Tanzu Kubernetes Grid (TKG) Clusters As-A-Service with vRealize Automation OOTB integration with vSphere with Tanzu.

In this blog I m going to cover how vRealize Automation / vRealize Automation Cloud integrate out of the box with vSphere with Tanzu that will help empower DevOps teams to easily request, provision and operate a Tanzu Kubernets Grid (TKG) as a service.


vRealize Automation is a Multi-Cloud modern infrastructure automation platform with event-driven state management, designed to help organizations control and secure self-service for Private Cloud, Hybrid Cloud and Public Cloud automation with governance with a DevOps based infrastructure delivery approach.

( Click the Image to Enlarge )

It helps improve IT agility, productivity and efficiency so you can prepare for the future of your business, providing organizations a consistent way of automation across cloud and data centers. Read More!

As for vSphere 7 with Tanzu, its considered the biggest release of vSphere in over a decade. It enables millions of IT administrators across the globe to get started with Kubernetes workloads within an hour give or take.

Its truly a new generation of vSphere for containerized applications and the fastest path to Kubernetes. This single, streamlined solution bridges the gap between IT operations and developers with a new kind of infrastructure for modern, cloud-native application both on premises and in public clouds.

( Click the Image to Enlarge )

On one side it empower developers with secure, self-service access to a fully compliant and conformant Kubernetes API and on the other side it empower IT Operators with visibility into Kubernetes workloads and clusters and it allows them to manage policies for an entire group of VMs, Containers or both with a unified platform. Read More!


  • A Tanzu Basic vSphere 7.0.3 Update 3e environment is what I am using here, with Workload Management enabled.
  • An instance of vRealize Automation 8.6.1 or higher on premises Or vRealize Automation Cloud (SaaS).

Step-by-Step Flowchart

To simplify the steps I have created a flowchart as a reference that we will be going through to outline and explain all the needed steps, describing each step with screenshots to help you follow along to configure the integration and allows you to provision both Supervisor Namespaces and Tanzu Kubernetes Grid Clusters using vRealize Automation.

( Click the Image to Enlarge) ( Click Again to Zoom In & Out)

But Wait, There’s More!

Make sure to watch my video for this blog post on YouTube If you want to see me going over the above step-by-step flowchart and doing a live demo provisioning a Supervisor Namespace , A Tanzu Kubernetes Cluster from vRealize Automation using VMware Cloud Templates and the Self-Service Portal.

I will also be deploying a Kubernetes Voting-App on the provisioned Kubernetes Cluster from the command line using Kubectl.

If you like the content and want to see more, please make sure to like the video, subscribe to the VMwareLab YouTube channel and hit the notification Icon, all so you don’t miss any upcoming blogs or videos, not to mention that It also helps the channel a ton, so I can continue producing and putting more content out there.

Thank you

The End, Eh!

Blueprinting CAS Cloud Automation Services Kubernetes Machine Blueprints Tanzu vRA Blueprints vRealize Automation vRealize Suite

VMware vRealize Automation ITSM Application 8.2 for ServiceNow

VMware vRealize Automation ITSM Application 8.2 is available now in the ServiceNow Store here 
VMware vRealize Automation speeds up the delivery of infrastructure and application resources through a policy-based self-service portal, running on-premises or as a service that help organizations increase business, IT agility, productivity, and efficiency.

The solution delivers Day 1 service provisioning and Day2 operational capabilities across a private, hybrid and multi-cloud with the ability to assemble application blueprints using a visual canvas with a drag and drop interface as well as create infrastructure as code blueprints. 

The vRealize Automation ITSM plugin for ServiceNow provides an out of the box integration between ServiceNow  and vRealize Automation catalog and governance model. It enables ServiceNow users to deploy virtual machines and perform basic day 2 operations on their CMDB assets.

In this video blog series we are going to cover :

If you have any questions or comments, please leave it in the comment section of either the blog post here or within each of the YouTube video’s comment section, also please take a minute and hit the like button if you liked the video.

To stay up to date with my latest blogs and videos, make sure to follow my blog site and do subscribe to my YouTube channel VMwareLab and smash that notification bell if you want to be notified when I upload new content. 

The End, Eh!

Automation and Orchestration ITSM vRA Blueprints vRealize Automation

Infoblox IPAM Plug-in 1.1 Integration with vRealize Automation 8.1 / vRealize Automation Cloud

Hello Everyone

Welcome to VMwareLabYour VMware Cloud Management Blogger

With vRealize Automation you can use an external IPAM provider to manage IP address assignments for your blueprint deployments.

In this integration use case, you use an existing IPAM provider package, in this case its an Infoblox package, and an existing running vRealize Automation environment to build a provider-specific IPAM integration point.

You configure an existing network and create a network profile to support IP address allocation from the external IPAM provider. Finally, you create a blueprint that is matched to the network and network profile and deploy networked machines using IP values obtained from the external IPAM provider.


The Infoblox IPAM Plug-in allows us to easily integrate vRealize Automation 8.1 and vRealize Automation Cloud with the Infoblox DDI appliance.

One of the main features of Using Infoblox DDI, is that it allows IT Teams to consolidate DNS, DHCP and IP address management into a single platform, deployed on-site and managed from a common console.

The Infoblox IPAM plugin 1.1 for vRealize Automation 8.1 integration allows us to use the IP address allocation and DNS record creation and deletion with our Cloud Assembly or Service Broker deployments.

The plugin is available on the VMware Solution Exchange and uses (ABX) Action Based Extensibility to retrieve IP data from the Infoblox grid as well as update the grid with DNS host records and other data for the deployed virtual machines (VM) and networks.


  • vSphere private cloud
  • vRealize Automation 8.1
  • Infoblox NIOS or vNIOS appliance with minimum WAPI 2.7 version
  • Infoblox grid is configured for IPAM and DNS
  • A good place to work and an ice cold beer.

In this video blog we are going to go through all the steps required to install, configure, and use the Infoblox IPAM plugin 1.1 for vRA 8.1 / vRA Cloud.

Let’s get started, Eh!

Important Notes

  • The vRA 8.1 Infoblox IPAM plug-in v1.1 is currently managed by VMware. The plug-in is not officially supported by Infoblox currently but Infoblox is actively working towards certifying / providing support for this plugin.
  • Plugin functionality is currently limited to IP address allocation/de-allocation, network creation/deletion, and DNS record creation/deletion.
  • If you happen to use a signed certificate on Infoblox ( Self-Signed Cert Shouldn’t have this issue ),  You may encounter the following error Unable to validate the provided access credentials: Failed to validate credentials” knowing for sure that your credentials are correct, you might have an Infoblox certificate issue. To fix that you can check my colleague Dennis Derks blog here .
  • If you use custom DNS views in Infoblox (internal, external, etc.) then some additional configuration is required that’s not easily identified. To fix that check this blog here

If you have any comments please leave it in the comment section of either the blog here or in the you-tube video comment section, please hit the like button if you liked the video.

To stay up to date with my latest blogs and videos, make sure to follow my blog site and do subscribe to my YouTube channel VMwareLab and smash that notification bell.

The End, Eh!

Automation and Orchestration CAS Infoblox IPAM vRA Blueprints vRealize Automation

vRealize Automation 8.1 Multi-Tenancy Setup with vRealize Suite Lifecycle Manager 8.1

Today VMware is releasing VMware vRealize Automation 8.1 , the latest release of VMware’s industry-leading, modern infrastructure automation platform.

This release delivers new and enhanced capabilities to enable IT/Cloud admins, DevOps admins, and SREs to further accelerate their on-going datacenter infrastructure modernization and cloud migration initiatives, focused on the following key use cases:

  • Self-service hybrid cloud, multi-cloud automation, infrastructure DevOps, and Kubernetes infrastructure automation.
  • vRealize Automation 8.1 supports the latest release of VMware Cloud Foundation 4.0 to enable self-service automation and infrastructure DevOps for VMware Cloud-based private and hybrid clouds.
  • Integration with vSphere 7.0 with Kubernetes to automate Kubernetes supervisor cluster and namespace management.

But wait there is more…

We are also releasing VMware vRealize Suite Lifecycle Manager 8.1, the latest release of the lifecycle management and automation platform for VMware vRealize Suite.

vRealize Suite Lifecycle Manager delivers a comprehensive, integrated product and content lifecycle management solution for vRealize Suite, helping customers to speed up deployments and updates, optimize and automate ongoing product and content management, and apply Day 0 to Day 2 operational best practices across all components of vRealize Suite.

Some of the other new enhancements we are introducing in vRSLCM 8.1 are :

  • Product references : Product details page will have now a new tab listing all inter-product integration(s).
  • Inventory Sync : Provided now on the environment level to trigger the sync on all products within the managed environment instead of triggering it on every product which we can still do if we want to Sync one product.
  • Global Environment vIDM Day 2 actions : The global environment vIDM View Details page will have now the Trigger Cluster Health, Power On and Power Off Day 2 Operations for single and cluster vIDM Deployment.
  • All Products Day 2 actions : All products under environments will have now Re-Trust With Identity Manager ( Whenever vIDM Certificate Changes ) and  Re-Register With Identity Manager (Whenever vIDM FQDN Changes )Day 2 Operations.

In this vBlog I’m covering vRealize Automation Multi-Tenancy, its requirement and the setup workflow you need to follow for enabling dedicated infrastructure multi-tenancy for vRealize Automation 8.1, leveraging vRealize Suite Lifecycle Manager 8.1 which offers our customers more flexibility, control and security around tenant management.

Let’s get started, Eh!

Important Notes

  • Certificate update/replace operation. A change in vIDM certificate requires re-trust of vIDM certificate on all products/services currently integrated with it. While updating certificate, user(s) are provided with an option to choose all currently referenced products to opt-in for re-trust.
  • Enabling tenancy. Once tenancy is enabled, vIDM can be accessed only through tenant FQDNs. All existing products/services currently integrated with vIDM must go for a re-register of vIDM against its master tenant alias FQDN. While enabling tenancy, user(s) are provided option to choose all currently referenced products to opt-in for re-register.

Please be aware that there is a typo on the Cluster deployment slide within the vRA Certificate hostname section in the video at 10:55 elapsed time , so here is the corrected version 

If you have any comments please leave it in the comment section of either the blog here or in the youtube video comment section, please hit the like button if you liked the video.

To stay up to date with my latest blogs and videos, make sure to follow my blog site and do subscribe to my YouTube channel VMwareLab and smash that notification bell.

The End, Eh!

Automation and Orchestration Uncategorized vRealize Automation vRealize Suite vRealize Suite Lifecycle Manager

How to Deploy vRA 8.0.1 while dealing with the Built-in containers root password expiration, preventing installations for vRealize Automation 8.0 and 8.0.1

Let’s get into it right away.

A few weeks ago the 90 days account expiry from vRealize Automation 8.0 and 8.0.1 GA releases has been exceeded for both the Postgres and Orchestrator services which runs today as Kubernetes pods.

This issue is resolved in vRealize Automation 8.1 which is soon to be released as of the writing of this post. ( Generally available in 1H20 ).

This issue is also resolved in Cumulative Update for vRealize Automation 8.0.1 HF1/HF2 so if you already installed the HF1 patch a while ago and before the account expiry, you have nothing to worry about.

But what about existing deployments that was not updated with HF1 or HF2 as of yet or net new deployments of vRealize Automation 8.0/8.0.1 and how they may be impacted by this issue. In this blog I address those scenarios in terms of what needs to be done to continue benefiting from everything the automation solution have to offer today and/or have a successful deployment when you do choose to deploy the vRealize Automation 8.0.1 solution until vRealize Automation 8.1 is released then you really don’t have to worry about any of this.

So let’s get started eh!.

Existing Deployments

For existing vRA 8.0 or 8.0.1 customers with active working instances, you have two options before you can reboot the appliance or restart the vRA services:

Option 1

Apply the workaround mentioned in KB 78235 and stay at vRA 8.0.1.

Scenario 1 : vRealize Automation 8.0/8.0.1 is up and running

  1. SSH into each of the nodes
  2. Execute vracli cluster exec -- bash -c 'echo -e "FROM vco_private:latest\nRUN sed -i s/root:.*/root:x:18135:0:99999:7:::/g /etc/shadow\nRUN sed -i s/vco:.*/vco:x:18135:0:99999:7:::/g /etc/shadow" | docker build - -t vco_private:latest'
  3. Execute vracli cluster exec -- bash -c 'echo -e "FROM db-image_private:latest\nRUN sed -i s/root:.*/root:x:18135:0:99999:7:::/g /etc/shadow\nRUN sed -i s/postgres:.*/postgres:x:18135:0:99999:7:::/g /etc/shadow" | docker build - -t db-image_private:latest'
  4. Execute opt/scripts/backup_docker_images.sh to persist the new changes through reboots.

Scenario 2 : vRealize Automation 8.0/8.0.1 is already down as a result.

  1. SSH into each of the nodes
  2. Run opt/scripts/deploy.sh --onlyClean on a single vRA node to shutdown the services safely.
  3. Once completed, Repeat step 2 through 4 in Option 1 – > Scenario 1
  4. Run /opt/scripts/deploy.sh to start the services up.

Option 2

Apply the vRealize Automation 8.0.1 HF1 or HF2  with vRealize Lifecycle Manager 8.0.1 patch 1

Scenario 1 : vRealize Automation 8.0/8.0.1 is up and running

It is recommended to install vRealize Suite Lifecycle Manager 8.0.1 patch 1 before vRealize Automation 8.0.1 patch 1. The vRealize Suite Lifecycle Manager 8.0.1 Patch 1 contains a fix for some intermittent delays in submitting the patch request.

Apply vRealize Automation 8.0.1 patch 1 leveraging vRealize Lifecycle manager 8.0.1 Patch 1.

Scenario 2 : vRealize Automation 8.0/8.0.1 is already down as a result.

  1. SSH into each of the nodes
  2. Run /opt/scripts/deploy.sh --onlyClean on a single vRA node to shutdown the services safely.
  3. Once completed, Repeat step 2 through 4 in Option 1 – > Scenario 1
  4. Run /opt/scripts/deploy.sh to start the services back.Apply vRealize
  5. Apply Automation 8.0.1 patch 1 leveraging vRealize Lifecycle manager 8.0.1 Patch 1

Note: We highly recommend to be always on the more recent builds and patches.

New Deployments

If you need a video tutorial on how to install vRealize Automation 8.x check either my Youtube video on how to deploy vRA 8.x with vRealize Easy Installer here or my previous blog post here which also include the video.

Please subscribe and smash that tiny notification bill to get notified of any new and upcoming videos if you do check my Youtube channel.

Now that is out of the way , for new deployments of 8.0.1 and until 8.1 is released where the issue is resolved, it is really very simple.

Once you see that vRA 8.0.1 is deployed via vRealize suite lifecycle manager 8.0.1 and that its now reachable via the network, do the following:

  1. SSH into the vRA node
  2. Execute Kubectl get pods -n prelude to see if vRA started to deploy a few of the services in the prelude namespace.
  3. Once confirmed proceed to step 4
  4. Execute vracli cluster exec -- bash -c 'echo -e "FROM vco_private:latest\nRUN sed -i s/root:.*/root:x:18135:0:99999:7:::/g /etc/shadow\nRUN sed -i s/vco:.*/vco:x:18135:0:99999:7:::/g /etc/shadow" | docker build - -t vco_private:latest'
  5. Execute vracli cluster exec -- bash -c 'echo -e "FROM db-image_private:latest\nRUN sed -i s/root:.*/root:x:18135:0:99999:7:::/g /etc/shadow\nRUN sed -i s/postgres:.*/postgres:x:18135:0:99999:7:::/g /etc/shadow" | docker build - -t db-image_private:latest'
  6. Execute opt/scripts/backup_docker_images.sh to persist the new changes through reboots.
  7. Keep checking the status of the pods by continually running and executing Kubectl get pods -n preludeuntil all the pods are up and running.

If your only installing one appliance and you noticed that the vco-app pod status is CrashLoopBackOff 


You will need to delete the pod so a new one gets provisioned from the newly updated docker build that we generated in step 4 by executing the following below command.

kubectl delete pods -n prelude vco-app-pod-name

If your installing a cluster and since we can’t simply delete the postgres pod to fix it –So the other postgres instances on the remaining nodes are able to replicate data-otherwise other services that depends on postgres will also fail so its better to just shutdown all the services on each of the nodes and doing the following:

  1. SSH into the vRA node
  2. Execute Kubectl get pods -n prelude to see if vRA started to deploy a few of the services in the prelude namespace.
  3. Execute /opt/scripts/deploy.sh --onlyClean on each of the nodes to stop the services.
  4. Once completed execute the workaround repeating step 4 through 6
  5. Run /opt/scripts/deploy.shon each of the nodes to start the services up.

Once your appliance or cluster is up and running apply the vRealize Automation 8.0.1 HF1 or HF2. ( Soon to be also released ) as I mentioned above in Option 2 for Existing Deployment.

If you have already one appliance with HF1 you can’t scale out to create a cluster since the original image is not patched with HF1. So unfortunately you have to wait a couple more weeks until 8.1 is out, where then you can upgrade then scale out your deployment to create a cluster production ready deployment.

If you do have any questions please post them below. I will try my best to have them answered.

Hope this has been hopeful if you have made it to the end.

The End Eh!

Automation and Orchestration vRealize Automation

vSphere Customization with Cloud-init While Using vRealize Automation 8 or Cloud.

After spending an enormous amount of time, which I think started somewhere in the summer of last year to get vSphere Customization to work with Cloud-init while using vRealize Automation 8 or vRealize Automation Cloud as the automation platform to provision virtual machine deployments and install, configure the applications running on it.

I finally have a workaround that I can say is guaranteed to work every single time, until something better comes along that would help with the vSphere customization and cloud-init conflict during startup.

With some out-of-the-box thinking, I was able to use IP static assignment ( assignment: static ) within the vRA blueprints to leverage the IP Static pool and the network metadata that we define in vRA via Network Profiles for the targeted networks we want to connect to, while using cloud-init with Ubuntu 16.04, Ubuntu 18.04 and Ubuntu 20.04 for now, but the principle should be the same for other Linux distributions, even though it seems that RHEL is the only OS today that just works provided traditional Guest OS Customization GOSC is being set in cloud-init.

Update ( 26/04/2022)  If you trying to use cloud-init with Ubuntu 20 .. Please be aware of this KB as without its resolution, cloud-init will not be able to use the OVF as a datasource therefore userdata will not be passed to the VM when using Cloud-Config in vRealize Automation VMware Cloud Template.

Note: The will also work if you were to use DHCP IP Assignment.

Hoping this was worth the time, I am documenting in this blog the step by step instructions on how to prepare your vSphere templates while leveraging cloud-init,  in addition to for your own reference, a list of all the internet available resources that I looked at while doing my research.

I will also have a video added to the blog later that showcases going through the entire template preparation and also demo after that a typical vRA 8 deployment using static IP assignment while leveraging cloud-init to install selected packages per machine component and execute various commands to setup an application.

I still say that this shouldn’t be that hard for our customers to setup and hopefully Software Component like I mentioned would save us all from all this complexity, of-course this is beside the fact that you still can do this via various configuration management tools such as Ansible and puppet which by the way vRealize Automation 8 and cloud integrate with today out-of-the-box.

In a high level when the virtual machine first boots up and gets rebooted to be customized due to the dynamic vCenter customization specs that gets created based on the fact we are using the assignment static property ( assignment: static ) within the blueprint code as you see in the screenshot below, I am making sure that during that time, Cloud-init is in a disabled state.


After the customization reboot the virtual machine once, there is a Cron Job that I created on the template that execute at startup after a 90 sec of sleep which is enough time for the virtual machine to be customized, rebooted and connected to the network without running the Cron Job as of yet. After the initial reboot and pass the 90sec mark now the Cron Job execute a shell script that enables cloud-init and initializes it running all the needed cloud-init modules. ( init, Config and Final)

Note: Feel free to increase the 90 sec if you feel you need more time as the virtual machine being customized. 

The End result, the virtual machine is now customized with an updated host-name and an IP from our targeted static IP pool configured for the network its connected to without having to hack the Cloud Config code any further to setup things like the host-name or even configure the network itself, and more importantly without conflicting with cloud-init which what the problem was all along.

Let’s get started, Eh!

  • Build a new Ubuntu 16.04 or 18.04 virtual machine from the certified ISO
  • Once the virtual machine is up and running update the list of available packages and install any new available version of these packages that you have to update your template
sudo apt-get update && sudo apt-get -y upgrade
  • Install Cloud-init for Ubuntu 16.04. Ubuntu 18.04 have cloud-init pre-installed so you can skip this step
sudo apt-get -y install cloud-init
  • Configure OVF as your Datasource, then save and exit
sudo dpkg-reconfigure cloud-init
  • Enable traditional Guest OS Customization GOSC Script by editing /etc/cloud/cloud.cfg file and adding
disable_vmware_customization: true
  • Ensure network configuration is disabled in /etc/cloud/cloud.cfg, by adding or un-hashing the following if it exists:

If a cloud-init network config is not found and no disable option is specified then cloud-init will default to a fallback behavior which is to use DHCP if you happen to reboot the server.

By specifying the “disabled” option we are telling cloud-init not to try and do anything with the network on each subsequent startup which allows the guest OS to use the config that was originally applied to the machine on first run.

  • Set Temp not to clear, by editing /usr/lib/tmpfiles.d/tmp.conf  and adding the prefix # to line 11.
#D /tmp 1777 root root -
  • Configure Open-vm-tools to start after dbus.service by editing /lib/systemd/system/open-vm-tools.service file and adding the following under the [Unit] section.
  • Reduce the raise network interface time to 1 min by editing /etc/systemd/system/network-online.targets.wants/networking.service file and changing: ( This not applicable on Ubuntu 18.04 )
TimeoutStartSec=5min to TimeoutStartSec=1min
  • Disable cloud-init on First Boot and until customization is complete by creating this file /etc/cloud/cloud-init.disabled
sudo touch /etc/cloud/cloud-init.disabled
  • Create a script your_script.sh in a known location that will be called by a Cron Job that will create later to enable and initialize cloud-init after the customization reboot. The script should contain the following commands:
sudo rm -rf /etc/cloud/cloud-init.disabled
sudo cloud-init init
sudo sleep 20
sudo cloud-init modules --mode config
sleep 20
sudo cloud-init modules --mode final
sudo touch /tmp/cloud-init.complete
crontab -r 
  • Configure the script to be an executable
sudo chmod +x your_script.sh
  • Create a Cron Job that will run after 90 sec of sleep at boot by typing crontab -e and entering the following:
@reboot ( sleep 90 ; sudo sh /Script_path/your_script.sh )
  • Copy the content below for the Template Cleaning script and create your_clean_script.sh. You can replace cloudadmin with your own user that you setup when you installed the Ubuntu OS

# Add usernames to add to /etc/sudoers for passwordless sudo
users=("ubuntu" "cloudadmin")

for user in "${users[@]}"
cat /etc/sudoers | grep ^$user
if [ $RC != 0 ]; then
bash -c "echo \"$user ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers"

#grab Ubuntu Codename
codename="$(lsb_release -c | awk {'print $2}')"

#Stop services for cleanup
service rsyslog stop

#clear audit logs
if [ -f /var/log/audit/audit.log ]; then
cat /dev/null > /var/log/audit/audit.log
if [ -f /var/log/wtmp ]; then
cat /dev/null > /var/log/wtmp
if [ -f /var/log/lastlog ]; then
cat /dev/null > /var/log/lastlog

#cleanup persistent udev rules
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
rm /etc/udev/rules.d/70-persistent-net.rules

#cleanup /tmp directories
rm -rf /tmp/*
rm -rf /var/tmp/*

#cleanup current ssh keys
#rm -f /etc/ssh/ssh_host_*

#cat /dev/null > /etc/hostname

#cleanup apt
apt-get clean

#Clean Machine ID

truncate -s 0 /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id

#Clean Cloud-init
cloud-init clean --logs --seed

#cleanup shell history
history -w
history -c
  • Configure the Template Cleaning script to be an executable as well
sudo chmod +x your_clean_script.sh
  • Execute the Template Cleaning Script.
sudo ./Script_path/your_clean_script.sh
  • Shutdown the virtual machine and turn it into a template.
Shutdown -h now

Note : Just be aware that the cron job might run if you try to update the template for any reason . So make sure if you do pass 90 sec while doing your change is to re-add the /etc/cloud/cloud-init.disabled file and then re-execute the clean up script again before shutting down the template . if you don’t, cloud-init will execute on first boot and you will get the vm customization but your cloud config code wont be applied

Click To See It All In Action On my YouTube Channel !

I have scripts on github that your welcome to download or fork where you can apply on a base image once its build to prepare it for cloud-init use

There are 4 scripts that you can execute on base CentOs/RHEL or Ubuntu to install cloud-init and configure the image template to work with vSphere customization with DHCP or IP Static assignments

There are two files for each of the linux distro, the ones with a myblog at the end of the file name uses a cron job approach that I used in my blog and the one without, uses a custom runonce service approach that we create instead of using a cron job. Both works but at the end these are two different approaches , your welcome to use which ever one you prefer.

The script will also create both the runonce and clean scripts in the /etc/cloud folder before it runs them at the end before shutting down the VM and then you manually converting it to a template.

Important Note:

Make sure after doing a git clone to Convert Windows-style line endings to Unix-style to remove any carriage return character, otherwise you will get an error like this when you try to execute the script :

“Bash script and /bin/bash^M: bad interpreter: No such file or directory [duplicate]”

Though there are some tools (e.g. dos2unix) available to convert between DOS/Windows (\r\n) and Unix (\n) line endings, you’d sometimes like to solve this rather simple task with tools available on any Linux box you connect to. So, here are an example how to use the sed command to do that quickly:

sed -i -e 's/\r$//' scriptname.sh

Happy Template Building! Please share!

The End Eh!


https://ubuntu.com/engage/cloud-init-whitepaper https://debconf17.debconf.org/talks/164/ https://cloudinit.readthedocs.io/en/latest/ https://events.linuxfoundation.org/wp-content/uploads/2017/12/Cloud-init-The-cross-cloud-magic-sauce_Smith_moser.pdf https://www.youtube.com/watch?v=RHVhIWifVqU https://www.youtube.com/watch?v=y8WA1BUlT-Q https://linuxtechlab.com/executing-commands-scripts-at-reboot/ https://blogs.vmware.com/management/2019/02/building-a-cas-ready-ubuntu-template-for-vsphere.html http://kb.vmware.com/s/article/56409 https://kb.vmware.com/s/article/59687 http://kb.vmware.com/s/article/59557 http://kb.vmware.com/s/article/2378666 https://blah.cloud/infrastructure/using-cloud-init-for-vm-templating-on-vsphere/ http://ubuntu.com/blog/cloud-init-v-18-2-cli-subcommands http://lucd.info/2019/12/06/cloud-init-part-1-the-basics/

Blueprinting Cloud Automation Services Cloud-init vRA Blueprints vRealize Automation vSphere Customization

Part 3: vRealize Automation 8.0 Deployment with vRealize Suite Lifecycle Manager 8.0

In Part 2 of my vRealize Automation 8.0 blog video series, we have upgraded vRealize Lifecycle Manager 2.1 to 8.0 by performing a side by side migration leveraging the vRealize Easy Installer while importing the management of both VMware Identity manager 3.3.0 and the vRealize Suite 2018 environment.

In this blog video we will be using vRealize Lifecycle Manager 8.0 to deploy vRealize Automation 8.0 in a new environment.

Now as for requirements you will need :

  1. vRealize Lifecycle Manager 8.0
  2. VMware Identity Manager 3.3.1
  3. A new Hostname, IP Address and a DNS record for the new vRA 8.0 appliance that the vRealize Suite Lifecycle Manager 8.0 will be creating.
  4. Product Mapping is set with the install and upgrade binaries for the new vRealize Suite 2019 Products.


Deployment Workflow


Please note that the installation process in the video after hitting submit is fast forwarded.

The End, Eh!

Automation and Orchestration vRealize Automation vRealize Suite vRealize Suite Lifecycle Manager

Part 2: Migration of vRSLCM 2.x Version to vRealize Suite Lifecycle Manager 8.0

If you happen to have an existing vRSLCM 2.x and vIDM 3.3.0 in your environment then you will need the vRealize Easy Installer to migrate your existing vRSLCM 2.x instance to vRSLCM 8.0.

Once your migration to vRSLCM 8.0 is completed you can upgrade your vIDM instance to 3.3.1 since its a requirement before you can install vRealize Automation 8.0 with vRealize Lifecycle Manager 8.0

Again as a reminder vRealize Automation 8.0 is installed, configured, managed and upgraded only through vRealize Suite Lifecycle Manager 8.0

Now as for requirements you will need :

  1. A new Hostname, IP Address and a DNS record for the new vRSLCM 8.0 appliance that the vRealize Easy Installer will be creating.
  2. To make sure that the password for the sshuser on the existing vIDM appliance is not expired.
  3. To enable root access for SSH on the existing vIDM appliance following VMware KB 2047626
  4. To Download the install and upgrade binaries for vRealize Suite 2019
  5. To Make sure you have enough storage on the new vRSLCM 8.0 appliance.

Migration Workflow

migration flow

Please note that the installation process in the video after hitting submit is fast forwarded.

NOTE (vIDM Upgrade Support )  :

  • Green-field vRealize Suite Lifecycle Manager 8.0 supports only 3.3.1 version of VMware Identity Manager to be installed or imported.
  • Older versions (2.9.2, 3.2.0, & 3.3.0) of VMware Identity Manager will be supported only for existing vRealize Suite Lifecycle Manager instances that are being migrated to vRealize Suite Lifecycle Manager 8.0.
  • Upgrade support from older VMware Identity Manger to latest is only available if they conform to vRealize Suite Lifecycle Manager supported form-factor.
  • Versions prior to vRealize Suite Lifecycle Manager 8.0 allowed only single instance of VMware Identity Manager to be deployed with embedded connector and embedded postgresql database.
  • Upgrade for VMware Identity Manager within vRealize Suite Lifecycle Manager 8.0 to latest versions will only be supported if it conforms to the above mentioned form-factor.

Else the upgrade has to be performed outside vRealize Suite Lifecycle Manager and Once upgraded, it can any-time be re-imported by triggering Inventory Sync in vRealize Suite Lifecycle Manager 8.0


The End, Eh!

Helpful Links You Might Need

Resetting the admin@localhost password in vRealize Suite Lifecycle Manager

Restting root password on photon OS

vRealize Automation vRealize Suite Lifecycle Manager

Part 1: vRealize Automation 8.0 Simple Deployment with vRealize Easy Installer

On October 17th, 2019 VMware announced the next major release of vRealize Automation. it uses a modern Kubernetes based micro-services architecture and brings vRA cloud capabilities to the on-premises form factor.

What’s New

The many benefits of vRA 8.0 include:

  • Modern Platform using Kubernetes based micro-services architecture that provides
  • Easy to setup and consume multi-cloud infrastructure surface
  • Embedded vRO 8.0 Web Client and Orchestrator’s new release features
  • Deliver Infrastructure-as-Code using a declarative YAML syntax
  • Cloud Agnostic Blueprints
  • Iterative development of Blueprints
  • Self-service catalog coupled with agile governance
  • Collaboration across teams via sharing of objects
  • Kubernetes/container management
  • Deploy IPv6 workloads on dual-stack IP (IPv4/ IPv6) networks in vSphere
  • CI/CD pipeline and automated application release management
  • New Action based extensibility (ABX), which allows you to write lightweight scripts, using node.js and python.
  • Git Integration to manage all blueprints, workflows, actions and pipelines.

For more information, kindly refer to the Release Notes

vRealize Automation 8.0 is installed, configured, managed and upgraded only through vRealize Suite Lifecycle Manager 8.0 .

In the video posted below, I’am going to provide the step-by-step process of using the vRealize Easy Installer to :

  • Install vRealize Suite Lifecycle Manager 8.0
  • Deploy VMware Identity Manager 3.3.1 and register with vRealize Automation.
  • Install new instance of vRealize Automation 8.0


Installation Workflow

installer workflow

Please note that the installation process in the video after hitting submit is fast forwarded.

The End, Eh!

Automation and Orchestration vRealize Automation

vRealize Automation Extensibility Starts with SovLabs Plug-in – Part 1

When you start looking at vRealize Automation extensibility and how you can integrate it into your own datacenter ecosystem or how you can accommodate certain extensibility use cases like provisioning workloads with custom host names based on a business logic or as simple as running scripts or attaching tags post provisioning, you usually have 3 options :

  1. You can do it yourself. (High Time To Value, Local Skill Set)
  2. You can use Professional Services. ( High Time To Value , Expensive )
  3. You can use SovLabs Extensibility Frame work. (Instant Value, Production ready, Fully Supported, Off the shelf extensibility content and a Fraction of vRA cost)

SovLabs provides one common framework for extending VMware vRealize Automation (vRA) where you can replace custom orchestration workflow development with ready-to-run extensibility software. It brings extensibility into the SDDC framework where its :

  • Managed as a native component of the SDDC directly from vRA
  • Interoperable with latest releases and versions of vRA and endpoints
  • Prescriptive, each module comes ready to run.
  • Flexible, easy to modify without touching a single line of code
  • Enterprise support ( Production ready and Scalable )

In this blog we will explore, in two parts :

  • Part 1: How to install the Sovlabs Plug-in
  • Part 2: How to configure basic Sovlabs Modules like:
    • Custom Naming
    • Microsoft Active Directory
    • Microsoft DNS
    • Property toolkit
    • VM Tagging
    • ServiceNow CMDB


Part 1 : Installing Sovlabs Plug-in 2018.3.0

Here we will be doing a new install but before we do that we need to address a few prerequisites around vRA and vRO, so please read carefully :

vRA Prerequisites 

  • A Working instance of vRealize Automation 7.5 where you have successfully provisioned a VM from vRA using a blueprint.
  • Keep things simple according to the Sovlabs documentation by not using spaces or camel-casing for Tenant name, Users, Group Names or Business Groups. Not sure if thats the case for my vRA instance in my lab since its already setup but we shall see!
  • For Clustered vRA and/or vRO, load balancing is configured to VMware’s documentation. this is not our case here but for more details check the SovLabs documentation here HA and vRA with SovLabs.

Assuming you know your way around vRealize Automation you need to have the following:

Service Account User

  • You can create or use a local vRA user for the ownership of the SovLabs Endpoints, Profiles, and Services as well as connectivity into vRO to run workflows. your can create for example a new user called sov_admin but in our case we will be using the configurationadmin local user as a Service Account User, that got created during the content creation at the end of the vRA deployment.
  • Make sure the Service Account User has the following roles in vRA :  IaaS Administrator, Tenant Administrator, XaaS Architect.



vRA Custom Group

  • Create a Custom Group in vRA for the ownership of the SovLabs Endpoints, Profiles, and Services as well as connectivity into vRO to run workflows called sov_admins for example and make the configurationadmin Service Account User a member of this group.
  • Grant the sov_admins Custom Group both the Tenant Administrator and XaaS Architect Roles during the creating of the vRA custom group


  • Make sure that the Custom group sov_admins also have the IaaS Administrator role in addition to what we entitled it in the pervious step.


vRA Business Group

  • Login as the Service Account User configurationadmin@vsphere.local
  • Create or use a SovLabs specific vRA Business Group for allowing entitlements and ownership of SovLabs content to be confined to its own group. in our case we will be leveraging the Configuration Administrators Business Group, that got created during the content creation at the end of the vRA deployment.
  • Make sure to add the Sov_admins Custom Group to the Group Manger Role field within the Configuration Administrator Business Group.


vRO Prerequisites

  • vRO is already Setup and configured .
  • vRO may be embedded (recommended) like in our instance here or it can be also external. You can refere to VMware’s Install and Configure document.
  • vRO is Setup as an Endpoint in vRA, so click on the Infrastructure tab > Endpoints > Endpoints > Orchestration > vRealize Orchestrator to add your embedded or external vRO endpoint in vRA.


Modify Files and Set Permissions

  • Modify vmo.properties and js-io-rights files and set permissions. To do that SovLabs provides an script you can download from here called sov_vro_config.sh to automate the modification of those two files and it also creates the krb5.conf file for Kerberos Authentication.
  • Copy the sov_vro_config.sh script to your vRA/vRO appliance since we are using the embedded vRO, its actually the same appliance.
  • Make the script executable by executing the following command then execute the script and follow the instructions.
chmod +x sov_vro_config.sh
  • Restart the vRO service by executing the command
service vco-server restart

Create vRO vRA Host

  • Create vRO vRA Host via vRO Workflow as the default vRA host will not work fr the SovLabs plug-in. The vRA Host must be Shared Session mode and since we are using vsphere.local as our default and only tenant, the name to use for vRA host endpoint should begin with sovlabs_
  • Login to vRO using the vRO client and switch to the Design Mode


  • In the Workflows tab, go to: Library > vRealize Automation> Configuration > Add a vRA Host
  • Right-click the workflow and click Start workflow and fill out the form:


  • Click Next in the form wizard


  • Click Submit in the form wizard
  • New Inventory item for the vRA Host will be in the Inventory tab in the vRO client.


Create vRO vRA IaaS Host

  • Back in the Workflows tab in the vRO Client, go to: Library > vRealize Automation> Configuration > Add an Iaas host of a vRA Host
  • Right-click the workflow and click Start workflow and fill out the form:
  • Choose the vRA host in the list that we created in the previous step



  • Click Next for Host Properties and accept the defaults. The fields should all be auto-filled


  • Click Next for Proxy settings


  • Click Next for User credentials. Since we are using the embedded vRO, we will be selecting SSO and click Submit


  • New Inventory item for the vRA IaaS Host will be in the Inventory tab in the vRO client. You may need to refresh the vRO Client


Installing the SovLabs Plugin

  • Assuming your already download the SovLabs plugin along with the license key  provided to you in an email from SovLabs its time to install the plugin.
  • Login to the vRO Control Center as user root https://%5BvRO-FQDN%5D:8283/vco-controlcenter/ .  Make sure that the Orchestrator user interface is started and running.


  • Click on the Manage Plug-Ins icon


  • In the Install plug-in section, browse for the SovLabs Plugin file (o11nplugin-sovlabs.vmoapp)
  • Click Upload


  • Accept the EULA and click on Install



  • Restart the vRO Server or wait for the server to restart on its own
    • On the Home page, click on the Startup Options icon and click on Restart
    • Optionally, SSH to the vRO appliance and type in: service vco-server restart
  • Click on theManage Plug-Ins icon and Verify that the SovLabs Plugin is listed among the installed vRO plugins


  • Restart vRA

Configure the SovLabs Plugin

  • Login to vRO using the vRO client and switch to the Design Mode if you haven’t already.
  • In the Workflows tab, go to SovLabs > Configuration folder and expand it.
  • Right-click on the SovLabs Configuration workflow and click Start Workflow.
  • Accept the EULA by selecting Yes and click Next


  • Under the Service and Content :
    • Choose the appropriate tenant = vsphere.local
    • Choose the SovLabs Business Group= Configuration AdministratorsRemember Earlier I mentioned that will  be using this BG for SovLabs
    • Select Yes to Create SovLabs vRA Catalog serviece
    • Choose the SovLabs vRA Custom Group we created earlier, that will be your security group = sov_admins@vsphere.local
    • Select Yes to Publish License Content
    • Click Next


  • In the Upgrade Options section of the form: Select No and click NextSince this isn’t an upgrade
  • In the Install/Update SovLabs Workflow Subscriptions section of the form: Select Yes. This will create all the needed Event Broker Subscriptions in vRA
  • Click Submit
  • Once completed you should see green check on SovLabs Configuration Workflow and for both its Sub Workflowsblog9

Add SovLabs Latest License

For the SovLabs latest Plugin to works it needs a 2018.x.x license key. Here are the steps to add the License Key

  • Login to the desired vRA tenant which is in our case is vSphere.local and login using the Service Account User configurationadmin@vsphere.local

Totally Optionals  :

    • In my case and because I want to continue to use my main account cloudadmin@vmwlab.local user, I simply granted the User Role to the cloudadmin user in the Configuration Administrators Business Group
    • Then added the Cloudadmin user in the SovLabs vRA Extensibility Modules Entitlement created  by the SovLabs plugin.
  • Now that I have access I can Click on the Catalog tab, then Click on the catalog item Add License – SovLabs Modules


  • Click Request and Copy and paste the provided license key and click SUBMIT


Note : The Screenshot shows a fraction of the license key, not the entire license key.  🙂

  • You can Monitor your In Progress request in the Deployments Tab


  • After the license is successfully added, SovLabs Catalog Items and SovLabs vRA Event Broker Subscriptions will appear/generate.


Thank you very much if you have made it this far, in part two will touch on How to configure basic Sovlabs Modules like:

  • Custom Naming
  • Microsoft Active Directory
  • Microsoft DNS
  • Property toolkit
  • VM Tagging
  • ServiceNow CMDB

Please feel free to comment or provide feedback

The End of Part 1 Eh!

Automation and Orchestration Extensibility vRealize Automation

Installing and Configuring the vRealize Automation 7.5 (vRA 7.5) ITSM 5.0 / 5.1 Plug-in for ServiceNow

A  new VMware vRealize Automation plugin 5.0 was released on November 2nd on the VMware market Place Link for Servicenow that provides an out of the box integration between the Servicenow portal and vRealize Automation 7.5 catalog and governance model. It enables ServiceNow users to deploy virtual machines using vRA 7.5 and perform basic ServiceNow day 2 operations on their CMDB assets.

Update : There is now an updated version of the ITSM plug-in 5.1 that was released right after and currently available on the VMware Market Place Link

Key Features

  • Enables ServiceNow to integrate vRealize Automation 7.5 with ServiceNow platform and provide the ability for ServiceNow users to access the vRA catalogs, resources within ServiceNow.
  • The integration will allow end users to Request vRA catalog items from ServiceNow portal.
  • The plugin will fetch categories, catalog items and resource data from vRA platform and extend ServiceNow functionality to be able to render vRA catalog items into ServiceNow dynamically and manage vRA resources.
  • Day2 operation actions performed in ServiceNow CMDB will be updated back to vRA platform by giving API calls to vRA.
  • The plug-in supports vSphere, Amazon, Azure, and XaaS virtual machine provisioning, including formless and form based day 2 operations

In addition to all the above generic key Features, the ITSM 5.0 plug-ing includes fixes and new features such as :

  • Easier plug-in configuration through service account and Servicenow based RBAC and Entitlements
  • Multi-vRA support
  • Day 2 operations Enhancements
  • vRealize Business field support
  • ADFS or SSO setup are not required
  • Improve Login process for ServiceNow users with seamless authentication/entitlement model
  • Does not require end user access to internal vRA portal
  • Fully supported by VMware Global Services Support – GSS

In this blog we will take a look at how to deploy and configure the newly anticipated ITSM 5.0/ 5.1 Plug-in for vRealize Automation 7.5.

Update : Here are the fixes that were provided in the updated ITSM 5.1 plug-in:

  • Dynamic dependent drop-down fixes
  • Size, Image profile fixes
  • Disk fixes for null error
  • Token Encryption
  • Improved Entitlement Module
  • Access control fixes(ACL)
  • Duplicate catalog item form section fixes

In addition to this, there is scope change in V5.1 compared to V5.0 to avoid collision with V4.0.

So let’s get started, Eh!

Step 1: Prerequisites

The ITSM 5.0 plugin is targeted for vRealize Automation version 7.5. ITSM plugin interacts with vRealize automation using MID server. MID server is an IaaS component (deployed on prem – in the same network as vRA 7.5) having installed binaries provided by Service Now. For enabling the MID server component – Service now instance should be registered in MID server.

The ITSM 5.0 Plugin is compatible with the following ServiceNow releases (Jakarta, Kingston, London). After registering the vRA instance on Service now portal, data collection needs to be done to fetch all the required vRA contents (like Catalog).

Once the catalog is imported to Service now, a user can place requests from the catalog based on their entitlements.

You will need :

  • Download a copy of the ITSM Plugin 5.0 from VMware market place.
  • A ServiceNow Instance – Jakarta, Kingston orLondon release.
  • A MID Server established and connected to your ServiceNow Instance.

If your looking for how you can do that, please reference my pervious blog on ITSM 3.0 blog


  • A vRealize Automation 7.5 instance configured on prem where you have configured and tested  one or more blueprint deployments successfully.

Make the plug-in accessible from all application scopes

To do that we need to navigate to Script Includes by using the search from the left navigation menu. Then Selecting System Definition > Script Includes

Once you select the Script Includes, do a search for JSUtil on the right page for the Name field. Once you find the script Open it by clicking on it.


On the Accessible from drop-down, select All Application Scopes then select Update. Ensure that the changes are saved.


Enable Application Access on Tables

You must enable application access to certain tables for the plug-in to work. Repeat the following steps on all the Tables below to modify:

  1. user_criteria
  2. sc_category_user_criteria_mtom
  3. item_option_new
  4. catalog_script_client
  5. question_choice
  6. catalog_ui_policy
  7. catalog_ui_policy_action
  8. sc_cat_item_user_criteria_mtom
  9. sc_req_item
  10. sc_category

Option 1 : Procedure To Enable Application Access

  • Log in to ServiceNow as an administrator.
  • Search for System Definition  in the filter navigator and click Tables
  • Search for each table in the Name filter on the right.


  • Click on the Table Label under the Label column that matches the Table Name search you did. All the records are in the Global Application mode, you will need to click the option on the top of screen to edit the record. That is if your were still asked, usually you shouldn’t have to since we enabled Global access from all application scopes in the pervious step.
  • Click Application Access.
  • Select the can read, can create, can delete, and can update check boxes for each table.
  • Click Update and Repeat.


Option 2 : Procedure To Enable Application Access

You may find this way faster to update all the tables listed, please watch the video to do so. You will be adding .list at the end of the table name and using the Filter navigator to search for it

Step 2: Installing the ITSM 5.0 Plug-in

  • Log in to the ServiceNow portal as a system administrator.
  • Select System Update Sets > Retrieved Update Sets > then select Import Update Set from XML


Click Choose File on the dialog to choose the file to upload, and then select the VMware-vRealize-Automation-Application-ITSM-V5 file > Click Upload.


In the Retrieved Update Sets list, select the VMware vRealize Automation Application ITSM V5.0 update set in the Name column by clicking on it once its in a Loaded State.



Select Preview Update Set to validate the update set before committing it.


A dialog box confirms update set validation.


Click Close and review the errors

In my testing I was using the ServiceNow London Release so I encountered 4 errors as you can see in the screenshot below. From pervious experience I was told many times that these records existed in the instance where the plug-in was developed and thats why we are receiving these error during the validation since these records don’t really exist in our instance.

go ahead and click on Accept Remote Update on each of the errors.


If you are using the ServiceNow Jakarta release and ServiceNow displays the below error message, click Accept remote update as well.

"Could not find a record in sc_homepage_renderer for column homepage_renderer referenced in this update"

Once you have accepted all remote updates click Commit Update Set


A dialog box opens automatically after you click Commit Update Set while the commit action is in progress. When its done click the Close button when it appears to dismiss the dialog. It took 25 minutes to complete so please be patient.


From the left menu, Click Update log

The install is complete when a message appears stating Finished update load from database but you can continue on at this point as long as you can see that the state of the Plug-in Update Set is Committed.

To do that select Retrieved Update Sets in the left menu and verify that the update set has a status of Committed.


*  Important Note Only if your deploying the ITSM 5.0 plug-in 

After the installing is complete, search for Integration – vRealize Automation > then select Administration > System Properties 

On the System Properties page Search for the Name and Change the value of the x_vmw_vmware_vrasp.vrasn.group.assignment_group System Property to > d64ea542db920300435fd001cf961913

This is the sys_id of the group which is for approval of requests within ServiceNow. The value was wrongly captured in the 5.0 final build therefor it was documented to change its value.

*  Again this is not needed if  your installing the ITSM 5.1 version of the plug-in

Step 3: Users Facts and Setup

  • The Plugin configuration can be done by a system administrator like I m doing in this blog or by a user with x_vmw_vmware_vrasp.vrealize_automation_catalog_admin privileges.
  • You will need to Add the role x_vmw_vmware_vrasp.vra_user in ServiceNow for all users that must access vRealize Automation, to enable those users to see the vRealize Automation User Portal module which will we will cover later in the blog, including admin,catalog admin, and end user
  • RBAC in ITSM 5.0 is independent from vRealize Automation RBAC.
  • Login and Authentication rules do not require validation from vRealize Automation side. All roles and entitlements are based on the ServiceNow model.
  • Approvals can be generated if the users have the x_vmw_vmware_vrasp.vrealize_automation_catalog_admin role and are a member of the vRealizeAutomation-ApprovalManagersGroup group in ServiceNow.
  • The plug-in admin role x_vmw_vmware_vrasp.vrealize_automation_catalog_admin must contain the “catalog_admin”, “itil” and “agent_admin” roles out of the box in order to see and configure the Mid Server module from the left pane.
  • The Plugin end users role x_vmw_vmware_vrasp.vra_user must have the “itil” role out of the box.

For my testing purposes and based on the information I just mentioned I granted all the roles to the System Administrator. Of course if your doing this in production you would be selective in terms who have access to these roles.

In Filter Navigator search for System Security > Users and Groups > Users and edit the System Administrator role membership so it includes :


Step 4: Update the vRealize Automation Workflow for Requested Items

The system admin can configure the vRA Workflow for Requested Item using the workflow editor. At a minimum, you must assign the approval group that contains your approvers. When users request vRealize Automation catalog items, this workflow runs, and approvals are sent to the approvers within the approval group before the request is submitted to vRealize Automation.

By default the vRealizaAutomation-ApprovalManagersGroup group is set as an approving group in the workflow. You can change the approval group by the procedure below.

The approval group must contain the x_vmw_vmware_vrasp.vrealize_automation_catalog_admin role.

Follow the steps below if you want to use your own approval group and add it to the vRealize Automation workflow.

  • Search for Workflow Editor in the ServiceNow navigation pane and click it.
  • Search for vRA Workflow for Requested Item and open it.
  • Click the menu button and select Checkout.
  • Double-click the Approval group stage in the workflow.
  • Click the Edit Groups button.
  • Search the list of groups and make the appropriate selections.
  • Lock your selection by clicking the Lock icon.
  • Click Update.
  • Click the menu button and select Publish.

Again for my testing I edited the existing default group vRealizaAutomation-ApprovalManagersGroup so it has the x_vmw_vmware_vrasp.vrealize_automation_catalog_admin role and added the System Administrator as a member by searching in the Filter Navigator for System Security > Users and Groups > Groups and editing the group roles and membership accordingly.


Step 5: Set up the Integration User

You must set up a vRealize Automation integration user. ServiceNow requires this user to import catalog items, categories, request statuses, and resources from vRealize Automation. In order to import items, the integration users must be a business group manager within the business groups that you want ServiceNow to manage. The integration user does not require a role within ServiceNow.

  •  Log in to vRealize Automation as a business group manager.
  • Edit your business groups and assign the integration user as a business group manager.

In our case here I have a business group in vRA 7.5 called Cloud Administrators and I have their AD security group listed as a member of the Group Manager Role. 


For our testing will be using the CloudAdmin user which is a member of the Cloud Administrators Group.

Step 6: Register a vRealize Automation Instance in Service Now

With ITSM 5.0 you can register multiple vRealize Automation instances and use catalog items from all of them in one ServiceNow portal.

Note : All requests from ServiceNow for a specific vRealize Automation instance are placed in the name of user registered under the Register vRA module. 

Procedure To Register a vRealize Automation Instance

  • Log in to Service Now as a plug-in admin.
  • Navigate to and click the Register vRAs tab under Integration – vRealize Automation.
  • Click New.


  • Enter the details of your vRealize Automation instance and click Save


  • That takes you back to the Register vRAs menu where you see vRA instance you just configured.
  • We need now to Import services and catalog items from the vRealize Automation instance to Service Now, so lets click on the instance.


  • Click Import Services and Catalog Items and monitor the import


  • You can refresh the page with completed items by clicking List controls in the top left corner of the page and selecting Refresh list until there are no records to display before you move on. .
  • Next will repeat the process by clicking on the Register vRAs > Our vRA instance but this time we will Import and reconcile CMDB from your vRealize Automation instance to Service Now.


  • Again you can refresh the page with completed items by clicking List controls in the top left corner of the page and selecting Refresh list until there are no records to display before you move on.


Remember that you can always add more vRA Instances or update/ delete your current ones.

Update : Once you’re done, there are some scheduled imports that needs to run before you start using the plug-i.  If you don’t run them manually, the scheduled imports will run at there interval time setting but then you will have to wait until they all run.

To speed things up you need to execute the schedule imports in the right order :

  • Log in to Service Now as a plug-in admin.
  • Navigate to and click the Register vRAs tab under Integration – vRealize Automation.
  • Click on the Scheduled Imports 
  • Run each of the imports in sequence starting with 1  by clicking into each of the scheduled imports and clicking on Execute No, until you run them all.
  • Verify that there are no records within the Scheduled Imports Queue before starting the next Import.

Step 7: Create ServiceNow Entitlement

Here we are going to assign access for services, items, and actions by entitling users and groups in ServiceNow regardless how they are entitled in vRealize Automation.

These Entitlements in the vRealize Automation plug-in for ServiceNow are based on ServiceNow plug-in implementation and are unrelated to vRealize Automation entitlements at all.

Procedure To Create New Entitlements

  • Navigate to and click the vRA Entitlements tab under Integration – vRealize Automation.
  • Click New.


  • Enter a name and description for the entitlements.
  • Select the user or group to entitle.
  • Select the services, items, and actions you want to entitle.

Update : In my case I have created a user called Scott Smith and granted him the x_vmw_vmware_vrasp.vra_user and the Itil Role. These are the minimum roles for a service now user who needs to access the vRealize Automation Portal in Service Now.

I also selected the vsphere Services Category and one of the items in it ( CentOS7.5 – ServiceNow Testing ) Bluepint and some of the supported Actions

You can click on the search icon to see a full list of services, items, or actions and you can unlock the pad lock to edit your selection for each such section and use the pad lock to lock it down.

Important Note : Not all the actions are supported even though its available in the UI and based on the documentation, Here is what is really supported :

  • Deployment Actions : Destroy and Expire
  • Item Actions : Suspend, Power On, Power Off, Shutdown and Expire
  • Click Submit when your done . As you can see I didn’t select any Services but I selected one basic vRA Blueprint that I wanted to Entitle my user Scott Smith to.


Step 8: Request a Catalog Item

You can request a catalog item from the vRealize Automation user portal. Depending on your vRealize Automation plug-in configuration you might have identical catalog items from different vRealize Automation instances. For environments with multiple vRealize Automation instances, select from which instance you want to request the catalog item.

Procedure to Request a Catalog Item

  • Login to ServiceNow Portal as Scott.Smith
  • Navigate to and click the vRealize Automation User Portal tab under vRealize Automation Module that will open a new tab where you can access the portal



  • In the vRealize Automation user portal, click Catalog Items.
  • Select the vRealize Automation instance, from which you want to request a catalog item


  • Select a category and click Request on the catalog item.



  • Enter the details of your request if any and click Submit.


  • You are redirected to the Activities tab where you will see its awaiting approval


  • You can click on the Request to find more details like the Stage or the State of the request . Once approved by the Approval group where the System Administrator happen to be a member in our case here.
  • For the Approvers to approve any of the requests they also can also go to the vRealize Automation Portal in ServiceNow and click on the Activities Tab > Approvals, find and click on the request that is Awaiting Approval and Approve or Reject the request.


  • Once Approved, our user Scott Smith can see that its approved in his own portal Under the Activities Tab > Requests


  • On the vRealize Automation side of things we can see that the request Blueprint is being provisioned


  • The ServiceNow user can continue to track the machine request status through the Activities Tab  until the request is complete and closed in ServiceNow.


  • If your user is entitled, you can make changes to your deployments and virtual machines after they have been created.
  • Your user must have the specific entitlement that corresponds to the action you want to make. From the Actions tab you can power on, restart, expire, destroy, power off your deployment, and more.


Hope you found the blog around the new ITSM 5.0 Plug-in beneficial if you have made it this far. This was a quick introduction around the plug-in installation and configuration, of course there will be more things that need testing as I continue to use the Plug-in.  Thank you for your time and until next time.

The End Eh!


ITSM vRealize Automation

Deploying and Upgrading vRealize Automation with vRealize Suite LifeCycle Manager 2.0 – Part 1

Wow the title is such a mouthful and so is this blog, so get your popcorn ready and get cosy friends cause we are going to try and capture everything we need to do, so we can use vRSLCM 2.0 to :

  1. Deploy vRA 7.4 and then
  2. Upgrade it to vRA 7.5

Just like that! how awesome is that ? So lets get started Eh!

Lab Overview

Deploying vRA 7.4 will consist of the vRA appliance ( mgmt-vra-02 ) and the IAAS windows machine ( mgmt-iaas-02 ) that will be running the vRA windows services and other important components. these two components does not exist yet.

In the lab we will be running vSphere 6.7 , SQL 2016 and vRSLCM 2.0 that were already configured.

Blog Project


Please be aware that this what I did in my lab, so some of the items can be done in different ways if available.

  1. DNS A Records for both ( mgmt-vra-02 ) and ( mgmt-iaas-02 )
  2. AD Service account ( administrator@vmwarelab.org )
  3. Downloading the required software from VMware website to an NFS share that you can access from vRSLCM Appliance :
    1. VMware vRealize Automation 7.4.0 OVA file.
    2. VMware vRealize Automation 7.5.0 OVA file.
    3. VMware vRealize Automation 7.5.0 Update Repository.
  4. Microsoft SQL 2016 Server ( mgmt-sql-01 ).
  5. Microsoft Active Directory and DNS ( mgmt-dc-01 ).
  6. vRealize Suite Lifecycle manager 2.0 ( mgmt-lcm-01 ).
  7. vSphere 6.x vCenter ( mgmt-vcs-01 ).
  8. A quite and cosy place to work.

Step 1 : Adding Binaries

We have to add the binaries that we downloaded to the NFS share to vRSLCM. Once you are logged to vRSLCM , Select Settings -> Product Binaries -> ADD BINARIES. In my case my location is based on NFS so select NFS and enter the base location ( Case Sensitive ). Once completed hit DISCOVER to get the product binaries . Will select the product we downloaded and click ADD Selected product binaries are automatically mapped to product versions.

Blog Project1

Once completed you should see them listed under Product Binaries

Blog Project2

Another thing we need to do while we are here is copy a Windows ISO to vRSLCM via WinSCP for example to a folder I created under /data/iso. In may case I already copied Windows 2016 ISO to /data/iso  so in vRSLCM i will select ADD BINARIE again but this time I select Windows ISO and point it to the Base Location where I copied it to then I hit DISCOVER.

Select the ISO image name that are pre-populated after a successful discovery from base location, and fill the rest of the required fields as outlined below and click SUBMIT

One Important Note here is that Windows ISO has to be a Standard Edition for any of the following supported Windows editions :

  • Windows Server 2008 R2
  • Windows Server 2012 and 2012 R2
  • Windows Server 2016

Blog Project16

Once completed again you should see it listed under the ISO Binaries.

Blog Project17

Step 2 : Adding A Subject Alternative Names (SAN) Certificate

We will need to generate a certificate that we will reference later when you select to install vRA 7.4 , so lets go to Settings -> Certificate -> ADD CERTIFICATE and fill it similar to what I did in the figure below, then click GENERATE

Blog Project3

Make sure the certificate is generated successfully and its listed in the certificates table. You can create a certificate for each of the vRealize Suite products Or you can use the same certificate for all products as long you make sure you enter all the HostName/Domain Names in the Domain Name section and there respective IP addresses in the IP Address section of the certificate.

Blog Project4

If you are looking to how to deploy vRSLCM and Creating a SAN ( Subject Alternative Names ) Certificate using your CA Enterprise Server, Check out my colleague Steve Tilkens Blog  Here

Step 3 : Creating an Environment To Install vRealize Automation 7.4

We will be creating an environment in vRSLCM where we will be installing vRA 7.4, assuming you have your Data Center and its associated vCenter Server already setup in vRSLCM.

login to vRSLCM and click on + Create Environment from the left pane. Select your Data Centre and Fill the required fields and click NEXT

Blog Project5

Under Products, Select vRealize Automation by checking the box -> New Install -> 7.4 -> Small Deployment and Click NEXT

Blog Project6

Accept the terms and conditions of the end user agreement to proceed with the installation by scrolling all the way down and checking the box. after that click NEXT

Blog Project7

Enter the vRealize Suite license 2017 since we are deploying vRA 7.4 and click NEXT

Blog Project8

Using the drop down menus select all the applicable Infrastructure associated with the data centre you selected intialy when you created the environment, then click NEXT

Blog Project9

Fill all the network detail and click Next

Blog Project10

Select the Certificate we created in Step 1 for vRealize Automation and click NEXT

Blog Project11

In the Products Details Section and under Product Properties enter the domain accout and password as (Domain\user) of the service account that have administrative rights on the IaaS windows server and can be used across all the IaaS Components and Services.

Select / ADD the NTP servers

Select No to configure Cluster Virtual IPs since this is a minimal install that will be using 1 vRA appliance.

Select Yes to Configure a Windows Box the will run the IaaS Components and services

Blog Project12

Under the Windows Box section since we answer Yes. Select ISO then Select the ISO file Name we uploaded in Step 1.

Select Existing Spec for Customization Specification. I have one that I already created in vCenter Server for Windows 2016 Virtual Machine deployment that will join the provisioned windows machine to the domain.

Blog Project13

Scroll down to configure all the Components that will be running on the Iaas Server

A clarification here for some of the fields . when it says Hostname that is the FQDN of the Machine and when it says VM Name, that is simply the name of the VM in vCenter.

Click NEXT when your done.

Blog Project14

in next section will be doing a PreCheck before we can submit the request. Will start first with VALIDATE & DEPLOY.  You will be presented with Prerequisites for the IaaS Component Deployment Precheck Checks.  Since we are not using a template will simply ignore it for now but will perform the same operation once the VM is deployed. Click VALIDATE & DEPLOY to deploy the IaaS Windows Box.

Blog Project15

That will upload the windows iso image first to the vCenter Content Libraries under the LCM-LOCAL-ISO-LIB which will take some time and you can monitor it in vCenter. Once its done then it will deploy the Windows ISO image as a Virtual Machine.

Blog Project18

vRSLCM will make sure the build is completed and customized with all the required settings like the name of the machine / DNS , IP address and Domain membership, including installing the VMware Tools. All again based on the configuration that was submitted in previous steps. The IaaS machine is configured with 4 CPU, 16 GB and 40 GB Disk.

Blog Project19

Once the vRealize Automation Windows IAAS Deployment Validation in vRSLCM is successful and before I click on RUN PRECHECK . I made sure to login to the IAAS Machine and :

  • Turn off Windows Firewall for Domain, Private and Public Network which was already set.Blog Project20
  • Update the PowerShell execution policy to allow scripts to run by running command line and confirm by entering the letter Y  
  1. Set-ExecutionPolicy Unrestricted                
  • Disable UAC as mentioned in the Prerequisites for the IaaS Component Deployment Precheck Checks using the default Powershell running the following command as an administrator on the IAAS machine
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System" -Name "EnableLUA" -Value "0"
  • Upgrade the VMware Tools if there is an Upgrade available based on how recent your vSphere environment compared the VMware Tools that was installed (Optional)
  • Allow remote connections for Remote Desktop under Windows System Properties
  • Disable IPv6 on the IAAS Machine
  • Finally I Changed the configuration of the IAAS machine to 8 GB of Memory since this is only a Lab Testing Environment (Optional)

Now we are ready to click on RUN PRECHECK  to execute all the prerequisites needed on the IAAS Machine which we usually automatically fix using the installation Wizard when doing the vRA deployment manually, also this allow us to see if any errors or warnings appears that we need to deal with.

We will be presented again with a Prerequisite check list which we did most of it just make sure you touch on the rest like the SQL Server Privileges and User Rights Assignment. Once your ready to do click on RUN PRECHECK and monitor its progress or you can save and exit and come back later to view the status of PreCheck.

Blog Project23

We need to verify that we don’t have any issues and everything is green across Data, Infrastructure and vRealize Automation Validations, every type of validation have tons of checks that it performs and if there is an issue, you will quickly see the reason behind it and the recommendation on how to fix it.

When fixing any issues or warnings, Keep clicking on RE – RUN PRECHECK until everything is green across the three validation type I mentioned.

Blog Project24

click NEXT 

At the top right corner you have the option to run the Pre check again when you Submit the request, in my case just for the fact that we just ran it there is no reason to run it again cause it will just save us some time, there for I turned it off.

You will also see that your presented with a summary for the all the settings you entered and an option to download it as a json file that you can use anytime if you needed to redeploy the same settings again or modified to deploy additional environment somewhere else.

Blog Project25

One you are ready click SUBMIT and watch the Magic Happens!

Monitor your request as it goes through visually step by step by navigating to Requests and clicking on the Request States IN PROGRESS

Blog Project26

Once its completed successfully, you have a running vRA 7.4 Environment that you can start to configure and use in your organization, also manage and monitor going forward using vRSLCM 2.0.

now that all the steps were successful, we can try hitting the vRA Appliance URL at https://mgmt-vra-02.vmwarelab.org/

Blog Project27

Access the vRealize Automation Console and login with the local user Configurationadmin which has both the Infrastructure and Tenant Admin Roles.

Blog Project28

In the next part of this blog we will look at how easy it is to upgrade the vRA 7.4 instance we just deployed to vRA 7.5 using vRSLCM 2.0

The End of Part 1 Eh!


vRealize Automation vRealize Suite Lifecycle Manager

vRealize Automation 7.3 Plug-In for ITSM – Service Now 3.0 – Step by Step Guide!

Before I start I want to give credit to Spas Kaloferov original blog on this subject. I think you should take the time to check it out specially if your considering using ADFS, as his blog includes the ADFS configuration steps where in my setup I didn’t use ADFS! there for there will be a few caveats.

ADFS allows login for vRealize Automation users that are not in ServiceNow. However, it does not allow login for ServiceNow users that are not in vRealize Automation.

If you use the default authentication like we are going to do here, there are some restrictions and requirements around authentication that you should be aware of, as described in the following table.


The vRealize Automation Plugin for ITSM 3.0 was released by VMware October 5, 2017 with a couple of Enhancements that I will touch on as part of the Step by Step Installation and configuration guide. I m hoping I do it justice, so lets dive right in.

The vRealize Automation plug-in for ServiceNow enables ServiceNow users to deploy virtual machines and perform day 2 actions on CMDB resources using vRealize Automation catalog and governance capabilities.

The vRealize Automation plug-ins for ServiceNow 3.0 works only with vRealize Automation 7.3, and are available only for the ServiceNow Istanbul and Jakarta releases. Also, the optional ADFS configuration , still uses ADFS 2.0.

For previous iterations of the ServiceNow ITSM plug-in please visit the solution exchange and search for ITSM. You will find ITSM 1.0 and ITSM 2.0

The latest version of the plug-in still supports vSphere and Amazon virtual machine provisioning but unlike the previous versions, we now have added support for Azure, and XaaS blueprints as well, including day 2 operations like Power ON/OFF, Reboot, and Destroy.

Stage 1 – Configuring a MID Server

Before installing the plug-in, you must configure a Management, Instrumentation, and Discovery (MID) Server to facilitate communication between ServiceNow and vRealize Automation.

Creating a MID Server User Account in ServiceNow

  • Log in to your ServiceNow portal and type System Security in the search field.
  • Expand Users and Groups > select Users > Click New to create a new user account.


  • Fill the required information and click Submit


  • Find the user you just created by using the search field and select it from the list by clicking on it.


  • At the bottom of the screen, click Edit within the Role tab.


  • Search for the mid_Server role and add it the user account, then click Save to get back to the user information page.



  • Enter a password for the user account and click Update.


  • Now lets logoff and login back to ServiceNow using the MID server user to verify that the account is working properly, then logoff.SNOW-9SNOW-10

Installing and Configuring a MID Server Instance

In this step we will cover how to install and configure a MID Server instance which can be done on any servers in your DMZ or private Network as long as we have access to internet where we can communicate with our ServiceNow instance.

  • Login back to your ServiceNow instance with your admin account
  • Search for Mid Server in the search field and select Downloads


  • Select the appropriate Mid Server package for your desired operating system, in our case here we will download the Windows 64 bit
  • On your Mid Server, create a folder called <MID Server> on your C: drive and then create a sub-folder and give it the name of your Mid Server.
  • Extract the package you downloaded into your <MID Server>/Server name folder. The resulting directory structure would be  //agent


  • Navigate to the //agent directory and edit the config.xml file as follows:

Change 1
– Find the <parameter name=”url” value=”https ://YOUR_INSTANCE.service-now.com”/> element and change the value to the URL of your ServiceNow instance.

Change 2
– Enter the MID user credentials you created earlier in the mid.instance.username and mid.instance.password parameters.

Change 3
– Find the <parameter name=”name” value=”YOUR_MIDSERVER_NAME”/> element and change the value for the MID Server name. Use the same name you’ve used form the directory earlier.

Change 4 (Optional)
– Enter connection information for the proxy server. Remove the appropriate comment tags from the proxy configuration information. For example, you can configure the mid.proxy.use_proxy, mid.proxy.host, mid.proxy.port, mid.proxy.username, and mid.proxy.password.

  • Save the config.xml file and execute the start.bat script to start the service.


  • Login back to your ServiceNow instance with your admin account
  • Search for Mid Server in the search field and select Server


  • Select the Mid Server name by clicking the check box and select validate from Actions menu on the selected row. click OK to accept the initial criteria.



Stage 2 – Installing the vRealize Automation Plug-in For ServiceNow

Now its time to install the XML plug-in which you must download from the Solution Exchange website Here for your ServiceNow version, either Istanbul or Jakarta type instance.

The plug-in when installed enables vRealize Automation to do the following :

  • Creates vRealize Automation Catalog and Resources menu items within the ServicesNow self-service module.
  • Creates a workflow for requesting vRealize Automation items.
  • Creates the catalog admin role and assigns it to the System Administrator.
  • Grants the users with the catalog admin role access to the integration > vRealize Automation module.


  • Log in to your ServiceNow portal as a system administrator and type System System Update Sets in the search field.
  • Select Retrieved Update Sets from the menu and click on Import Update Set From XML


  • Click Choose File on the dialog to choose the file to upload, and then select the vRealize Automation ServiceNow XML file you downloaded from the solution exchange and click Upload.


  • In the Retrieved Update Sets list, select the vRealize Automation ServiceNow update set in the Name column and then Loaded in the State column.


  • Select Preview Update Set to validate the update set before committing it. A dialog box confirms update set validation



  • Inspect the update set information, and then click Commit Update Set.


  • A dialog box opens automatically after you click Commit Update Set while the commit action is in progress. A Close button appears on the dialog when the commit completes. Click this button to dismiss the dialog.


  • Click Udpate


  • Select Retrieved Update Sets in the left menu and verify that the VMware update set has a status of Committed.


Stage 3 – Configure Users for the vRealize Automation Plug-in for ServiceNow

You can configure users either before or after installing the vRealize Automation plug-in for ServiceNow. as I mentioned before we not leveraging ADFS here

Add the role vra_user in ServiceNow for all users that must access vRealize Automation, including vrasn_end_user, vrasn_catalog_admin, and vrasn_itil_user, to enable those users to see vRealize Automation catalog items.

  • Search for System Security and select Users and Groups > Users. Type vra into the user search. add the vra_user role to the above mentioned built-in users for now,  in addition to any user that must access vRealize Automation which you can do at the end.



  • Verify and, if necessary, update the appropriate users and roles in ServiceNow. See
    Creating Users and Associating to a group and Creating Roles for more information about working with users, groups, and roles in ServiceNow.
  • The ServiceNow plug-in for vRealize Automation uses the following ServiceNow roles:


Stage 4 – Configure the vRealize Automation Workflow for Requested Items

The system admin can configure the vRA Workflow for Requested Item using the workflow editor.
At a minimum, you must assign the approval group that contains your ApprovalMgr. When users request vRealize Automation catalog items, this workflow runs, and approvals are sent to the ApprovalMgr within the approval group before the request is submitted to vRealize Automation.

Follow the steps below to use your own approval group and add it to the vRealize Automation workflow:

  • Search for Workflow Editor in the ServiceNow navigation pane and click it.


  • Search for vRealize Automation Workflow for Requested Item and open it by clicking on it.


  • Click the menu button and select Checkout.


  • Double-click the Approval group stage in the workflow


  • Click the Edit Groups button. Search the list of groups and make the appropriate selections, then Lock your selection by clicking the Lock icon -> Click Update -> Click the menu button -> Click Publish.


  • By default you will see that the vRealizeAutomaion-ApprovalManagersGroup is already added.  in my instance I made sure that the ServiceNow System Administrator is part of this group.

Stage 5 – Set Basic Configurations the vRealize Automation Plug-in for ServiceNow

You must set up a vRealize Automation integration user. ServiceNow requires this user to import catalog items, categories, request statuses, and resources from vRealize Automation.
In order to import items, the integration users must be a business group manager within the business groups that you want ServiceNow to manage. The integration user does not require a role within ServiceNow.


  • Log in to vRealize Automation as a business group manager.
  • Edit your business groups and assign the integration user as a business group manager. in my lab as you see below i will be using the cloudadmin which is a member of the cloudadmins group which has all the roles within vRealize Automation in addition to all the Business group Roles.


Now that we installed the vRealize Automation plug-in for ServiceNow, and configured users and the integration user “cloudadmin“, we can complete the set up with basic configurations.

  • Search for Integration-vRealize Automation in the ServiceNow navigation pane -> click on Basic Configuration -> Enter the appropriate settings for your MIDServer Name, vRealize Automation tenant, URL, Integration Username and Password and plug-in.

Note : The MidServer Name should be the same as the Server folder name you created at earlier stage when you extracted the Mid Server config files.


Stage 6 – Register the Plug-in for ServiceNow as a vRealize Automation OAuth 2.0 Client.

After setting up Basic Configurations, you must register the plug-in as a vRealize Automation OAuth 2.0 client.

To register the plug-in, you must provide user credentials to authenticate to vRealize Automation. we have two options here :

Option 1 : If you plan to use the vsphere.local tenant, you can use the administrator from the vsphere.local tenant. Set administrator as the username in the Register the Plug-in as a vRealize Automation OAuth 2.0 client dialog.

Option 2: Use the system admin, is to set up a user with local user and tenant admin roles within your tenant and provide these user credentials. This option registers the
ServiceNow plug-in only in the specified tenant. Providing the same tenant is set in Basic Configurations, this tenant is configured for the end users.

in my case we will be using Option 1.


  • Search for Integration-vRealize Automation in the ServiceNow navigation pane -> Click Client Registration
  • Enter the user credentials in the Register the Plug-in as a vRealize Automation OAuth 2.0 Client dialog and since we are using Option 1, we will enter Administrator as the user and provide the password. – > click Submit


  • Set the Client ID and Client Secret in the Set the Client ID and Client Secret dialog. You must choose what to set. for me I used the same account and password as the Client ID and Client Secret.


  • Once set, the values are saved in the vrasn.clientID and vrasn.clientSecret properties within Integration > vRealize Automation > System Properties. Client ID and Client Secret are later used to get the access token of the users on login within the tenant specified in Basic Configurations.
  • On completion, you are redirected to the Basic Configurations page.

Note : You MUST logoff from ServiceNow and login again into the portal so you can be redirected to vRA ( you must be on Intranet, so you can reach vRA ) and logon using the integration User. This has to happen at least once after that is just black magic.

After that you can even access ServiceNow portal from the internet and when you are redirected to vRA obviously it will fail since you can’t reach vRA from the internet . Here you can re-enter the ServiceNow URL again and it will let you in the 2nd time. you can even request vRA blueprint .

Stage 7 – Configure and Run Scheduled Import Jobs in ServicesNow

On a first time install of the plug-in, you must manually execute scheduled jobs to import the catalog and resources. Though there is a default schedule for running jobs, you should edit the schedule time in each import according to your needs as you execute each job.

For example, you might want to import catalog items every 10 minutes for high
provisioning use.

The plug-in provides scheduled imports with the following functions. Scheduled imports should be configured and run in the order shown in the table below :




  • Log in as the ServiceNow System admin
  • Search for Integration-vRealize Automation in the ServiceNow navigation pane and click on Scheduled Imports


  • This would be a good time to Click on the applicable job name and change the Repeat Interval in Days, Hours, Minutes, and Seconds and update the Import Job Schedule based on your needs
  • Run scheduled jobs in the order shown in the table. Ensure that each job is complete before starting the next one. Completed jobs are shown as processed in the Scheduled Import Queue
  • For now will execute each manual based on the order outlined in the table mentioned above by opening the import job and click Execute Now


  • Completed jobs are shown as processed in the Scheduled Import Queue. Click the Updated column which you need to add of the Scheduled Import Queue to refresh. The last updated time of the corresponding properties for these scheduled imports is also updated.
  • One thing I had to do in my instance which is mentioned in the Troubleshooting section of the Plug-in documentation is that in some cases, you may need to clear the Value field of the corresponding property in Integration > vRealize
    Automation > Properties and update the property prior to executing the appropriate scheduled import. Once the Value field was clear for all 5 records I started seeing all the jobs in the Scheduled Import Queue when I executed them in order.

Stage 8 – Configure the vRealize Automation Catalog in ServiceNow

Now its time to Choose the catalogs that you want end users to use for provisioning requests.


  • Log in a the catalog admin or system admin
  • Select the vRealize Automation Catalog, then clear / delete all the default widgets. if you don’t that you wont see the Add here Section when you select the Category later.
  • Select the plus sign in the upper right corner to add vRealize Automation services, known as Catalog Categories in the ServiceNow, for provisioning


  • Highlight the Catalog categories in the center pane -> Select Category Items to display the items within the Category and select Add Here based on where you want to place within the catalog page.


  • Repeat the process for others Categories, to setup your final catalog and start provisioning.


The End Eh!


Automation and Orchestration ITSM vRealize Automation

vRealize Automation 7.3 is Released! – What’s New – Part 3


Continuing again on the same theme – Make the Private Cloud Easy – that we mentioned in the two previous blog post vRA 7.3 What’s New – Part 1 and What’s New – Part 2 we will continue to highlight more of the NSX integration Enhancements and for this part of the series we will be focusing on the Enhanced NAT Port Forwarding Rules.


So let’s get started Eh!

Enhanced NAT Port Forwarding Rules

You now have the ability as you configure the On-Demand NAT Network in the CBP (Converged Blue Print) – to create forwarding NAT rules at design time, to a One-To-Many type NAT network component when you associate it with a Non-Clustered vSphere Machine component or an On-Demand NSX load balancer component.

You can define NAT rules for any NSX-supported protocol then map a port or a port range from (Source) the external IP address of an Edge to (Destination) a private IP address in the NAT network component.

These Rules can be set in a specific Order when configured at design time. it Also can be added, removed, and re-ordered after you create them for an existing deployment as a day-2 action/operation.

Important Notes:

  • This will only work with One-To-Many type NAT network component, which means that One-To-One type NAT network component isn’t supported to create NAT rules for, in the CBP.


    NAT Type One-to-Many

  • Also the NAT network component can be only connected to a Non-Clustered vSphere Machine which means the number of configured instances for the vSphere Machine in the blueprint can’t be more than 1 for the instances minimum and maximum setting, a user can request for a deployment.





D-NAT Rules that can be Ordered

  • If you must use a Clustered vSphere Machine, you have to leverage an On-demand load balancer if you want to create a NAT rule on One-To-Many type NAT network component that can be associated with the VIP network of the an NSX load balancer component. 


Clustered Machine > 1 x Deployment


Load Balancer VIP settings depending on the network association

  • In the above picture because that NAT rules are publishing HTTP-Port 80 and HTTPS-Port 443 on the external IP address of an Edge, then mapping those ports to the private IP and destination ports HTTP-Port 8080 and HTTPs-Port 8443 of the destination vSphere Machine and since the Load balancer VIP network is on the internal private network connected to NIC 0 of the clustered vSphere machines, we create the virtual servers on load balancer using HTTP-Port 8080 and HTTPs-Port 8443. 


Again I really want to highlight the fact that the following elements are not supported for creating NAT rules:

  • NICs that are not in the current network
  • NICs that are configured to get IP addresses by using DHCP
  • Machine clusters without the use of a Load balancer
  • One-To-One type NAT network component

Change NAT Rules in a Exiting Deployment

Now after a successful deployment that includes 1 or more NAT forwarding rules, a user can later add, edit, and delete any existing NSX NAT rules in a deployed one-to-many NAT network.  The user/owner can also change the order in which the NAT rules are processed just like how we showcased when you can do that during the design of the blueprint.

Important Notes :

  • The Change NAT Rules operation is not supported for deployments that were upgraded or migrated from vRealize Automation 6.2.x to this vRealize Automation release.
  • You cannot add a NAT rule to a deployment that is mapped to a third-party IPAM endpoint such as Infoblox.

a user must log in to vRA as a machine owner, support user, business group user with a shared access role, or a business group manager to be entitled to change a NAT rules in a network.

Once that is verified, a user can :

  1. Select Items > Deployment.


2. Locate the deployment and display its children components.


3. Select the NAT network component to edit.

4. Click Change NAT Rules from the Actions menu.


5. Add new NAT port forwarding rules, reorder rules, edit existing rules, or delete rules. What ever makes you happy!!

6. When you have finished making changes, click Save or Submit to submit the reconfiguration request.


7. Check the status of your request under the Request Tab, that it is successful.


8. In my case i have simply changed the order where I placed the HTTPS forwarding NAT rule to apply first. so you if you click on the Request ID after its successfully complete you will see just that.


This was short and sweet, hope you enjoyed it. Now go give it a shot.

The End Eh!

Automation and Orchestration vRA Blueprints vRealize Automation

vRealize Automation 7.3 is Released! – What’s New – Part 2

vRA-Product-Icon-Mac_0Continuing on the same theme – Make the Private Cloud Easy – that we mentioned in the pervious blog post vRA 7.3 What’s New – Part 1 , we will highlight the NSX integration Enhancements for just the NSX Endpoint and On-Demand Load balancer that was added in this release. there are a lot more enhancement around the NSX integration that will touch on in other parts of this What’s new blog series but because I want to make each part short and sweet, I am going to just talk about the above mentioned enhancements

So let’s get started Eh!

NSX Endpoint

First thing first, with the new release of vRA 7.3 you can now create you own independent NSX Endpoint and then associate its NSX settings to an existing vSphere/vCenter endpoint. As you probably know or maybe you don’t, that in the pervious version prior to vRA 7.3, the NSX Manager was add as part of the vSphere/vCenter endpoint creation.

To create a new NSX Endpoint – >Select Infrastructure > Endpoints > Select New > Network and Security > NSX.


Adding New NSX Endpoint

Now if  your like me happen to do an upgrade or perhaps migrated a vSphere/vCenter endpoint that was using an NSX Manager to a vRA 7.3 instance, a new NSX Endpoint is created for you that contains an association between the source vSphere/vCenter endpoint and a new created NSX endpoint.


Existing NSX Endpoint


NSX Endpoint vSphere to NSX Association


On-demand Load Balancer Controls

if you worked with vRA and tried to create a blueprint you know that if you have NSX configured for vSphere, that you can drag an NSX on-demand load balancer component onto the design canvas and configure its settings for use with vSphere machine components and container components in the blueprint.

With the new release we made it even better and added many enhancements that allows you now to have full control on how the load balancer can be configured and deployyed on request time when requesting aCentric networking and security based type of an application.

  1. When you add a load balancer component to a blueprint in the design canvas, you can choose either a default or custom option when creating which is a new feature you couldn’t do before or just like the pervious release, editing your virtual server definitions in the load balancer component.
  2. The default option allows you to specify the virtual server protocol ( HTTP, HTTPS, TCP, UDP ), port, and description and use defaults for all other settings such as Distribution, Health Check and Advanced settings such as connection limits, etc which therefor are all dimmed and disabled.


3. The custom option allows you to define additional levels of detail for Distribution, Health Check and even more advanced settings that you can configure and define.


Distribution Tab

In the Distribution tab you can specifies the algorithm balancing method for this pool member.

ROUND_ROBIN: Each server is used in turn according to the weight assigned to it.

IP-HASH: Selects a server based on a hash of the source IP address and the total weight of all the running servers.

LEASTCONN: Distributes client requests to multiple servers based on the number of connections already on the server. New connections are sent to the server with the fewest connections.

URI: The left part of the URI (before the question mark) is hashed and divided by the total weight of the running servers. The result designates which server receives the request. The URI is always directed to the same server as long as no server goes up or down.

HTTPHEADER: The HTTP header name is looked up in each HTTP request. If the header is absent or does not contain a value, the round robin algorithm is applied.

URL: The URL parameter specified in the argument is looked up in the query string of each HTTP GET request. If no value or parameter is found, then a round robin algorithm is applied.

 You can also Specifies how persistence tracks and stores session data. Requests are      directed to the same pool member for the life of a session or during subsequent sessions.

None : No persistence. Session data is not stored or tracked.

Cookie : Uses a unique cookie to identify the session the first time that a client accesses the site. In subsequent requests, the cookie persists the connection to the appropriate server.

Source IP : Tracks sessions based on the source IP address. When a client requests a connection to a virtual server that supports source address affinity persistence, if the client has previously connected it is returned to the same pool member.

MSRDP :Maintains persistent sessions between Windows clients and servers that are running the Microsoft Remote Desktop Protocol (RDP) service.

SSL Session ID : Uses an NSX-supported HTTPS traffic pattern to store and track sessions


Health Check Tab

The Health Check tab allows you to specify the port number on which the load balancer listens to monitor the health of the virtual server member and the URL is used in the sample request to check a web site’s Health based on the available settings.


in the advanced tab you further configure the NSX virtual server for things like

Connection limit: The maximum concurrent connections in NSX that the virtual server can process. This setting considers the number of all member connections. ( 0 = no limit )

Connection rate limit: The Maximum number of incoming connection requests in NSX that can be accepted per second. This setting considers the number of all member connections. ( 0 = no limit )

Enable Acceleration: Specifies that each virtual IP uses faster L4 load balancer rather than the L7 load balancer

Transparent: Allow the load balancer pool members to see the IP address of the machines that calling the load balancer. if not selected, the member of the load balancer pool members see the traffic source IP address as the load balancer internal IP address

Max Connections: The  maximum number of concurrent connections that a single member can recognize. if the number of incoming requests is higher than this value, requests are queued and then processed in the order which they are received as connections are released  ( 0 = no limit )

Min Connections: The minimum number of concurrent connections that a single member must always accept. ( 0 = no minimum)

The End Eh!


Automation and Orchestration vRA Blueprints vRealize Automation

vRealize Automation 7.3 is Released! – What’s New – Part 1

vRA-Product-Icon-Mac_0Oh my god I can’t believe that this is only a dot-release as you read through the What’s New section in the vRA 7.3 Release Notes, looking at the massive amount of features we are releasing with this release, its just mind blowing.

I can’t describe the amount of excitement that I m experiencing right now that a new version of vRA is officially out and that I can finally talk about it, and showcase some of its new 20+ spotlight features in this multi part vRA 7.3 What’s New blog series.

VMware continues the trend of delivering awesome innovations, improved user experience, and greater / deeper integration into the ecosystem its managing, while aligning its automation technology with the following core investment strategies :

  • Make the Private Cloud Easy
  • Enable Developers
  • Manage Across Clouds

In part 1 of this series of vRA 7.3 what’s new blogs, I will be showcasing the Prameterized Blueprints feature which fall under the  “Make the Private Cloud Easy” strategy pillar.

But before we get started I thought I would mention these Important upgrade Side Notes :

  • You must upgrade to either vRealize Automation 6.2.5 or 7.1, before you can upgrade to version 7.3
  • The Memory configuration should be increased to 18 GB on the vRA Appliance if you happened to reduce it, like I did myself in my lab otherwise you will get an error like the one below.

Memory Sizing Error

  • System Reboot is required of-course to complete the update, assuming everything went well with the vRA master appliance and its replicas if any.


  • After you reboot the vRA appliance, Waiting for all services to start update Status appears on the Update Status page. The IaaS update automatically starts when the system is fully initialized and all services are running. So you don’t have to upgrade the IaaS component your self manually like what we used to do with the older editions, BUT instead You can sit back, relax and simply observe the IaaS upgrade progress on the Update Status page. How freaking cool is that Eh!


  • The automated update process is also supported on the distributed deployment model where after the master vRA appliance is successfully updated, all the replica nodes gets updated as well, after that the focus shifts to the IaaS components and the same thing happens where all the related IaaS services gets updated. 
  • The first IaaS server component can take about 30 minutes to finish, so be patient.
  • Also note that The active Manager Service node changes from a manual election to a system decision about which node becomes the fail-over server. The system enables this feature during upgrade

So now that we got that out of the way – Big Sigh!- ,  let’s get started now on the main topic Eh!

Parameterized Blueprints to Enhance Re-usability and Reduce Sprawl​

The new Component Profiles allows us to define both Virtual Machine sizes including ( CPU, Memory and Storage ) and source image attributes that helps the infrastructure architect enable what we refer to as the “T-Shirt Sizing” option for blueprint requests where an entitled user can pick from.

This abstraction using the Component Profiles allows us to efficiently manage blueprints by increasing re-usability while significantly reducing blueprint sprawl and simplifying your catalog offerings.

You can use component profiles to parameterize blueprints. Rather than create a separate small, medium, and large blueprint for a particular deployment type, you can create a single blueprint with a choice of small, medium, or large size virtual machine. Users can select one of these sizes when they deploy the catalog item.

From a governance and control perspective we continue to have the ability to trigger approval policies but now these approval can be based on the user size or the image selection conditions, including overrides.

The component profiles like everything else can be imported and exported using the vRealize Cloud Client.

The available component profile types are Size and Image. When you add component profiles to a machine component, the component profile settings override other settings on the machine component, such as number of CPUs or amount of storage.

Be aware that you cannot define other or additional component profile types other than those two.

To access Component Profiles, select Administration -> Property Dictionary -> Component Profiles 


Component profiles are only available for vSphere machine components where you can use component profiles to define vSphere machine components in a blueprint.

Defining Component Profile Settings

You can define multiple named value sets within the Size and Image component profile types and add one or more of the value sets to machine components in a blueprint. Each value set that you define for the component profile type (Size and Image) contains the following configurable settings:

  • Name that sequesters see when they provision a machine
  • Unique identifier for tenant
  • Description
  • Set of value choices for each option in the values


When you request provisioning from the catalog, you can select from available value set choices for the Size and Image component profiles. When you choose one of the value sets, its corresponding property values are then bound to the request.

Configuring Component Profile Size Settings for Catalog Deployment

  1. Log in to the vRealize Automation console as an administrator with tenant administrator and IaaS administrator access rights
  2. Select Administration -> Property Dictionary -> Component Profiles 
  3. Click the Size in the name column or highlight it and click Edit

ComponentProfiles-Size4. Click the Value Sets tab and define a new value set by clicking New to create a small and a large size deployment value set for example.

Small CP

Small Value Set

Large CP

Now we have two Size Component Profiles as value set

  • Small   ( 1 vCPU, 1GB Mem, 40 GB Storage)
  • Larege ( 2 vCPU, 4GB Mem, 80 GB Storage)

size CP Final

Next would be to Add one or more value sets to the Size component profile by using the Profiles tab on a vSphere machine component as will see next.

Configuring Machine Blueprint by Adding the Size Component Profile to the Blueprint.

  1. Log in to the vRealize Automation console as an infrastructure architect.
  2. Select Design -> Blueprints
  3. Create a new Blueprint or in our case we will be editing an existing CentOS 7 on vSphere – Base Blueprint.


4. Select the Machine Type and click on Profiles  to add the size Component Profile we defined by clicking the +Add  link


5. Once added and listed with the profile tab, select the Size Component Profile and click on Edit Value Sets 


6. Select the Value Sets you want to associate with the CentOS7 on vSphere – Base Blueprint, here we will select both Small and Large, while setting the Small as the Default and click Ok to configure the size component profile we are configuring for the blueprint with selected Value Sets ( Small and Large )


7. Once your done click finish on the blueprint to save the Blueprint parameters we just added, and your ready to request the CentOS7 on vSphere – Base Blueprint with the configured size parameters.


8.  Select the vSphere_Machine within your blueprint deployment you requested and simply select the size of the Machine AKA “T-Shirt Sizing” and submit your request.


We can simply repeat the same process for the Image Component Profile where we define Image value set we can present to the requester as an option to choose from. 

Users can select from Linked Clone or Full Clone type images across Windows and Linux type OSs for example .  I will leave that one for you to explore my friends.



.The End. Eh!.

Automation and Orchestration vRA Blueprints vRealize Automation

Virtual Container Host As A Service [VCHAAS] With vRealize Automation – vRA 7.x

vSphere Integrated Containers Engine is a container run-time for vSphere, allowing developers familiar with Docker to develop in containers and deploy them alongside traditional VM-based workloads on vSphere clusters, and allowing for these workloads to be managed through the vSphere UI in a way familiar to existing vSphere admins.


vSphere Integrated Containers comprises three major components:

  • vSphere Integrated Containers Engine, a container runtime for vSphere that allows you to provision containers as virtual machines, offering the same security and functionality of virtual machines in VMware ESXi™ hosts or vCenter Server® instances.
  • vSphere Integrated Containers Registry, an enterprise-class container registry server that stores and distributes container images. vSphere Integrated Containers Registry extends the Docker Distribution open source project by adding the functionalities that an enterprise requires, such as security, identity and management.
  • vSphere Integrated Containers Management Portal, a container management portal that provides a UI for DevOps teams to provision and manage containers, including the ability to obtain statistics and information about container instances. Cloud administrators can manage container hosts and apply governance to their usage, including capacity quotas and approval workflows.

These components currently support the Docker image format. vSphere Integrated Containers is entirely Open Source and free to use. Support for vSphere Integrated Containers is included in the vSphere Enterprise Plus license.

Now that we are done with the intro, we will only be focusing on VIC Engine in this post and how we can leverage vRealize Automation 7.x to make it even better and faster to deploy by users as a service.

I have been playing with vSphere Integrated Containers for a while now and since the early beta days. I can tell you that deploying and deleting the VCH Endpoint so many time was a bit painful since the command line is so rich including so many parameters that you can choose from where some are mandatory and some are optional, which of course can be a bit overwhelming specially when you fat finger some of these parameters as often as I do.

Example of the Linux command line with some of its parameters to deploy a Virtual Container Host on vSphere, looks something like this :

./vic-machine-linux create –name VCH_Name -t ‘UserName@domain.com:Password@vCener_IP_or_FQDN‘ –compute-resource Target_Cluster –public-network Target_Managment_Network –bridge-network Target_Bridge_Network –image-store DataStore_Name –volume-store DataStore_Name :default –dns-server DNS_IP_Or_FQDN –public-network-ip VCH_IP –public-network-gateway Gateway_IP/CIDR–force –no-tlsverify

During all this testing time I had to save the entire command line in a text file with all of its parameters, so I can simply copy and past the command when I need to, after replacing some of these parameters with the values I wanted to use, so I don’t have to type it over and over every single time I decide to deploy or delete a Virtual Container Host to test.

Having in mind our main use case for vRealize Automation and that is IT Automating IT , I wanted to find a way where I can somehow provide this as a service in my home lab where I can simply select the service and submit the request from the catalog.

Well, I did that some time ago and today I m excited to share that publicly on my new blog with all of you out there !

So please sit tight, enjoy the ride as I Explain…

In vRealize Orchestrator I managed to leverage the Guest Script Manager to take the command line with the majority of its parameters and automate the life out of it by creating the desired workflows use cases ( The Creation and Deletion of the VCH process ) then use these workflows as Anything as a service XaaS type blueprints in vRA to essentially present it as an item catalog where users can easily request to create a new VCH or delete an existing one.

Of course there are many other ways on how you can do the VCH automation piece and probably even better than the one I’m sharing here, but this is simply how I did it!.

Steps and User Experience


1. Request the Service from the Catalog


2. Provide the VIC Machine Information


3. Provide the targeted vCenter Server


4. Provide the VCH Configuration needed for the deployment


5. Workflow executes in vRO to deploy the VCH endpoint on vSphere

This is so great on so many levels since now you can easily entitle any development groups for example, that really don’t have to know a whole lot on how VIC works and are simply able to request the service to access a docker API and provision Containers.

You can also wrap an approval / governance policy around it which vRA can easily provide and have all the parameter’s values available to users in drop-down list format within the XaaS Forms on the request page, so the requester don’t have to wonder when filling out these form requests, things like which cluster I should be deploying this to, What network I should be selecting, What Storage I should use and more importantly standardize these inputs to avoid typos to standardize the service overall so its consistent across the IT organization.


I tested both XaaS blueprints ( Create and Delete VCH ) and both works like a charm. I still though have to clean it up a bit but I will be sharing both the vRO package and the XaaS blueprints here on this post so others can use it or build on top of it and make it even better since I am not really an expert when it comes to developing vRO workflow but I m doing my best to learn even more.

High level Deployment Guide

Please be aware that this has not been tested yet outside my lab, so please provide feedback if you have any issues, in case I need to tweak things :

  1. Download the VCH 1.0 (Here) or VCH 1.1 (Here) Automation package depending on the VIC version bundle you have or planning to download and extract its content. The package includes the vRO package that includes the VCH workflows and the 2 XaaS VCH Blueprints for the VCH Create and Delete operation.
  2. If you download the 1.0 VIC bundle (Here) make sure its extracted to /workspace/vic on the desired VIC machine (The Machine that host the VIC Bundle), here you will use the VCH 1.0 in step 1.
  3. If you download the 1.1 VIC bundle (Here) make sure its extracted to /workspace/vic on the desired VIC machine (The Machine that host the VIC Bundle), here you will use the VCH 1.1 in step 1.
  4. Import the vRO package into the vRA embedded vRO instance using the vRO client
  5. Use the Cloud Client (Here) to import the two XaaS Blueprints into vRA where you can then publish and entitle them to users.
  6. Confirm that the blueprints are actually pointing to the respective VCH workflows that you imported perilously.

Please make sure to map the right VCH Automation package version with the right VIC Bundle version since some of the command syntax changed in VIC 1.1

Important Deployement Notes

  • This was done using the Guest Script Manager as I mentioned before which is already bundled in the VCH 1.0 vRO package along with the VCH workflows in the vRO package I Exported, so you don’t have to install the GSM yourself.
  • All the fields for this version is mandatory and can’t be skipped for now, but its something that you can definatly modify if you want to.
  • All the fields are static, so later on you can configure some of the field’s in XaaS forms as drop-down lists and provide value from you own environment such as Clusters Name, Network port-groups or storage..etc
  • The Workflow will deploy VCH with Server-side authentication with auto-generated, untrusted TLS certificates that are not signed by a CA, with no client-side verification. i.e. –no-tlsverify is hard coded as you will see in the create command mentioned below.
  • You have VIC bundle deployed and extracted to a folder called /workspace/vic/ on a Linux machine called out in the XaaS forms as the VIC Machine VM available within the same vCenter/environment. This can be the vRA appliance as well and you can modify the original Workflow to preset the values for the VIC machine properties section (2nd Screenshot above) so the user don’t even have to select it or go through the first request tab.
  • The VCH deployment can be used and manually added in Admiral using the certificate type credentials which can be obtained from the VIC Machine from the VCH folder created after a successful deployment . for example if you deploy an endpoint called VCH01, both the server-cert.pem and server-key.pem would be located in /workspace/vic/VCH01 folder on the VIC Machine.
  • This is the command line that being executed on the VIC Machine VM ( which is the VM that has the VIC bundle deployed and extracted to /workspace/vic ) . All the parameters that are used between vRA and vRO are in-between brackets.

The Create Command Used in the Create Workflow for VIC 1.0

./vic-machine-linux create --name [vchName] --appliance-cpu [vchCpu] --appliance-memory [vchMem] -t '[vCenterUserName]:[password]@[vCenterIp]' --compute-resource '[clusterName]' --public-network [publicNetwork] --bridge-network [bridgeNetwork] --image-store [imageStore] --volume-store [volumeStore]:[volumeName] --dns-server [dnsServerIp] --public-network-ip [vchPublicIp] --public-network-gateway [vchPublicGateway]/[vchPublicGatewaySubnet] --force --no-tlsverify

The Create Command Used in the Create Workflow for VIC 1.1

./vic-machine-linux create --name [vchName] --endpoint-cpu [vchCpu] --endpoint-memory [vchMem] -t '[vCenterUserName]:[password]@[vCenterIp]' --compute-resource '[clusterName]' --public-network [publicNetwork] --bridge-network [bridgeNetwork] --image-store [imageStore] --volume-store [volumeStore]:[volumeName] --dns-server [dnsServerIp] --public-network-ip [vchPublicIp]/[vchPublicIpSubnet] --public-network-gateway [vchPublicGateway] --force --no-tlsverify

You notice if you compare the create command between the two versions that some of the parameters were changed. i.e.  –appliance-cpu  renamed to –endponit-cpu

The Delete Command Used in the Delete Workflow is same for both versions

./vic-machine-linux delete --force -t '[vCenterUserName]:[password]@[vCenterIp]' --compute-resource '[clusterName]' --name [vchName]

Have fun Everyone!

Automation and Orchestration vRealize Automation vsphere integrated containers