Archive for October 2015

VMware vRealize Automation 6.2.2 Configuration and Management Part 4

October 16, 2015 Part 4 No comments

vRARobot2

Blueprints

Blueprints are used to define a machines attributes and methods of provisioning. These blueprints are then added into the Service Catalog ready for users to provision machines. There are 4 different types

  • Cloud
  • Physical
  • Virtual
  • Multimachine (New in vRA 6)

A user can request VMs if the below conditions are met

  • The Blueprint is published as a catalog item
  • The item is added to a service
  • The user is entitled to use the service

Configuring Blueprints

  • Go to Infrastructure -> Blueprints -> Blueprints

vRA40

  • Click New Blueprint > Virtual > vSphere (vCenter)

vRA41

  • Put in a name. I am going to call mine Windows2012Blueprint
  • Put in a description
  • (Optional) Select the Master check box to allow users to copy your blueprint.
  • (Optional) Select the Display location on request check box to prompt users to choose a datacenter location when they submit a machine request. This option requires additional configuration to add datacenter locations and associate compute resources with those locations
  • (Optional)Choose your reservation policy
  • Choose the machine prefix you have previously set up
  • Choose the maximum amount of VMs which can be deployed from this blueprint per user
  • Specify the number of days to archive machines provisioned from this blueprint, just keep it at 0 for now. Archive defines the number of days that an expired virtual machine remains available for activation. A zero value destroys the VM upon expiration
  • Add in any additional costs for chargeback purposes. These costs will be added to anything that is set in a cost profile. so you can add in a OS licensing cost or specific application cost for this VM

vRA45

  • Click Build Information
  • The build information tab options define the type of blueprint, the provisioning action and the associated workflow
  • In Blueprint type, the options are Server / Desktop / Hypervisor
  • In Action, the options are Create, Clone, Linked Clone and NetApp FlexClone. Using the Create option creates an empty container. The clone option creates a new machine as a full copy and the Linked Clone option deploys a space efficient copy based on snapshots and chains of delta disks

vRA46

  • Next the blueprint provisioning workflow option vary depending on what blueprint action you selected
  • Next we need to select a template to clone from

vRA51

  • Next Choose a customisation spec. A customization specification is required only if you are cloning with static IP addresses. However, you cannot perform any customizations of Windows machines without a customization specification object. For Linux clone machines, you can use a customization specification, an external script, or both to perform customizations.

vRA48

  • In Machine Resources, you can define the maximum and minimum resources that can be chosen by a user who wants to provision a VM from this blueprint.  It’s optional but you can specify maximum amounts of vCPU, RAM, and HDD space that can be assigned to this blue print which gives a user the ability to customize to their specific application
  • Next click the Properties tab
  • Additional information can be provided during the provisioning process using Custom Properties
  • Custom Properties can be used throughout the lifecycle of a machine

vRA49

  • Options for customising properties can include

Specifying the O/S to be used during provisioning

Customizing the O/S

Link for Custom Properties for Basic Workflow Blueprints 

http://pubs.vmware.com/vra-62/index.jsp#com.vmware.vra.iaas.virtual.doc/GUID-15B1491D-BECF-40DE-9F2C-315975476B3B.html

Integrating the machine with an external system

  • Click the Actions tab
  • Actions identify the operations that can be carried out on a VM provisioned from a blueprint with additional custom actions being defined in Advanced Services Designer and entitled to users

vRA50

  • Click OK to finish
  • You should now see your blueprint

vRA52

Publishing a Blueprint

  • Navigate to Infrastructure > Blueprints > Blueprints. Highlight your new blueprint and click on Publish to publish the blueprint to the vRA catalog

vRA53

  • You should now see that it is published

Service Catalog

The Service Catalog is a self service portal where users can locate the items they want to request and track requests and manage provisioned items.

Using Service Categories, catalog items can be organised into containers such as Linux, Windows or User Support

  •  Go to Administration > Catalog Management > Services. Click on the green “+” sign to add a new service.

vRA54

  • Fill in the required data and choose an icon as necessary to reflect the Service, in my case Windows

vRA55

  • You should now see your service

vRA56

  • Click on Manage Catalog Items. A catalog item must be associated with a service before it can be requested

vRA57

  • Click the green + sign

vRA58

  • Choose your catalog item. In my case the Windws2012 item

vRA59

Create an Entitlement to the catalog item

  • Go to Administration > Catalog Management > Entitlements and click on the green “+” mark

vRA60

  • Fill in your details

vRA61

  • Click Next
  • Click the green + sign next to Entitled Services and select your service

vRA62

  • Click the green + sign next to Entitled Catalog items and select your Catalog item

vRA63

  • Click the green + sign next to Entitled Actions and select your Actions

vRA64

  • Click OK and you should now see your entitlements

vRA65

Provision a machine

  • Go to the Catalog tab and check if your service is available

vRA66

  • Click Request
  • Check the details and modify the request reason
  • Remember you can only modify the resources up to the maximum set in the blueprint and sometimes these are subject to approval policies as well. (Which haven’t been covered yet)

vRA67

  • Click Submit and the VM should be provisioned in vCenter
  • Click the Requests tab to monitor the request

vRA68

  • If you log into vCenter and go to Virtual Machines and Templates, you will see that vCAC by default will place all provisioned machines into a vCenter folder named VRM.  You can override this using the custom property VMware.VirtualCenter.Folder to tell vRA where to place the provisioned machine.
  • My machine is dacv001

vRA69

  • If you click on the Items tab once the machine is provisioned, you can manage some actions which are controlled by entitlements

vRA72

Taking a snapshot

  • Click on Items
  • Click on the Owned by drop down menu and change this to “All groups I manage”
  • Click on View Details

vRA73

  • Click New Snapshot

vRA74

  • vRA allows one snapshot per machine and no age limits

VMware vRealize Automation 6.2.2 Configuration and Management Part 3

October 16, 2015 Part 3, vRA Small Deployment v6.2.3 2 comments

vRARobot2

Configuration and Management

So in Part 2 I set up the following

  • 1 x Windows 2012 SQL Server
  • 1 x VMware vRA 6.2.2 appliance
  • 1 x Windows 2012 Datacenter IaaS Sever
  • 1 x vCenter 5.5 server providing SSO capabilities to vRA
  • Make sure the IaaS server is patched.

Configuration Start

Setting up User accounts and tenants

  • Log into vRA by opening a web browser and typing in https://vcac-appliance-name.domain.name/shell-ui-app (The default tenant)
  • Log in using the administrator@vsphere.local SSO account
  • You should now see the following page showing the default tenant vsphere.local. Ignore the second tenant for now. It is one I set up to work with vR Business.

vRAConfig1

vRA can be a Single Tenant or Multi-Tenant application. A tenant is an organizational unit in a vRA deployment. A tenant can represent a business unit in an enterprise or a company that subscribes to cloud services from a service provider. Each tenant has it’s own dedicated configuration although some system-level config is shared across tenants.

The system administrator – administrator@vsphere.local can create additional tenants.

Each tenant has a unique URL to the vRA console where the default is

  • https://vcac-appliance-name.domain.name/shell-ui-app

while mutli-tenant resources will be given a URL such as

  • https://vra-appliance-domain-name/shell-ui-app/org/tenant-name.

The default tenant is the only tenant that supports native Active Directory authentication; all other tenants must use Active Directory over LDAP or OpenLDAP

Tenant Services

  • Non Tenanted

Non tenanted items are visible and consumable by all tenants

  • Endpoints
  • Compute Resources
  • Reservations
  • Managed machines
  • Networking
  • Machine Prefixes
  • Build profiles
  • Data Dictionary
  • Tenanted

Tenants requiring exclusive access to their own build profiles, machine prefixes and non tenanted objects may require their own vRA instance

  • Catalog
  • Approvals
  • Entitlements
  • Tenant identity store
  • Branding
  • Advanced Service Designer

In a single tenant configuration, everything is handled at the default instance. This includes system wide configurations. Tenant administrators can manage users and groups, configure tenant-specific branding, notifications, business policies, and catalog offerings. The system administrator account is always administrator@vsphere.local, while the tenant administrator must be a user in one of the tenant identity stores, such as username@mycompany.com

In a multi-tenant environment, the system administrator creates new tenants for each organization that uses the same vRA instance. Tenant users log in to the vRA console at a URL specific to their tenant. There are 2 different deployments which we will not go into further

  • Default tenant-managed multitenancy
  • Individual tenant-managed multitenancy

Configuring the default tenant

  • Highlight vSphere.local and click edit
  • Click Identity Store and click Edit

vRAConfig20

  • Test Connection and click Update
  • Add your tenant admin account and infrastructure admin account. Note I have created AD accounts which are distinguishable as these vRA accounts.

vRAConfig8

  • Click Update
  • Your default tenant is complete

Adding a second tenant

  • Click Add tenant and you will see this screen
  • As an example I am creating a developer tenant

vRAConfig2

  • Click Submit and Next
  • Click Add identity store

vRAConfig3

  • Fill in the details – example below
  • Click Test Connection

vRAConfig4

  • Click Add
  • Click Submit and Next

vRAConfig5

  • Type in the username for your Tenant Adminstrators and Infrastructure Administrators
  • Click Update
  • You will now see your Developer tenant

vRAConfig6

vRA Roles recap

  • System-wide roles

vRAConfig9a

  • Tenant Roles

vRAConfig10

  • Business Group Roles

vRAConfig11

Licensing

Before doing anything make sure you have licensed you vRA

  • Log in as your Infrastructure account
  • Go to Infrastructure > Administration > Licensing
  • Add your license and click OK

vRAConfig16

Creating an endpoint credential prior to creating an endpoint

  • Log into your vRA console using the IAAS Admin account and click on the Infrastructure tab

vRAConfig12

  • Click on Endpoints then click on Credentials > New Credentials

vRAConfig13

  • I put in my domain admin account details and clicked the green tick

vRAConfig14

Endpoints

Endpoints are the infrastructure points which are consumed by vRA. IAAS Administrators can manage endpoints and vRA uses DEMs (Distributed execution managers) or agents to communicate with these endpoints.

Endpoints can be

  • vCenter
  • Open Stack
  • vCo
  • vApp vCloud Director
  • vCloud Hybrid Service
  • SCVMM
  • Amazon EC2
  • RHELV
  • Physical machines
  • Communication with storage devices which use Netapp FlexClone technology

Endpoints

  • Next click on Endpoints > New endpoint > Virtual > vSphere (vCenter)

vRAConfig17

  • Put in a name. E.g. vCenter
  • Put in a description
  • Put in the address as https://your-vCenter-Server/sdk
  • Select the credentials
  • Click OK

vRAConfig18

  • You should now see your endpoint
  • Note: Different endpoints need the credentials being put in the correct format (user@domain or domain\user) Check the vendor documentation
  • Note: Additional configuration is necessary when configuring an endpoint for vSphere which is supported by an underlying network platform such as vCloud networking or VMware NSX

vRAConfig19

  • At this point I recommend restarting the vCloud Automation Center Agent service on the IaaS server or restarting the IaaS server altogether especially if in the next step, you find you can’t see your cluster resource like I couldn’t to start with!!

Fabric Groups

The fabric contains all the compute resources which are discovered by the end point which is then organized into fabric groups for provisioning

Fabric groups are created in a tenant but their resources are available to all userswho belong in business groups in all tenants. Large enterprises might create fabric groups to reflect physical locations and smaller enterprises might just have one fabric group

  • Navigate to Infrastructure > Group > Fabric Groups. Click on New Fabric Group on the right hand side. The IAAS Admin creates fabric groups and assigns a fabric admin

vRAConfig21

  • Enter your Fabric details and choose a compute resource
  • If you gave fabric admin to the same user you are logged in as then you need to log out and in again

vRAConfig22

  • I then go to Infrastructure > Compute Resources > Computer Resources and hover over my compute resource and select Data Collection

vRA323

  • Check the status of the Compute Resource Data Collections

vRA324

  • It’s also worth checking Infrastructure > Monitoring > Log as you can see below I had some IIS issues which I had to sort and DEO and DEM issues

vRA325

Machine Prefixes

Machine prefixes are used to create names for machines provisioned through vCloud Automation Center. Tenant administrators and business group managers select these machine prefixes and assign them to provisioned machines through blueprints and business group defaults

Fabric Admins create machine prefixes and these prefixes are shared across all tenants. Every blueprint must have a machine prefix or use a default machine prefix

  • Go to Infrastructure > Blueprints > Machine Prefixes.

vRAConfig25

  • Click on New Machine Prefix on the right hand side

vRAConfig26

  • Machine prefixes must conform with DNS with no special characters and Windows OS’s must not exceed 15 characters

Business Groups

A business group links a set of resources or services to a set of users in a department or OU and is created by the tenant admin. In order to request machines a user must be a member of a business group

  • Go to Infrastructure > Groups > Business Groups, fill in the required detail

vRAConfig27

  • Click New Business Group

vRAConfig28

  • The Business Group manager can see all the machines which have been built and manage the groups’s blueprints
  • Multiple entries must be separated with commas. For example, JoeAdmin@mycompany.com,WeiMgr@mycompany.com.
  • Support users can work for another user
  • Normal users will just be able to see blueprints in the catalog

Reservations

A reservation is a share of the CPU, Memory, storage and networking resources from a fabric group and reserved for use by a business group. No relation to vSphere relations

  • Each reservation is for one business group
  • Business groups can have multiple reservations on a single compute resource
  • Each business group can have multiple reservations on compute resources of a different type
  • Reservations may also define priorities, policies an quotas that determine machine placement

Types

  • Virtual – Allocates resources on compute resource for use by the business group
  • Physical – Set of physical machines reserved for use by a business group
  • Cloud – Provides access to the provisioning services of a cloud services account

Reservation Policies

  • A reservation can only belong to one policy
  • You can add multiple reservations to a reservation policy
  • You can assign a reservation policy to more than one blueprint
  • A blueprint can have only one reservation policy
  • Can be used for tiering

Creating a reservation

  • Go to Infrastructure > Reservations > Reservations

vRAConfig29

  • Click New Reservation > Virtual > vSphere (vCenter)
  • Select the Compute Resource and select the value you set up previously. Some values will automatically populate

vRAConfig30

  • Click the Resources tab
  • Fill in your memory reservation
  • Select the datastore(s) you want to use and the reseravtion of storage you want to use. Don’t forget to tick the green button

vRAConfig31

  • Click on Network

vRAConfig32

  • Choose your networks
  • If you choose a network profile, it can allow machines to be assigned specific addresses. The profiles must be configured with IP addresses which can be used
  • Click the Alerts tab

vRAConfig33

  • Alerts are optional and you can put in recipients and schedule how often you want reminders to be sent out

Creating Reservation Policies

  • Go to Infrastructure > Reservations > Reservation Policies

vRAConfig34

  • Click New Reservation Policy
  • Fill in the details. For example you could set up policies for High end compute, mid range compute and low end compute etc

vRAConfig35

A quick look at network profiles

  • Go to Infrastructure > Reservations > Network Profiles
  • Select New network profile

vRAConfig36

  • Fill in your details as appropriate

vRAConfig37

A quick overview of DEMs and Agents

DEMs are used for provisioning and managing machines on

  • VMware vCloud Director and VMware Hybrid Service
  • RHELv Manager
  • Microsoft System Center Virtual Machine Manager
  • Amazon Web Services
  • Physical server management interfaces (Dell/Cisco/IBM)

Agents are used for provisioning and managing machines and services on

  • Hypervisor proxy agents (vSphere, Citrix, Xen and Hyper-V)
  • External provisioning infrastructure
  • Virtual desktop infrastructures
  • WMI (Windows management instrumentation)

DEMS

Can be installed as orchestrator or worker DEMs

DEM Orchestrator

  • Monitors and manages the DEM worker status so if a worker fails the orchestrator DEM moves the workflow to another DEM worker instance
  • Schedules workflows
  • Ensures only one instance of a scheduled workflow is running at any one time
  • Generates workflow history for reporting
  • One DEM orchestrator is always the active one. It is recommended to install an additional orchestrator instance on another machine for redundancy

DEM Workers

  • DEM workers communicate with the external systems to execute workflows
  • Dem workers must be able to communicate with external firewalls
  • The minimum installation installs the required DEMs and default vSphere Proxy agent. Additional proxy agents such as Hyper V and Xen server can be installed post installation.

Checking the DEM status

  • Go to Infrastructure > Monitoring > Distributed Execution Status

vRAConfig23

Agents

vRA uses agents to integrate with the following external systems. Endpoints must be configured before the agents are started and the endpoint and agent name has to match.

Agents are installed under Program Files (x86) > VMware > vCAC > Agents > agentname with the config being stored in VRMAgent.exe.config in the same folder

Hypervisor proxy agents

  • vCenter
  • Citrix Xenserver
  • Hyper-V

Integration agents

  • External provisioning agents (Integration with Citrix Provisioning server)
  • VDI (Used to register provisioned machines with a VDI Connection Broker)
  • WMI

Setup an additional vSphere Agent (for more than 1 vCenter instance)

  • Right click on setup_vcac-va-hostname.domain.name@5480.exe and “Run as Administrator”. We have the same installer screen as before
  • Accept the EULA and click next
  • Log into your appliance with the root credentials
  • Now we want to choose Custom Install. Click on Proxy Agents. Click Next
  • Enter the username and password you plan on using as your service account to run this service.
  • Configure the agent details
  • Select vSphere from the Agent Type Drop Down
  • Type in an agent name. All agent names must be unique and there cannot be two alike.
  • Type the FQDN of the server with the Manager Service (this was a complete install done on the iaas box)
  • Type the FQDN of the server with the Manager Web Service (this was a complete install done on the iaas box)
  • Type in the complete Endpoint address as well as port.
  • Click Finish.

Thank you for following Part 3 of the vRA series. The next series will be Part 4 which will cover Blueprints and Catalog Services.