Reference Architecture 12 April 2018 vRealize Automation 7.
Reference Architecture You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2017–2018 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents vRealize Automation Reference Architecture Guide 4 1 Initial Deployment and Configuration Recommendations 5 2 vRealize Automation Deployment 6 3 vRealize Business for Cloud Deployment Considerations 9 4 vRealize Automation Scalability 10 Configure Manager Service for High Data Volume 12 Distributed Execution Manager Performance Analysis and Tuning 12 5 vRealize Business for Cloud Scalability 14 6 vRealize Automation High Availability Configuration Considerations 15 7 vRealize Business for Clo
vRealize Automation Reference Architecture Guide The vRealize Automation Reference Architecture Guide describes the structure and configuration of typical vRealize Automation deployments. In addition, it provides information about high availability, scalability and deployment profiles. Intended Audience This information is intended for anyone who wants to configure and manage vRealize Automation.
Initial Deployment and Configuration Recommendations 1 Deploy and configure all VMware vRealize Automation components in accordance with VMware recommendations. Keep your vRealize Automation, vRealize Business for Cloud, and vRealize Orchestrator in the same time zone with their clocks synchronized. Install vRealize Automation, vRealize Business for Cloud, and vRealize Orchestrator on the same management cluster.
vRealize Automation Deployment 2 Use the VMware resource recommendations as a starting point for vRealize Automation deployment planning. After initial testing and deployment to production, continue to monitor performance and allocate additional resources if necessary, as described in Chapter 4 vRealize Automation Scalability.
Reference Architecture Database Deployment vRealize Automation automatically clusters the appliance database in 7.0 and later releases. All new 7.0 and later deployments must use the internal appliance database. vRealize Automation instances which are upgrading to 7.1 or later must merge their external databases into the appliance database. See the vRealize Automation product documentation for more information on the upgrade process.
Reference Architecture Distributed Execution Manager Configuration In general, locate distributed execution managers (DEMs) as close as possible to the model manager host. The DEM Orchestrator must have strong network connectivity to the model manager at all times. By default, the installer places DEM Orchestrators alongside the Manager Service. Create two DEM Orchestrator instances, one for failover, and two DEM Worker instances in your primary data center.
vRealize Business for Cloud Deployment Considerations 3 Deploy vRealize Business for Cloud, formerly known as vRealize Business Standard Edition, in accordance with VMware guidelines. Load Balancer Considerations Load balancing is not supported for data collection connections. For more information, see Chapter 4 vRealize Automation Scalability. In the vRealize Business for Cloud appliance for user interface and API client connections, you can use the vRealize Automation load balancer. VMware, Inc.
vRealize Automation Scalability 4 Consider all applicable scalability factors when configuring your vRealize Automation system. Users The vRealize Automation appliance is configured for syncing less than 100,000 users. If your system contains more users, you may need to add memory to vRealize Automation Directories Management. For detailed information on adding memory to Directories Management, see "Add Memory to Directories Management" in Configuring vRealize Automation.
Reference Architecture Table 4‑1. Data Collection Default Intervals Data Collection Type Default Interval Inventory Every 24 hours (daily) State Every 15 minutes Performance Every 24 hours (daily) Performance Analysis and Tuning As the number of resources collecting data increases, data collection completion times might become longer than the interval between data collection intervals, particularly for state data collection.
Reference Architecture Configure Manager Service for High Data Volume If you expect to use a VMware vSphere cluster that contains a large number of objects, for example, 3000 or more virtual machines, modify the manager service config file with larger values. If you do not modify this setting, large inventory data collections might fail. Modify the default value of the ProxyAgentServiceBinding and maxStringContentLength settings in the ManagerService.exe.config file. Procedure 1 Open the ManagerService.
Reference Architecture Some workflows, particularly certain custom workflows, can be CPU intensive. If the CPU load on the DEM Worker machines is high, consider increasing the processing power of the DEM machine or adding more DEM machines to your environment. VMware, Inc.
vRealize Business for Cloud Scalability 5 Configure your vRealize Business for Cloud installation for scalability in accordance with VMware guidelines. vRealize Business for Cloud can scale up to 20,000 virtual machines across ten VMware vCenter Server instances. The first synchronization of the inventory data collection takes approximately three hours to synchronize 20,000 virtual machines across three VMwarevCenter Server instances.
vRealize Automation High Availability Configuration Considerations 6 If you require maximum system robustness, configure your vRealize Automation system for high availability in accordance with VMware guidelines. vRealize Automation Appliance The vRealize Automation appliance supports active-active high availability for all components except the appliance database. Starting with the 7.
Reference Architecture Infrastructure Web Server The Infrastructure Web server components all support active-active high availability. To enable high availability for these components, place them under a load balancer. Infrastructure Manager Service The manager service component supports active-passive high availability. To enable high availability for this component, place two manager services under a load balancer. In vRealize Automation 7.3 and newer, failover is automatic.
Reference Architecture MSSQL Database Server for Infrastructure Components vRealize Automation supports SQL AlwaysON groups only with Microsoft SQL Server 2016. When installing SQL Server 2016, the database must be created in 100 mode. If you use an older version of Microsoft SQL Server, use a Failover Cluster instance with shared disks. For more information on configuring SQL AlwaysOn groups with MSDTC, see https://msdn.microsoft.com/enus/library/ms366279.aspx.
vRealize Business for Cloud High Availability Considerations 7 Use the VMware vSphere HA feature for the vRealize Business for Cloud Edition appliance. To configure the VMware vSphere HA feature on the VMware ESXi host, see the vCenter Server and Host Management documentation. VMware, Inc.
vRealize Automation Hardware Specifications and Capacity Maximums 8 Install appropriate components for your configuration and capacity needs on each vRealize Automation server profile in your environment. Server Role Components vRealize Automation Appliance vRealize Automation Services, vRealize Orchestrator, vRealize Automation Appliance Database Required Hardware Specifications Recommended Hardware Specifications CPU: 4 vCPU Same as required hardware specifications.
Reference Architecture Server Role Components Required Hardware Specifications Recommended Hardware Specifications Infrastructure Agent Server (One or more) Proxy Agent CPU: 2 vCPU CPU: 2 vCPU RAM: 8 GB RAM: 8 GB Disk: 40 GB Disk: 40 GB Network: 1 GB/s Network: 1 GB/s CPU: 2 vCPU CPU: 8 vCPU RAM: 8 GB RAM: 16 GB Disk: 40 GB Disk: 80 GB Network: 1 GB/s Network: 1 GB/s CPU: 2 vCPU Same as required hardware specifications MSSQL Database Server vRealize Business for Cloud Appliance In
Reference Architecture Table 8‑1. vRealize Automation Resource Capacity Maximums (Continued) Parameter Maximum Value User/Group sync with default 18 GB memory number of users 95027 number of groups 20403 (each group contains 4 users including one level of nesting number of users 100,000 number of groups 750 (each group contains 4000 users and each user is in 30 groups) User/Group with memory increased to 30 GB VMware, Inc.
vRealize Automation Small Deployment Requirements 9 A vRealize Automation small deployment comprises systems of 10,000 managed machines or fewer and includes the appropriate virtual machines, load balancers, and port configurations. The small deployment serves as a starting point for a vRealize Automation deployment that enables you to scale in a supported manner to a medium or large deployment.
Reference Architecture Certificates The host names used in this table are examples only. Server Role CN or SAN vRealize Automation appliance SAN contains vra.va.sqa.local and vra.va-1.sqa.local Infrastructure Core Server SAN contains web.ra.local, managers.ra.local and inf-1.ra.local vRealize Business for Cloud Server CN = vrb.ra.local Ports Users require access to certain ports. All ports listed are default ports. Server Role Port vRealize Automation appliance 443, 8444.
Reference Architecture Server Role Inbound Ports Service/System Outbound Ports vRealize Automation appliance HTTPS: 443 LDAP: 389 Adapter Configuration: 8443 LDAPS:636 Remote Console Proxy: 8444 SSH: 22 Virtual Appliance Management Console: 5480 VMware ESXi: 902 Infrastructure Core requires access to vSphere endpoint port 443 to obtain a ticket for VMware Remote Console. The vRealize Automation appliance requires access to ESXi host port 902 to proxy traffic to the consumer.
Reference Architecture Server Role Inbound Ports MSSQL Database Server MSSQL: 1433 MSDTC: 135, 1024 65535. For information about how to narrow this range, see the Database Deployment section of Chapter 2 vRealize Automation Deployment. Service/System Outbound Ports Infrastructure Core Server: 135, 1024 to 65535. For information about how to narrow this range, see the Database Deployment section of Chapter 2 vRealize Automation Deployment. MSDTC: 135, 1024 65535.
Reference Architecture Minimum Footprints Figure 9‑1. Minimum footprint for small configuration of vRealize Automation Not Shown: All Infrastructure systems require access to Port 5480 of all vRealize Appliances for Log Collection (vRA Settings > Cluster > Collect Logs on Virtual Appliance:5480) to function.
Reference Architecture Figure 9‑2. Minimum footprint for small configuration of vRealize Business for Cloud Infrastructure Web DNS Entry vRa Virtual Appliance DNS Entry 443 443 web.ra.local vrava.ra.local vRealize Business Standard Virtual Appliance vrb.ra.local vCenter Operations Manager VMware, Inc.
vRealize Automation Medium Deployment Requirements 10 A vRealize Automation medium deployment comprises systems of 30,000 managed machines or fewer and includes the appropriate virtual machines, load balancers, and port configurations. Support A medium deployment can support the following items. n 30,000 managed machines n 1000 catalog items n 50 machine provisions Requirements A medium deployment most meet the appropriate system configuration requirements.
Reference Architecture Load Balancers n vRealize Automation appliance Load Balancer: med-vrava.ra.local n Infrastructure Web Load Balancer: med-web.ra.local n Infrastructure Manager Service Load Balancer: med-manager.ra.local Certificates The host names that are used in this table are examples only. Server Role CN or SAN vRealize Automation appliance SAN contains the following host names: Infrastructure Web or Manager Server n vrava.ra.local n vrava-1.ra.local n vrava-2.ra.
Reference Architecture Server Role Inbound Ports Outbound Ports for Service or System vRealize Automation appliance HTTPS: LDAP:389 Adapter Configuration: 8443 LDAPS: 636 Remote Console Proxy: 8444 Postgres: 5432 RabbitMQ: 4369, 25672, 5671, 5672 ElasticSearch: 9300, 40002, 40003 Stomp: 61613 SSH: 22 vRealize AutomationAppliance (All other): 5432, 4369, 25672, 5671, 5672, 9300, 40002, 40003 vRealize Automation Infrastructure Web Load Balancer: 443 VMware ESXi: 902.
Reference Architecture Server Role Inbound Ports Outbound Ports for Service or System MSSQL Database Server MSSQL: 1433 Infrastructure Web/Manager Server: 135, 1024 - 65535. For information about how to narrow this range, see the Database Deployment section of Chapter 2 vRealize Automation Deployment. MSDTC: 135, 1024 65535. For information about how to narrow this range, see the Database Deployment section of Chapter 2 vRealize Automation Deployment.
Reference Architecture Graphics Figure 10‑1. Minimum footprint for vRealize Automation medium configuration Not Shown: All Infrastructure systems require access to Port 5480 of all vRealize Appliances for Log Collection (vRA Settings > Cluster > Collect Logs on Virtual Appliance:5480) to function. Users 443,8444, 8283 vRA Virtual Appliance Load Balancer (Port 443, 8444, 8283) vrava.ra.local 443, 8283, 8444 vRA Virtual Appliance 1 vrava-2.ra.local 443 vRA Virtual Appliance 3 vrava-3.ra.
Reference Architecture Figure 10‑2. Minimum footprint for vRealize Business for Cloud medium deployment vRA IaaS Web Load Balancer vRA Virtual Appliance Load Balancer 443 443 web.ra.local vrava.ra.local vRealize Business Standard Virtual Appliance vrb.ra.local vCenter Operations Manager VMware, Inc.
vRealize Automation Large Deployment Requirements 11 A vRealize Automation large deployment comprises systems of 50,000 managed machines or fewer and includes the appropriate virtual machines, load balancers, and port configurations. Support A large deployment can support the following items. n 50,000 managed machines n 2500 catalog items n 100 concurrent machine provisions Requirements A large deployment must meet the appropriate system configuration requirements.
Reference Architecture n Clustered MSSQL Database: mssql.ra.local Load Balancers n vRealize Automation appliance load balancer: vrava.ra.local n Infrastructure Web load balancer: web.ra.local n Infrastructure manager service load balancer: manager.ra.local Certificates The host names used in this table are examples only. Server Role CN or SAN vRealize Automation appliance SAN contains the following host names: Infrastructure Web server n vrava.ra.local n vrava-1.ra.local n vrava-2.ra.
Reference Architecture The system must support the appropriate inter-application communications. Server Role Inbound Ports Outbound Ports for Service or System HTTPS: 443 LDAP: 389 Adapter configuration: 8443 LDAPS: 636 Remote console proxy: 8444 vRealize Automation appliance: 5432, 4369, 25672, 5671,5672, 9300, 40002, 40003.
Reference Architecture Server Role Inbound Ports Infrastructure DEM server NA Outbound Ports for Service or System vRealize Automation appliance load balancer: 443 vRealize Automation infrastructure Web load Balancer: 443 vRealize Automation infrastructure manager load balancer: 443 vRealize Orchestrator load balancer: 8281 vRealize Automation appliance: 5480.
Reference Architecture Graphics Figure 11‑1. Minimum footprint for vRealize Automation large configuration NOT SHOWN All Infrastructure systems require access to Port 5480 of all vRealize Appliances for Log Collection (vRA Settings > Cluster > Collect Logs on Virtual Appliance:5480) to function.
Reference Architecture Figure 11‑2. Minimum footprint for vRealize Business for Cloud large configuration vRA Infrastructure Web Load Balancer vRA Virtual Appliance Load Balancer 443 443 web.ra.local vrava.ra.local vRealize Business Standard Virtual Appliance vrb.ra.local vCenter Operations Manager VMware, Inc.
vRealize Automation Multi-Data Center Data Deployments 12 vRealize Automation supports managing resources in remote data centers. To manage vSphere, HyperV, or Xen resources in remote data centers, deploy the proxy agent on a virtual machine in the remote data center. Note The diagram below shows a vSphere deployment. Other endpoints require no additional configuration.
Reference Architecture Figure 12‑1. vRealize Automation Multi-Site Configuration Remote Data Center Primary Data Center 443 vRA Virtual Appliances vSphere Endpoint 443 vRA Infrastructure Web Load Balancer 903 ESXi Host 443 vRA Infrastructure Web Server 443 vRA Infrastructure Proxy Agent vRA Infrastructure Manager Load Balancer 443 vRA Infrastructure DEM-Worker Servers 443 *DEM-Based Endpoints Varies VMware, Inc.
