Options Option Description Label and type Provide a label and select a display type. The available display types depend on the field. Some fields support multiple text types and others only support integers. Possible values: n Decimal n Drop Down n Image n Integer n Multi Select n Password n Radio Group n Text n Text Area n Text Fields Drop-down and data grid fields include a Placeholder setting.
Configuring vRealize Automation Field Values You use the values properties to provide any default values. Table 3‑67. Values Tab Options Option Description Columns For the data grid element only. Provide the label, ID, and value type for each column in your table. The default value for the data grid must include the header data that matches the defined columns. For example, if you have user_name ID for one column and user_role ID for another, then the first row is user_name,user_role.
Configuring vRealize Automation You might also use external validation as an alternative method for ensuring valid values. See Using External Validation in the Custom Forms Designer. Table 3‑68. Constraints Tab Options Option Description Required The requesting user must provide a value for this field. Regular expression n Constant. Select Yes to require that the requesting user provides a value. Select no if the field is optional. n Conditional value.
Configuring vRealize Automation Table 3‑68. Constraints Tab Options (Continued) Option Description Maximum value Maximum numeric value. For example, a field is limited to 50 characters. Provide an error message. For example, This description cannot exceed 50 characters. Match field n Constant. Enter the integer. n Conditional value. The maximum value is determined by the first expression that is true. For example, a maximum storage value is 2 GB if the deployment location equals AMEA.
Configuring vRealize Automation Use the following as a script example. var cost = "Unknown"; switch(deploymentSize) { case 'small' : cost = "$15";break; case 'medium' : cost = "$25";break; case 'large' : cost = "$45";break ; default : break ; } return cost; 2 In vRealize Automation, add and configure a size field and cost field to a blueprint custom form. Configure the size field as multi select with Small, Medium, and Large values. VMware, Inc.
Configuring vRealize Automation In vRealize Automation, add and configure a size field and cost field to a blueprint custom form. On the Values tab, configure the following property values. 3 n Default value = Large n Value options n Value source = Constant n Value definition = small|Small,medium|Medium,large|Large Configure the cost field to display the cost as defined in the vRealize Orchestrator action based on the value selected in the size field.
Configuring vRealize Automation Label ID Type Username username String Employee ID employeeId Integer Manger manager String Define the CSV values. username,employeeId,manager leonardo,95621,Farah vindhya,15496,Farah martina,52648,Nikolai 3 Verify that the data grid displays the expected data in the blueprint request form. VMware, Inc.
Configuring vRealize Automation Example: External Source Example This example uses the previous example but the values are based on a vRealize Orchestrator action. Although this is a simple action example, but you can use a more complex action that you retrieve this information from a local database or system. 1 In vRealize Orchestrator, configure an action, getUserDetails, with an array similar to the following example. Use the following script example.
Configuring vRealize Automation Using External Validation in the Custom Forms Designer You can customize a request form to ensure that users provide valid values at request time by adding constraints to fields or using an external validation source. Some field properties, such as minimum, maximum, regular expressions, match fields, or not empty, can be configured with constraints to ensure valid values. See Custom Form Designer Field Properties.
Configuring vRealize Automation Use the following as a script example. In this example, return is the message that appears if the validation fails. if (!username) { return ""; } var result = ActiveDirectory.search("User", username); if (result && result.length > 0) { return "Username '" + username +"' already exists."; } return ""; 2 In vRealize Automation, open the custom form designer for your blueprint, click External Validation, and drag the Orchestrator validation type onto the canvas.
Configuring vRealize Automation n Validation label = Check if user name exists n Select action = /checkIfUsernameExists n Action inputs n n username = Field and Username Highlighted fields n Click Add Field and select Username. A field-level validation error appears in the catalog request form if the entered valued fails validation. If you want a global error, do not configure the highlighted field.
Configuring vRealize Automation Use the following as a script example for the CPU checking. Continue adding the memory and storage values to the script, as needed. In this example, return is the message that appears if validation fails.
Configuring vRealize Automation n Validation label = Validate machine details n Select action = /validateMachineWithUserForm n Action inputs n n cpu = Field and Number of CPUs n memory = Field and Memory (GB) n storage = Field and Storage (GB) n Project = Field and Project Highlighted fields n Click Add Field and select Project. In the catalog, your catalog user might see a validation error similar to the following example.
Configuring vRealize Automation Blueprints and Actions are published as Catalog Items and Actions Create a Service Add a Catalog Item to a Service Do you want to apply approval policies to one or more catalog items that are included in the Service? No Yes Do you have an approval policy applicable to the Catalog Items in Service? No Create an approval policy now or later? Now Yes Later Create an Approval Policy Create an Entitlement without approval policies Create an Entitlement with approval
Configuring vRealize Automation Table 3‑69. Configuring the Service Catalog Checklist Task Required Role Details Add a service. tenant administrator or catalog administrator See Add a Service. Add a catalog item to a service. tenant administrator or catalog administrator See Add Catalog Items to a Service. Configure the catalog item in the service. tenant administrator or catalog administrator See Configure a Catalog Item. Create and apply entitlements to the catalog item.
Configuring vRealize Automation Prerequisites Log in to vRealize Automation as a tenant administrator or catalog administrator. Procedure 1 Select Administration > Catalog Management > Services. 2 Click the New icon ( 3 Enter a name and description. ). These values appear in the service catalog for the catalog users. 4 To add a specific icon for the service in the service catalog, click Browse and select an image. The supported image file types are GIF, JPG, and PNG.
Configuring vRealize Automation 7 Click Add. What to do next Associate catalog items with a service so that you can entitle users to the items. See Add Catalog Items to a Service. Add Catalog Items to a Service Add catalog items to services so that you can entitle users to request the items in the service catalog. A catalog item can be associated with only one service. Prerequisites n Log in to vRealize Automation as a tenant administrator or catalog administrator. n Verify that a service exists.
Configuring vRealize Automation Published Catalog Items A catalog item is a published blueprint. Published blueprints can also be used in other blueprints. The reuse of blueprints in other blueprints is not displayed in the catalog items list. The published catalog items can also include items that are only components of blueprints. For example, published software components are listed as catalog items, but they are available only as part of a deployment.
Configuring vRealize Automation 2 Select the catalog item and click Configure. 3 Configure the catalog item settings. Option Description Icon Browse for an image. The supported image file types are GIF, JPG, and PNG. The displayed image is 40 x 40 pixels. If you do not select a custom image, the default catalog icon appears in the service catalog. Status Possible values include Active, Inactive, and Staging. n Active.
Configuring vRealize Automation n Verify that you have at least one published action. See Publish a Blueprint and Publish a Resource Action. Procedure 1 Select Administration > Catalog Management > Actions. 2 Select the shared action and click View Details. 3 Browse for an image. 4 To view the entitlements where the action is made available to users, click the Entitlements tab. 5 Click Update. What to do next Entitle Users to Services, Catalog Items, and Actions.
Configuring vRealize Automation n Actions in Entitlements Actions run on deployed catalog items. Provisioned catalog items, and the actions you are entitled to run on them, appear in your Items tab. To run actions on a deployed item, the action must be included in the same entitlement as the catalog item that provisioned the item from the service catalog. n Approval Policies in Entitlements Approval policies are applied in entitlements so that you can manage resources in your environment.
Configuring vRealize Automation For example, an item includes a machine and software. The machine is available as a provisionable item and has an approval policy that requires site manager approval. The software is not available as a standalone, provisionable item, only as part of a machine request, but the approval policy for the software requires approval from your organization's software licensing administrator.
Configuring vRealize Automation n When you entitle service catalog users to the Change Lease, Change Owner, Expire, Reconfigure and other actions that can apply to machines and to deployments, entitle them to both actions. Approval Policies in Entitlements Approval policies are applied in entitlements so that you can manage resources in your environment. To apply an approval policy when you create the entitlement, the policy must already exist.
Configuring vRealize Automation 3 Configure the Details options. Details determine how the entitlement appears in the entitlement list and which users have access to the items in the service catalog. Option Description Name and Description Information about the entitlement that appears in the entitlements list. Expiration Date Set the date and time if you want the entitlement to become inactive on a particular date. Status Possible values include Active, Inactive, and Deleted.
Configuring vRealize Automation 5 Click an New icon ( ) to entitle users to services, catalog items, or actions with this entitlement. You can create an entitlement with various combinations of the services, items, and actions. Option Description Entitled Services Add a service when you want to allow entitled users access to all the published catalog items associated with the service. An entitled service is a dynamic entitlement.
Configuring vRealize Automation 9 Click OK. The service, item, or action is added to the entitlement. 10 Click Finish to save the entitlement. If entitlement status is active, the service and items are added to the service catalog. What to do next Verify that the entitled services and catalog items appear in the service catalog for the entitled users and that the requested items provision the target objects as expected. You can request the item on behalf of the selected users.
Configuring vRealize Automation Prerequisites Log in to vRealize Automation as a tenant administrator or catalog administrator. Procedure 1 Select Administration > Catalog Management > Entitlements. 2 Click the Prioritize icon ( 3 Select a business group from the Business Group drop-down list. 4 Drag an entitlement to a new location in the list to change its priority. 5 Select an update method. ). Option Description Update Saves your changes.
Configuring vRealize Automation Finally, when a service catalog user requests an item to which an approval policy is applied, the approvers approve or reject the request on their Inbox tab, on Approvals page . The requesting user can track the approval status for a specific request on their Requests tab.
Configuring vRealize Automation Table 3‑72. Examples of Approval Policies and Results (Continued) Governance Goals Selected Policy Type Pre or Post Approval To manage virtual infrastructure resources and to control prices, you add two preapproval levels because one approval is for machine resources and the other is for price of machine per day. Service Catalog - Catalog Item Request Virtual Machine Add To Pre Approval tab VMware, Inc.
Configuring vRealize Automation Table 3‑72. Examples of Approval Policies and Results (Continued) Governance Goals Selected Policy Type Pre or Post Approval When is Approval Required Level 2 Select Required based on conditions. Configure the condition Price > 15.00 per day. For parameterized blueprint catalog items, a cloud administrator must approve deployment requests in which a vSphere machine component profile of size is set to large.
Configuring vRealize Automation Example Blueprint In this example, you configure a blueprint that includes a nested blueprint with a virtual machine. n Blueprint 1 - Continuous Integration Blueprint n Blueprint 2 - Pre-Production Blueprint n Virtual Machine 1 - TestAsAService vSphere VM Approval Policies for Destroy Actions You configure the two approval policies to destroy provisioned items. A Destroy - Deployment action can run on Blueprint 1 or Blueprint 2 in this example.
Configuring vRealize Automation Entitlement Name Approval Policy on Actions Entitlement 1 Destroy Deployment Approval Policy Policy A (Destroy Deployment Approval Policy) on Destroy Deployment action only Entitlement 2 Entitlement 3 Policy B (Destroy Virtual Machine Policy) on Destroy - Virtual Machine action only Policy A (Destroy Deployment Approval Policy) on Destroy Deployment action and Policy B (Destroy Virtual Machine Policy) on Destroy - Virtual Machine action User Action Approval Request
Configuring vRealize Automation n QE Testing includes RHEL vSphere virtual machine n QE Training includes RHEL vSphere virtual machine Services n The QE Testing blueprint is associated with the Testing service n The QE Training blueprint is associated with the Training service Entitlements n Entitlement 1 n Entitlement 2 Table 3‑73.
Configuring vRealize Automation Request item in the service catalog Is approval required on item or component? Yes Approval request sent to approver’s Inbox tab Approver approves request? No Requestor notified of rejection on Requests tab No Yes Item is provisioned Requester’s Request tab - in progress Requesters’s Item tab - when provisioned Create an Approval Policy Tenant administrators and approval administrators can define approval policies and use them in entitlements.
Configuring vRealize Automation 3 Configure the Approval Form to Include System and Custom Properties You can add system and custom properties that appear on an approval form. You add these properties so that the approvers can change the values of system properties for machine resource settings such as CPU, lease, or memory, and custom properties before they complete an approval request.
Configuring vRealize Automation 5 Enter a name and, optionally, a description. 6 Select the state of the policy from the Status drop-down menu. Option Description Draft Saves the approval policy in an editable state. Active Saves the approval policy in a read-only state that you can use in an entitlement. Inactive Saves the approval policy in a read-only state that you cannot use in an entitlement until you activate the policy. What to do next Create the pre-approval and post-approval levels.
Configuring vRealize Automation 4 Select the approvers. Option Action Specific Users and Groups Sends the approval request to the selected users. Determine approvers from the request Sends the approval request to the users based on the defined condition. Use event subscription Processes the approval request based on defined event subscriptions. The workflow subscription must be defined in Adminstration > Events > Subcriptions. The applicable workflow subscriptions are pre-approval and postapproval.
Configuring vRealize Automation Procedure 1 On the Pre Approval or Post Approval tab, click the New icon ( 2 Click the System Properties tab. 3 Select the check box for each system property that you want the approver to configure during the approval process. 4 Configure the custom properties. ). Add one or more custom properties that you want the approver to configure during the approval process. a Click the Custom Properties tab. b Click the New icon ( c Enter the custom property values.
Configuring vRealize Automation n Add Approval Policy Settings You configure the basic information about the approval policy, including the state to the policy, so that you can manage the policy. n Add Level Information to Approval Policy Settings An approval level includes the conditions that trigger an approval process when the service catalog user requests the item, and any system properties and customer properties that you want to include.
Configuring vRealize Automation Table 3‑74. Approval Policy Type Options Option Description Select an approval policy type Create an approval policy based on the policy request type. Select this option to define an approval policy that is applicable to all catalog items of that type. The request type can be a generic request, a catalog item request, or a resource action request. The available condition configuration options vary depending on the type.
Configuring vRealize Automation Table 3‑75. Approval Policy Options (Continued) Option Description Status Possible values include: Policy Type n Draft. The approval policy is not available to apply in entitlements. After you make a policy active, you can never return it to draft. n Active. The approval policy is available to apply in entitlements. n Inactive. The approval policy is not available to apply in entitlements.
Configuring vRealize Automation To define the basic approval policy information, select Administration > Approval Polices. Click New. Select the policy type and click OK. On the Pre Approval or Post Approval tab, click the New icon ( ). You prioritize levels based on the order that you want them processed. When the approval policy is triggered, if the first level of approval is rejected, the request is rejected. Table 3‑76. Level Information Options Option Description Name Enter a name.
Configuring vRealize Automation Table 3‑76. Level Information Options (Continued) Option Description Specific Users and Groups Sends the approval request to the selected users. Select the users or user groups that must approve the service catalog request before it is provisioned or an action runs. For example, the request goes to the virtual infrastructure administrator group with Anyone can approve selected.
Configuring vRealize Automation To select system properties, select Administration > Approval Polices. Click New. Select the policy type and click OK. On the Pre Approval or Post Approval tab, click the New icon ( System Properties tab. ) and click the Table 3‑77. System Properties Options Option Description Properties The list of available system properties depends on the selected request type or catalog item, and whether system properties exist for the item.
Configuring vRealize Automation Prerequisites Log in to vRealize Automation as a tenant administrator or approval administrator. Procedure 1 Select Administration > Approval Policies. 2 Select the row of the approval policy to copy. 3 Click the Copy icon ( ). A copy of the approval policy is created. 4 Select the new approval policy to edit. 5 Enter a name in the Name text box. 6 (Optional) Enter a description in the Description text box.
Configuring vRealize Automation 2 Click the approval policy name. 3 Click View Linked Entitlements. a In the Replace All With drop-down menu, select the new approval policy. If the list includes more than one entitlement, the new approval policy is applied to all the listed entitlements. b Click OK. 4 After you verify that no entitlements that are linked to the approval policy, select Inactive from the Status drop-menu. 5 Click OK.
Configuring vRealize Automation Scenario: Create and Apply CentOS with MySQL Approval Policies As the tenant administrator for the development and quality engineering business group, you want to apply strict governance to catalog item requests. Before your users can provision the CentOS with MySQL catalog item, you want your vSphere virtual infrastructure administrator to approve the machine request and you want your software manager to approve the software request.
Configuring vRealize Automation d Click OK. e Configure the following options: Option Configuration Name Enter CentOS on vSphere CPU or Memory VM. Description Enter Requires VI Admin approval for CPU>2 or Memory>2048. Status Select Active. 3 On the Pre Approval tab, click the Add icon ( 4 Configure the Level Information tab with the triggering criteria and the approval actions. ). a In the Name text box, enter CPU>2 or Memory>2048 - VI Admin.
Configuring vRealize Automation In some environments you might need this type of approval because license keys must be provided by the software manager. In this scenario, you only need the software manager to track and approve the request. After you create the approval policy, you apply the policy to the MySQL for Linux Virtual Machines catalog item. This approval policy is very specific and can only be applied to the MySQL for Linux Virtual Machines Software component in the entitlements.
Configuring vRealize Automation Scenario: Apply Approval Policies to CentOS with MySQL Components As the tenant administrator, you can create approval policies and entitlements. You modify the Dev and QE entitlement to apply the approval policies that you created so that approvals are triggered when a service catalog user requests the item.
Configuring vRealize Automation 5 Add the MySQL for Linux Virtual Machine software component as an item and apply an approval policy to the MySQL item. a Click the Add Catalog Items and Components icon ( Components heading. b In the Catalog Items and Components drop-down menu, select No. ) beside the Entitled Catalog Items and Software components are always associated with a machine. They are not available to individually request in the service catalog.
Configuring vRealize Automation Request Machine Provisioning By Using a Parameterized Blueprint When you request machine provisioning for a vSphere machine blueprint that has been designed to include the size or image component profiles, you specify provisioning setting by selecting an available value set. When you request provisioning from the catalog, you can select from available value set choices for the Size and Image component profiles.
Configuring vRealize Automation 4 Select an image value set option from the Image drop-down menu. 5 Select a size value set option from the Size drop-down menu. 6 Click Submit. What to do next The value sets that you defined for the Size and Image component profiles are now available on the Image and Size drop-down menus on the Catalog tab in the catalog provisioning request form.
Configuring vRealize Automation Procedure 1 Scenario: Create a Development and Quality Engineering Catalog Service As the tenant administrator, you want to create a separate catalog service for your development and quality engineering group so your other groups, such as finance and human resources, don't see the specialized catalog items. You create a catalog service called Dev and QE Service to publish all the catalog items development and engineering need to run their test cases.
Configuring vRealize Automation Scenario: Add CentOS with MySQL to Your Dev and QE Service As the tenant administrator, you want to add the CentOS with MySQL catalog item to the Dev and QE service. Procedure 1 Select Administration > Catalog Management > Services. 2 Select the Dev and QE Service row in the Services list and click Manage Catalog Items. 3 Click the New icon ( 4 Select CentOS with MySQL. ).
Configuring vRealize Automation d In the Users and Groups area, add one or more users. Add yourself only, unless you are certain that the blueprint is working as intended. If it is, you can add individual users and you can add custom user groups. e 4 Click Next. Add the service.
Configuring vRealize Automation What to do next After you verify your work by provisioning the CentOS with MySQL catalog item, you can add additional users to the entitlement to make the catalog item publicly available to your development and quality engineering users. If you want to further govern the provisioning of resources in your environment, you can create approval policies for the MySQL Software component and the CentOS for Software Testing machine.
Configuring vRealize Automation Table 3‑79. Action Menu Commands Action Resource Type Description Associate Floating IP Machine (OpenStack) Associate a floating IP address with an OpenStack machine. Cancel Reconfigure Machine Cancel a running reconfiguration action. Change Lease Deployment and Machine Change the number of days remaining in the lease for either a specific machine or for all resources included in a deployment. If you do not provide a value, the lease does not expire.
Configuring vRealize Automation Table 3‑79. Action Menu Commands (Continued) Action Resource Type Description Connect using SSH Machine Connect to the selected machine by using SSH. The Connect Using SSH option requires that your browser has a plug-in that supports SSH, for example the FireSSH SSH terminal client for Mozilla Firefox and Google Chrome. When the plug-in is present, selecting Connect Using SSH displays an SSH console and prompts for your administrator credentials.
Configuring vRealize Automation Table 3‑79. Action Menu Commands (Continued) Action Resource Type Description Destroy Cloud Machine, Deployment, Virtual Machine, and NSX Edge Immediately destroy a provisioned resource. You must run this action to destroy XaaS resources, even if they are part of a deployment you are destroying. Other resources are destroyed when their lease or their archival period ends. Except for XaaS, destroying components of a deployment is not a best practice.
Configuring vRealize Automation Table 3‑79. Action Menu Commands (Continued) Action Resource Type Description individual resources while destroying the deployment. For more information on using force destroy, see Force Destroy a Deployment After a Failed Destroy Request. Note Storage and memory that are assigned to a provisioned machine by a reservation are released when the machine to which they are assigned is deleted in vRealize Automation by the Destroy action.
Configuring vRealize Automation Table 3‑79. Action Menu Commands (Continued) Action Resource Type Description Reboot Machine Reboot the guest operating system on a vSphere virtual machine. VMware Tools must be installed on the machine to use this action.
Configuring vRealize Automation Table 3‑79. Action Menu Commands (Continued) Action Resource Type Description Reprovision Machine Destroys the machine, then initiates the provisioning workflow to create a machine with the same name. When you request that a machine be reprovisioned, a known issue might cause vRealize Automation to display the reprovisioning status as Complete in the catalog, when the actual state is In Progress.
Configuring vRealize Automation Table 3‑79. Action Menu Commands (Continued) Action Resource Type Description Scale In Deployment Destroy unneeded instances of machines in your deployment to adjust to reduced capacity requirements. Machine components and any software components installed on them are destroyed. Dependent software components and networking and security components are updated for the new deployment configuration.
Configuring vRealize Automation Table 3‑79. Action Menu Commands (Continued) Action Resource Type Description Suspend Machine Pause the machine so that it cannot be used and does not consume any system resources other than the storage it is using. Unregister Machine Remove the machine from the inventory without destroying it. Unregistered machines are not usable. Unregister VDI Virtual Machine (XenServer) Unregister the virtual disk image on XenServer items.
Configuring vRealize Automation Tenant administrators, machine owners, and business group managers of the group in which the machine resides can view health badges and health alerts on the item details pages for vSphere virtual machines. They can also view vRealize Operations Manager metrics and health badges when they filter by the platform type vSphere on the reclamations page. What to do next Send Reclamation Requests.
Configuring vRealize Automation 2 Find virtual machine deployments that match your search criteria. You must select platform type vSphere to view metrics provided by vRealize Operations Manager. a Click the Advanced Search down arrow to open the search box. b Enter or select one or more search values. Option Action Virtual Machine name contains Enter one or more characters in the text box to find virtual machine names that match.
Configuring vRealize Automation 4 Click Reclaim. The deployments that contain virtual machines that are selected on the current page are included in the request. Note The Reclaim Deployment page can list machines that are not available for reclamation, such as machines for which the lease has expired. If you specify a machine that is not available for reclamation, you receive the following error: Selection Error: Virtual machine name is not in valid state for reclamation.
Configuring vRealize Automation Procedure 1 Select Administration > Reclamation > Reclamation Requests. 2 Find the virtual machines that match your search criteria. 3 a Click the Advanced Search down arrow to open the search box. b Type or select one or more search values. Option Action Virtual Machine name contains Type one or more characters in the text box to find virtual machine names that match.
Configuring vRealize Automation Prerequisites Log in to vRealize Automation as a fabric administrator. Procedure 1 Select Infrastructure > Managed Machines. 2 Locate the machine with the reservation to change. 3 Click Change Reservation in the drop-down menu. You can view information about the managed machine, such as its associated blueprint and compute resource, by clicking View in the drop-down menu. 4 (Optional) Select a business group from the Business group drop-down menu.
Configuring vRealize Automation 5 Enter a name and, optionally, a description. 6 If you want to capture the memory and power settings of the machine, select Include memory. 7 Click Submit. Connect Remotely to a Machine You can connect remotely to a machine from the vRealize Automation console. Prerequisites n Log in to vRealize Automation as a machine owner, tenant administrator, or business group manager. n Verify that VMware Tools is installed.
Configuring vRealize Automation Remote connections using VMware Remote Console for machines provisioned on vSphere are secured by vRealize Automation appliance certificates through a proxy console. VMware Remote Console requires WebSockets support in the browser and browsers must trust the vRealize Automation appliance certificate. The certificate can be obtained by going to the root-level virtual appliance at an address of the form https://vra-va.eng.mycompany.com/.
Configuring vRealize Automation 8 9 Click the Authorities tab in the Certificate Management text box. Option Action Windows Select Preference > Advanced > Certificates from the Firefox menu. iOS Select Preference > Advanced > Certificates from the Firefox menu and click View Certificates. Click the Authorities tab and click Import. 10 Select the certificate file you saved earlier and click Open in the text box. 11 Edit the trust settings.
Configuring vRealize Automation 9 Click Yes in the Security Warning dialog box to install the certificate. 10 Restart the browser. You can connect to the remote console without certificate errors. Configure Chrome to Trust a Certificate for vRealize Automation Appliance Untrusted vRealize Automation appliance certificates must be manually imported to client browsers to support VMware Remote Console on clients provisioned on vSphere.
Configuring vRealize Automation When vRealize Automation fails to destroy a deployment resource during a destroy deployment operation, the destroy operation stops immediately without destroying the remaining deployment resources. This failure leaves the deployment in an inconsistent state, using up resources with no obvious way of destroying the deployment. Business group administrators can force destroy deployments that are left in this inconsistent state.
Configuring vRealize Automation n The action is not applicable to the selected item type. If the item does not support the action, it does not appear in the list. For example, the Create Snapshot action is not available for a physical machine, and the Connect by Using RDP action is not available if the selected item is a Linux machine. n The action is applicable for the provisioned resource type, but the action is disabled in the Infrastructure blueprint.
Configuring vRealize Automation 2 Locate the workflow logs in vRealize Orchestrator using the Control Center a Enter the base URL for vRealize Automation in a browser search box. The VMware vRealize Automation Appliance page appears. b Click vRealize Orchestrator Control Center. c Log in as a user with root privileges. d Click Inspect Workflows. e Click Finished Workflows. f Paste the workflow token in the Token ID text box. The list displays on the workflow that matches the token ID.
Configuring vRealize Automation Prerequisites n Log in to vRealize Automation as a machine owner, support user, business group user with a shared access role, or business group manager. n The machine you want to reconfigure must have the status On or Off with no active reconfigure status. n The machine type must be vSphere, vCloud Air, or vCloud Director although the NSX settings apply only to vSphere. n Verify that you are entitled to reconfigure a machine. Procedure 1 Select Items > Machines.
Configuring vRealize Automation Prerequisites Specify Machine Reconfiguration Settings and Considerations for Reconfiguration. Procedure 1 Click the General tab. 2 Enter the number of CPUs in the # CPUs text box. 3 Enter the amount of memory in the Memory (MB) text box. 4 Enter the amount of storage in the Storage (GB) text box. What to do next Specify additional machine reconfiguration settings. If you have finished changing machine settings, start the machine reconfiguration request.
Configuring vRealize Automation 3 Delete a volume. a b Locate the volume. Click the Delete icon ( ). An unselectable icon indicates an undeletable volume such as one from a linked clone. 4 Increase the size of a volume. You cannot reduce the size of existing volumes. Volume size is limited by the total amount of storage specified in the blueprint, less the amount allocated to other volumes. a Locate the volume. b Click the Edit icon ( c Type the new size in the Capacity (GB) text box.
Configuring vRealize Automation Changing NSX network settings is not supported for deployments that were upgraded or migrated from vRealize Automation 6.2.x to this vRealize Automation release. Prerequisites Specify Machine Reconfiguration Settings and Considerations for Reconfiguration. Procedure 1 Click the Network tab. 2 (Optional) Add a network adapter. a Click New Network Adapter. b Select a network from the Network Path drop-down menu.
Configuring vRealize Automation Prerequisites Specify Machine Reconfiguration Settings and Considerations for Reconfiguration. Procedure 1 Click the Properties tab. 2 To add a property, click New Property. 3 Enter the property name in the Name text box. 4 Enter the property value in the Value text box. 5 Select the Encrypted check box to encrypt the value. 6 Select the Prompt user check box to prompt users for the value when they request the machine.
Configuring vRealize Automation 4 (Optional) Select a power action from the Power action drop-down menu. Option Description Reboot if required (Default) If required, reboot the machine before reconfiguring it. Reboot Reboot the machine before reconfiguring it, regardless of whether reboot is required. Do not reboot Do not reboot the machine before reconfiguring it, even if reboot is required.
Configuring vRealize Automation Reconfigure a Load Balancer in a Deployment You can add, edit, or delete a virtual server in a deployed NSX load balancer. The following considerations apply to deployments that originated in vRealize Automation 7.2 or earlier: n Load balancer reconfiguration is limited to deployments that contain a single load balancer. n The Items detail page for any load balancer in a deployment displays the virtual servers that are used by all the load balancers in the deployment.
Configuring vRealize Automation For information about the settings that are available when you add or edit a virtual server, see Add an OnDemand Load Balancer Component. When you reconfigure a load balancer in vRealize Automation, some of the settings that were configured in NSX and that are not available as settings in vRealize Automation, are reverted back to their default value.
Configuring vRealize Automation You can also change the order in which the NAT rules are processed. Note If the deployment's source blueprint is imported from a YAML file that contains a NAT network component, and the NAT network component's name and ID values are not identical, the Change NAT Rules action fails. To allow the Change NAT Rules action for a deployment that is based on an imported blueprint, perform the following steps in the blueprint before you provision a deployment.
Configuring vRealize Automation 4 Click Change NAT Rules from the Actions menu. 5 Add new NAT port forwarding rules, reorder rules, edit existing rules, or delete rules. 6 When you have finished making changes, click Save or Submit to submit the reconfiguration request. Add or Remove Security Items in a Deployment You can add or remove existing NSX security groups and security tags in a machine deployment. You cannot add on-demand security groups but you can remove them.
Configuring vRealize Automation 8 When you have finished making changes, click Save or click Submit to submit the change request. Display All NAT Rules for an Existing NSX Edge You can display NAT rule information about the NSX Edges that are used in active deployments. The NAT rules are displayed in the Edge view as an aggregate of all the NAT rules that are used in the deployment. In the Edge view, the rules are not necessarily displayed in the order in which they are processed.
