vRealize Suite

vRealize Automation, vRealize Operations, vRealize Log Insight, vRealize Infrastructure Navigator.

vRealize Network Insight (vRNI) 3.5 upgrade process that works

/ johannstander / Leave a comment

It is have been almost a year ago since my initial post on upgrading vRealize Network insight to 3.2 and since then there has been couple of new versions released. So time for me to upgrade!

The bad part I found out about the upgrade process is that you have to upgrade each version consecutively meaning I had to upgrade my 3.2 environment to 3.3 (which i am currently on right now) and then next step is to upgrade to 3.4 and following that another upgrade to 3.5.  You cannot skip version upgrades all!  Anyways, not going to comment on that but you see where this can be very time consuming so plan accordingly.

As before there are still two upgrade options available with online, which is handled through the GUI and offline, which is handled through the CLI.  I am currently running 3.3 and in the GUI under Settings -> Install it states that my Application is up to date. I did verify through CLI command “show-connectivity-status”  that my upgrade connectivity status shows passed and I also have no proxy.  Not wanting to open a support ticket I am going to go the manual route, and oh yes if you have a cluster configured, your only option is manual upgrade as well. Sorry!

Firstly we must upgrade the vRNI Platform appliances before we upgrade the Proxy appliances. If you have cluster then you have to start with platform1.  VMware’s KB on the manual upgrade process to 3.5 does not do such a good job of showing the exact steps to upgrade so here are mine:

  1. Download the upgrade bundle
  2. Extract the bundle from the downloaded zip file.
  3. Snapshot your vRNI Platform and proxy appliances before upgrade. (always have a backup)
  4. Login to Platform CLI with consoleuser
  5. Change password for the support user
    1. (cli) modify-password support
    2. Enter the password
  6. Use a popular tool like WinSCP to copy the bundle file to the all vRNI appliances
    1. Login with the support user
    2. Copy the bundle file in directory /home/support/
  7. Now we need to use the package-installer command to copy the bundle file to the vRNI VM
    1. package-installer copy –host localhost –user support –path /home/support/VMWare-vRNI.3.4.0.1495004044.upgrade.bundle
    2. Enter password
    3. Verify copied completed
    4. Remember one version at a time so first off have to upgrade from 3.3 to 3.4.
  8. Stop the service
    1. (cli) services stop
  9. Run the upgrade
    1. (cli) package-installer upgrade (3.3 -> 3.4)
    2. (cli) package-installer upgrade –name VMware-vRealize-Network-Insight.3.5.0.1502978926.upgrade.bundle (3.4 -> 3.5)
    3. This could take up to 30 minutes to complete so go have a cup of tea or coffee.
    4. Verify upgrade completed by checking the version
      • (cli) show-version
    5. If the service does not start..
      • (cli) services start
  10. Run step 4 through 9 on all appliances
    1. vRNI Platform appliances first
    2. vRNI Proxy appliances last

After the upgrade from 3.3 to 3.4, the upgrade KB states that a reboot is not necessary, but I found that if you do not perform a reboot you are not able to run the upgrade command “package-installer upgrade –name VMware-vRealize-Network-Insight.3.5.0.1502978926.upgrade.bundle”.  The –name parameter is not recognizable.

Note:

Do not copy/paste the commands in the KB since the filename is different that what you actually download “VMWare” and this make your upgrade fail.

Links:

 

 

 

 

Upgrading vROPS 6.x to 6.6.1

/ johannstander / Leave a comment

With all the new goodies in 6.6, especially the new HTML5 UI based on the Clarity design System, who can resist the upgrade to vROPS 6.6. Release notes for everything that is new can found here.

From an upgrade standpoint, vROPS has always been an interesting, but simple process with both the OS and application that requires separate updates.  The OS update is required for update RPMs for things like database and gemfire updates that the new vROPS application relies on.  My step by step upgrade guide below:

  1. Download the OS update and Product update files from my.vmware.com
    • OS PAK file:  vRealize_Operations_Manager-VA-OS-xxx.pak
    • Application PAK file:  vRealize_Operations_Manager-VA-xxx.pak
  2. Make sure that all the solutions you have installed has a version available that is compatible with the new vROPS release.
  3. If you customized any default alert definitions, symptom, recommendations, Policy Definitions, Views, Dashboards, Widgets and Reports in the previous version, make sure you clone it first.  When you upgrade vROPS, it is important that you upgrade the current versions of content types that allow you to alert on and monitor the objects in your environment.  It is a good practice to always clone first before customizing content.
  4. Before starting the upgrade, create a snapshot of the each of the nodes in the cluster.
    1. Login to vROPS admin
    2. Under system status click Take Offline
    3. Enter reason and click OK
    4. When Cluster status shows offline for all nodes, go ahead and take a snapshot of each
  5.  Before starting the upgrade, I also recommend taking a backup of all the nodes simultaneously by using your existing backup solution.
  6. First off we will update the Virtual Appliance OS:
    1. Login to the master vROPS node administrator interface
    2. Select Software Update
    3. Click Install a Software Update
    4. Browse the OS update PAK file
      • vRealize_Operations_Manager-VA-OS-xxx.pak
    5. Check the box “Reset Default Content”
      • As mentioned above make sure you have cloned all your customized content!
    6. Click Upload
    7. When completed click Next
    8. Accept EULA click Next
    9. Click Next
    10. Click Install
    11. This will update the OS on the Virtual Appliances and restart them.
  7. Secondly we will perform the vROPS product update:
    1. Login to the master vROPS node administrator interface
    2. Select Software Update
    3. Click Install a Software Update
    4. Browse the application update PAK file
      • vRealize_Operations_Manager-VA-xxx.pak
    5. Check the box “Reset Default Content”
      • As mentioned above make sure you have cloned all your customized content!
    6. Click Upload
    7. This will update the vROPS application on the Virtual Appliances
  8. Lastly, if you have any additional content packs installed, go ahead and upgrade them.

VMware is definitely making awesome improvements in all their products and has come a long way in helping out VMware admins with their daily management tasks.

SovLabs: Upgrading your software

/ johannstander / Leave a comment

SovLabs isn’t just a vRA plugin, it’s enterprise software that extends the capabilities of your vRealize Automation environment providing you with that end-to-end solution you have been craving for.  As with any other enterprise software they periodically provide new patches and releases and with SoLabs that is no different.

The new 2017.3.x was released in August and provides some awesome new modules:

  • Men & Mice DNS and IPAM
  • SolarWinds DNS
  • Backup as a Service
    • Automate policy-driven backups and provide self-service VM and file-level recovery for –
    • Cohesity
    • Rubrik
    • Veeam
  • SovLabs VM tagging
    • Drive rich metadata using VM tags and categories
  • SovLabs Property Toolkit
    • Manage your existing custom properties on VMs with the SovLabs Template Engine
  • ServiceNow Support for Jakarta
  • Puppet support for 2017.1
  • VMware Tools connection
    • Connect to Windows/Linux servers can now be done through VMware Tools which removes the requirement for WinRM, CygwinSSH or WinSSHD to be installed.  This is huge!
  • As a customer you can sign up under the self-service portal and view the detailed release notes here:

So how do we go about upgrading SovLabs to the latest version?

Step by step guide to upgrading from 2017.2.x to 2017.3.x.  (there are some additional steps if you are upgrading from <= 2017.1.x so please contact SovLabs support) 

  1. First off we want to create a backup of the vRO package
    1. Login to vRO Client
    2. Click Design
    3. Click on the package tab
    4. Click on the package icon on right hand side menu bar
    5. Enter name “com.sovlabs.backup.resources”
    6. Edit the newly create package, click on the pencil icon on the right hand side menu bar
    7. Click the Resources tab
    8. Click the Folder + icon
    9. Expand the Library folder,  select the SovLabs folder
    10. Click on the Select button
    11. Once loaded, click save and close
    12. Right click the saved package and click export package
      1. Create a folder called sovlabs under downloads
      2. leave the rest of settings as default
    13. Save to your local system
    14. Now, lets save the old SovLabs Plugin:
      1. Use WinSCP and login as root to vRO appliance
      2. Go to directory /var/lib/vco/app-server/plugins
      3. Save the o11nplugin-sovlabs.dar to your local file system in same sovlabs folder created earlier under download.s
    15. Done!
  2. We need to update the vRO Heap size
    1. If you have done this before then you can skip this step but this is needed to install the larger sized SovLabs module file into vRO otherwise the appliance might run out of memory during install/upgrade.
    2. Remember if you a vRO cluster, then you have to perform the steps on both server
    3. SSH into vRO appliance with user root
    4. Run # vi /var/lib/vco/configuration/bin/setenv.sh
    5. Find the #MEM_OPTS section
    6. Replace the -Xmx512m \ with -Xmx768m \
    7. Save the file
  3. Delete all SovLabs license keys
    1. Login to vRA tenant
    2. Click on Items tab -> SovLabs vRA Extensibility modules -> SovLabs License
    3. For each SovLabs License item listed
      1. Select Actions -> Delete License
  4. Download the SovLabs plugin
    1. Talk to SovLabs support about getting the software downloaded.
  5. Install the plugin into vRO appliance
    1. Login to controlcenter
      1. https://<vroserver&gt;:8283/vco-controlcenter
    2. Select Plug-Ins -> Manage Plug-ins
    3. Click Browse
    4. Select the plugin
    5. Accept EULA
    6. Click on Install
    7. Accept the EULA
    8. Restart the vRO server
      1. On the Home page, click on the Startup Options icon
      2. Click on Restart
      3. Wait for vRO to restart successfully
    9. Log back in to the vRO configuration page
    10. Click on the Manage Plug-Ins icon
    11. Verify that the installed plugin is listed among the vRO plugins
    12. Now if you have a clustered vRO 7.2 and above, then the plugin should sync but I have seen some problems with 7.2 so follow these steps
      1. Perform a full reboot on primary so that the pending and active config fingerprint ID match.
      2. Then push the config to the other standby node
      3. It will need to rebooted which it often will not do so make sure you perform this step yourself.
      4. Verify that Synchronization state shows synchronized and verify the version of the plugin on both active and standby nodes.
  6. Login to the vRO Client and run the configuration
    1. Click on Design mode
    2. Click on WorkFlow tab
    3. Right click vRO workflow, “SovLabs/Configuration/SovLabs Configuration”
    4. Select Start Workflow
    5. The SovLabs Configuration workflow only needs to be run on one vRO in a clustered environment
      1. Select yes to accept the EULA
      2. Click Next
      3. Select the appropriate tenant and business group
      4. Create SovLabs vRA Catalog Service? = No
      5. Publish License Content? = No
      6. Click Next
      7. Upgrade existing SovLabs vRA content? = Yes
      8. Click Next
      9. Install or Update SovLabs workflow subscriptions (vRA7.x)? = Yes
        1. *Enables vRA to call vRO during machine lifecycles
      10. Click Submit
      11. Verify that the SovLabs Configuration workflow completed successfully
  7. Lastly, let’s verify the SovLabs Plugin in vRA
    1. Select Catalog tab
    2. Verify that Add license -> SovLabs Modules catalog exists
  8. Now lets install the new license key for 2017.3.x
    1. This process has also been drastically simplified with a single license key which will license all modules, where previously this was done one at a time.
    2. Select Catalog tab -> SovLabs vRA Extensibility Modules -> Add license – SovLabs Modules
    3. Copy the text from license file and paste into field
    4. Click Submit
    5. Verify all catalog tab -> SovLabs vRA Extensibility Modules that all catalogs are available.
  9. If you ever need to roll back then follow the steps in the document provided by SovLabs:
    1. https://s3.amazonaws.com/docs.sovlabs.com/vRA7x/guides/SovLabs_BackupRestore-vROPackage.pdf

 

 

 

 

vRealize Automation: Request stuck in progress

/ johannstander / Leave a comment

I ran into an interesting problem today on my distributed (enterprise) vRA 7.2 environment and wanted to share how I got it resolved.

I have not deployed anything in my environment for a while but when I tried today my request was not completing and status is showing “In Progress”

Troubleshooting:

Review logs:

  • Infrastructure -> Monitoring -> Audit Logs
    • Machine requests shows that is was started
  • Infrastructure -> Monitoring -> Log
    • Found error on my manager services nodes “[EventBrokerService] Failed resuming workflow.. State VMPSMasterWorkflow32.Requested(POST). Event
      Event Queue operation failed with MessageQueueErrorCode QueueNotFound for queue ’30da8a16-c532-4e13-bd81-39b09114a887′.”
  • Logged into Service manager nodes and review the logs in Event Viewer
    • Found error “Error occurred while registering the DEM.
      System.Data.Services.Client.DataServiceTransportException: The underlying connection was closed: An unexpected error occurred on a send. —> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. —> System.IO.IOException: Authentication failed because the remote party has closed the transport stream”
  • Logged into the Web server nodes and review the logs in Event Viewer
    • Found similar error as above
    • Found error messages like “Error occurred writing to the repository tracking log”, “Error occurred while pinging repository”

Review DEM status:

  • Infrastructure -> Monitoring -> DEM status
    • both my DEM worker and Orchestrator shows with Status Active (Green)

Resolution:

I did some investigation and found really 2 problems that I needed to address

  1. If you find errors like “Event Queue operation failed with MessageQueueErrorCode QueueNotFound for queue” then you probably have manager service running on both instances (nodes).
  2. If you find errors like “System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it” then the problem is most likely with certificates and found in the vRA documentation that if you have commas in your OU section of the IaaS certificate, that your VM provisioning might fail and the following work around is provided
    1. Remove the commas from the OU section of the IaaS certificate, OR
    2. Change the polling method from WebSocket to HTTP to resolve the issues.
      • Open the Manager Service configuration file in a text editor.
      • C:\:Program Files (x86)\VMware\vCAC\Server\Manager Service.exe.config.
      • Add the following lines to <appSettings>
      • <add key=”Extensibility.Client.RetrievalMethod” value=”Polling”/>
        <add key=”Extensibility.Client.PollingInterval” value=”2000″/>
        <add key=”Extensibility.Client.PollingMaxEvents” value=”128″/>
      • Restart the manager services

Some other things to verify:

  • On Web server Windows OS nodes
      • Verify that the VMware Cloud Automation Center Management agent services is running
  • On Manager service Window OS nodes
    • Verify that the VMware Cloud Automation Center Service is running
      • This should only be running on 1 server if have a load balancer in front.
      • Set the Startup type to Manual on the 2nd server so you don’t have worry about this service starting but remember you have to failover manually by changing the service to automatic and starting the service.
        • In vRA 7.3 the failover process is now automated which is great!
    • Verify that the VMware Cloud Automation Center Management agent services is running on your instances
  • On DEM server Windows OS nodes
    • Verify that your VMware vCloud Automation Center Agent and Management agent services is running
  • Most people do not know this but VMware also has a very cool vRealize production test tool which I will blog about shortly.

Links:

https://docs.vmware.com/en/vRealize-Automation/7.2/com.vmware.vrealize.automation.doc/GUID-71F4F6F1-DBAE-4E0B-83A5-B4B25921B6A7.html

https://docs.vmware.com/en/vRealize-Automation/7.0/com.vmware.vra.extensibility.doc/GUID-7E54F8B9-9F76-4470-9B6F-6DAE5972E740.html

 

 

Adding Microsoft Azure to vRA and vRB Part #2

/ johannstander / 2 Comments

In part 1 I showed how to add Microsoft Azure to vRA.  In this part 2 I will show how to add Microsoft Azure with Non-EA account to vRealize Business which will provide cost information for your MS Azure account.

I have to apologies for taking so long to publish this but I had the blog written and ready to go but it was created with vRB 7.2, which had a lot of bugs with Azure integration  and the documentation was not very thorough and made use of the old Azure portal interface for configuration.  The problem I ran into can be view in the community post here, but with a lot of views and not responses I decided to wait until vRB 7.3 to review this again.

Prerequisites:

  1. You must have a Microsoft Azure Enterprise Agreement (EA) or non-EA account.
  2. If using MS Azure non-EA you must have one of the following credits offers:
    1. Pay-as-you-go
    2. MSDN
    3. Monetary commitment
    4. Monetary credit

To add a non-EA account you will also need the following information during configuration so please make sure you have this available.  I am also providing the steps on how to configure your non-EA account.

  • Client ID
    • When you register a client app, such as a console app, you receive a Client ID. The Client ID is used by the application to identify themselves to the users that they are requesting permissions from.
  • Location of Purchase
  • Tenant ID
    • Value can be retrieved from the Azure default Active directory when you select manage -> properties in menu.
  • Secret Key
    • Value will be defined during app registration.

Continue reading

vRA & SovLabs: Infoblox IPAM Module

/ johannstander / Leave a comment

An IP address is an integral part of the server architecture and is required by all servers, LB VIPs, NATs etc. Many customers still make use of spreadsheets, which is very difficult to automate when you have to manually enter data, and this eventually leads to inconsistencies due to the file not getting updated when a IP address is assigned, changed or deleted.

What you need is a robust high performance, highly available IP solution that you can manage from a single interface and provides  features like:

  • Manage a large pool of IP addresses
  • Improve availability, and simplified administration.
  • User based roles and permissions.
  • Provide vital operational and troubleshooting data:
    • IP address history, MAC address, Owner, Location, OS, etc.
  • Reports summarizing IP address resources and utilization.

There are many IPAM solutions out there with SovLabs support for the following:

I will be using the SovLabs Infoblox module in my example but if you have read this far you probably asked yourself “Infoblox has native integration with vRealize Automation, why use the SovLabs Infoblox module?”  I did some research and hopefully this information is useful in your decision making:

Differentiators between SovLabs Infoblox IPAM and Infoblox native integration vRA:

  • SovLabs do not require the Infoblox cloud adapter
  • SovLabs has different modules, which seamlessly integrates with each other and enhances the IPAM functionality:
    • Separate DNS and IPAM modules to allow each to be driven independently even between different providers.
    • Ability to create multiple independent DNS profiles that can drive DNS for multiple different providers independent of IPAM.  DNS is able to register against multiple domains out of the box and drive host records, CNAMEs, PTR and A records independently.
  • SovLabs has pre-validation logic for IP and DNS forward/reverse duplication detection.
  • SovLabs Template engine can be used for custom comments, fields in Infoblox based on vRA metadata.
  • SovLabs is design for ease of use.  No Infoblox schema changes or lengthy install and upgrade process.
  • SovLabs is completely policy driven, no need for custom workflow development.

The SovLabs module also has many other features which can viewed on the website here, but some of the highlights are:

  • Obtain and reserve unique IP address(es) and release automatically during appropriate machine lifecycle
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • No custom workflows required, completely policy driven
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites:

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant
    1. Add license for Infoblox IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add Infoblox Endpoint
      2. Add IPAM Profile

 

Configuration:

  1. Add InfoBlox Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-05-10 at 6.09.35 PM.png
    4. Click Request button on “Add Infoblox Endpoint”
    5. Screen Shot 2017-05-10 at 6.10.29 PM.png
    6. Infoblox Endpoint
    7. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    8. Enter hostname
      • FQDN of Infoblox server
    9. HTTPS = yes
    10. Port – 443
    11. WAPI version = pick from dropdown box based the version your found through prerequisites
    12. DNS View = optional, which DNS views this endpoint supports
      • Not using Infoblox for DNS in this example
    13. Network View = optional, which Network views this endpoint supports
      • All my networks are crated under the default view
    14. Credential Configuration
    15. Enter username
      • Username should have API access and permissions to add/remove records to/from Infoblox
    16. Enter password
    17. Click Next
    18. Advanced Options
      • These are optional and can be left blank which will populate with default value.
    19. Host record template
    20. A record template
    21. PTR record template
    22. Fixed Address template
    23. Click Submit
  2. Add IPAM profile
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-05-11 at 8.05.34 AM.png
    3. Click Request on Add IPAM Profile
    4. Screen Shot 2017-05-11 at 8.06.10 AM.png
    5. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Enter Description
      • I like to add the name of the network and subnet information here.
    7. Type = Infoblox
      • Since we are using Infoblox, that is what i picked.
    8. Provider host = select configuration label for previously created Infoblox endpoint
    9. Nic number = 0
      • On which NIC do you want to assign the IP address for the VM
    10. Subnets, Gateways and Network names
      1. The network name should match the vDS port group name.
      2. Enter values subnet, gateway and network name with comma separated and click on green + Sign
    11. Excluded IPs
      1. If you want to exclude some IP address, then enter them here individually.
    12. DNS Configuration
    13. Enter Primary DNS
    14. Enter Secondary DNS
    15. Enter DNS Suffix
    16. Enter DNS search Suffix
    17. Wins Configuration
    18. Enter WINS Server if necessary
    19. Click Submit

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Login to vRA
  2. Click on the Infrastructure -> Reservations -> Network Profiles
  3. Edit the network profile that best matches the IPAM profile created above
  4. Click DNS tab
    1. Verify that the DNS suffix is set.
  5. Click on the Infrastructure -> Reservations
  6. Edit the reservation associated with the network profile review above in step 3.
    1. Click network tab
    2. Uncheck the network paths
    3. Also clear out the network paths dropdown value.
  7. Click OK
  8. Now we need to enable the custom properties module on our blueprint
  9. Click on Design -> Blueprint
  10. Edit Blueprint
  11. Click on the blueprint vSphere machine on the Design Canvas.
  12. Click on properties tab
  13. In the properties group section click +Add
  14. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)
    • Do not attach more than 1 IPAM profile property group to a blueprint VM object
  15. Click OK
  16. Repeat these steps for all blueprints that should get an IP address through IPAM.

Now deploy a VM and verify in Infoblox that the IP address is assigned to the network in the default view.

vRA & SovLabs: ServiceNow CMDB module

/ johannstander / Leave a comment

Having a centralize management database (CMDB) is crucial to provide insight into your environment especially with IT service management architectures becoming a lot more complex.  Some of the benefits of a CMDB are:

  • Increase control with asset management
  • Make systems more reliable by quickly identifying configuration drift like unplanned changes and improper configs that can cause performance issues
  • Maintain service levels through faster troubleshooting and identify key components, owners and dependencies

The CMDB contains valuable in-depth data about maintenance, repair histories, problems, changes, but this is all pretty much useless if the CMDB is not kept up to date and consistent.  There are many ways to achieve the necessary consistency, but the SovLabs ServiceNow CMDB modules for vRA provides a lot of additional benefits over something like auto-discovery with features which can viewed on the website here, but some of the highlights are:

  • Flexible mapping via JSON-based templates which can utilize dynamic or static values and vRA metadata, e.g. using vRA custom properties like business groups, catalog item owner, software installed,
  • Multiple operations permitted (insert/update/delete) on multiple related or independent tables using the direct to table method
  • CMDB configurations can be applied generically at the compute resource or business group level or more specifically at the blueprint level
  • Compatible with ServiceNow Discovery
  • Instantaneous CMDB inserts/updates occur during time of provisioning/de-provisioning/re-configure
  • Flexible de-provisioning/clean options
  • Supports import set or direct to table

Prerequisites:

  1. ServiceNow CMDB is properly configured
  2. ServiceNow CMDB service user account must have Web Service admin rights and rights to add/update/delete records
  3. If you are using VMware’s ITSM plug-in, set the “u_vra_uid” column to read/write from read only:
    1. In ServiceNow, navigate to System Definition
    2. Under Column name, search for u_vra_uid
    3. Click the cmdb_ci table from the results
    4. Uncheck Read only and Check Read/Write
    5. Click Update
  4. Login to the vRA tenant
    1. Add license for ServiceNow CMDB module
    2. Validate the following show up on the Catalog page:
      1. Add ServiceNow Endpoint
      2. Add ServiceNow CMDB

Configuration:

  1. Add DNS configuration
    • If you want the VIP host name to be automatically registered with DNS then you need to have the SovLabs DNS module installed and configured.  This was covered in my previous post which can be viewed here.
  2. Add ServiceNOW Endpoint

    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-05-23 at 2.08.45 PM.png
    3. Click Request on “Add ServiceNow Endpoint – SovLabs Modules”
    4. Screen Shot 2017-05-23 at 2.10.00 PM.png
    5. ServiceNow Endpoint
    6. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Enter ServiceNow host URL
    8. Select Current ServiceNow version
    9. Credential Configuration
    10. Create credential = yes
    11. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    12. Enter username and password
    13. Click Submit
  3.  Add ServiceNow CMDB Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-05-23 at 2.18.37 PM.png
    3. Click Request on “Add ServiceNow CMDB Endpoint – SovLabs Modules”
    4. Screen Shot 2017-05-23 at 2.18.46 PM.png
    5. ServiceNow CMDB Configuration
    6. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select ServiceNow Endpoint previously created
    8. Use import set?
      • Selecting no will make of use import direct to table
    9. Select template name
      • I am using the default linux and windows templates provided by SovLabs so will be creating two separate CMDB configurations associated to each.
    10. Enter JSON template
      • This should be populate with the default template but additional information can be added within the template for instance the owner and the business group the owner belongs too.

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • ServiceNow CMDB property group (starts with SovLabs-SnowCMDB-)
  7. Do not attach more than 1 ServiceNow CMDB property group to a blueprint
  8. Click OK
  9. Repeat these steps for all blueprints that should use this custom naming.

 

SovLabs ServiceNOW CMDB module     VS    VMware’s vRA plugin for ITSM:

VMware’s vRA plugin for ITSM provides a way to expose vRA’s Catalog items to ServiceNOW for machine provisioning with an approval process workflow that run in SNOW instead of vRA.

SovLabs CMDB module will automatically update the SNOW CMDB with the valuable information obtained from vRA after a Catalog Item request and successful deployment, either direct to table or through import sets.

Here are some limitations for each of the solutions that I think everyone needs to take into consideration.

VMware’s  vRA plugin for ITSM feature limitation: (base on my v1 experience)

  1. Only community supported!
  2. Only ADFS 2.0 is supported for authentication.
    Note: ADFS 2.0 comes with Windows 2008 R2 where as ADFS 3.0 comes with Windows 2012 R2. ADFS 2.0 is single point of failure.  ADFS 3.0 supports farms with primary and secondary servers.

    • Email address must match in both SNOW and the AD connection used by ADFS
  3. Custom properties of the following types are not supported- slider, spinner, yes/no, hyperlink, and SecureString as well as any properties using external values from vRealize Orchestrator.
    • Encrypted vRA custom properties not supported
  4. Only the vSphere.local tenant is supported (this might be fixed in v2 which I have not yet had a chance to test)
  5. Requesting XaaS blueprints or composite blueprints that contain dynamic form inputs from vRealize Orchestrator is not supported.
  6. Requesting machines from AWS or Azure or any other non-vCenter endpoint not supported.
  7. Resource mapping only on the vSphere virtual vRA inventory type which is limiting if you have OS-level CIs defined.
  8. Once configured, newly provisioned resources are imported into a new CMDB class while existing resources are available in the old CMDB class and would have to be imported into new.

SovLabs ServiceNOW CMDB module limitations:

  1. VM re-configure (should be available soon)
  2. Resource mappings for resources other than for machines except where they can be derived via machine properties

 

Links:

https://sovlabs.com/products/servicenow-cmdb/

http://docs.sovlabs.com/vRA7x/current.html#servicenow-cmdb

https://marketplace.vmware.com/vsx/solutions/vmware-vrealize-automation-plug-in-for-itsm-2-0-0

 

vRA & SovLabs: Snapshot management module

/ johannstander / Leave a comment

If you are a VMware administrator you know what a pain it is to manage snapshots.  Virtualization makes it easy to snapshot a VM before a patch or an upgrade is applied to an application or OS and gives you that peace of mind that you can revert back if it fails.   The reality is that users never clean up there snapshots and it starts getting used as a backup method in environments which places the burden on VMware admins to manage the clean up efforts.  VMware recommends not using snapshots for more than 3 days since it can cause serious performance, storage and corruption problems in your environment.

So how you do you handle snapshots?  A lot of customers just give up and take the chance of nothing going wrong, or they end up disabling this very valuable feature so users cannot use it all.  None of these methods are good.

SovLabs modules provides policies that control the expiration and deletion of VM snapshots as well as the ability to provide notifications to the VM owner. The VM owner is not given the option to extend the time of how long the snapshot lives and it will be automatically removed based on the lifespan in days set by the vRA administrator.

Configuration:

  1. Add SovLabs vCenter Endpoint
    1. This configuration was covered in my previous post which can be viewed here.
  2. Add SovLabs vRA CAFE Endpoint
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 8.44.15 AM.png
    3. Click Request on “Add SovLabs vRA CAFE Endpoint”
    4. Screen Shot 2017-04-20 at 8.44.47 AM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Version and Hostname are  auto-generated and based on querying vRA CAFE, verify that the information is correct
    7. If you have not configure this endpoint module then you need to create credentials.
    8. Click Submit
  3. Add SovLabs vRA IaaS Endpoint
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 8.51.06 AM.png
    3. Click Request on “Add SovLabs IaaS CAFE Endpoint”
    4. Screen Shot 2017-04-20 at 8.51.27 AM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Version, Hostname  and Domain are auto-generated and based on querying vRA CAFE, verify that the information is correct
    7. If you have not configure this endpoint module then you need to create credentials.
    8. Click Submit
  4. Add Notification Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 8.55.27 AM.png
    3. Click Request on “Add Notification Configuration”
    4. Screen Shot 2017-04-20 at 8.55.36 AM.png
    5. New message server = yes
      1. new fields will appear
    6. Screen Shot 2017-04-20 at 8.58.39 AM.png
    7. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    8. Enter message server address
    9. Enable SSL if required
    10. Enter message port
    11. Select message type
    12. Select message server protocol
    13. Select yes from drop down box if your SMTP requires authentication.
      1. Select yes from new credentials
      2. Enter configuration label
      3. Enter username and password
    14. Enable STARTTLS if required
    15. Set network timeout
    16. Since I selected message type as email, you need to setup your email groups.
      1. Select yes to create new group
      2. Enter email group configuration label
      3. Enter To and/or CC and BCC addresses
    17. Click Next
    18. Screen Shot 2017-04-20 at 9.10.04 AM.png
    19. Enter notification configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    20. Select type = SNAPSHOT
    21. Select state = Whether or not to send notifications when a new snapshot is found (NEW), when a snapshot is about to be deleted (WARNING), and/or when a snapshot has been deleted (DELETE)
    22. Select format
    23. Enter From address
    24. Enter Title
    25. Enter Body
      • In the documentation they have some notification examples which you can just copy/paste and customize, which is very helpful.
    26. Screen Shot 2017-04-20 at 9.19.44 AM.png
    27. Click Submit
  5. Add Notification Group Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 4.08.11 PM.png
    3. Click Request on “Add Notification Group Configuration”
    4. Screen Shot 2017-04-20 at 4.08.56 PM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Select Type = snapshot
    7. Select Notification = previously create notification configuration.
  6. Add Snapshot Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 9.45.42 AM.png
    3. Click Request on “Add Snapshot Configuration”
    4. Screen Shot 2017-04-20 at 9.46.15 AM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
      • sovlabs_snapshot_config_BG_all_2days
    6. Select SovLabs vRA CAFE Endpoint from dropdown.  This was configured earlier.
    7. Select SovLabs vRA IaaS Endpoint from dropdown. This was also configured earlier.
    8. Select Notification Group.  Make sure you have a notification group of type snapshot define. This was also configured earlier.
    9. Select if you want to manage snapshots for all business groups = yes
    10. Enter snapshot lifespan in days
      1. Per VMware’ recommendation try to stay within less than 3 days
    11. Enter the days before expiration a warning notification should be send out.
    12. Screen Shot 2017-04-20 at 4.14.42 PM.png
    13. Click Next
    14. Set the snapshot scheduler.  So the scheduler you set here goes out and checks each VM if they have a snapshot that might be expiring or is expired and needs to be deleted.  Once create, a vRO schedule task is created which runs every 15min to make sure that the snapshot scheduler sends out the notification at the specified time.
    15. Screen Shot 2017-04-20 at 4.36.03 PM.png
    16. Leave schedule as active
    17. Set schedule type = daily
      • most customers would pick daily
    18. Set the time to run in military format
    19. Can leave schedule end date blank to run forever.
    20. Click Submit

Enable the module:

  1. Based on the set scheduler, an inventory update will automatically run and send notifications.
    • If a snapshot’s age has met the expiration day, it will automatically get deleted.
  2. The last SovLabs Snapshot Configuration deleted, deletes the vRealize Orchestrator scheduled task for Snapshot Management.  It automatically creates it again if a snapshot configuration is created and scheduled task is not found.

Disable the module:

  1. Login to the vRA tenant
  2. Select Catalog -> SovLabs vRA Extensibility
  3. Click Request on “Manage Snapshot Scheduler”
    1. Select Suspend from the Action dropdown list.
    2. Click Submit
    3. (if you want to resume this module again you can perform the same actions as above but select Action “resume” from dropdown list.

 

vRA & SovLabs: vSphere DRS

/ johannstander / Leave a comment

This modules allows you to make use of VMware’s DRS to sub-divide your vSphere clusters for consumption by defining DRS groups, affinity and anti-affinity rules. A good use case for this would the deployment of a VM that needs to be tied to specific host due to licensing or hardware constraints, or VMs behind load balancers that you want to make sure run on different ESXi hosts.

The module has many features which can viewed on the website here, but some of the highlights are:

  • Create and manage vSphere DRS profile configurations directly in vRA and tie them to existing blueprints to enable affinity or anti-affinity relationships between VMs provisioned and existing DRS host groups.
  • Automatic cleanup of appropriate linked VM rules and groups during VM de-provisioning lifecycles
  • Allows for VM provisioning into specific pre-defined DRS host groups
  • Dynamically creates VM group(s) and rule(s) during VM provisioning based on the corresponding SovLabs DRS profile configuration

Prerequisites:

  • vCenter Server is properly configured
  • vCenter cluster is properly configured and the host groups defined

Configuration:

  1. Add vCenter Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-04-18 at 5.08.40 PM.png
    4. Click Request button for “Add SovLabs vCenter Endpoint”
    5. Screen Shot 2017-04-18 at 5.10.07 PM.png
    6. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select vCenter version
    8. Enter PSC FQDN
    9. Embedded PSC = yes/no
    10. Enter vCenter Server FQDN
      • this should get populated
    11. Create credentials = yes
      1. This is not the vRA credentials so if you have not set this up through the catalog item request then you have to do so first.
    12. Enter username
    13. Enter password
    14. Click Submit
  2. Add DRS Profile
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-04-18 at 5.24.17 PM.png
    4. Click Request on “Add DRS Profile”
    5. Screen Shot 2017-04-18 at 5.24.51 PM.png
    6. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select vCenter Endpoint
    8. Select Cluster
      • If the clusters do not show up, make sure you have Host groups defined in DRS or that the credentials are entered correctly.  Credentials can be updated through the SovLabs Catalog “Manage Credential Configuration”
    9. Select host group
      • I create 2 hosts groups within the cluster, with separate hosts in each, which will be assignment to each blueprint.
    10. Select Rule
      • I selected should run on hosts in group
    11. Click Submit

 

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • Check the appropriate vSphere DRS property group (starts with SovLabs-DRS-)
    • Do not attach more than 1 vSphere DRS property group to a vSphere machine blueprint
  7. Click OK
  8. Repeat these steps for all blueprints that should use this custom naming.

 

 

vRealize Business for Cloud 7.3 upgrade process

/ johannstander / Leave a comment

In my lab I am upgrading from vRB 7.1 to 7.3 using the Web console, so I will primarily be focused on providing steps for this scenario.  There are a couple of ways going about the upgrade for instance:

  • Web console
  • Downloadable ISO image through CDROM
  • Default or specific repository address
    • a Specific repository is useful when you update a specific version

Prerequisites:

  • Take snapshot of your appliance!
  • If using vRB with vRA, make sure you are on a supported vRA version ( => 6.2.4) before you start the upgrade.

Installation:

Disclosure: I am registered to vIDM. In the documentation is states if you are registered to vIDM that it is not necessary to unregister. Well I ran through the upgrade and it did not create the new groups in vIDM, to which you are suppose to assign your users for administrator access.   To fix this I had to unregister and register after the upgrade was completed. Let me know if it works for you with VMware steps but it certainly did not for me.  In the steps below I reference unregistering with vRA or vIDM.  Use at own risk.

  • Login to vRB VAMI
  • Select registration tab
    • Depending on your registration preference,  make sure to disconnect first to either vRA or vIDM.  (read my disclosure above since VMware docs only mention vRA)
    • Select either vRA or vIDM tab
    • Enter username and password
      • admin/password
    • Click Unregister
    • Verify unregister was successful
    • Screen Shot 2017-06-14 at 3.56.57 PM.png
  • Select Update tab
    • Click Check Updates
      • You should get a message that a new version is available.
    • Click Install updates
  • Update will start and appliance will automatically reboot

Verification:

  • After installation is complete
    • Login again to vRB VAMI
    • Click Systems
      • Verify new 7.3 version is shown.
    • Click Network
      • Verify Hostname is set to your server name, and NOT localhost
        • If it is set to localhost, select address tab
        • Enter server name within the hostname field
        • Click Save Settings
    • Select registration tab
      • Depending on your registration preference,  select either vRA or vIDM tab
      • Enter username and password
        • admin/password
      • Click Register
      • Verify Registration is successful

Post-upgrade configuration:

If you login now you will get errors like below.

Screen Shot 2017-06-14 at 4.27.58 PM.png

Screen Shot 2017-06-14 at 4.28.26 PM.png

The groups created in vIDM for vRB < 7.3 use to be:

  • VCBM_ALL
  • VCBM_VIEW

These will still be visible as groups in vIDM, but are not being used, since they have been replace with new groups:

  • vRBC_Administrator
  • vRBC_Controller
  • vRBC_ViewOnly

Modify the users for the new vIDM groups create for vRB

  • Select Users & Groups
  • Select menu Users in This Group
  • Click Modify Users in this Group
  • Create rule
  • Click Next
  • Verify users in list to be added
  • Slick Save

 

Now you can login successfully to vRB with vIDM registration and enjoy the new user interface and product features.