Foundations and Concepts 04 December 2017 vRealize Automation 7.
Foundations and Concepts You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2008–2017 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents Foundations and Concepts 5 1 Updated Information 6 2 Foundations and Concepts 7 Using Scenarios 7 Using the Goal Navigator 7 Introducing vRealize Automation 8 Providing On-Demand Services to Users Overview vRealize Business for Cloud Overview Tenancy and User Roles Tenancy Overview 15 15 15 User Roles Overview Service Catalog 20 28 Requesting and Managing Items in the Catalog Creating and Publishing Catalog Items Services for the Service Catalog Catalog Items Actions 28 29 29 29
Foundations and Concepts XaaS Blueprints 43 Resource Actions Common Components Notifications Branding 43 43 44 46 Life Cycle Extensibility 46 vRealize Automation Extensibility Options 46 Leveraging Existing and Future Infrastructure Configuring Business-Relevant Services 47 47 Extending vRealize Automation with Event-Based Workflows Integrating with Third-Party Management Systems 47 Adding New IT Services and Creating New Actions 48 47 Calling vRealize Automation Services from External Ap
Foundations and Concepts VMware vRealize ™ Automation provides a secure portal where authorized administrators, developers, or business users can request new IT services. In addition, they can manage specific cloud and IT resources that enable IT organizations to deliver services that can be configured to their lines of business in a self-service catalog. This documentation describes the features and capabilities of vRealize Automation.
Updated Information 1 This Foundations and Concepts is updated with each release of the product or when necessary. This table provides the update history of the Foundations and Concepts. Revision Description 04 December 2017 Minor updates. 12 September 2017 Updated Scaling and Reconfiguring Deployments. VMware, Inc.
Foundations and Concepts 2 Before you begin working with vRealize Automation, you can familiarize yourself with basic vRealize Automation concepts.
Foundations and Concepts The goal navigator can answer the following questions: n Where do I start? n What are all the steps I need to complete to achieve a goal? n What are the prerequisites for completing a particular task? n Why do I need to do this step and how does this step help me achieve my goal? The goal navigator is hidden by default. You can expand the goal navigator by clicking the icon on the left side of the screen.
Foundations and Concepts You can create and publish blueprints for a single machine deployment, or a single custom XaaS resource, but you can also combine machine blueprints and XaaS blueprints with other building blocks to design elaborate application blueprints that include multiple machines, networking and security, software with full life cycle support, and custom XaaS functionality.
Foundations and Concepts n Infrastructure as a Service Overview With Infrastructure as a Service (IaaS), you can rapidly model and provision servers and desktops across virtual and physical, private and public, or hybrid cloud infrastructures. n Software Components Overview Software components automate the installation, configuration, and life cycle management of middleware and application deployments in dynamic cloud environments.
Foundations and Concepts n Service Catalog Overview The service catalog provides a unified self-service portal for consuming IT services. Users can browse the catalog to request items they need, track their requests, and manage their provisioned items. n Containers Overview You can use containers to gain access to additional instrumentation for developing and deploying applications in vRealize Automation.
Foundations and Concepts Deploying Any Application and Middleware Service You can deploy Software components on Windows or Linux operating systems on vSphere, vCloud Director, vCloud Air, and Amazon AWS machines. n IaaS architects create reusable machine blueprints based on templates, snapshots, or Amazon machine images that contain the guest agent and Software bootstrap agent to support Software components.
Foundations and Concepts n For information about vRealize CloudClient, see https://developercenter.vmware.com/tool/cloudclient. XaaS Overview With the XaaS, XaaS architects can create XaaS blueprints and resource action, and publish them as catalog items. With XaaS, you can provide anything as a service using the capabilities of VMware vRealize ™ Orchestrator ™. For example, you can create a blueprint that allows a user to request a backup of a database.
Foundations and Concepts Container administrators can use Containers to perform the following tasks: n Model containerized applications in vRealize Automation blueprints. n Provision container hosts from the vRealize Automation service catalog. n Manage container hosts from within vRealize Automation. n Create and configure hosts. n Set resource quotas for containers. n Work with templates, images, and registries. n Create and edit blueprints in the vRealize Automation service catalog.
Foundations and Concepts vRealize Business for Cloud Overview With vRealize Business for Cloud, directors of cloud operations can monitor their expenditures and design more price-efficient cloud services. vRealize Business for Cloud provides the following benefits: n Drives accountability by providing visibility into the price of virtual infrastructure and public cloud providers and providing daily price and month-to-date expense updates in vRealize Automation.
Foundations and Concepts Table 2‑1. Tenant Configuration (Continued) Configuration Area Description Notification providers System administrators can configure global email servers that process email notifications. Tenant administrators can override the system default servers, or add their own servers if no global servers are specified. Business policies Administrators in each tenant can configure business policies such as approval workflows and entitlements.
Foundations and Concepts Comparison of Single-Tenant and Multitenant Deployments vRealize Automation supports deployments with either a single tenant or multiple tenants. The configuration can vary depending on how many tenants are in your deployment. System-wide configuration is always performed in the default tenant and can apply to one or more tenants. For example, system-wide configuration might specify defaults for branding and notification providers.
Foundations and Concepts Figure 2‑1. Single-Tenant Example http://vra.mycompany.com/vcac/ Default Tenant (Tenant config) Business group mgr Tenant admin Business Group • User management • Tenant branding • Tenant notification providers • Approval policies • Catalog management Business goup mgr Business Group http://vra.mycompany.
Foundations and Concepts Table 2‑2. Multitenant Deployment Examples Example Description Manage infrastructure configuration only in the default tenant In this example, all infrastructure is centrally managed by IaaS administrators and fabric administrators in the default tenant. The shared infrastructure resources are assigned to the users in each tenant by using reservations.
Foundations and Concepts The following diagram shows a multitenant deployment where each tenant manages their own infrastructure. The system administrator is the only user who logs in to the default tenant to manage system-wide configuration and create tenants. Each tenant has an IaaS administrator, who can create fabric groups and appoint fabric administrators with their respective tenants.
Foundations and Concepts System-Wide Role Overview System-wide roles are typically assigned to an IT system administrator. In some organizations, the IaaS administrator role might be the responsibility of a cloud administrator. System Administrator The system administrator is typically the person who installs vRealize Automation and is responsible for ensuring its availability for other users.
Foundations and Concepts System-Wide Roles and Responsibilities Users with system-wide roles manage configurations that can apply to multiple tenants. The system administrator is only present in the default tenant, but you can assign IaaS administrators to any tenant. Table 2‑3. System-Wide Roles and Responsibilities Role Responsibilities System Administrator n Create tenants. n Configure tenant identity stores. n Assign IaaS administrator role. n Assign tenant administrator role.
Foundations and Concepts Tenant Role Overview Tenant roles typically have responsibilities that are limited to a specific tenant and cannot affect other tenants in the system. VMware, Inc.
Foundations and Concepts Table 2‑4. Tenant Role Overview Role Description Tenant Administrator Typically a line-of-business administrator, business manager, or IT administrator who is responsible for a tenant. Tenant administrators configure vRealize Automation for the needs of their organizations. They are responsible for user and group management, tenant branding and notifications, and business policies such as approvals and entitlements.
Foundations and Concepts Tenant Roles and Responsibilities in vRealize Automation You can assign tenant roles to users in any tenant. The roles have responsibilities that are specific to that tenant. Table 2‑5. Tenant Roles and Responsibilities Role Responsibilities Tenant administrator n Customize tenant branding.
Foundations and Concepts Table 2‑5. Tenant Roles and Responsibilities (Continued) Role Responsibilities Infrastructure architect n Create and manage infrastructure blueprint components. n Assemble and manage composite blueprints. n Define custom resource types. n Create and publish XaaS blueprints. n Create and manage resource mappings. n Create and publish resource actions. n Create and manage software blueprint components. n Assemble and manage composite blueprints.
Foundations and Concepts Table 2‑5. Tenant Roles and Responsibilities (Continued) Role Responsibilities How Assigned Shared access user Interact with items that other business group members deploy, including running actions against them. By default, shared access users cannot request items. The tenant administrator designates the shared access users when creating or editing business groups. Approval administrator n Create and manage approval policies.
Foundations and Concepts IaaS administrators automatically inherit the container administrator permissions to perform Containers administrative tasks. Consumers of catalog items that involve containers inherit the necessary privileges to access the resources provided by the Containers. They can open and see the details of their container-related items and perform day-two operations on them. vRealize Automation users authenticated through VMware Identity Manager have access to Containers.
Foundations and Concepts If the request results in an item being provisioned, it is added to Connie's list of items on the Items tab. Here she can view the item details or perform additional actions on her items. In the virtual machine example, she might be able to power on or power off the machine, connect to it through Remote Desktop, reconfigure it to add more resources, or dispose of it when she no longer needs it.
Foundations and Concepts Other catalog items do not result in provisioned items. For example, a cell phone user can submit a request for additional minutes on a mobile plan. The request initiates a workflow that adds minutes to the plan. The user can track the request as it progresses, but cannot manage the minutes after they are added. Some catalog items are available only in a specific business group, other catalog items are shared between business groups in the same tenant.
Foundations and Concepts The actions that you entitle to users apply to any items that support the entitled action and they are not limited to the services and actions in the same entitlement.
Foundations and Concepts n Fabric Groups An IaaS administrator can organize virtualization compute resources and cloud endpoints into fabric groups by type and intent. One or more fabric administrators manage the resources in each fabric group. n Business Groups A business group associates a set of services and resources to a set of users, often corresponding to a line of business, department, or other organizational unit.
Foundations and Concepts Configuring Infrastructure Fabric The IaaS administrator and fabric administrator roles are responsible for configuring the fabric to enable provisioning of infrastructure services. Fabric configuration is system-wide and is shared across all tenants. An IaaS administrator creates an endpoint to configure access to an infrastructure source.
Foundations and Concepts Table 2‑6.
Foundations and Concepts Table 2‑8. Data Collection Types Data Collection Type Description Infrastructure Source Endpoint Data Collection Updates information about virtualization hosts, templates, and ISO images for virtualization environments. Updates virtual datacenters and templates for vCloud Director. Updates Amazon regions and machines provisioned on Amazon regions. Endpoint data collection runs every 4 hours.
Foundations and Concepts Business Groups A business group associates a set of services and resources to a set of users, often corresponding to a line of business, department, or other organizational unit. Business groups are managed in Administration > Users and Groups and are used when creating reservations and entitling users to items in the service catalog. To request catalog items, a user must belong to the business group that is entitled to request the item.
Foundations and Concepts A cloud reservation provides access to the provisioning services of a cloud service account, for Amazon AWS, or to a virtual datacenter, for vCloud Director, for a business group to use. A business group can have multiple reservations on the same compute resource or different compute resources, or any number of reservations containing any number of machines. A compute resource can also have multiple reservations for multiple business groups.
Foundations and Concepts Machine Blueprints A blueprint that contains a machine component specifies the workflow used to provision a machine and includes information such as CPU, memory, and storage. Machine blueprints specify the workflow used to provision a machine and include additional provisioning information such as the locations of required disk images or virtualization platform objects.
Foundations and Concepts When a machine lease expires, the machine is powered off. When the archive period expires, the machine is destroyed. You can reactivate an archived machine by setting the expiration date to a date in the future to extend its lease, and powering it back on. You can send notification emails to alert machine owners and business group managers that a machine's lease is about to expire and again when the lease expires.
Foundations and Concepts If demand decreases, you can scale the deployment in. The newest machines and software components are destroyed first, and your networking and security components are updated so that your deployed application isn't using any unnecessary resources. Table 2‑9. Support for Scalable Components Component Type Support ed Machine components Yes Scale out provisions additional instances of your machines, and scale in destroys machines in last in, first out order.
Foundations and Concepts For a clustered deployment, in which the deployment created from a blueprint contains more than one VM, scaling fails if the blueprint uses a hostname custom property but does not contain a machine prefix value. To avoid this issue, you can use the machine prefix option in the blueprint definition. Otherwise, the scaling function attempts to use the same hostname setting for each VM in the cluster. For more information, see VMware Knowledge Base article 2148213 at http://kb.vmware.
Foundations and Concepts Creating XaaS Blueprints and Actions By using the XaaS blueprints and resource actions, you define new provisioning, request, or action offerings and publish them to the common catalog as catalog items. You can create XaaS blueprints and actions for either requesting or provisioning. The XaaS blueprints for requesting do not provision items and provide no options for post-provisioning operations.
Foundations and Concepts Resource Mappings You create resource mappings between the vRealize Automation catalog resource type and the vRealize Orchestrator inventory type to manage resources provisioned outside of XaaS. For example, you might want to create an action so that users can take a snapshot of their Amazon machines.
Foundations and Concepts Notifications You can send automatic notifications for several types of events, such as the successful completion of a catalog request or a required approval. System administrators can configure global email servers that process email notifications. Tenant administrators can override the system default servers, or add their own servers if no global servers are specified. Tenant administrators select which events cause notifications to be sent to users in their tenants.
Foundations and Concepts Configure an outbound mail server to send notifications. Do you want users to be able to respond to notifications? Yes Configure an inbound mail server to receive notifications. No Enable notifications for any events you want to allow users to receive updates for. Do you want to customize the templates for IaaS notifications? Yes TEMPLATE Edit the configuration files that control IaaS notifications. No Tell your users how to subscribe to the notifications you enabled.
Foundations and Concepts Branding Each tenant can change the appearance of the vRealize Automation console and login pages. System administrators control the default branding for all tenants. A tenant administrator can change the branding of the portal including the login pages, logo, the background color, and the information in the header and footer. If the branding for a tenant is changed, a tenant administrator can always revert back to the system defaults.
Foundations and Concepts Leveraging Existing and Future Infrastructure vRealize Automation provides support for many types of infrastructure and provisioning methods. IaaS administrators can integrate with several infrastructure sources including virtual hypervisors, such as ® vSphere, Hyper-V, KVM (RHEV), and so on, public clouds including VMware vCloud Air ™ and Amazon AWS, and physical infrastructure.
Foundations and Concepts Adding New IT Services and Creating New Actions The XaaS enables XaaS architects to define new services and new management operations on provisioned resources. vRealize Automation provides a range of management operations that you can perform on machines. Your organization may find it valuable to extend the default IaaS machine menus with new options, such as creating a machine backup or running a security check.
