Reference Architecture vRealize Automation 7.
Reference Architecture You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2016–2018 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents vRealize Automation Reference Architecture Guide Updated Information 4 5 1 New Features in vRealize Automation Since Release 6.
vRealize Automation Reference Architecture Guide The vRealize Automation Reference Architecture Guide describes the structure and configuration of typical vRealize Automation deployments. In addition, it provides information about high availability, scalability and deployment profiles. Intended Audience This information is intended for anyone who wants to configure and manage vRealize Automation.
Updated Information Reference Architecture is updated with each release of the product or when necessary. This table provides the update history of the Reference Architecture publication.
New Features in vRealize Automation Since Release 6.2 1 vRealize Automation 7.0 and later includes several architectural changes that simplify configuration and deployment. Architectural Changes n The appliance database is now clustered automatically within the appliance. There is no longer any need for an external database load balancer or DNS entry. Detection of the master database server is handled internally within the appliance.
Initial Deployment and Configuration Recommendations 2 Deploy and configure all VMware vRealize Automation components in accordance with VMware recommendations. Keep your vRealize Automation, vRealize Business Standard Edition, and vRealize Orchestrator in the same time zone with their clocks synchronized. Otherwise, data synchronization might be delayed. Install vRealize Automation, vRealize Business Standard Edition, and vRealize Orchestrator on the same management cluster.
vRealize Automation Deployment 3 Use the VMware resource recommendations as a starting point for vRealize Automation deployment planning. After initial testing and deployment to production, continue to monitor performance and allocate additional resources if necessary, as described in Chapter 5 vRealize Automation Scalability.
Reference Architecture Database Deployment vRealize Automation automatically clusters the appliance database in 7.0 and later releases. All new 7.0 and later deployments must use the internal appliance database. vRealize Automation 6.2.x instances which are upgrading can use an external appliance database but it is recommended that these databases be migrated internally. See the vRealize Automation 7.0 product documentation for more information on the upgrade process.
Reference Architecture Distributed Execution Manager Configuration In general, locate distributed execution managers (DEMs) as close as possible to the model manager host. The DEM Orchestrator must have strong network connectivity to the model manager at all times. Create two DEM Orchestrator instances, one for failover, and two DEM Worker instances in your primary data center. If a DEM Worker instance must run a location-specific workflow, install the instance in that location.
vRealize Business Standard Edition Deployment Considerations 4 Deploy vRealize Business Standard Edition in accordance with VMware guidelines. Load Balancer Considerations Load balancing is not supported for data collection connections. For more information, see Chapter 5 vRealize Automation Scalability. In the vRealize Business Standard Edition appliance for UI and API client connections, you can use the vRealize Automation load balancer. VMware, Inc.
vRealize Automation Scalability 5 Consider all applicable scalability factors when configuring your vRealize Automation system. Users The vRealize Automation appliance is configured for syncing less than 100,000 users. If you need to sync more than 100,000 users, increase the appliance memory by 2 GB. Concurrent Provisions Scalability By default, vRealize Automation processes only two concurrent provisions per endpoint. For information about increasing this limit, see Configuring vRealize Automation.
Reference Architecture Table 5‑1. Data Collection Default Intervals Data Collection Type Default Interval Inventory Every 24 hours (daily) State Every 15 minutes Performance Every 24 hours (daily) Performance Analysis and Tuning As the number of resources collecting data increases, data collection completion times might become longer than the interval between data collection intervals, particularly for state data collection.
Reference Architecture Configure Manager Service for High Data Volume If you expect to use a VMware vSphere cluster that contains a large number of objects, for example, 3000 or more virtual machines, modify the manager service config file with larger values. If you do not modify this setting, large inventory data collections might fail. Modify the default value of the ProxyAgentServiceBinding and maxStringContentLength settings in the ManagerService.exe.config file. Procedure 1 Open the ManagerService.
Reference Architecture Some workflows, particularly certain custom workflows, can be CPU intensive. If the CPU load on the DEM Worker machines is high, consider increasing the processing power of the DEM machine or adding more DEM machines to your environment. VMware, Inc.
vRealize Business Standard Edition Scalability 6 Configure your vRealize Business Standard Edition installation for scalability in accordance with VMware guidelines. vRealize Business Standard Edition can scale up to 20,000 virtual machines across four VMware vCenter Server instances. The first synchronization of the inventory data collection takes approximately three hours to synchronize 20,000 virtual machines across three VMwarevCenter Server instances.
vRealize Automation High Availability Configuration Considerations 7 If you require maximum system robustness, configure your vRealize Automation system for high availability in accordance with VMware guidelines. vRealize Automation Appliance The vRealize Automation appliance supports active-active high availability. To enable high availability for these appliances, place them under a load balancer. For more information, see Installing vRealize Automation 7.0. Beginning with the 7.
Reference Architecture Infrastructure Manager Service The manager service component supports active-passive high availability. To enable high availability for this component, place two manager services under a load balancer. Because two manager services cannot be active simultaneously, disable the passive manager service in the cluster and stop the Windows service. If the active manager service fails, stop the Windows service, if it is not already stopped under the load balancer.
Reference Architecture Prior versions of the product that use an external database are still supported. If a deployment has been upgraded from 6.2 and uses an external database, VMware recommends migrating the database to an internal configuration. For more information about migrating the database and setting up appliance database replication, see the vRealize Automation 6.2 product documentation.
vRealize Business Standard Edition High Availability Considerations 8 Use the VMware vSphere HA feature for the vRealize Business Standard Edition Edition appliance. To configure the VMware vSphere HA feature on the VMware ESXi host, see the vCenter Server and Host Management documentation. VMware, Inc.
9 vRealize Automation Hardware Specifications Install appropriate components for your configuration on each vRealize Automation server profile in your environment. Server Role Components vRealize Automation Appliance vRealize Automation Services, vRealize Orchestrator, vRealize Automation Appliance Database Required Hardware Specifications Recommended Hardware Specifications CPU: 4 vCPU Same as required hardware specifications.
Reference Architecture Server Role Components Required Hardware Specifications Recommended Hardware Specifications Infrastructure Agent Server (One or more) Proxy Agent CPU: 2 vCPU Same as required hardware specifications RAM: 4 GB Disk: 40 GB Network: 1 GB/s MSSQL Database Server Infrastructure Database vRealize Orchestrator Appliance CPU: 2 vCPU CPU: 8 vCPU RAM: 8 GB RAM: 16 GB Disk: 40 GB Disk: 80 GB Network: 1 GB/s Network: 1 GB/s CPU: 2vCPU Same as required hardware specifications
vRealize Automation Small Deployment Requirements 10 A vRealize Automation small deployment comprises systems of 10,000 managed machines or fewer and includes the appropriate virtual machines, load balancers, and port configurations. The small deployment serves as a starting point for a vRealize Automation deployment that enables you to scale in a supported manner to a medium or large deployment.
Reference Architecture Certificates The host names used in this table are examples only. Server Role CN or SAN vRealize Automation Appliance SAN contains vra.va.sqa.local and vra.va-1.sqa.local Infrastructure Core Server SAN contains web.ra.local, managers.ra.local and inf-1.ra.local vRealize Business Standard Edition Server CN = vrb.ra.local Ports Users require access to certain ports. All ports listed are default ports. Server Role Port vRealize Automation Appliance 443, 8444.
Reference Architecture Server Role Inbound Ports Service/System Outbound Ports vRealize Automation Appliance HTTPS: 443 LDAP: 389 Adapter Configuration: 8443 LDAPS:636 Remote Console Proxy: 8444 SSH: 22 Virtual Appliance Management Console: 5480 VMware ESXi: 902 Infrastructure Core requires access to vSphere Endpoint Port 443 to obtain a ticket for Virtual Machine Remote Console. The vRealize Appliance requires access to ESXi host Port 902 to proxy traffic to the consumer.
Reference Architecture Server Role Inbound Ports MSSQL Database Server MSSQL: 1433 MSDTC: 135, 1024 65535. For information about how to narrow this range, see the Database Deployment section of Chapter 3 vRealize Automation Deployment. Service/System Outbound Ports Infrastructure Core Server: 135, 1024 to 65535. For information about how to narrow this range, see the Database Deployment section of Chapter 3 vRealize Automation Deployment. MSDTC: 135, 1024 65535.
Reference Architecture Graphics Figure 10‑1. Minimum footprint for small configuration of vRealize Automation NOT SHOWN All Infrastructure systems require access to Port 5480 of all vRealize Appliances for Log Collection (vRA Settings > Cluster > Collect Logs on Virtual Appliance:5480) to function. User 443,8444 For Virtual Machine Remote Console, vRealize Appliance requires access to VMware ESXi Port 902, and Infrastructure Core Server requires access to vSphere Endpoint Port 443.
Reference Architecture Figure 10‑2. Minimum footprint for small configuration of vRealize Business Standard Edition vRA Virtual Appliance DNS Entry vrava.ra.local Infrastructure Web DNS Entry web.ra.local VMware, Inc. 443 443 443 vCenter 443 Amazon Web Services 443 vCloud Director 443 vCenter Operations Manager vRealize Business Standard Virtual Appliance vrb.ra.
vRealize Automation Medium Deployment Requirements 11 A vRealize Automation medium deployment comprises systems of 30,000 managed machines or fewer and includes the appropriate virtual machines, load balancers, and port configurations. Support A medium deployment can support the following items. n 30,000 managed machines n 1000 catalog items n 50 machine provisions Requirements A medium deployment most meet the appropriate system configuration requirements.
Reference Architecture Load Balancers n vRealize Automation Appliance Load Balancer: med-vrava.ra.local n Infrastructure Web Load Balancer: med-web.ra.local n Infrastructure Manager Service Load Balancer: med-manager.ra.local Certificates The host names that are used in this table are examples only. Server Role CN or SAN vRealize Automation Appliance SAN contains the following host names: Infrastructure Web or Manager Server n vrava.ra.local n vrava-1.ra.local n vrava-2.ra.
Reference Architecture Server Role Inbound Ports Outbound Ports for Service or System vRealize Automation Appliance HTTPS: LDAP:389 Adapter Configuration: 8443 LDAPS: 636 Remote Console Proxy: 8444 Postgres: 5432 RabbitMQ: 4369, 25672, 5671, 5672 ElasticSearch: 9300, 40002, 40003 Stomp: 61613 Infrastructure Web/Manager Server vRealize AutomationAppliance (All other): 5432, 4369, 25672, 5671, 5672, 9300, 40002, 40003 vRealize Automation Infrastructure Web Load Balancer: 443 vRealize Automation App
Reference Architecture Server Role Inbound Ports Outbound Ports for Service or System Infrastructure DEM Server NA vRealize Automation Appliance Load Balancer: 443 vRealize Automation Infrastructure Web Load Balancer: 443 vRealize Automation Infrastructure Manager Load Balancer: 443 vRealize Orchestrator Load Balancer: 8281 vRealize Automation Appliance (VA): 5480. This port is required only for log collection functionality.
Reference Architecture Load Balancer Ports Balanced vRealize Automation Infrastructure Manager Service Load Balancer 443 vRealize Orchestrator Load Balancer 8281 VMware, Inc.
Reference Architecture Graphics Figure 11‑1. Minimum footprint for vRealize Automation medium configuration Not Shown: All Infrastructure systems require access to Port 5480 of all vRealize Appliances for Log Collection (vRA Settings > Cluster > Collect Logs on Virtual Appliance:5480) to function. User 443,8444 For Virtual Machine Remote Console, vRealize Appliance requires access to VMware ESXi Port 902, and Infrastructure Core Server requires access to vSphere Endpoint Port 443.
Reference Architecture Figure 11‑2. Minimum footprint for vRealize Business Standard Edition medium deployment vRA Virtual Appliance Load Balancer vrava.ra.local vRA IaaS Web Load Balancer web.ra.local VMware, Inc. 443 443 443 vCenter 443 Amazon Web Services 443 vCloud Director 443 vCenter Operations Manager vRealize Business Standard Virtual Appliance vrb.ra.
vRealize Automation Large Deployment Requirements 12 A vRealize Automation large deployment comprises systems of 50,000 managed machines or fewer and includes the appropriate virtual machines, load balancers, and port configurations. Support A large deployment can support the following items. n 50,000 managed machines n 2500 catalog items n 100 concurrent machine provisions Requirements A large deployment must meet the appropriate system configuration requirements.
Reference Architecture n Infrastructure Agent Server 2: agent-2.ra.local n Clustered MSSQL Database: mssql.ra.local Load Balancers n vRealize Automation Appliance Load Balancer: vrava.ra.local n Infrastructure Web Load Balancer: web.ra.local n Infrastructure Manager Service Load Balancer: manager.ra.local n vRealize Orchestrator Appliance Load Balancer: vro.ra.local Certificates The host names that are used in this table are examples only.
Reference Architecture Server Role Port vRealize Automation Appliance 5480, 8443. Port 8443 is used for advanced identity management configuration. vRealize Orchestrator Appliance 8283 vRealize Business Standard Edition Server 5480 The system must support the appropriate inter-application communications.
Reference Architecture Server Role Inbound Ports Infrastructure Manager Server HTTPS: 443 MSDTC: 135,1024-65535. For information about how to narrow this range, see the Database Deployment section of Chapter 3 vRealize Automation Deployment. Infrastructure DEM Server NA Outbound Ports for Service or System vRealize Automation Appliance Load Balancer: 443 vRealize Automation Infrastructure Web Load Balancer: 443 vRealize Automation Appliance: 443, 5480 MSSQL: 135, 1433, 1024 to 65535.
Reference Architecture Server Role Inbound Ports MSSQL Database Server MSSQL: 1433 MSDTC: 135, 1024-65535. For information about how to narrow this range, see the Database Deployment section of Chapter 3 vRealize Automation Deployment. vRealize Business Standard Edition Server HTTPS: 443 Outbound Ports for Service or System Infrastructure Web Server: 135, 1024-65535. For information about how to narrow this range, see the Database Deployment section of Chapter 3 vRealize Automation Deployment.
Reference Architecture Graphics Figure 12‑1. Minimum footprint for vRealize Automation large configuration NOT SHOWN All Infrastructure systems require access to Port 5480 of all vRealize Appliances for Log Collection (vRA Settings > Cluster > Collect Logs on Virtual Appliance:5480) to function. User 443,8444 For Virtual Machine Remote Console, vRealize Appliance requires access to VMware ESXi Port 902, and Infrastructure Core Server requires access to vSphere Endpoint Port 443.
Reference Architecture vRO 7.0 vRO Load Balancer (Port 8281)* vro.ra.local 8281 8281 vRO Appliance 1 vro-1.ra.local vRO Appliance 2 vro-2.ra.local 443 1433 Clustered MSSQL Database mssql.ra.local Fabric Figure 12‑2. Minimum footprint for vRealize Business Standard Edition large configuration vRA Virtual Appliance Load Balancer vrava.ra.local vRA Infrastructure Web Load Balancer web.ra.local VMware, Inc.
