IaaS Integration for MultiMachine Services vRealize Automation 6.
IaaS Integration for Multi-Machine Services You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2008–2016 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents IaaS Integration for Multi-Machine Services Updated Information 5 6 Using the Goal Navigator 6 1 Introduction to Multi-Machine Services 8 Multi-Machine Service Concepts 8 Multi-Machine Service Life Cycle 9 Comparing Multi-Machine Services and vApps 10 Configuring IaaS for Multi-Machine Services Checklist 10 2 Configuring Network and Security Integration 12 Configuring vRealize Orchestrator Endpoints 13 Create a vRealize Orchestrator Endpoint 13 Create a vSphere Endpoint for Network
IaaS Integration for Multi-Machine Services Add Multi-Machine Blueprint Custom Properties Specify Actions for Multi-Machine Blueprints Publish a Blueprint 39 40 41 5 Configuring Multi-Machine Blueprints for Network and Security Virtualization 42 Adding Network Profiles to a Multi-Machine Blueprint 43 Add a Private Network Profile to a Multi-Machine Blueprint 43 Add a Routed Network Profile to a Multi-Machine Blueprint 44 Add a NAT Network Profile to a Multi-Machine Blueprint Configure Network Ada
IaaS Integration for Multi-Machine Services IaaS Integration for Multi-Machine Services describes how to integrate multi-machine services in an existing VMware vRealize Automation deployment.
IaaS Integration for Multi-Machine Services VMware Technical Publications Glossary VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For definitions of terms as they are used in VMware technical documentation, go to http://www.vmware.com/support/pubs. Updated Information This IaaS Integration for Multi-Machine Services is updated with each release of the product or when necessary.
IaaS Integration for Multi-Machine Services For each step, the goal navigator provides a description of the task you need to perform on the corresponding page. The goal navigator does not provide detailed information such as how to complete the forms on a page. You can hide the page information or move it to a more convenient position on the page. If you hide the page information, you can display it again by clicking the information icon on the goal navigator panel. VMware, Inc.
Introduction to Multi-Machine Services 1 With the multi-machine services feature of vRealize Automation, users can provision multi-machine services, and their component machines, in a virtual datacenter based on existing templates. Multi-machine services are compound services composed of multiple machines that can be provisioned and managed with vRealize Automation as a single entity.
IaaS Integration for Multi-Machine Services These concepts apply to multi-machine services in vRealize Automation. Component Blueprint A machine blueprint that is part of a multi-machine service. A component blueprint is referenced by a multi-machine blueprint. You can also use it to request standalone machines that are not part of a multi-machine service. Component Machine A machine that is managed as part of a multi-machine service. A multimachine service might include several component machines.
IaaS Integration for Multi-Machine Services The machine owner can view the components that make up a multi-machine service and manage them as a group or individually. Most machine operations are available for individual component machines, except for changing the owner or lease. These operations are inclusive to the multi-machine service and modify the group as a whole.
IaaS Integration for Multi-Machine Services Table 1‑2. Configuring IaaS for multi-machine services checklist Task Configure vRealize Automation workflows to call vRealize Orchestrator workflows. Required Role Outside of vRealize Automation See Create a vRealize Orchestrator Endpoint. Create a vSphere endpoint to allow vRealize Automation to interact with a vCloud Networking and Security or NSX instance. IaaS administrator See Create a vSphere Endpoint for Networking and Security Virtualization.
Configuring Network and Security Integration 2 vRealize Automation supports virtualized networks based on the vCloud Networking and Security and NSX platforms. Network and security virtualization allows virtual machines to communicate with each other over physical and virtual networks securely and efficiently.
IaaS Integration for Multi-Machine Services n Create a vSphere Endpoint for Networking and Security Virtualization An IaaS administrator creates an instance of a vSphere endpoint to allow vRealize Automation to interact with a vCloud Networking and Security or NSX instance.
IaaS Integration for Multi-Machine Services Prerequisites n Log in to the vRealize Automation console as an IaaS administrator. n Verify that the NSX plug-in is installed in vRealize Orchestrator. The installation instruction is available in a README file from the VMware product download site at http://vmware.com/web/vmware/downloads under the VMware NSX or VMware vCloud Networking and Security links. Procedure 1 Select Infrastructure > Endpoints > Endpoints.
IaaS Integration for Multi-Machine Services c Type an integer greater than or equal to 1 in the Value text box. Lower value means higher priority. d Click the Save icon ( ). 7 Click OK. 8 From the Endpoints column, point to the vRealize Orchestrator endpoint and click Data Collection from the drop-down menu. The data collection process takes 2-3 minutes to check whether the associated NSX plug-in is installed on this endpoint.
IaaS Integration for Multi-Machine Services 2 Locate a vSphere endpoint and click Edit in the drop-down menu. 3 Select the Specify manager for network and security platform check box to implement networking and security virtualization. 4 Type the URI for the management console of the vCloud Networking and Security or NSX instance in the Address text box to register the instance to the vSphere endpoint. The URL must be of the type: https://hostname or https://IP_address. For example, https://vCNSa.
IaaS Integration for Multi-Machine Services 3 Select the NSX endpoint as the input parameter for the workflow. Use the IP address you specified when you created the vSphere endpoint to register an NSX instance. After you run this workflow, the Distributed Firewall rules defined in the security policy are applied only on the vNICs of the security group members to which this security policy is applied. What to do next Apply the applicable security features for the multi-machine blueprint.
IaaS Integration for Multi-Machine Services Fabric administrators specify the ranges of IP addresses that can be used in network profiles. Each IP address in the specified ranges allocated to a machine is reclaimed for reassignment when the machine is destroyed and the ReclaimDestroyedStaticIPAddresses workflow runs. A fabric administrator creates external network profiles and templates for NAT, private, and routed network profiles on the Network Profiles page.
IaaS Integration for Multi-Machine Services 6 In the DNS/WINS group, type values as needed. What to do next You can configure IP ranges for static IP addresses. See Configure External Network Profile IP Ranges. Configure External Network Profile IP Ranges A fabric administrator can define zero (0) or more ranges of static IP addresses for use in provisioning a network. An external network profile must have at least one static IP range for use with routed and NAT network profiles.
IaaS Integration for Multi-Machine Services 8 (Optional) Filter IP address entries to only those that match. a Click in the Defined IP Addresses text boxes. b Type a partial IP address or machine name, or select a date from the Last Modified drop-down calendar. The IP addresses that match the filter criteria appear. 9 Click OK.
IaaS Integration for Multi-Machine Services 7 (Optional) Set a lease time to define how long a machine can use an IP address. What to do next You can configure IP ranges for static IP addresses. See Configure Private Network Profile IP Ranges. Configure Private Network Profile IP Ranges A fabric administrator can define one or more ranges of static IP addresses for use in provisioning a network. Prerequisites Specify External Network Profile Information. Procedure 1 Click the IP Ranges tab.
IaaS Integration for Multi-Machine Services 8 (Optional) Filter IP address entries to only those that match. a Click in the Defined IP Addresses text boxes. b Type a partial IP address or machine name, or select a date from the Last Modified drop-down calendar. The IP addresses that match the filter criteria appear. 9 Click OK. Create a NAT Network Profile A fabric administrator can create a NAT network profile template to define a NAT network and assign ranges of static IP and DHCP addresses to it.
IaaS Integration for Multi-Machine Services 5 6 Select a NAT type from the drop-down menu. Option Description One-to-One Assign an external static IP address to each network adapter. Every machine can access the external network and is accessible from the external network. One-to-Many One external IP address is shared among all machines on the network. An internal machine can have either DHCP or static IP addresses.
IaaS Integration for Multi-Machine Services 6 Click OK. The newly defined IP address range appears in the Defined Ranges list. The IP addresses in the range appear in the Defined IP Addresses list. 7 (Optional) Upload one or more IP addresses from a CSV file. A row in the CSV file has the format ip_address,mname,status. CSV Field Description ip_address An IP address mname Name of a managed machine in vRealize Automation. If the field is empty, defaults to no name.
IaaS Integration for Multi-Machine Services Specify Routed Network Profile Information The network profile information identifies the routed network properties, its underlying external network profile, and other values used in provisioning the network. Prerequisites n Log in to the vRealize Automation console as a fabric administrator. n Create an External Network Profile. n Verify that the NSX logical router is configured in the vSphere Client to use the routed network profile.
IaaS Integration for Multi-Machine Services If a multi-machine blueprint contains a routed network profile but not an assignment for the routed network to component network adapters, a catalog item is created but machine provisioning fails with exception error. IP ranges in the routed network profile are listed as allocated but the IP addresses are in use. Ensure that you assign a routed network profile to multi-machine blueprints. Prerequisites Specify External Network Profile Information.
IaaS Integration for Multi-Machine Services You can specify a routed gateway reservation policy in the multi-machine blueprint to identify which reservations to use when provisioning the multi-machine routed gateway. By default, vRealize Automation uses the same reservations for the routed gateway and the multi-machine components. You select one or more security groups in the reservation to enforce baseline security policy for all component machines provisioned with that reservation in vRealize Automation.
IaaS Integration for Multi-Machine Services 3 Select a compute resource on which to provision machines from the Compute resource drop-down menu. The reservation name appears in the Name text box. 4 Select a tenant from the Tenant drop-down menu. 5 Select a business group from the Business group drop-down menu. Only users in this business group can provision machines by using this reservation. 6 (Optional) Select a reservation policy from the Reservation policy drop-down box.
IaaS Integration for Multi-Machine Services c Select an external network profile from the Network Profile drop-down menu. Only the external network profiles used to create routed network profiles are available in the menu. d Click the Save icon ( e Repeat to select more routed gateways. ). 14 Click OK. VMware, Inc.
Optional Configurations for Multi-Machine Services 3 You can create and configure optional cost profiles to give you more control over computing the cost of the multi-machine services.
IaaS Integration for Multi-Machine Services How Cost Is Displayed The multi-machine service cost appears at various stages of the request and provisioning life cycle and is updated according to the current information in the request or on the provisioned item. Table 3‑2.
IaaS Integration for Multi-Machine Services Table 3‑2. Cost Displayed During the Request and Provisioning Life Cycle (Continued) Life Cycle Stage Value Displayed for Cost Viewing details of a submitted request or approving a request Projected costs based on the requested machine resources, lease duration, and blueprint cost.
Creating Multi-Machine Blueprints 4 Machine blueprints determine a machine's attributes, the manner in which it is provisioned, and its policy and management settings. A tenant administrator or business group manager allows users to provision multi-machine services by creating one or more entitled multi-machine blueprints. Before you create a multi-machine blueprint, you must first create blueprints for each of the component machines to include in the multi-machine service.
IaaS Integration for Multi-Machine Services n DataContext The following PowerShell script is provided as a sample: # Script to Test InvokePowerShell functions $VirtualMachine.Notes = "Test"; foreach ($i in $VirtualMachineProperties) { $i.PropertyValue = $i.PropertyName; } A PowerShell script can modify some VirtualMachine fields and property values. Not all VirtualMachine parameter fields can be modified.
IaaS Integration for Multi-Machine Services Custom properties in a multi-machine blueprint override properties specified in component blueprints. Runtime properties on the component machine, which are specified at request time or by editing the machine after it is provisioned, override runtime properties specified at the multi-machine service level.
IaaS Integration for Multi-Machine Services Create a Multi-Machine Blueprint Machine blueprints determine a machine's attributes, the manner in which it is provisioned, and its policy and management settings. A tenant administrator or business group manager creates a multi-machine blueprint for provisioning the multi-machine service and its component machines. Prerequisites Log in to the vRealize Automation console as a tenant administrator or business group manager.
IaaS Integration for Multi-Machine Services Procedure 1 Select Infrastructure > Blueprints > Blueprints. 2 Select New Blueprint > Multi-Machine. 3 Enter a name and, optionally, a description. 4 (Optional) Select the Master check box to allow users to copy your blueprint. 5 Select who can provision machines with this blueprint.
IaaS Integration for Multi-Machine Services 5 Enter a blueprint display name in the Name text box. 6 Enter a minimum number of component machines in the Minimum text box. This setting specifies the minimum number of component machines that can be included in the multimachine service. A machine owner cannot request a multi-machine service with less than the minimum number of machines for each component type. This number determines if a multi-machine service provisioned from this blueprint is healthy.
IaaS Integration for Multi-Machine Services Prerequisites n Specify Build Information for a Multi-Machine Blueprint. n Verify that a fabric administrator created at least one external network profile. See Create an External Network Profile. n Verify that a vCenter Server administrator prepared transport zones and clusters. Procedure 1 Click the Network tab. 2 Select a transport zone from the Transport zone drop-down menu.
IaaS Integration for Multi-Machine Services Procedure 1 Click the Properties tab. 2 (Optional) Select one or more build profiles from the Build profiles menu. Build profiles contain groups of custom properties. Fabric administrators can create build profiles. 3 Add any custom properties to your blueprint. a Click New Property. b Enter the custom property in the Name text box. c Enter the value of the custom property in the Value text box.
IaaS Integration for Multi-Machine Services Your blueprint is saved in draft state. What to do next Publish your blueprint to make it available as a catalog item. See Publish a Blueprint. Publish a Blueprint Blueprints are saved in the draft state and must be manually published before you can configure them as catalog items. You need to publish a blueprint only once. Any changes you make to a published blueprint are automatically reflected in the catalog.
Configuring Multi-Machine Blueprints for Network and Security Virtualization 5 When you provision a multi-machine service in vRealize Automation, you can provision virtualized networks and related services for the vSphere component machines in that multi-machine service based on the vCloud Networking and Security and NSX platforms. Fabric administrators create network profile templates, external network profiles, and the reservations that determine the available networks and other settings.
IaaS Integration for Multi-Machine Services Adding Network Profiles to a Multi-Machine Blueprint A tenant administrator or business group manager can create NAT, routed, and private network profiles for a multi-machine blueprint, and assign those profiles to virtual network adapters in the same multimachine blueprint.
IaaS Integration for Multi-Machine Services n Create a multi-machine blueprint that contains at least one virtual component blueprint. See Create a Multi-Machine Blueprint. Procedure 1 Select Infrastructure > Blueprints > Blueprints. 2 Locate a multi-machine blueprint with at least one virtual component blueprint. 3 Click Edit in the drop-down menu. 4 Click the Network tab. 5 Select a transport zone from the Transport zone drop-down menu. 6 Select New Network Profile > Private.
IaaS Integration for Multi-Machine Services When you add a routed network profile to a multi-machine blueprint, you can change only the name and description. You can view but not change the remaining information from the template. For descriptions of the values required when creating a routed network profile, see Create a Routed Network Profile. Prerequisites n Log in to the vRealize Automation console as a tenant administrator or business group manager.
IaaS Integration for Multi-Machine Services The most common use for a NAT network profile is for a multi-tier application where the application and database tiers need to be masked or secured from direct access. The application and database tiers have private network profiles and the Web tier has a NAT network profile. Another use for this profile type is to support multiple, overlapping IP address spaces.
IaaS Integration for Multi-Machine Services What to do next The new profile appears as a network profile choice when you create a network adapter. See Configure Network Adapters for Component Machines. Configure Network Adapters for Component Machines A network adapter defines a network connection for a component machine.
IaaS Integration for Multi-Machine Services 10 Select an assignment type from the Assignment Type drop-down menu. Option Description Static IP You can select this assignment type for any network profile with an IP range. Static IP is the only assignment type allowed for routed and one-to-one NAT network profiles. You can only type a static IP address in the Address text box for private and NAT network profiles. The IP address must be part of an IP range in the network profile.
IaaS Integration for Multi-Machine Services 4 Click the Build Information tab. 5 Locate a blueprint in the Components table that has editable network settings. Look for Edit in the Network column. 6 Click the Load Balancer tab. 7 Select the service to use for load balancing. The load balancer settings are not editable if a machine provisioned from this blueprint still exists. a Select the service check box in the Services table. The service entry becomes editable.
IaaS Integration for Multi-Machine Services Security policies, security groups, and security tags are defined in the NSX environment. See NSX Administration Guide. Security Group Collection of assets or grouping objects from the vSphere inventory. The grouping feature enables you to create custom containers to which you can assign resources, such as virtual machines and network adapters, for distributed firewall protection.
IaaS Integration for Multi-Machine Services You can also add security groups on the Network tab of the New or Edit Reservation page. All multimachine components provisioned through the reservation are assigned to all of the security groups you select. For more information about adding security groups through the reservation, see Create a Reservation.
IaaS Integration for Multi-Machine Services Configure Reservations for Routed Gateways A tenant administrator or business group manager can configure reservations for use in provisioning the routed gateway of a multi-machine service. When vRealize Automation provisions a multi-machine service with NAT, routed, or private networking, it provisions a routed gateway as the network router for that service.
IaaS Integration for Multi-Machine Services When a multi-machine service is provisioned with App isolation, vRealize Automation creates a security group corresponding to the multi-machine service and assigns the component machines as members of that security group. The security policy called vRealize Automation App Isolation policy in NSX is created and applied to the security group. The firewall rules are defined in the security policy to allow only internal traffic.
IaaS Integration for Multi-Machine Services What to do next Publish your blueprint to make it available as a catalog item. See Publish a Blueprint. VMware, Inc.
Managing Multi-Machine Services 6 After you create and configure a multi-machine service you can perform several management tasks such as edit an existing multi-machine blueprint, view the status of scheduled and completed workflows, or display the default log information.
IaaS Integration for Multi-Machine Services Table 6‑1. Monitoring and Log Display Options Objective Role Menu Sequence and Description Display information about actions that have occurred, such as the action type, date and time of the action, and so on. IaaS administrator Display default log information or control display content using column and filter options. Select Infrastructure > Monitoring > Audit Logs.
IaaS Integration for Multi-Machine Services Solution 1 Navigate to Knowledge Base article Multi-Machine Blueprint Reported as Partially Succeeded But All the Components Provisioned Correctly (2132084) at http://kb.vmware.com/kb/2132084. 2 Follow the procedure as documented in the KB. For vRealize Automation 6.2.5, you only need to obtain and add the AppService.SyncMachines.MachineProvisioned custom property to your blueprint to avoid this issue. vRealize Automation 6.2.
