Part 1: vRealize Automation 8.0 Simple Deployment with vRealize Easy Installer

On October 17th, 2019 VMware announced the next major release of vRealize Automation. it uses a modern Kubernetes based micro-services architecture and brings vRA cloud capabilities to the on-premises form factor.

What’s New

The many benefits of vRA 8.0 include:

  • Modern Platform using Kubernetes based micro-services architecture that provides
  • Easy to setup and consume multi-cloud infrastructure surface
  • Embedded vRO 8.0 Web Client and Orchestrator’s new release features
  • Deliver Infrastructure-as-Code using a declarative YAML syntax
  • Cloud Agnostic Blueprints
  • Iterative development of Blueprints
  • Self-service catalog coupled with agile governance
  • Collaboration across teams via sharing of objects
  • Kubernetes/container management
  • Deploy IPv6 workloads on dual-stack IP (IPv4/ IPv6) networks in vSphere
  • CI/CD pipeline and automated application release management
  • New Action based extensibility (ABX), which allows you to write lightweight scripts, using node.js and python.
  • Git Integration to manage all blueprints, workflows, actions and pipelines.

For more information, kindly refer to the Release Notes

vRealize Automation 8.0 is installed, configured, managed and upgraded only through vRealize Suite Lifecycle Manager 8.0 .

In the video posted below, I’am going to provide the step-by-step process of using the vRealize Easy Installer to :

  • Install vRealize Suite Lifecycle Manager 8.0
  • Deploy VMware Identity Manager 3.3.1 and register with vRealize Automation.
  • Install new instance of vRealize Automation 8.0

 

Installation Workflow

installer workflow

Please note that the installation process in the video after hitting submit is fast forwarded.

The End, Eh!

Automation and Orchestration vRealize Automation

vRealize Automation 7.6 (vRA 7.6) ITSM 7.6 Plug-in for ServiceNow

VMware vRealize Automation is a hybrid cloud automation platform that transforms IT service delivery. With vRealize Automation, customers can increase agility, productivity and efficiency through automation, by reducing the complexity of their IT environment, streamlining IT processes and delivering a DevOps-ready automation platform.

If you want to know more about the upcoming release of vRealize Automation 8, please check out our updated product page here.

In this blog we will be focusing on installing and configuring the new ITSM 7.6 Plug-in which was released and currently only available on the Service Now Store here for vRealize Automation 7.6, 7.5 and 7.4.

Summary

The vRealize Automation plugin 7.6 for ServiceNow provides an out of the box integration between the ServiceNow portal and vRealize Automation catalog and governance model. It enables ServiceNow users to deploy virtual machines and perform basic day 2 operations on their CMDB assets.

4

Once you install and configure the plug-in, vRealize Automation catalog items which are entitled to ServiceNow users will automatically appear in a special ServiceNow vRealize Automation portal.

When leveraging vRealize Automation’s ecosystem items via the ServiceNow portal, the vRealize Automation ServiceNow plugin will allow you to directly benefit from the extensibility and governance capabilities of vRealize Automation.
You can additionally leverage all vRealize Automation Event Broker integrations and include vRealize Automation approval policies.

Key Features

  • The plugin enables integration between vRealize Automation with ServiceNow platform to provide the ability for ServiceNow users to access the vRealize Automation catalogs & resources within ServiceNow.
  • The plugin allows ServiceNow users to request vRealize Automation catalog items from ServiceNow portal.
  • The plugin extends ServiceNow functionality to be able to render vRealize Automation catalog items into ServiceNow dynamically and manage vRealize Automation resources.
  • Day2 operations performed on the resources in ServiceNow CMDB will be synced back to vRealize Automation.
  • The Plugin can support multiple vRealize Automation Instances within the same ServiceNow Instance

What’s New

  • Resource Sharing and entitlements across ServiceNow users
  • Resource visibility based on Entitlements within ServiceNow
  • Header Rebranding where Global admin/plugin admin can apply changes based on his requirements.
  • Footer Rebranding where Global admin/plugin admin can apply changes to images, logo, text, colors, based on his requirements.
  • Two way checkout functionality for Catalog items
  • Boolean Yes_No field type support
  • Date/Time field support
  • Hyperlink field type support
  • Reconcile of CMDB
  • Business group functionality
  • Support for cross reference / Business group properties
  • Custom property fields population based on Business group selection

5

Updates and Improvements

  • Enhanced Documentation which you have to refer to.
  • ITSM 7.6 supports London and Madrid version of ServiceNow.
  • ITSM 7.6 support vRealize Automation 7.6, 7.5 and 7.4.
  • UI Improvement for Category widget on Service Portal.
  • UI improvement for browser Scrollbar on request and catalog item page on portal.
  • Issue with Catalog client script (Regex Function support).

A few facts first!

Update ITSM Application for ServiceNow

If you have previously downloaded the vRealize Automation ITSM Application version 5.1 from the ServiceNow store portal, you can update it to version 7.6 in your instance using the same portal. More details around the actual update procedure can be found in the documentation.

If you have a deployment of 5.1 which was downloaded and installed from VMware Marketplace or any of the following :

  • ITSM v5.1 Downloaded from VMware Marketplace
  • ITSM v5.0 Downloaded from VMware Marketplace
  • ITSM v4.1 Downloaded from VMware Marketplace
  • ITSM v4.0 Downloaded from VMware Marketplace
  • ITSM v3.0 Downloaded from VMware Marketplace

Before your deployment can be updated, the current version of the vRealize Automation ITSM Application must be uninstalled with the help of ServiceNow. Please open a ticket with ServiceNow at https://hi.service-now.com/hisp to remove the application ‘VMware vRealize Automation ITSM Application’.

Install a MID Server

  • Use or Install a Management, Instrumentation, and Discovery (MID) Server to facilitate the communication between ServiceNow and vRealize Automation.
    • Check my Pervious Blog here, on how to do that Or
    • Check Video 2 below

Install ITSM Application for ServiceNow

I usually would have captured the entire process but unfortunately I don’t have access to the ServiceNow Store portal so I would have to install the plug-in similar to how I did in my pervious blog for the 5.0/5.1 Plug-in here.

Now assuming you have access, let’s follow the following steps :

1

  • Click on the application to view the details. On the top right corner of the form, you will see buttons to “Purchase” and “Manage Entitlements”
  • The vRealize Automation ITSM Application for ServiceNow is free. 
  • Click “Manage Entitlements” and select the ServiceNow instances where the application should be installed. Click OK.
  • The application should now be available on the ServiceNow instances selected in the previous step.
  • Log in to the ServiceNow Instance as a ServiceNow system administrator.
  • Select System Applications > All Available Applications > All. 
  • Search for the application “vRealize Automation ITSM Application for ServiceNow
  • Click Install. In the popup, please select Install with demo data and complete the installation

This completes the installation of the Application.

Configure ITSM Plug-in for ServiceNow

After installation, you need to carry out the following configuration steps. 

Enable Application Access on Tables

  • You must enable application access to certain tables for the application to work.
    • Check my Pervious Blog here, on how to do that in Step 1 Or
    • Check Video 4 below.

Set up ServiceNow Users for managing the vRealize Automation ITSM Plug-in

Setup the ServiceNow users who will manage the vRealize Automation ITSM application configuration and enable end users to use the vRealize Automation User Portal.

The table below captured from the documentation describes the persona and necessary roles to enable the persona. 

2

  • vRealize Automation and ServiceNow may be backed by different Authentication Providers. It is important to setup the users in both systems with the same email address. This email address is used to match the user records across the Authentication Providers of the respective systems. The correlation is required to correctly assign the ownership of the deployments and machines. 
  • Authentication, Roles and Entitlements are defined and enforced by ServiceNow. They have no correspondence in vRealize Automation. 

Set up ServiceNow Users for approval and support the vRealize Automation ITSM Plug-in

Setup the ServiceNow users who will approve the requests for deployments. Also, setup the users who will receive a support ticket on request failures. 

The table below captured from the documentation describes the persona and the necessary groups to enable the approval and support notifications. 

3

Note: The Support group is actually called “vRA ServiceNow Support Group” and not “vRealizeAutomation-Support

Set up the integration user in vRealize Automation

You must set up a user in the vRealize Automation. The vRealize Automation ITSM Application connects to vRealize Automation using the credentials of this user to perform all actions including import of catalog items and categories, deployments and its resources, and requests for new deployments. 

The integration user must be a business group manager within the business groups that you want ServiceNow to manage. The integration user does not require a role within ServiceNow.

  • Check my Pervious Blog here, on how to do that in Step 5 Or
  • Check Video 6 below.

All Catalog Item Requests from ServiceNow are serviced by this integration user in vRealize Automation. In vRealize Automation, the requests and corresponding deployments will show the integration user as the owner. However, in ServiceNow, the requests and corresponding deployments will show the ServiceNow user who initiated the request. This is achieved by correlating the Email address from the user records across two systems.

Now that we got that out of the way lets dive right in with this series of videos that will capture the integration workflow.

6

Video 1: Requesting a ServiceNow Developer Instance

Video 2: Setting Up The ServiceNow MID Server

Video 3: Setup The Plug-in To Be Accessible From All Application Scopes

Video 4: Enable Plug-in Access To Certain Tables

Video 5: Installing The ITSM 7.6 Plug-in

Video 6: Setting Up The Integration User

Video 7: Setup ServiceNow Users (Admin, User, Approver and Support)

Video 8: Register vRealize Automation Instance In ServiceNow

Video 9: Creating vRealize Automation Entitlements

 

Coming Soon!

Video 10: Request vRealize Automation Catalog Item In ServiceNow

Video 11: Sharing Resources in ServiceNow vRealize Automation User Portal

Video 12: Rebrand the vRealize Automation User Portal in ServiceNow

 

Uncategorized

VMware Cloud Automation Services (CAS) – Cloud Assembly – Part 1

VMware’s cloud automation services are a set of cloud services that leverage the award-winning vRealize Automation on-premises offering. These services make it easy and efficient for developers to build and deploy applications. The cloud automation services consist of VMware Cloud Assembly, VMware Service Broker, and VMware Code Stream. Together, these services streamline application delivery, enable cloud flexibility and choice, and control risks. Additionally, these services facilitate collaboration between traditionally siloed groups helping further with accelerating business innovation.

  • VMware Cloud Assembly: Developers want the same experience of automating deployment and consumption of infrastructure and applications in private and hybrid clouds as they adopt public clouds. Cloud Assembly delivers unified provisioning across all clouds through declarative Infrastructure as Code, including AWS, Azure, and VMware Cloud on AWS. With Cloud Assembly, IT and cloud operations teams can orchestrate and expedite infrastructure and application delivery in line with DevOps principles, improving the overall developer experience, developers get an experience equivalent to provisioning resources from native public clouds.
  • VMware Service Broker: Service Broker provides simple, self-service access to multi-cloud infrastructure and application resources from a single catalog, without requiring disparate tools. With Service Broker, operations teams can more effectively govern resource access, and use and enforce security, deployment and business policies across multi-cloud environments.
  • VMware Code Stream: Enterprise development teams are creating and iterating on applications faster than ever, but this work is often delivered using a combination of manual scripting and a mix of delivery tools. This creates challenges with delivery speed, visibility, and troubleshooting for code releases. Code Stream automates the code and application release process with a comprehensive set of capabilities for application deployment, testing, and troubleshooting. It features integrations with popular developer tools and supports VMware-based private clouds, VMware Cloud on AWS and native public clouds. With Code Stream enterprises get code and applications out faster and reduce the time it takes to correct issues when they arise.

In part 1 of 2 of this blog post we will explore CAS and how to initially set it up and configure it starting with a new assigned Cloud Organization registered with the above mentioned Cloud Automation Services.

You can access VMware Cloud Services by visiting https://cloud.vmware.com/  then clicking on the Log In menu option to use the services.

cas-01

Once you sign in with your credentials you will have access to the Console Menu option which will take you in to access the Cloud Automation Services we mentioned above.

cas-02

cas-03

Most of the work we will be doing will be initially in VMware Cloud Assembly then we will be able to extend the work to the other two services, VMware Service Broker and the VMware Code Stream respectively.

In this setup we will be leveraging the following environments :

  • VMware SDDC Cloud ( Home Lab ) as my Production Environment.
  • AWS EC2 Cloud as my Development Environment.
  • Azure Cloud as my Testing Environment.

So let’s get started, Eh!

VMware Cloud Assembly

VMware Cloud Assembly is an infrastructure as code automation solution designed to expedite infrastructure consumption and application delivery in line with DevOps principles, through an intuitive symmetrical dual interface ( Code or Draw ) that supports declarative, intent-based application infrastructure provisioning, blueprint design and lifecycle management across multiple clouds such as VMware SDDC, Amazon Web Services, VMware Cloud on AWS and Azure as a minimum on GA date.

The infrastructure as code approach streamlines infrastructure consumption by enabling blueprint parameterization, iteration on blueprint development and easy version control through native controls or supported version control systems. The SaaS form factor enables VMware to keep the platform up to date, allowing operations teams to focus on higher value activities, such as business systems reliability and performance.

Our intent here to use Cloud Assembly to provision new projects to public clouds that we can then bring on-prem when they are ready to go to production for example. My goal here really is to show you how we can create an agnostic blueprint ( WordPress Application ) that the user can deploy from Cloud Assembly Directly or request it from the Service Broker ( Catalog ) and selecting which environment ( Dev, Test, Prod ) you want to deploy the application to.

And to do that we need to configure a few things to create our deployment stack and start deploying blueprints

  1. Create our Cloud Accounts.
  2. Create Cloud Zones.
  3. Create one or more Projects.
  4. Create Flavor mapping.
  5. Create Image mapping
  6. Create and deploy blueprints.

Cloud Accounts

Cloud accounts allow you to bring your public cloud and on-prem data centers under CAS management.

In Cloud Assembly, navigate to  Infrastructure > Connections > Cloud Accounts > ADD CLOUD ACCOUNT

cas-04

We will configure our 3 Account Types / Environments here :

cas-05

vCenter Account Type

Prerequisites Checklist

  1. You have at least one collector / Cloud Proxy VM installed.
  2. You have the vCenter IP address/FQDN.
  3. You have the vCenter user name and password.

Note that a collector VM can typically support 10,000 VMs

Installing Cloud Proxy

  • Click Add Cloud Account
  • Select vCenter as the account type. When you don’t have any previous Cloud Proxies setup, you will be presented with the steps needed to install one.

cas-06

  • Download the Cloud Proxy ova file to deploy it in vCenter OR
  • Copy the OVA link to directly deploy it in vCenter without having to download it first.
  • Import the .ova file to the vCenter Server and start the installation following the standard steps provided by the OVF Deployment Wizard.

cas-07

  • Once you get to the Customize Template section within the OVF Deployment Wizard we will provide the following properties:
    • CAS One Time Key (OTK)
    • Root User name and password
    • Remote Data Collector / Cloud Proxy Display Name in CAS
    • Network Proxy Settings ( Optional )
    • Networking Properties

cas-08

  • Click Next and Finish to deploy the cloud proxy. it takes a few minutes to detect your Cloud Proxy after it is deployed and powered up in vCenter.
  • To verify the detection of the Cloud Proxy is complete navigate to Infrastructure > Connections > Cloud Proxies and verify its listed with a good status.

cas-09

  • Navigate again to Infrastructure > Connections > Cloud Accounts > ADD CLOUD ACCOUNT 
  • Click Add Cloud Account
  • Select vCenter as the account type. Now that we setup a Cloud Proxy, you will be able fill all the requirement including the Cloud Proxy we just deployed.
  • Enter the vCenter user name and password and hit VALIDATE. 
  • Provide a Name and a description for the Cloud Account.
  • In the Configuration Section select which DataCenters you want to allow provisioning to
  • Allow to create a Cloud Zone for the Selected Datacenters by checking the check box, this will automatically create the Cloud Zone for us so we don’t have to later.
  • Add Capability Tags as required, this will be used for placement decisions as we will see later in the blog post.
  • Click ADD when Completed.

cas-10

  • Once added you should see the cloud account listed with OK Status

cas-11

Amazon Web Services Account Type

Prerequisites Checklist

  1. Access Key ID
  2. Secret Access Key
  • Navigate again to Infrastructure > Connections > Cloud Accounts > ADD CLOUD ACCOUNT 
  • Click Add Cloud Account
  • Select AWS Web Services as the account type.
  • Provide the Access Key ID and Secret Access Key and Click VALIDATE
  • Provide a Name and a description for the Cloud Account.
  • In the Configuration Section select which Regions you want to allow provisioning to.
  • Allow to create a Cloud Zone for the Selected Region by checking the check box, this will automatically create the Cloud Zone for us so we don’t have to later.
  • Add Capability Tags as required, this will be used for placement decisions as we will see later in the blog post.
  • Click ADD when Completed.

cas-12

  • Once added you should see the cloud account listed with OK Status

cas-13

Azure Account Type

Prerequisites Checklist

  1. Subscription ID
  2. Tenant ID
  3. Client Application ID
  4. Client Application Secret Key

Note: If you want to know how get these IDs, this is very similar to how we currently setup up vRealize Automation Azure endpoint and there are plenty of blogs you can reference such as my personal favourite by Jon Schulman

  • Navigate again to Infrastructure > Connections > Cloud Accounts > ADD CLOUD ACCOUNT 
  • Click Add Cloud Account
  • Select Azure as the account type.
  • Provide the IDs required and Click VALIDATE
  • Provide a Name and a description for the Cloud Account.
  • In the Configuration Section select which Regions you want to allow provisioning to.
  • Allow to create a Cloud Zone for the Selected Region by checking the check box, this will automatically create the Cloud Zone for us so we don’t have to later.
  • Add Capability Tags as required, this will be used for placement decisions as we will see later in the blog post.
  • Click ADD when Completed.

cas-14

  • Once added you should see the cloud account listed with OK Status

cas-15

Cloud Zones

Cloud zones associate compute resources with projects and account/regions to form the basis of deployable virtual machines. In addition, they enable you to define capabilities that Cloud Assembly matches with blueprint constraints to define where and how resources are configured for deployments.

Now remember that we checked the check box to create a cloud zone for the selected Datacenter/Region where we want to provision to for each of the cloud account types we have created. (vSphere, AWS and Azure )

Navigate to Infrastructure > Configure > Cloud Zones to list the pre-created Cloud Zones or to create new ones if you decide for example to add new Datacetners / Regions to provision machines to.

You don’t need to create any cloud zones if you selected the option to automatically create zones when you added your cloud accounts, we will customize the cloud zones in this section of the blog.

cas-16

Within each of the cloud zone > Summary Tab you can select a Placement Policy that defines how provisioned resources are distributed among hosts in this cloud zone. By default resources are placed on random hosts but:

One of the following strategies can be optionally applied:

  • BINPACK – Will place computes on the most loaded host that still has enough resources to run the given compute.
  • SPREAD – Will attempt to spread computes evenly across hosts.

For the purpose of the blog we will leave the Placement Policy as DEFAULT for all the Cloud Zones.

cas-17

You saw me mention the use of Capability tags and so far we have created tags on the Cloud Account type level.

cas-18

When it comes to Tagging Strategy you must carefully plan and implement an appropriate tagging strategy based on your organization’s IT structure and goals to maximize Cloud Assembly functionality and minimize potential confusion.

Tags are a critical component of Cloud Assembly that drive the placement of deployments through matching of capabilities and constraints. You must understand and implement tags effectively to make optimal use of Cloud Assembly. you also need to create an outline of your strategy and make it available to all users with privileges to create or edit tags.

For best practices for Tagging and Tagging Implementation, I would recommend spending few minutes first reading the documentation on What Are Tags.

vSphere Cloud Zone

Like we mentioned already a cloud zone defines a set of compute resources that can be used for provisioning.  In our Toronto Datacenter we have two clusters TOR-COMP-CL and TOR-MGMT-CL out of which we only want to use the TOR-COMP-CL for provisioning.

cas-19

Within the vSphere Cloud Zone and under the Compute tab we have what we call Filter Tags which we will use to remove or filter out the TOR-MGMT-CL from the cloud zone compute resource list since its our management cluster and it will not participate in being used as a resource we can provision workloads to.

At the beginning of the blog we mentioned that will be using our vSphere environment for our Production workloads so will we need to add a capability tag that we can use later in our blueprints as a constrain if we want to target our compute production cluster.

To do that we will first select the TOR-COMP-CL > Click TAGS, Type Env:Production and hit enter to form the tag then click Save

cas-20

Now we can also use the Env:Production tag to filter out the compute resource TOR-MGMT-CL by using the tag as a Filter Tag and list only those compute clusters that has the same tag, also like I mentioned I don’t want the TOR-MGMT-CL cluster to be part of the vSphere Cloud Zone at all.

cas-21

Now you may ask but why would you want to do that if you can simply use the Env:Production tag to target the TOR-COMP-CL cluster . What a great question I might say?

Its all about planning, where if for example I added another production cluster within the same Datacenter in the future, I can then simply tag it with the same tag  then leverage a higher level tag like the one we setup on the vCenter Account Type which we also could have setup on the Cloud Zone level within the Summary Tab to target all the vSphere production clusters. That cloud account tag was Cloud:vSphere which will allow me to target all my production clusters

Again you really don’t have to do that as I m just trying to prove a point here, as this can be done in many different ways.

AWS Cloud Zone

When we added the AWS cloud Account we selected the CA-Central-1 Region as the region we want to provision our development workload to. As you can see in the Screen shot below the AWS cloud Zone has two compute resources / availability zones that I can target for my Development workloads.

cas-22

Since I am okay utilizing all the AWS compute resources listed within the cloud zone I can place my Env:Development capability tab on the cloud zone level within the Summary Tab instead of placing it on the compute level like we did previously with the vSphere cloud zone. Click SAVE when your done.

cas-23

Azure Cloud Zone

For Azure when we created the Azure Account we selected the EAST US as the region we want to provision our test workload to. As you can see in the Screen shot below the Azure cloud Zone has one compute resources / availability zones that I can target for my Testing workloads.

cas-24

Just like the AWS Cloud Zone I can place my Env:Testing capability tag on the cloud zone level within the Summary Tab. Click SAVE when your done.

cas-25

So in summary we have added 3 different cloud account types, selected the Datacenter / Regions we want to provision workloads to and created there respective Cloud Zones and added capability tags on the Cloud Account Level , Cloud Zone level and Cloud Zone Compute level as we see fit, that we can leverage later as constraints when we create/design our blueprints.

Flavor Mapping

Cloud vendors use flavors, or instance types, to express standard deployment sizings such as small or large for compute resources. when we create a blueprint, you need to pick a flavor.

Flavor mappings are of course regional settings. This becomes critical in public cloud endpoints where sizes are dictated by a phrase like T2.Micro in AWS as opposed to fixed sizing details like in vCenter that might equate to a specific number of CPUs or GBs of Memory.

We will define three flavor mapping ( Small, Medium, Large ) across vSphere, AWS and Azure.

Small Flavor Mapping

  • In Cloud Assembly, navigate to Infrastructure > Configure > Flavor Mappings
  • Click + NEW FLAVOR MAPPING
  • Enter Flavor Name : Small
  • Click on Search for regions and create a Small Flavor Mapping for all 3 Clouds
  • Click CREATE

cas-26

Medium Flavor Mapping

  • In Cloud Assembly, navigate to Infrastructure > Configure > Flavor Mappings
  • Click + NEW FLAVOR MAPPING
  • Enter Flavor Name : Medium
  • Click on Search for regions and create a Medium Flavor Mapping for all 3 Clouds
  • Click CREATE

cas-27

Large Flavor Mapping

  • In Cloud Assembly, navigate to Infrastructure > Configure > Flavor Mappings
  • Click + NEW FLAVOR MAPPING
  • Enter Flavor Name : Large
  • Click on Search for regions and create a Large Flavor Mapping for all 3 Clouds
  • Click CREATE

cas-28

Once completed you should have 3 Flavor Mappings ( Small, Medium, Large ) for the 3 cloud platforms ( vSphere, AWS, Azure )

cas-29

Image Mapping

Cloud vendors use images to configure a VM based on OS Settings, such as an ubuntu-16 configuration. When you build a blueprint, you pick an image that fits your needs.

An image mapping associates a defined image name with a machine template. You can create one or more image names and map to a metadata file that contain pre-defined value sets. For example, an image might map to an OVA file that contains pre-populated cost or region specifications to import into the blueprint. Image mappings again are regional settings.

we will define three image mapping ( CentOS7, Ubuntu, Windows 2016 ) across vSphere, AWS and Azure.

Windows 2016 Image Mapping

  • In Cloud Assembly, navigate to Infrastructure > Configure > Image Mappings
  • Click + NEW IMAGE MAPPING
  • Enter Flavor Name : Windows 2016
  • Click on Search for regions and for images to create a Windows 2016 Image Mapping for all 3 Clouds
  • Click CREATE

cas-30

CentOS7 Image Mapping

  • In Cloud Assembly, navigate to Infrastructure > Configure > Image Mappings
  • Click + NEW IMAGE MAPPING
  • Enter Flavor Name : CentOS7
  • Click on Search for regions and for images to create a CentOS7 Image Mapping for all 3 Clouds
  • Click CREATE

cas-31

Ubuntu Image Mapping

  • In Cloud Assembly, navigate to Infrastructure > Configure > Image Mappings
  • Click + NEW IMAGE MAPPING
  • Enter Flavor Name : Ubuntu
  • Click on Search for regions and for images to create a Ububtu Image Mapping for all 3 Clouds
  • Click CREATE

cas-32

Once completed you should have 3 Image Mappings ( Ubuntu, CentOS7, Windows 2016 ) for the 3 cloud platforms ( vSphere, AWS, Azure ).

cas-33

Network Profiles

A network profile defines a group of networks and network settings that are available for a cloud account in a particular region or datacenter. A network profile defines the networking options and capabilities that are made available to deployed machines, based on the network tags in the network component YAML in a blueprint.

You typically define network profiles to support a target deployment environment, for example a small test environment where an existing network has outbound access only or a large load-balanced production environment that needs a set of security policies. Think of a network profile as a collection of workload-specific network characteristics.

AWS Network Profile

  • In Cloud Assembly, navigate to Infrastructure > Configure > Network Profiles
  • Click + NEW NETWORK PROFILE
  • In the Summary tab, For Account / Region click Search for regions and select your AWS Region.
  • Enter a Network Profile Name : AWS Network Profile
  • Enter a Capability Tag : Env:Development  This is again because we are using AWS as our development environment.

cas-34

  • In the Networks Tab, Select + ADD NETWORK  and select the discovered network or networks to use when provisioning a VM.
  • Select the added Network and assign a capability tag, for example here I setup Type:BackEnd-net and Type:FrontEnd-net as tags where both networks support Public IPs.
  • In the Security tab, I have added the default Security group that enables RDP and SSH Inbound and all communications Outbound within the selected VPC in the CA-Central-1a and CA-Central-1b zones.
  • Click CREATE

cas-35

Azure Network Profile

  • In Cloud Assembly, navigate to Infrastructure > Configure > Network Profiles
  • Click + NEW NETWORK PROFILE
  • In the Summary tab, For Account / Region click Search for regions and select your Azure Region.
  • Enter a Network Profile Name : Azure Network Profile
  • Enter a Capability Tag : Env:Testing  This is again because we are using Azure as our Testing environment.

cas-36

  • In the Networks Tab, Select + ADD NETWORK  and select the discovered network or networks to use when provisioning a VM.
  • Select the added Networks and assign a capability tag, for example here I setup Type:BackEnd-net and Type:FrontEnd-net as tags where both networks support Public IPs.
  • In the Security tab, I have added the vmwarelabnetworksecurity Security group that enables RDP and SSH Inbound and all communications Outbound within the selected Network Domain in the East US Zone.
  • Click CREATE

cas-37

vSphere Network Profile

  • In Cloud Assembly, navigate to Infrastructure > Configure > Network Profiles
  • Click + NEW NETWORK PROFILE
  • In the Summary tab, For Account / Region click Search for regions and select your vSphere Datacenter.
  • Enter a Network Profile Name : vSphere Network Profile
  • Enter a Capability Tag : Env:Production This is again because we are using vSphere as our Production environment.

cas-38

  • In the Networks Tab, Select + ADD NETWORK  and select the discovered network or networks to use when provisioning a VM.
  • Select the added Networks and assign a capability tag, for example here I setup Type:FrontEnd-net as a tag where the network support Public IPs. Since this is vSphere, this means that the  network can access internet and not necessarily have an actual public IP like in AWS or Azure.
  • The reason there is no Security tab in Network Profile for vSphere at this point is because we have not setup any NSX account types associated with the vCenter cloud account type.
  • Select the network and click on MANAGE IP RANGES > + NEW IP RANGE to define the set of IP addresses that can be reserved during provisioning.

cas-41

cas-42

  • Click CREATE

cas-40

Once completed you should have 3 Network Profiles for the 3 cloud platforms ( vSphere, AWS, Azure ).

cas-43

Storage Profiles

A storage profile is a cloud-specific set of storage policies that let the cloud administrator define storage for a cloud account region. Storage polices include disk customization, and a means to identifying the type of storage by applying capability tags. Tags are then matched against blueprint constraints to create the desired storage at provisioning time.

AWS Storage Profile

EBS Fast Storage

  • In Cloud Assembly, navigate to Infrastructure > Configure > Storage Profiles
  • Click + NEW NETWORK PROFILE
  • For Account / Region click Search for regions and select your AWS Region.
  • Enter a Storage Profile Name : AWS Storage Profile EBS Fast
  • Enter Device Type : EBS
  • Enter Volume Type : Provisioned IOPS SSD (IO1)
  • Enter Max IOPS : 800 and Select Support Encryption
  • Enter a Capability Tag : Env:Development  and Gold This is again because we are using AWS as our development environment and leveraging the fastest Disks

cas-44

Storage profiles are being grouped by Cloud Accounts. Now that we created the first storage profile for AWS, we will add additional profiles for the storage types we want to support such as a Slow Storage.

EBS Slow Storage

  • In Cloud Assembly, navigate to Infrastructure > Configure > Storage Profiles
  • Click + NEW NETWORK PROFILE
  • For Account / Region click Search for regions and select your AWS Region.
  • Enter a Storage Profile Name : AWS Storage Profile EBS Slow
  • Enter Device Type : EBS
  • Enter Volume Type : General Purpose SSD (GP2)
  • Select Support Encryption
  • Enter a Capability Tag : Env:Development  and Silver This is again because we are using AWS as our development environment and leveraging the Slower Disks

cas-45

Once completed will end up with two EBS Storage Profiles for AWS

cas-46

vSphere Storage Profile

  • In Cloud Assembly, navigate to Infrastructure > Configure > Storage Profiles
  • Click + NEW NETWORK PROFILE
  • For Account / Region click Search for regions and select your vSphere Datacenter
  • Enter a Storage Profile Name : vSphere Default Storage Profile
  • Select Storage Policy : Datastore Default
  • Enter a Capability Tag : Env:Production  and Silver This is again because we are using vSphere as our production environment and leveraging the default Disk.

cas-47

Azure Storage Profile

  • In Cloud Assembly, navigate to Infrastructure > Configure > Storage Profiles
  • Click + NEW NETWORK PROFILE
  • For Account / Region click Search for regions and select your Azure Region
  • Enter a Storage Profile Name : Azure Storage Profile
  • Select Storage Type : Managed Disks
  • Select Disk Type : Standard LRS
  • Select OS and Data disk caching : None
  • Select Supports encryption.
  • Enter a Capability Tag : Env:Testing  and Gold This is again because we are using Azure as our testing environment and leveraging the HDD backed Disks.

cas-48

Once completed you should have 3 Storage Profiles for the 3 cloud platforms ( vSphere, AWS, Azure ).

cas-49

Create A Project

Projects control who has access to Cloud Assembly blueprints and where the blueprints are deployed within the project. You use projects to organize and govern what your users can do and where they can deploy blueprints in your cloud infrastructure.

Cloud administrators setup projects, adding the required users and cloud zones. Anyone who creates and deploys blueprints must be a member of a least one project.

cas-50

As you can see, projects are simply groups that link users to cloud resources, controlling who can use what resource. Users become project members.

To deploy a blueprint , the deploying user must be a member of a project and the project must have one ore more cloud zones that support the development goals of the members. When the blueprint is deployed, the resource requirements defined in the blueprint as evaluated against the available zones and the blueprint is deployed to the cloud zone that supports those requirements.

How Can You Use Projects

You use projects in the way that best suits your users development goals.

  • Create a single project for a development team
    • The project includes a project administrator, the development team members, and all cloud zones that support the team workflow from development to testing to staging to production. the cloud zone capability tags we setup earlier target the zones where the blueprints are deployed.
  • Create multiple projects for a development team.
    • The project members might consist of all the same users or the membership might vary by role. For example, developer members for the development project, developers and testers for the testing and staging project, and lead developers for the production project.

Enough Talking lets go ahead and create a PROJECT

  • In Cloud Assembly, navigate to Infrastructure > Configure > Projects
  • Click + NEW PROJECT
  • Enter the following details for your prject
    • Name : VMWLAB Project

cas-51

    • Under Users, Click + ADD USERS. Here I m adding my self as an Administrator and clicking ADD

cas-52

    • Under the Provisioning tab > Cloud Zones add all the cloud zones we have created and give them a priority number.

cas-53

    • Click CREATE

Notice the Priority numbers we defined for each Cloud Zone when we added them, this mean if no capability tags were defined in a blueprint everything should go to AWS first, Azure second and vSphere Third.

Once completed you should see all the projects you created.

cas-54

Blueprinting

The Market place within Cloud Automation Services is a great way to quickly get started with blueprinting in Cloud Assembly. Not only do we provide several popular applications for deployment via Cloud Assembly, these blueprints also serve as example content you can learn from for how to complete complex tasks in Cloud Assembly YAML interface.

In order to get started with the market place we nee to first bind a My VMware Account

  • In Cloud Assembly, navigate to Infrastructure > Connections > Integrations
  • Click + ADD INTEGRATION
  • Select My VMware

cas-55

 

  • Enter your username and password and Click VALIDATE
  • Provide a name

cas-56

  • Click ADD
  • Select the Market Place Tab, you will be able to see the available sample blueprints. We can choose to either
    • Import the Blueprint directly into a Project
    • Download the Blueprint YAML file
  • For our blog I will be importing the Multi-Tier Web Application ( Word Press ) on On-Demand VMWare NSX-T Virtual Network listed under Technologies > Application Development.

cas-57

  • Clicking Open will give us a chance to read the summary of what this blueprint is about and more importantly the Tech Specs tab will tell us all the requirements for how we should be configuring the Blueprint and what Images to actually use for example
  • Click GET

cas-58

  • You may need to Read and Agree to the terms of a license agreement after that click NEXT to continue.
  • Here we will select to import it directly to our Project cas-59
  • Now we can switch to the Blueprint Tab to validate that the blueprint has been added to the project.

cas-60

  • Let’s Click on the Blueprint link to view its contents and observe the blueprint we imported from the marketplace.

cas-61

Here you go how awesome is that, infrastructure as code at our finger tips in a matter of seconds.

Blueprints from the market place will have temporary sample values assigned to them for the image, flavor, disk and network mappings. These will need to be updated with your own values of-course before attempting to do a deployment. For the propose of this blog we are simply demonstrating the existence of these blueprints to tweak and to learn from.

Creating and Deploying a Single Machine Blueprint

Here will be deploying a single-machine cloud agnostic blueprint based on all of our pervious configuration.

  • In Cloud Assembly, navigate to Blueprints 
  • Click + NEW 
  • Enter the following information, then Click CREATE:
    • Name: Ubuntu Small
    • Description: Ubuntu Small Cloud Agnostic Blueprint
    • Project: VMWLAB Project

cas-62

  • Drag a Cloud Agnostic machine to the canvas. Cloud Agnostic objects are designed to be portable between all supported cloud environments. This includes vSphere, AWS, GSP and Azure. Object types includes Machines, Networks, Load Balancers, and Disk Volumes.
  • In the code and under resources set the following :
    • Image as Ubuntu
    • Flavor as Small

cas-63

  • Click DEPLOY

cas-64

  • Select Create a New Deployment, then fill the required fields:
    • Deployment Name
    • Blueprint Version
  • Click DEPLOY and Monitor the status of the your request by navigating to the Deployment tab.

cas-65

  • When Provisioning is completed, view the deployment details by clicking on the deployment name and lets note where the machine was provisioned

cas-66

As you can see the machine was provisioned in AWS because if you remember, AWS Cloud Zone had the first priority when we added it during the creation of our project VMWLAB Project.

To figure out why AWS was selected we can also check the History Tab within the Deployment details where we can check all the Events for Requests for this deployment

cas-67

Here we can click on the Provisioning diagram shortcut for the ALLOCATE_FINISHED Event. This is will take us to Infrastructure > Activity > Requests to view the Request Details and see the various placement decisions made based on your Blueprint details.

Policy Based Placement

Multi-Cloud blueprints are capable of being moved between multiple environments leveraging tags to dictate their desired location via the Policy Based Placement Engine. In this section we will create a blueprint that is able to move between multiple cloud environment.

We have already created tags on the Cloud Zone Level that addresses the three environment we have Env:Development, Env:Testing, and Env:Production

We will go ahead and create additional tags against our environment but this time it will be based on our Cloud Platforms and on the compute Level for each of the platforms.

Note : Initially I have placed Capability Tags ( cloud:vspherecloud:aws, cloud:azure ) on the Cloud Account Type Level thinking I might need it but now I see more value in removing them from the Cloud Accounts level and instead setting them up at the Compute level within each of the Cloud Zone Type we have created. 

Configuring Tag Policies For Placement

For each of the cloud zones we have we will create a Capability Tag on the compute level. I will document here how we do it on the AWS Cloud Zone and then apply the same steps on the remaining Cloud Zones.

  • In Cloud Assembly, navigate to Infrastructure > Configure > Cloud Zones
  • Select the AWS Cloud Zone by Clicking OPEN 

cas-68

  • Select the Compute Tab and check the box for the Regions you want to use, here I am selecting both Availability Zones.

cas-69

  • Select TAGS  and enter the name of the tag cloud:aws under Add tags field then click SAVE

cas-70

  • Verify that the tag has been applied to the both compute resources then click SAVE to compete the task.

cas-71

  • Will complete the same process on the remaining cloud zones Azure and vSphere, instead we will be leveraging cloud:azure and cloud:vsphere respectively.

Placing the tag at the compute level is a common user case for customers to separate clusters within an environment based on a use case. An abstract version of this concept exists in public cloud as well ( People may use different regions/zones for different user cases).

We might tag a cluster designed for Oracle workloads to leverage the app:oracle tag, allowing us to place these workloads on this cluster via the placement engine. Another use case is for compliance reasons where users may tag clusters based on compliance capabilities on specific environments to ensure workloads land in an environment that will help them pass audits.

Creating Multi-Cloud Blueprint

Let’s create a multi-cloud blueprint leveraging our basic tag placement set, we can now create a blueprint that leverages these tags as part of the placement.

  • In Cloud Assembly, navigate to Blueprints 
  • Click + NEW 
  • Enter the following information, then Click CREATE:
    • Name: Multi-Cloud
    • Description: Multi-Cloud AWS/Azure/vSphere Blueprint
    • Project: VMWLAB Project

cas-72

  • Similar to our single machine blueprint, will drag a Cloud Agnostic Machine Object onto the canvas and configure it with an image type of Ubuntu and flavor of Small

cas-73

  • Under inputs we will add a new field as a drop down for our cloud environment. We can accomplish this with the following YAML:
inputs:
  cloud:
    type: string
    enum:
      - 'cloud:aws'
      - 'cloud:azure'
      - 'cloud:vsphere'
resources:
  Cloud_Machine_1:
    type: Cloud.Machine
    properties:
      image: Ubuntu
      flavor: Small
      constraints:
       -tag: '${input.cloud}'

This instantiates our menu to have AWS, Azure and vSphere as drop down menu options.

  • Also notice that we updated the Resources sections to include the constraints filed, referencing the tag properties, and a variable ‘${input.cloud}’ that references our drop down menu item. So what we select from the drop down menu will be the constraint tag that will decide the placement of the requested machine.

cas-74

  • Select DEPLOY and name the deployment and click Next to observe the Tagging option. Select the your choice and press DEPLOY

cas-75

  • After a few moments our deployment to AWS completes to our cloud environment.

cas-76

  • Select CLOSE  and return to Blueprints. Initiate another deployment and select any other Cloud environment like Azure for example .

cas-77

  • After a few moments our deployment to Azure completes to our cloud environment.

To summarize, we have created a Multi-Cloud Blueprint leveraging the YAML infrastructure as code and we presented to the requester a drop down menu based on Tagging constraints to select which Cloud environment he wants to deploy the machine to.

cas-78

Thank you very much if you have made it this far. I m hoping part 1 of this blog was beneficial and worth your time in exploring what you can do with Cloud Assembly .

In part 2, will explore more advanced topics such as Customizing Blueprints with Cloud-Config, versioning and Iterating on Blueprints.

The End, Eh!

 

 

 

 

 

Automation and Orchestration Blueprinting CAS Cloud Automation Services Machine Blueprints

vRealize Automation Extensibility Starts with SovLabs Plug-in – Part 1

When you start looking at vRealize Automation extensibility and how you can integrate it into your own datacenter ecosystem or how you can accommodate certain extensibility use cases like provisioning workloads with custom host names based on a business logic or as simple as running scripts or attaching tags post provisioning, you usually have 3 options :

  1. You can do it yourself. (High Time To Value, Local Skill Set)
  2. You can use Professional Services. ( High Time To Value , Expensive )
  3. You can use SovLabs Extensibility Frame work. (Instant Value, Production ready, Fully Supported, Off the shelf extensibility content and a Fraction of vRA cost)

SovLabs provides one common framework for extending VMware vRealize Automation (vRA) where you can replace custom orchestration workflow development with ready-to-run extensibility software. It brings extensibility into the SDDC framework where its :

  • Managed as a native component of the SDDC directly from vRA
  • Interoperable with latest releases and versions of vRA and endpoints
  • Prescriptive, each module comes ready to run.
  • Flexible, easy to modify without touching a single line of code
  • Enterprise support ( Production ready and Scalable )

In this blog we will explore, in two parts :

  • Part 1: How to install the Sovlabs Plug-in
  • Part 2: How to configure basic Sovlabs Modules like:
    • Custom Naming
    • Microsoft Active Directory
    • Microsoft DNS
    • Property toolkit
    • VM Tagging
    • ServiceNow CMDB

 

Part 1 : Installing Sovlabs Plug-in 2018.3.0

Here we will be doing a new install but before we do that we need to address a few prerequisites around vRA and vRO, so please read carefully :

vRA Prerequisites 

  • A Working instance of vRealize Automation 7.5 where you have successfully provisioned a VM from vRA using a blueprint.
  • Keep things simple according to the Sovlabs documentation by not using spaces or camel-casing for Tenant name, Users, Group Names or Business Groups. Not sure if thats the case for my vRA instance in my lab since its already setup but we shall see!
  • For Clustered vRA and/or vRO, load balancing is configured to VMware’s documentation. this is not our case here but for more details check the SovLabs documentation here HA and vRA with SovLabs.

Assuming you know your way around vRealize Automation you need to have the following:

Service Account User

  • You can create or use a local vRA user for the ownership of the SovLabs Endpoints, Profiles, and Services as well as connectivity into vRO to run workflows. your can create for example a new user called sov_admin but in our case we will be using the configurationadmin local user as a Service Account User, that got created during the content creation at the end of the vRA deployment.
  • Make sure the Service Account User has the following roles in vRA :  IaaS Administrator, Tenant Administrator, XaaS Architect.

pic1

pic2

vRA Custom Group

  • Create a Custom Group in vRA for the ownership of the SovLabs Endpoints, Profiles, and Services as well as connectivity into vRO to run workflows called sov_admins for example and make the configurationadmin Service Account User a member of this group.
  • Grant the sov_admins Custom Group both the Tenant Administrator and XaaS Architect Roles during the creating of the vRA custom group

pic4

  • Make sure that the Custom group sov_admins also have the IaaS Administrator role in addition to what we entitled it in the pervious step.

pic3

vRA Business Group

  • Login as the Service Account User configurationadmin@vsphere.local
  • Create or use a SovLabs specific vRA Business Group for allowing entitlements and ownership of SovLabs content to be confined to its own group. in our case we will be leveraging the Configuration Administrators Business Group, that got created during the content creation at the end of the vRA deployment.
  • Make sure to add the Sov_admins Custom Group to the Group Manger Role field within the Configuration Administrator Business Group.

pic5

vRO Prerequisites

  • vRO is already Setup and configured .
  • vRO may be embedded (recommended) like in our instance here or it can be also external. You can refere to VMware’s Install and Configure document.
  • vRO is Setup as an Endpoint in vRA, so click on the Infrastructure tab > Endpoints > Endpoints > Orchestration > vRealize Orchestrator to add your embedded or external vRO endpoint in vRA.

blog1

Modify Files and Set Permissions

  • Modify vmo.properties and js-io-rights files and set permissions. To do that SovLabs provides an script you can download from here called sov_vro_config.sh to automate the modification of those two files and it also creates the krb5.conf file for Kerberos Authentication.
  • Copy the sov_vro_config.sh script to your vRA/vRO appliance since we are using the embedded vRO, its actually the same appliance.
  • Make the script executable by executing the following command then execute the script and follow the instructions.
chmod +x sov_vro_config.sh
  • Restart the vRO service by executing the command
service vco-server restart

Create vRO vRA Host

  • Create vRO vRA Host via vRO Workflow as the default vRA host will not work fr the SovLabs plug-in. The vRA Host must be Shared Session mode and since we are using vsphere.local as our default and only tenant, the name to use for vRA host endpoint should begin with sovlabs_
  • Login to vRO using the vRO client and switch to the Design Mode

blog2

  • In the Workflows tab, go to: Library > vRealize Automation> Configuration > Add a vRA Host
  • Right-click the workflow and click Start workflow and fill out the form:

blog3

  • Click Next in the form wizard

blog4

  • Click Submit in the form wizard
  • New Inventory item for the vRA Host will be in the Inventory tab in the vRO client.

blog5

Create vRO vRA IaaS Host

  • Back in the Workflows tab in the vRO Client, go to: Library > vRealize Automation> Configuration > Add an Iaas host of a vRA Host
  • Right-click the workflow and click Start workflow and fill out the form:
  • Choose the vRA host in the list that we created in the previous step

blog6

blog7

  • Click Next for Host Properties and accept the defaults. The fields should all be auto-filled

blog8

  • Click Next for Proxy settings

blog9

  • Click Next for User credentials. Since we are using the embedded vRO, we will be selecting SSO and click Submit

blog10

  • New Inventory item for the vRA IaaS Host will be in the Inventory tab in the vRO client. You may need to refresh the vRO Client

blog11

Installing the SovLabs Plugin

  • Assuming your already download the SovLabs plugin along with the license key  provided to you in an email from SovLabs its time to install the plugin.
  • Login to the vRO Control Center as user root https://%5BvRO-FQDN%5D:8283/vco-controlcenter/ .  Make sure that the Orchestrator user interface is started and running.

blog1

  • Click on the Manage Plug-Ins icon

blog2

  • In the Install plug-in section, browse for the SovLabs Plugin file (o11nplugin-sovlabs.vmoapp)
  • Click Upload

blog3

  • Accept the EULA and click on Install

blog4

blog5

  • Restart the vRO Server or wait for the server to restart on its own
    • On the Home page, click on the Startup Options icon and click on Restart
    • Optionally, SSH to the vRO appliance and type in: service vco-server restart
  • Click on theManage Plug-Ins icon and Verify that the SovLabs Plugin is listed among the installed vRO plugins

blog6

  • Restart vRA

Configure the SovLabs Plugin

  • Login to vRO using the vRO client and switch to the Design Mode if you haven’t already.
  • In the Workflows tab, go to SovLabs > Configuration folder and expand it.
  • Right-click on the SovLabs Configuration workflow and click Start Workflow.
  • Accept the EULA by selecting Yes and click Next

blog7

  • Under the Service and Content :
    • Choose the appropriate tenant = vsphere.local
    • Choose the SovLabs Business Group= Configuration AdministratorsRemember Earlier I mentioned that will  be using this BG for SovLabs
    • Select Yes to Create SovLabs vRA Catalog serviece
    • Choose the SovLabs vRA Custom Group we created earlier, that will be your security group = sov_admins@vsphere.local
    • Select Yes to Publish License Content
    • Click Next

blog8

  • In the Upgrade Options section of the form: Select No and click NextSince this isn’t an upgrade
  • In the Install/Update SovLabs Workflow Subscriptions section of the form: Select Yes. This will create all the needed Event Broker Subscriptions in vRA
  • Click Submit
  • Once completed you should see green check on SovLabs Configuration Workflow and for both its Sub Workflowsblog9

Add SovLabs Latest License

For the SovLabs latest Plugin to works it needs a 2018.x.x license key. Here are the steps to add the License Key

  • Login to the desired vRA tenant which is in our case is vSphere.local and login using the Service Account User configurationadmin@vsphere.local

Totally Optionals  :

    • In my case and because I want to continue to use my main account cloudadmin@vmwlab.local user, I simply granted the User Role to the cloudadmin user in the Configuration Administrators Business Group
    • Then added the Cloudadmin user in the SovLabs vRA Extensibility Modules Entitlement created  by the SovLabs plugin.
  • Now that I have access I can Click on the Catalog tab, then Click on the catalog item Add License – SovLabs Modules

blog10

  • Click Request and Copy and paste the provided license key and click SUBMIT

blog11

Note : The Screenshot shows a fraction of the license key, not the entire license key.  🙂

  • You can Monitor your In Progress request in the Deployments Tab

blog12

  • After the license is successfully added, SovLabs Catalog Items and SovLabs vRA Event Broker Subscriptions will appear/generate.

 

Thank you very much if you have made it this far, in part two will touch on How to configure basic Sovlabs Modules like:

  • Custom Naming
  • Microsoft Active Directory
  • Microsoft DNS
  • Property toolkit
  • VM Tagging
  • ServiceNow CMDB

Please feel free to comment or provide feedback

The End of Part 1 Eh!

Automation and Orchestration Extensibility vRealize Automation

Installing and Configuring the vRealize Automation 7.5 (vRA 7.5) ITSM 5.0 / 5.1 Plug-in for ServiceNow

A  new VMware vRealize Automation plugin 5.0 was released on November 2nd on the VMware market Place Link for Servicenow that provides an out of the box integration between the Servicenow portal and vRealize Automation 7.5 catalog and governance model. It enables ServiceNow users to deploy virtual machines using vRA 7.5 and perform basic ServiceNow day 2 operations on their CMDB assets.

Update : There is now an updated version of the ITSM plug-in 5.1 that was released right after and currently available on the VMware Market Place Link

Key Features

  • Enables ServiceNow to integrate vRealize Automation 7.5 with ServiceNow platform and provide the ability for ServiceNow users to access the vRA catalogs, resources within ServiceNow.
  • The integration will allow end users to Request vRA catalog items from ServiceNow portal.
  • The plugin will fetch categories, catalog items and resource data from vRA platform and extend ServiceNow functionality to be able to render vRA catalog items into ServiceNow dynamically and manage vRA resources.
  • Day2 operation actions performed in ServiceNow CMDB will be updated back to vRA platform by giving API calls to vRA.
  • The plug-in supports vSphere, Amazon, Azure, and XaaS virtual machine provisioning, including formless and form based day 2 operations

In addition to all the above generic key Features, the ITSM 5.0 plug-ing includes fixes and new features such as :

  • Easier plug-in configuration through service account and Servicenow based RBAC and Entitlements
  • Multi-vRA support
  • Day 2 operations Enhancements
  • vRealize Business field support
  • ADFS or SSO setup are not required
  • Improve Login process for ServiceNow users with seamless authentication/entitlement model
  • Does not require end user access to internal vRA portal
  • Fully supported by VMware Global Services Support – GSS

In this blog we will take a look at how to deploy and configure the newly anticipated ITSM 5.0/ 5.1 Plug-in for vRealize Automation 7.5.

Update : Here are the fixes that were provided in the updated ITSM 5.1 plug-in:

  • Dynamic dependent drop-down fixes
  • Size, Image profile fixes
  • Disk fixes for null error
  • Token Encryption
  • Improved Entitlement Module
  • Access control fixes(ACL)
  • Duplicate catalog item form section fixes

In addition to this, there is scope change in V5.1 compared to V5.0 to avoid collision with V4.0.

So let’s get started, Eh!

Step 1: Prerequisites

The ITSM 5.0 plugin is targeted for vRealize Automation version 7.5. ITSM plugin interacts with vRealize automation using MID server. MID server is an IaaS component (deployed on prem – in the same network as vRA 7.5) having installed binaries provided by Service Now. For enabling the MID server component – Service now instance should be registered in MID server.

The ITSM 5.0 Plugin is compatible with the following ServiceNow releases (Jakarta, Kingston, London). After registering the vRA instance on Service now portal, data collection needs to be done to fetch all the required vRA contents (like Catalog).

Once the catalog is imported to Service now, a user can place requests from the catalog based on their entitlements.

You will need :

  • Download a copy of the ITSM Plugin 5.0 from VMware market place.
  • A ServiceNow Instance – Jakarta, Kingston orLondon release.
  • A MID Server established and connected to your ServiceNow Instance.

If your looking for how you can do that, please reference my pervious blog on ITSM 3.0 blog

Blog1

  • A vRealize Automation 7.5 instance configured on prem where you have configured and tested  one or more blueprint deployments successfully.

Make the plug-in accessible from all application scopes

To do that we need to navigate to Script Includes by using the search from the left navigation menu. Then Selecting System Definition > Script Includes

Once you select the Script Includes, do a search for JSUtil on the right page for the Name field. Once you find the script Open it by clicking on it.

Blog11

On the Accessible from drop-down, select All Application Scopes then select Update. Ensure that the changes are saved.

Blog12

Enable Application Access on Tables

You must enable application access to certain tables for the plug-in to work. Repeat the following steps on all the Tables below to modify:

  1. user_criteria
  2. sc_category_user_criteria_mtom
  3. item_option_new
  4. catalog_script_client
  5. question_choice
  6. catalog_ui_policy
  7. catalog_ui_policy_action
  8. sc_cat_item_user_criteria_mtom
  9. sc_req_item
  10. sc_category

Option 1 : Procedure To Enable Application Access

  • Log in to ServiceNow as an administrator.
  • Search for System Definition  in the filter navigator and click Tables
  • Search for each table in the Name filter on the right.

Blog13

  • Click on the Table Label under the Label column that matches the Table Name search you did. All the records are in the Global Application mode, you will need to click the option on the top of screen to edit the record. That is if your were still asked, usually you shouldn’t have to since we enabled Global access from all application scopes in the pervious step.
  • Click Application Access.
  • Select the can read, can create, can delete, and can update check boxes for each table.
  • Click Update and Repeat.

Blog14

Option 2 : Procedure To Enable Application Access

You may find this way faster to update all the tables listed, please watch the video to do so. You will be adding .list at the end of the table name and using the Filter navigator to search for it

Step 2: Installing the ITSM 5.0 Plug-in

  • Log in to the ServiceNow portal as a system administrator.
  • Select System Update Sets > Retrieved Update Sets > then select Import Update Set from XML

Blog2

Click Choose File on the dialog to choose the file to upload, and then select the VMware-vRealize-Automation-Application-ITSM-V5 file > Click Upload.

Blog3

In the Retrieved Update Sets list, select the VMware vRealize Automation Application ITSM V5.0 update set in the Name column by clicking on it once its in a Loaded State.

Blog4

 

Select Preview Update Set to validate the update set before committing it.

Blog5

A dialog box confirms update set validation.

Blog6

Click Close and review the errors

In my testing I was using the ServiceNow London Release so I encountered 4 errors as you can see in the screenshot below. From pervious experience I was told many times that these records existed in the instance where the plug-in was developed and thats why we are receiving these error during the validation since these records don’t really exist in our instance.

go ahead and click on Accept Remote Update on each of the errors.

Blog7

If you are using the ServiceNow Jakarta release and ServiceNow displays the below error message, click Accept remote update as well.

"Could not find a record in sc_homepage_renderer for column homepage_renderer referenced in this update"

Once you have accepted all remote updates click Commit Update Set

Blog8

A dialog box opens automatically after you click Commit Update Set while the commit action is in progress. When its done click the Close button when it appears to dismiss the dialog. It took 25 minutes to complete so please be patient.

Blog9

From the left menu, Click Update log

The install is complete when a message appears stating Finished update load from database but you can continue on at this point as long as you can see that the state of the Plug-in Update Set is Committed.

To do that select Retrieved Update Sets in the left menu and verify that the update set has a status of Committed.

Blog10

*  Important Note Only if your deploying the ITSM 5.0 plug-in 

After the installing is complete, search for Integration – vRealize Automation > then select Administration > System Properties 

On the System Properties page Search for the Name and Change the value of the x_vmw_vmware_vrasp.vrasn.group.assignment_group System Property to > d64ea542db920300435fd001cf961913

This is the sys_id of the group which is for approval of requests within ServiceNow. The value was wrongly captured in the 5.0 final build therefor it was documented to change its value.

*  Again this is not needed if  your installing the ITSM 5.1 version of the plug-in

Step 3: Users Facts and Setup

  • The Plugin configuration can be done by a system administrator like I m doing in this blog or by a user with x_vmw_vmware_vrasp.vrealize_automation_catalog_admin privileges.
  • You will need to Add the role x_vmw_vmware_vrasp.vra_user in ServiceNow for all users that must access vRealize Automation, to enable those users to see the vRealize Automation User Portal module which will we will cover later in the blog, including admin,catalog admin, and end user
  • RBAC in ITSM 5.0 is independent from vRealize Automation RBAC.
  • Login and Authentication rules do not require validation from vRealize Automation side. All roles and entitlements are based on the ServiceNow model.
  • Approvals can be generated if the users have the x_vmw_vmware_vrasp.vrealize_automation_catalog_admin role and are a member of the vRealizeAutomation-ApprovalManagersGroup group in ServiceNow.
  • The plug-in admin role x_vmw_vmware_vrasp.vrealize_automation_catalog_admin must contain the “catalog_admin”, “itil” and “agent_admin” roles out of the box in order to see and configure the Mid Server module from the left pane.
  • The Plugin end users role x_vmw_vmware_vrasp.vra_user must have the “itil” role out of the box.

For my testing purposes and based on the information I just mentioned I granted all the roles to the System Administrator. Of course if your doing this in production you would be selective in terms who have access to these roles.

In Filter Navigator search for System Security > Users and Groups > Users and edit the System Administrator role membership so it includes :

Blog15

Step 4: Update the vRealize Automation Workflow for Requested Items

The system admin can configure the vRA Workflow for Requested Item using the workflow editor. At a minimum, you must assign the approval group that contains your approvers. When users request vRealize Automation catalog items, this workflow runs, and approvals are sent to the approvers within the approval group before the request is submitted to vRealize Automation.

By default the vRealizaAutomation-ApprovalManagersGroup group is set as an approving group in the workflow. You can change the approval group by the procedure below.

The approval group must contain the x_vmw_vmware_vrasp.vrealize_automation_catalog_admin role.

Follow the steps below if you want to use your own approval group and add it to the vRealize Automation workflow.

  • Search for Workflow Editor in the ServiceNow navigation pane and click it.
  • Search for vRA Workflow for Requested Item and open it.
  • Click the menu button and select Checkout.
  • Double-click the Approval group stage in the workflow.
  • Click the Edit Groups button.
  • Search the list of groups and make the appropriate selections.
  • Lock your selection by clicking the Lock icon.
  • Click Update.
  • Click the menu button and select Publish.

Again for my testing I edited the existing default group vRealizaAutomation-ApprovalManagersGroup so it has the x_vmw_vmware_vrasp.vrealize_automation_catalog_admin role and added the System Administrator as a member by searching in the Filter Navigator for System Security > Users and Groups > Groups and editing the group roles and membership accordingly.

Blog17Blog16

Step 5: Set up the Integration User

You must set up a vRealize Automation integration user. ServiceNow requires this user to import catalog items, categories, request statuses, and resources from vRealize Automation. In order to import items, the integration users must be a business group manager within the business groups that you want ServiceNow to manage. The integration user does not require a role within ServiceNow.

  •  Log in to vRealize Automation as a business group manager.
  • Edit your business groups and assign the integration user as a business group manager.

In our case here I have a business group in vRA 7.5 called Cloud Administrators and I have their AD security group listed as a member of the Group Manager Role. 

Blog18

For our testing will be using the CloudAdmin user which is a member of the Cloud Administrators Group.

Step 6: Register a vRealize Automation Instance in Service Now

With ITSM 5.0 you can register multiple vRealize Automation instances and use catalog items from all of them in one ServiceNow portal.

Note : All requests from ServiceNow for a specific vRealize Automation instance are placed in the name of user registered under the Register vRA module. 

Procedure To Register a vRealize Automation Instance

  • Log in to Service Now as a plug-in admin.
  • Navigate to and click the Register vRAs tab under Integration – vRealize Automation.
  • Click New.

Blog19

  • Enter the details of your vRealize Automation instance and click Save

Blog20

  • That takes you back to the Register vRAs menu where you see vRA instance you just configured.
  • We need now to Import services and catalog items from the vRealize Automation instance to Service Now, so lets click on the instance.

Blog21

  • Click Import Services and Catalog Items and monitor the import

Blog22

  • You can refresh the page with completed items by clicking List controls in the top left corner of the page and selecting Refresh list until there are no records to display before you move on. .
  • Next will repeat the process by clicking on the Register vRAs > Our vRA instance but this time we will Import and reconcile CMDB from your vRealize Automation instance to Service Now.

Blog23

  • Again you can refresh the page with completed items by clicking List controls in the top left corner of the page and selecting Refresh list until there are no records to display before you move on.

Blog24

Remember that you can always add more vRA Instances or update/ delete your current ones.

Update : Once you’re done, there are some scheduled imports that needs to run before you start using the plug-i.  If you don’t run them manually, the scheduled imports will run at there interval time setting but then you will have to wait until they all run.

To speed things up you need to execute the schedule imports in the right order :

  • Log in to Service Now as a plug-in admin.
  • Navigate to and click the Register vRAs tab under Integration – vRealize Automation.
  • Click on the Scheduled Imports 
  • Run each of the imports in sequence starting with 1  by clicking into each of the scheduled imports and clicking on Execute No, until you run them all.
  • Verify that there are no records within the Scheduled Imports Queue before starting the next Import.

Step 7: Create ServiceNow Entitlement

Here we are going to assign access for services, items, and actions by entitling users and groups in ServiceNow regardless how they are entitled in vRealize Automation.

These Entitlements in the vRealize Automation plug-in for ServiceNow are based on ServiceNow plug-in implementation and are unrelated to vRealize Automation entitlements at all.

Procedure To Create New Entitlements

  • Navigate to and click the vRA Entitlements tab under Integration – vRealize Automation.
  • Click New.

Blog25

  • Enter a name and description for the entitlements.
  • Select the user or group to entitle.
  • Select the services, items, and actions you want to entitle.

Update : In my case I have created a user called Scott Smith and granted him the x_vmw_vmware_vrasp.vra_user and the Itil Role. These are the minimum roles for a service now user who needs to access the vRealize Automation Portal in Service Now.

I also selected the vsphere Services Category and one of the items in it ( CentOS7.5 – ServiceNow Testing ) Bluepint and some of the supported Actions

You can click on the search icon to see a full list of services, items, or actions and you can unlock the pad lock to edit your selection for each such section and use the pad lock to lock it down.

Important Note : Not all the actions are supported even though its available in the UI and based on the documentation, Here is what is really supported :

  • Deployment Actions : Destroy and Expire
  • Item Actions : Suspend, Power On, Power Off, Shutdown and Expire
  • Click Submit when your done . As you can see I didn’t select any Services but I selected one basic vRA Blueprint that I wanted to Entitle my user Scott Smith to.

Blog31

Step 8: Request a Catalog Item

You can request a catalog item from the vRealize Automation user portal. Depending on your vRealize Automation plug-in configuration you might have identical catalog items from different vRealize Automation instances. For environments with multiple vRealize Automation instances, select from which instance you want to request the catalog item.

Procedure to Request a Catalog Item

  • Login to ServiceNow Portal as Scott.Smith
  • Navigate to and click the vRealize Automation User Portal tab under vRealize Automation Module that will open a new tab where you can access the portal

Blog27

 

  • In the vRealize Automation user portal, click Catalog Items.
  • Select the vRealize Automation instance, from which you want to request a catalog item

Blog32

  • Select a category and click Request on the catalog item.

Blog33

 

  • Enter the details of your request if any and click Submit.

Blog34

  • You are redirected to the Activities tab where you will see its awaiting approval

Blog35

  • You can click on the Request to find more details like the Stage or the State of the request . Once approved by the Approval group where the System Administrator happen to be a member in our case here.
  • For the Approvers to approve any of the requests they also can also go to the vRealize Automation Portal in ServiceNow and click on the Activities Tab > Approvals, find and click on the request that is Awaiting Approval and Approve or Reject the request.

Blog36

  • Once Approved, our user Scott Smith can see that its approved in his own portal Under the Activities Tab > Requests

Blog37

  • On the vRealize Automation side of things we can see that the request Blueprint is being provisioned

Blog38

  • The ServiceNow user can continue to track the machine request status through the Activities Tab  until the request is complete and closed in ServiceNow.

Blog39

  • If your user is entitled, you can make changes to your deployments and virtual machines after they have been created.
  • Your user must have the specific entitlement that corresponds to the action you want to make. From the Actions tab you can power on, restart, expire, destroy, power off your deployment, and more.

Blog40

Hope you found the blog around the new ITSM 5.0 Plug-in beneficial if you have made it this far. This was a quick introduction around the plug-in installation and configuration, of course there will be more things that need testing as I continue to use the Plug-in.  Thank you for your time and until next time.

The End Eh!

 

ITSM vRealize Automation

vCenter Content Lifecycle Management with vRealize Suite Lifecycle Manager 2.0

Content lifecycle management in vRealize Suite Lifecycle Manager provides a way for release managers and content developers to manage software-defined data center (SDDC) content, including capturing, testing, and release to various environments, and source control capabilities through GitLab integration. Content Developers are not allowed to set Release policy on end-points only Release Managers can set policies.

You can use content lifecycle management to dispense with the time-consuming and error-prone manual processes required to manage software-defined content. Supported content includes entities from

  • vRealize Automation 7.2 and later

  • vRealize Orchestrator 7.x and later

  • VMware vSphere 6.0 and later.

  • vRealize Operations Manager 6.6.1+ and later.

  • Source Control server: All latest versions of Gitlab Community Edition and Enterprise Edition.

Content lifecycle management in vRealize Suite Lifecycle Manager is similar to content lifecycle management with the vRealize Code Stream Management Pack for DevOps where VMware announced its end of availability as of April 12th, 2018KB53222 ), but with the following differences:

  • Content lifecycle management is deployed as part of vRealize Suite Lifecycle Manager on a single appliance. It has a new user interface and is tightly integrated with vRealize Suite Lifecycle Manager core services.

  • vRealize Orchestrator is embedded on the appliance to run only content workflows.

  • Updated vRealize Code Stream Pipeline services.

Our focus in this blog is the vSphere Content Endpoint and the type of content we support which is :

vSphere Content Endpoint

Type

Value

Description

vSphere-CustomSpecification

vSphere vCenter 6.0+

Captures guest operating system settings saved in a specification that you can apply when cloning virtual machines or deploying from templates.

vSphere-Template

vSphere vCenter 6.0 +

Captures template to deploy virtual machines in the vCenter Server inventory.

Using vRSLCM 2.0 we will see how we can capture a vSphere Template ( W2K12R2STD64 ) from the VMware vCenter ( vcs-l-01a ) at the BRAMPTON development Data-Center to both VMware vCenters ( mgmt-vcs-01 & mgmt-vcs-02 ) at the TORONTO and OTTAWA production Data-Centers respectively.

Blog Project 1

Prerequisites

  • A pre-created template ready to be captured at the Brampton vCenter.
  • A Content Library Created and Published at the Brampton vCenter.
  • A Content Library Created by subscribing to the Brampton Content Library for both Toronto and Ottawa vCenters.
  • You have your Data Centers and its associated vCenter Server already setup in vRSLCM 2.0
Blog Project 2

Brampton vCenter

Blog Project 3

Toronto and Ottawa vCenters (Linked Mode)

Once you complete the prerequisites we will setup everything in vRSLCM 2.0

Step 1: Configuring vSphere Template Repository

This template repostory is used to store all vSphere template versions captured in the vCenter Content Library Provided that we created and published. The content library, which we set to ‘published’ in vCenter will be displayed and selected here based on the selected vCenter instance.

A best practice is to have this vCenter instance close to where the templates would typically be captured, and that is the BRAMPTON development vCenter in our scenario and its published Brampton Content Library.

Select Content Management -> Content Settings -> vSphere Template Repository and fill all the required fields.

Blog Project 4

Step 2: Creating the vCenters Content Endpoints

Here we are going to add a content endpoint to an environment to capture, test, deploy, or check-in a content package but before you can do that you should at least have added an environment vCenter endpoint when you first setup vRSLCM.

For example in our VMwareLab we have 3 environment vCenter endpoints added under the Data Centers  -> Mange vCenter Servers. as you can see we have 3 Data Centres ( Toronto, Ottawa and Brampton ) and each of those data centres have there own vCenter managing the vSphere Environment.

Blog Project 5

Blog Project 6

Blog Project 7

Now lets go ahead and create our vCenters Content endpoints.

  • Under Content Management, click Endpoints.
  • Click NEW ENDPOINT.
  • Select vCenter.
  • Enter the information for the vCenter content endpoint.
    1. In the Name text box, enter a unique name for the endpoint.
    2. In the Tags text box, enter tags associated with the endpoint ( Optional )

      Using tags allow you to deploy a content to multiple endpoints at the same time. When you deploy a content, you can select a tag instead of individual content endpoint names, and the content deploys to all endpoints that have that tag. To add multiple tags, press Enter after you enter each tag.

  • In the Server FQDN/IP text box, enter the fully qualified server name, IP address, or host name for the content endpoint server.
  • To access the endpoint, enter the User name and Password.
  • Click Test Connection and click Next.

Blog Project 8

We will be doing these same steps for the 3 vCenter Content Endpoint we are adding but when we hit next we need to set the appropriate polices for the content endpoint we are adding.

So for the BRAMPTON vCenter Content Endpoint (vcs-l-01a) will need to set the policy to Allow the content to be captured from this endpoint the click NEXT to review the summary and SUBMIT

Blog Project 9

As for the TORONTO vCenter Content Endpoint (mgmt-vcs-01) and OTTAWA vCenter Content Endpoint (mgmt-vcs-02), since these are the destination endpoints where the content/Template will be copied to, we will need to set the policy to Mark as Production Endpoint i.e. Release Endpoint and Enable vCenter Template Support to configure where the template is deployed to, in each vCenter Server.

Repeat this when the adding the vCenter Content Endpoint respectively for both TORONTO and OTTAWA vCenter Servers / Data Centres

Blog Project 10

vCenter Server settings can be added to an LCM data center, once vCenter data collection is competed this endpoint is seen when importing from LCM and reduces the time to fill in the form as all the properties have been collected.  use the drop down menus to select your vCenter Settings to determine again where the template will be stored when copied.

Blog Project 11

Once the endpoint is created, it validates if the configuration is correct. It can connect through API and that the configuration of the local subscriber details is setup to point to the publisher as defined in Content Settings/vSphere Template Repository. If there is a problem, then the endpoint is disabled and an error is displayed when you cover of the warning.

We can see now all 3 vCenter Content Endpoints with the appropriate policies where we will be capturing content from BRAMPTON vCenter ( vcs-l-01a ) and releasing to TORONTO vCenter (mgmt-vcs-01) and OTTAWA vCenter (mgmt-vcs-02).

 

Blog Project 12

in our lab we didn’t choose any testing destination but we could have selected one of the destination vCenters as a testing Endpoint where we can test the content before releasing it to production. All we had to do is select the Allow unit tests to be run on this endpoint Policy  under the Policy settings when we added the vCenter Content Endpoint.

Step 3: Adding / Releasing Content in vRSLCM 2.0

Content is a collection of files that contains definitions that represent software defined services.

After you add a content endpoint to one or more environments, you can manage the software-defined content that each environment contains. You can use vRealize Suite Lifecycle Manager to perform the following operations on content:

  • Capture content from an endpoint

  • Deploy to test and run unit tests

  • Check-in content

  • Release content to production

For example, a YAML file for a vRealize Automation blueprint or an XML file for a vRealize Orchestrator workflow. Content is linked together so that when you capture a vRealize Automation blueprint, all dependencies are also displayed in the content catalog, and they can each have their own versions. vRealize Suite Lifecycle Manager displays dependency information within each content version.

We have mentioned in this blog that will be applying the capture and release content operations on the vCenter Template (W2K12R2STD64) so we can copy it from the BRAMPTON Development Data-Center to TORONTO AND OTTAWA Production Data-Centres.

so Lets get started now but Navigating to Content Management -> Content and clicking on ADD CONTENT

Blog Project 13

In the next window we can select which content operation/action we want to select. Lets make sure we select both Capture and Deploy then click PROCEED

Blog Project 14

In the Capture Details Window will fill all the mandatory fields :

  • Select the Capture Endpoint from the drop down menu. this is going to be our BRAMPTON vCenter (vcs-l-01a.vmwarelab.local)
  • Select the Content type as vSphere-Template
  • Select the content Template you need to capture, in our scenario its the W2K12R2STD64
  • Enter a comment as The Template is ready to released to Production vCenters 

Blog Project 15

Click NEXT  to select which endpoints you want to release the content to

  • Select All Endpoints which in our case it will the TORONTO (mgmt-vcs-01) and OTTAWA (mgmt-vcs-02) production vCenters and the order of the release where I made sure the release start with the TORONTO vCenter first.
  • Enter a release comment such as Releasing W2K12R2STD64 to Production vCenters

Blog Project 16

click NEXT and review the Summary. When ready click SUBMIT

Once you submit this form you can take a  look at the Content Pipelines > Executions where you can monitor the progress of the request. Also please note that the request will be queued in the system for processing and may not show immediately.

Blog Project 17

You can click on the Content Pipeline Name or from the ACTIONS menu select View Execution to get more detailed informations like who executed the Content Pipeline and the elapsed Duration so fat or take ACTIONS like canceling or Pausing the  Content Pipeline. You will need to REFRESH the page from time to time to see the progress if  you stay on the Execution Page.

You can also see each of the Capture, Test or Release stages in action and monitor each stage.

Blog Project 18

Step 4: Behind The Scenes

If you are wondering whats happening behind the scenes I made a list of the steps that vRSLCM takes when it executes the Content Pipeline for the Captured vSphere template.

Capture Stage

  1. vRSLCM will Export the selected template as OVF from the BRAMPTON Development vCenter. 
  2. vRSLCM will Create a Library Item in the Brampton Content Library and Upload the Files to the Library item.  This is the same Content library that we configured in vRSLCM as the vSphere Template Repository which is used to store all vSphere template versions captured.

Blog Project 20

Now that the vSphere template is uploaded fully to the vSphere Template Repository if we look back at the Pipeline we see that Capture and Test ( The Fact its not selected ) are completed and we move on to the final stage and that is the Release Stage.

Blog Project 19

Release Stage

  1. vRSLCM will Sync the Toronto Content Library first and Sync the Library template item as W2K12R2STD64-v1 and then deploy the OVF package from the content Library to the Toronto Cluster Resource Pool by transferring the image Virtual Machine Template files to one of the Toronto cluster hosts then marking the Virtual Machine as a Template.
  2. Once completed vRSLCM will repeat the process but this time it will Sync the Ottawa Content Library and deploy the OVF package to the Ottawa Cluster Resource Pool by transferring the image Virtual Machine Template files to one of the Ottawa cluster hosts then marking the Virtual Machine as a Template.

Blog Project 21

if you go back to VRSLCM and look at the Pipeline execution we find it was completed Successfully and managed to do that in 1h 30m considering I don’t have the fastest storage in my Home Lab.

Blog Project 22

now we can always go back to the captured content (vSphere-Template) and Capture newer version of the template or re-deploy a specific version that we captured perviously to existing or newer production vCenters.

Blog Project 23

If you made it this far in the blog, I hope you found it informative and helpful.

Please remember that this is just one type of content were we can manage its content lifecycle, as vRSLCM like we mentioned at the beginning supports different types of content across the vRealize Product Suite.

The End Eh!

vRealize Suite Lifecycle Manager

Deploying and Upgrading vRealize Automation with vRealize Suite LifeCycle Manager 2.0 – Part 2

Now that we have seen and understand how to deploy vRealize Automation 7.4 using vRealize Suite LifeCycle Manager 2.0 in Part 1 of the blog, we are ready to continue using vRSLCM to upgrade the vRA 7.4 instance we deployed to vRA 7.5.

So let’s get started Eh!.

Right away and when logged in vRSLCM we see a notification alert that vRA 7.5 is avaiable for Environment Blog Demo which you can mark as Read to clear it out.

BlogDemo30

Now lets dive into the Blog Demo environment by clicking VIEW DETAILS then clicking on the vertical 3 dots to explore the options we can take against this environment, once the menu is available to us, let’s select Create Snapshot from the menu since I only have vRA 7.4 in this environment. Please be aware that doing it from this level will create a snap shot across all the products and there components that are either deployed or imported to the environment.

Snapshot for vRealize Automation is taken for all the components except IaaS DB. Creating snapshot of IaaS DB is not supported by vRealize Suite Lifecycle Manager. Ensure that the appliances are in a consistent state before triggering snapshots.

BlogDemo32

Provide a Snapshot Prefix Name that will  be set in front of the generated Snapshot date and time stamp name and check the box to Snapshot with Memory if you like then click SUBMIT

BlogDemo33

In my experience the Create Snapshot window was still there even though I already hit SUBMIT. So I had to click CANCEL after verifying that the Snapshots was completed in vCenter Recent Tasks.

BlogDemo34

Now we are ready to Upgrade so let’s click on the vertical 3 dots again but this time once the menu is available to us, let’s select Upgrade from the menu.

BlogDemo31

Under vRrealize Automation 7.4 Products Details we will be presented with a couple of important choices like taking a snapshot for the IAAS Machine after the vRA Virtual Appliance Upgrade.

This would be a 2nd Snapshot but this time its after the vRA VA is upgraded so if an IAAS component upgrade fails, then you can revert to the post-upgrade VA snapshot for the failed IAAS component. When you want to retry,  you do that from the command line and enter true in the retry input for upgrade.

Next we will select the Repository Type. In my case I have already copied the vRA 7.5 upgrade ISO to vRSLSM Binaries which I outlined in first part of this blog, therefore we are going to select vRealize suite Lifecycle Manager Repository which will automatically select 7.5 as the product version since its the only one available that I can upgrade to that I uploaded.

BlogDemo35

Click Next and click RUN PRECHECK to do the Data and vRealize Automation group set of Validations. In my case it was all green for the two validations so I Clicked SUBMIT to follow with the upgrade.

You can monitor as we mentioned before your Request in the Requests tab menu by clicking on the  IN PROGRESS under the Requests States column for the Upgrade Product request.

BlogDemo36

Here you can track each of the steps as they execute or come back to it anytime later for a status update.

BlogDemo37

You can also find what each of the tasks are doing within a step and find out how much time each of the steps took to complete.

now that all the steps were successful, we can try hitting again the same vRA Appliance URL at https://mgmt-vra-02.vmwarelab.org

Blog Project27

Access the vRealize Automation Console and login with the local user Configurationadmin which has both the Infrastructure and Tenant Admin Roles.

BlogDemo39

What did I tell you ? It’s Magic! Just like that its all upgraded and ready to go.

The End Eh!

Uncategorized