The big takeaway with the release of vRealize Management 8.1 is the support for vSphere 7 with Kubernetes.
These updates now provides automated delivery, monitoring, troubleshooting and capacity management for both container and VM workloads! This is a big deal and will allow VI admins to easy provision and manage VMs and containers on products they already know and not having to deal with the complexities around container orchestration with Kubernetes.
Here are some of the key updates VMware mentions for each product as well as the some use cases, but we will dig into each of these in more detail below.
Before I get started I do just want to mention something that mostly everyone already knows but it is important to reiterate that all these products are available on-premises as well as SaaS based. This provides lots of flexibility for wherever you workload will run for instance in a hybrid cloud environment or perhaps in the public cloud only.
vRealize Operations 8.1
A quick summary of what’s new as provide by VMware
vRealize Operations Cloud (SaaS)!
- SaaS based product will be available on release of on-premises vROPS 8.1
- Same feature set as on-premise version
- You can now manage your hybrid cloud with vROPS cloud native integrations with vRA, vRLI, VMC on AWS and Skyline Advisor.
- If you already using vRealize Automation Cloud, you can also import your Cloud accounts directly into vRealize Operations Cloud.
vSphere with Kubernetes support
- This in my opinion is very big deal since out OOTB K8s has very limited monitoring capability and you are required to learn, install and manage additional products like for instance Prometheus.
- Extending vROPS s to support vSphere Kubernetes constructs with the ability to discover, classify and monitor it.
- Integrated capacity management using vROPS predictive analysis
- Unified dashboard for inventory, relationship and KPIs for new constructs
- Monitor key workload management configurations
- Out of box reports for inventory, configuration and capacity
- Out of box alerts for Pods and Supervisor Clusters!!
- Out of the box alert definitions for Pods and Supervisor Clusters
- Ability define symptoms and custom alert definitions controlled through policies.
- Performance, Capacity and Availability alerts
- This is another big features which i think admins will love.
- For cases where you deploy your K8s stack via vSphere with Kubernetes or Tanzu Grid, you can extend visibility with vROPS Container Management Pack for these multiple K8s clusters.
- Visualize K8s cluster topology
- Co-relate virtual infra and K8s infra
- KPIs for performance monitoring.
- OOTB dashboard to provide the overview as well as troubleshooting
- Multiple alerts to help monitoring the K8s infra
- PKS Supported
- Mapping of K8s nodes to VM objects
- Integrates VMC as an end point into vROPS with VMC Cloud Account
- Simplified Cloud Account for VMC leveraging CSP Token.
- Auto-Discover new SDDCs and incorporate for monitoring in a few simple steps.
- One account to manage multiple VMC SDDCs including vCenter, vSAN, NSX and VMC Bills.
- Common cloud account construct with ability to import from vRealize automation (on-prem & cloud).
- Out of box support for Project Pacific (Supervisor Clusters, Namespaces, PODs and Guest Clusters).
- Key dashboards for VMC specific use cases
- Monitor KPIs for NSX Edge Routers.
- Track usage and performance of management virtual machines including NSX Edges, Controller and vCenter server.
- Monitor all the key resources including CPU, Memory, Disk and Network for infrastructure and workloads.
- Track capacity trends and resultant forecasts with Time Remaining, Capacity Remaining and Virtual Machines Remaining metrics.
- Find victim and villain VMs based on current and historical usage trend with powerful data transformation functions.
- This is a feature which i think customers will appreciate.
- vROPS now allows you to monitor VMware Cloud on AWS Costs using bills from VMware Cloud Service portal
- Combine private, hybrid, and public cloud costs in dashboards and reports
- Track Outstanding and Year to Date costs
- Cost Breakdown by
- Purchase history
- VMC and Policy Manager API support – NSX-T
- Simplified Cloud account integration.
- Support of Policy Manager API’s
- Config Max metrics support for NSX-T for SDDC monitoring.
- Enhancements to Public cloud migration Planning
- Now provides simplified assessment results which is great since this a bit confusing in previous releases.
- Save scenario for further analysis
- Reserved CPU
- Reserved Memory
- Fault Tolerance
- Raid Level
- New Amazon AWS objects!
- Elastic Beanstalk
- Direct Connect Gateway
- Target Group
- Transit Gateway
- Internet Gateway
- Elastic Network Interface (ENI)
- EKS Cluster
- Google Cloud Platform support
- Monitoring for the following GCP product family
- Compute Engine
- Container Engine
- Cloud Storage and Data store
- Cloud VPN
- Cloud Functions
- ML engine
- Cloud Billing
- Cloud Logging
- Google Cloud
- Traffic Director
- VMware CloudHealth integration
- GCP Cost and CloudHealth Perspective Integration
- Any Slice and Dice of MTD in vROPs using “Perspective” sync from CH
- GCP Cost collection
- OOTB Cost Dashboards for GCP
- GCP Cost and CloudHealth Perspective Integration
vRealize Automation 8.1
a new Simple setup wizard for integration with VCF
- This will allow you to connect to your existing VCF environment which will discover your workload domains, as well as content sources from the content libraries and new marketplace which I talk about later.
- You can specify your default lease and approval policies which will be created in vRA.
Custom Resources in Cloud assembly
- There are already a bunch of private and public cloud object available that can be dragged onto the canvas, but now you also have the ability to create your own custom resources which provides a lot of flexibility.
- Custom Resources allow you to basically create anything as a resource that can be used as part of a blueprint.
- As a part of creating the custom resource you define the Create, Update, and Destroy actions for the resource and can also add any additional Day-2 actions to be available for the resource once deployed.
Custom day-2 actions in Cloud Assembly
- Just like when you create a custom resource, you can create custom day-2 actions for any resource deployed whether that is a custom resource or one of the many private and public cloud resources that are available in the Cloud Assembly blueprint design canvas.
- Once the resource is deployed you will be presented all operation actions you allow including OOTB actions as well as custom actions you have specified.
- All actions can be controlled by policy to projects, blueprints, or even down to a specific user.
Resource Limit Settings for CPU, Memory and Storage in Projects
- a Project is a group of users, similar to Business groups in vRA 7.x.
- Resource limits for storage, memory, and CPU can now be set when adding a cloud
zone to a project within the Cloud Assembly service.
- This will allow you to set these limits per deployment target for a specific group of users to prevent overuse of a specific set of infrastructure or public cloud account.
Approval Policies in vRealize Automation?
- Approval policies was sorely needed since this is well used feature in vRA 7.
- Approval policies helps control which Deployment requests and Actions require approvals before being initiated.
- If the approver rejects the request, the request is not initiated and fails to execute.
Provider and Tenant Organizations – Multi-tenancy
- The bases for tenancy is that projects sort of maps to business groups as mentioned earlier.
- 8.1 now ads the notion of provider and tenant organizations
- This allows the provider admin to set up tenant organizations and assign people to this tenant organizations.
- These tenant organization can then manage each of their own projects with own policies, governance and content (blueprint, images, cloud zones etc)
- Dedicated and share infrastructure will be available in each these tenants, but dedicated is recommended for true tenancy.
- Tenant creates and manages own deployments
View Only Role for Cloud Assembly, Service Broker and Code Stream
- 8.0 could only create an admin and member role
- New view only role that can be assigned for all the services within
- Provides an “auditor” capability where a user assigned to this role can see configurations, deployments, blueprints, etc. but not interact with the platform in any way.
Day-2 Reconfiguration of Networks and Load Balancers
- Rich capabilities for administrators.
- Change the network associated with a VM NIC
- Update VM’s static or dynamic address range
- Rollback changes
- Simplified consumption for end-users.
- Change additional properties of the load balancer
- Move load balancers between networks
On-demand Security Groups supported for NSX-v and NSX-T
- Rich capabilities for administrators
- Add security groups using the YAML blueprint
- Assign firewall rules, ingress, egress, services, and ports
- Assign security groups to each NIC
- Simplified consumption for end-users
- Add existing security groups using the YAML blueprint or
through the network profile
- Mix existing and on-demand security groups in a single deployment
IPAM SDK in Cloud Assembly
- A great new toolkit for developing a package that enables integration of a third-party IPAM provider with vRealize Automation and vRealize Automation Cloud.
- The download package provides a sample implementation of a third party IPAM provider
- Technical guidance explains how to build an IPAM integration that conforms to VRA’s expectations for a third-party IPAM provider.
- Available soon on code.vmware.com
Ability to add OVA as a Content Source in Service Broker!
This will help accelerate the delivery and ease management of providing gold images to your customers. No need to go build them from scratch.
- Excellent new feature in vRealize Automation that highlights the Bitnami acquisition VMware made last year
- Bitnami brings an entire library of prepackaged application stacks to the VMware Marketplace
- Makes it easy to get your favorite open source software up and running on any platform, including your laptop, Kubernetes and all the major clouds
- One of the formats that is provided for these popular application stacks is the Open virtual Appliance (OVA) format.
- Provide OVAs directly to users in a self-service catalog using Service Broker
Expanding vROps integration with vRA
- In-context views of operations & hybrid cloud cost
- New Health Status of deployments with workload metrics
- New health badge for deployments
Ansible Tower Integration in Cloud Assembly
- Support for Ansible Tower allows customers to run Ansible Tower Job Templates from our blueprint canvas.
- Drag&Drop jobs onto canvas which is a nice feature.
- Ansible Tower v3.5 and v3.6 supported
- If using Ansible Tower with vRA Cloud you do require a cloud proxy.
- Incorporating existing Ansible Tower instances into vRealize Automation gives customers another option for configuration management along with Puppet and Ansible Open Source.
- The Ansible Tower and/or Engine can be on-prem or in the cloud. The nodes that will be managed or deployed could also be on-prem or in the cloud.
- The integration provides maximum flexibility when integrating with these solutions.
Active Directory Integration in Cloud Assembly
- vRA has a couple of different ways that it integrates with Active Directory.
- Most known to everyone is vIDM (Workspace Access) for authentication and authorization
- This new integrates provides the ability to pre-stage machines in AD during deployment.
- Supports multiple policies per project and uses tags to specify which policy to apply based blueprint configuration.
- Machine are assigned to the correct OU based on the Project the deployment user is assigned in Cloud Assembly.
- When deployment is deleted the machine account is Active Directory is also deleted so now we have some proper cleanup.
- vRA Cloud Requires deployment of new On-Prem Extensibility Action appliance
Service Broker Policy Criteria
- Policy Criteria in Service Broker allows you to specify very precise qualifiers when you want the specific policy to run.
- For example if you only wanted user to be able to run a specific Day 2 operation such as deleting a deployment for a specific blueprint you can use the following policy criteria:
- Blueprint eq <blueprint name>
- Or if you only want the policy to run for everyone except the admin group you could specify the following policy criteria:
- createdBy notEq <firstname.lastname@example.org>
vSphere with Kubernetes in Cloud Assembly
- In vRA an administrator can create a supervisor namespace on a supervisor cluster and assign the namespace to a project.
- Users in that project can get the kubectl configuration file and deploy application containers and VMs.
- This namespace will be available in the K8s resource page in infrastructure.
PowerShell Support for ABX Actions in Cloud Assembly!
- This is a cool new function!
- Action Based Extensibility (ABX) is a serverless function capability integrated into vRealize Automations Cloud Assembly Service.
- Previously ABX only supported Python and NodeJS scripting languages.
- With the release of vRA 8.1 the on-premises ABX appliance will now support running PowerShell (PS) natively as a serverless function.
- This will allow you to use all the power of PowerShell without the need to create PS Hosts and complex infrastructure to support PS scripting.
Code Stream Pipeline as Catalog Item in Service Broker / Code Stream
- Code Stream becoming a big part of vRA and definitely a big improvement than in the vRA 7 days.
- Used for closed-loop development and iterative blueprint development
- Service Broker provides an easy to use self-service catalog for requesting blueprint from Cloud Assembly, Amazon Cloud Formation Templates, vRO Workflows, ABX Actions, and Market Place OVAs and Templates.
- Now you can also present Code Stream pipelines as catalog items
- This provides an easy to use request process for users to launch pipelines directly from the Service Broker catalog giving the ability to use the great features of custom forms to front end CI/CD and infrastructure pipelines.
Lots of other new features!
- Custom Forms Enhancements
- Import and export CSS style sheets for a custom form in Service Broker
- Kubernetes Zones in Service Broker
- Service Broker admins can manage Kubernetes Zones in Service Broker and add these zones to different Projects
- Persistent storage disk
- Currently only available through the API
- Ability to ensure disk doesn’t get deleted on deployment\VM delete, ability to create a disk independent of a VM
- Bulk deployment request
- A user can select the number of deployments to create from a single blueprint at blueprint request time so that I may deploy multiple environments in a single request (parity with v7.6)
- Network Extensibility Events
- Add and remove network and load balancer objects from the network profile during deployment or deletion
- A use case for this feature would be when are deploying of on-demand networks
- On done via ABX
- Support for vSphere 7
vRealize Orchestrator 8.1
Support for Multiple Scripting Languages!!! Probably the biggest feature for vRO ever!
- You can now use PowerShell, Nodejs, and Python for tasks in workflows along side the traditional vRealize Orchestrator java scripting language
- No more need to have a PowerShell Host to run PowerShell scripts. Plus the inclusion of Nodejs and Python make creating sophisticated workflows easier by
using existing libraries for those languages!!
- Note: This feature is only available with a vRA license.
Tree View is Back!
- The tree view that everyone was familiar with vRO was not available when the switch to the HTML 5 client happened.
- With the release of vRO 8.1 a version of the tree view is back with hierarchical folders.
- You can now easily organize your workflows as you did in previous version.
Visual Differences and Source Control Enhancement
- vRO 8 added Git integration, and now vRO 8.1 bring support multiple branches.
- Before it was only available to source control to a single branch.
- vRO now supports syncing workflows to different branches from a Git repository
- This allows promotion of code through normal git operations and PR requests.
- You can also see the visual differences between versions of a workflow in the workflow designer under version history.
- When you create a new version it automatically timestamps the date and time.
- This helps accurately tell the different version of the workflow apart.
Debug workflows at Schema Elements
- You can now debug workflows at any element within the workflow by simply clicking the red box on the element and running the workflow.
- This will allow you to quickly move through workflow development.
- Ability to redirect the logs to a syslog server both from a vRA and vRO perspective.
(All images on this page courtesy VMware)