vRA & SovLabs: DNS module

DNS plays a very important role in making sure your deployed VMs are accessible, and if this is not configured correctly you can run into problems that can sometime be difficult to diagnose.

SovLabs modules make sure that no stale, duplication or orphaned DNS records exist which is great since we have all had those days where we are to lazy to unregister a VM from AD before we delete it, right!?

SovLabs also supports DNS integration with Infoblox, Bluecat and BT Diamond IP which is very helpful since these might be used for different departments and give you that flexibility to accommodate those scenarios.

For this blog I am focusing on using just the regular old Microsoft Active Directory.

The module has many features which can viewed on the website here, but some of the highlights are:

  • Handles simple to complex globally distributed multi-zone, multi-site MS DNS environments
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • Supports up to 10 network interfaces per machine

 

Prerequisites:

  1. Identify the Domain Controllers to be used, or if policy dictates no direct connections are allowed then identify a proxy server.
    • If using a proxy server then make sure the environment setup is complete by following these steps
  2. If you are not using the SovLabs IPAM module, then you need to make you sure you set the DNS suffix within your network profiles that will be used.
  3. Setup WinRM
    • WinRM must be enabled for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
    • Follow these steps
  4. Install AD Webservices on all the DC’s that will be used.
  5. Verify NTP settings

 

Configuration:

  1. Add Microsoft Endpoint
    1. This configuration was covered in my previous post which can be viewed here.
  2. Add DNS configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-18 at 3.54.05 PM.png
    3. Click Request on “Add DNS Configuration – SovLabs Modules”
    4. Screen Shot 2017-04-18 at 3.54.56 PM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Domains
      • Add all the domains for this DNS config
      • Enter name
      • Press Green plus sign
    7. Networks
      • Add all the networks for this DNS config
      • Enter name
      • Press Green plus sign
    8. DNS server type
      • MS DNS in my case
    9. DNS server endpoints
      • Select the one that was previously created
    10. Create A record = yes
    11. Create PTR record = yes
    12. Use a default server
      • Can specify this server if no match on domain and network.
    13. Screen Shot 2017-04-18 at 4.08.46 PM.png
    14. Click Submit

 

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • SovLabs-EnableLifecycleStubs
  7. Click OK
  8. Repeat these steps for all blueprints that should use this custom naming.

Now deploy a VM and watch the magic happen.  The provisioned VM will automatically attempt to register with Microsoft DNS only if the VM is in the configured domain and network defined for Microsoft DNS.

Disable the module:

If you have the DNS module installed but for some reason are not using it or need to disable it then following the steps below:

  • If you do not have the DNS module configured, and try to deploy a catalog item, you will get an error like “Error: DNS Registeration could not find a DNS Configuration for the Hostname and/or IP of <servername> / 192.168.1.10 (Workflow:DNS machineBuilding / Add DNS (item10)#65)”
  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. Click on Custom Properties tab
  6. Click +New
    • Name = “SovLabs_DisableDNS”
    • Value = “true”
  7. Click OK
  8. Click Save
  9. Repeat these steps for all blueprints that should use this custom naming.

Links:

http://docs.sovlabs.com/vRA7x/current.html#microsoft-dns

http://docs.sovlabs.com/vRA7x/current.html#infoblox-dns

http://docs.sovlabs.com/vRA7x/current.html#bluecat-dns

http://docs.sovlabs.com/vRA7x/current.html#bt-diamond-ip-dns

 

VMware announces general availability for all vRealize Suite Standard products!

VMware has already been teasing us since June 6th with the upcoming releases of the following vRealize Suite products:

Today VMware announced GA for all products mentioned, with what seems to be a unified message to provide one integrated architecture, with greater/deeper integration across SDDC technologies and multiple public clouds.  I like where this is going…

Couple of key take aways for me which are shared amongst some of the products (not all):

  • Redesigned HTML5 UI
    • Log Insight jumped on this long ago.
  • OOTB Integration between the different products
    • We have started seeing this with previous release but not going into full swing
  • Standardizing on authentication with VIDM

Release notes for each product:

 

Hopefully I can make some time in the upcoming weeks to dive a bit deeper into some of the features, but due to my busy schedule I am not holding my breath 🙂 Happy downloads!

SovLabs: Microsoft Active Directory module

Windows servers require Microsoft AD, it is an integral part of the server architecture. I am not going to get into much detail on the directory service since this blog is focused on how SovLabs interacts with it.

The module has many features which can viewed on the website here, but some of the highlights are:

  • Handles simple to complex globally distributed multi-domain, multi-site MS AD environments
  • Registers/cleans computer account with Active Directory
  • Supports placement in a “build OU” during provisioning in order to facilitate software deployments/configurations that require a less restrictive Group Policy
  • Supports dynamic creation and removal of OUs
  • Employs several methods to improve reliability of registration/cleanup to mitigate failures, such as retry logic and post validation checks

 

Prerequisites:

  1. Identify the Domain Controllers to be used, or if policy dictates no direct connections are allowed then identify a proxy server.
    • If using a proxy server then make sure the environment setup is complete by following these steps
    • Windows 2012 R2 required
  2. Setup WinRM
    • WinRM must be enabled for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
    • Follow these steps
  3. Install AD Webservices on all the DC’s that will be used.
  4. Verify NTP settings
  5. “Shell access type” for the user account with permissions must be set to Command Prompt.

 

Active Directory Example:

I am going to initially deploy the computer object in the following OU which is used for pen testing: (BUILD OU)

  • OU=vra_BuildDeployment,OU=Servers,OU=Lab,DC=sovsys,DC=com

Then after pen testing is completed, I will move the computer object to the following OU:

  • OU=vra_Deployment,OU=Servers,OU=Lab,DC=sovsys,DC=com

Since I have production and development(lab) environment I would like create the computer object in different OUs.  This I can handle through a custom property and SovLabs Template engine.

SovLabs.AD.Environment.OU        –       defined on Business group

This will update my OU to following:

  • OU=vra_BuildDeployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com
  • OU=vra_Deployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com

 

Configuration:

  1. Add Microsoft Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-04-18 at 2.41.33 PM.png
    4. Click Request button on “Add Microsoft Endpoint”
    5. Screen Shot 2017-04-18 at 2.41.53 PM.png
    6. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select connection method
      • Select how the SovLabs modules will connect to the target or proxy Microsoft server
    8. Enter hostname
      • FQDN of AD server
    9. Use non-standard ports = no
    10. Is a proxy host = no
      • for my instance I am connecting directly to the AD server.
    11. Enter username and password
    12. Advanced configuration is only necessary when local administrator access cannot be given to the service account.
      • temporary directory = blank
      • share path = blank
    13. Click Submit
  2. Add Active Directory Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-18 at 2.52.13 PM.png
    3. Click Request on Add ActiveDirectory Configuration
    4. Screen Shot 2017-04-18 at 2.53.03 PM.png
    5. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Select Microsoft Endpoint
      • created earlier
    7. Select Computer name case
      • Choose whether or not the computer name added in AD is all uppercase or lowercase
      • If you are using the Puppet module set this to lowercase since it will cause problems with authentication due the certificates created for the Puppet agent is always in lowercase.
    8. Use Build OU
      • Select yes if computer needs to be placed in an interim OU.
      • If yes, fill in create and remove OU, otherwise leave those blank.
      • OU=vra_BuildDeployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com
    9. OU
      • ActiveDirectory Organizational Unit (OU) in DN format for computer/VM to join
      • OU=vra_Deployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com
    10. Security Group
      • List all AD security groups the server should join
    11. Delete computer account
      • If you select yes it will try to find computer account and delete it, regardless of which OU it is in.
    12. Screen Shot 2017-04-18 at 3.23.05 PM.png
    13. Click Submit

 

Enable the module:

Now we need to enable the custom properties module on our blueprint:

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • Microsoft Active Directory property group (starts with SovLabs-AD-)
    • Do not attach more than 1 Microsoft Active Directory property group to a blueprint vSphere machine object.
  7. Click OK
  8. Repeat these steps for all blueprints that should use this custom naming.

 

Now deploy a VM and watch the magic happen. Effortless, predictable, consistent and best of all no manual input of placing the created computer object in a specific OU.

vRA & SovLabs: BIG-IP F5 load balancer

In a previous life I had to setup a lot of VM’s with Load Balancer connectivity for development, QA testing and production.  This was always a slow painful process because even though I was able to quickly deploy the VM’s, I had to open a ticket with the network team and provided lots of detailed information to create the Pool and VIP entries, and then wait to receive the IP address so that I could ask the AD team to create the DNS entry. Fun times!

With the F5 load balancer SovLabs module, this is no longer the case and you can automatically perform the following tasks, all within the same catalog request for your application through vRA:

  • Create the F5 Pool
    • The Pool name is created with the SovLabs custom naming module, so it can match the current naming standards of your networking team.
  • Add the pool members
    • Automatically add all the vSphere machines within the blueprint as pool members
  • Create the VIP
    • Automatically retrieve the VIP IP Address from your IPAM solution
    • The VIP name is created with the SovLabs custom naming module, so it can match the current naming standards of business and/or application.
    • Automatically create the DNS A-record for the VIP name

Screen Shot 2017-05-17 at 9.52.31 AM.png

The module has many features which can viewed on the website here, but some of the highlights are:

  • First-class citizen design; drag directly into vRA Blueprint Canvas  (This is awesome)
  • Associate machine components by linking to the F5 Virtual component in the vRA Blueprint Canvas
  • Option to reuse an existing F5 BIG-IP virtual server or create a new one
  • Supports nested vRA Blueprints
  • Supports vRA scale in, scale out for deployments
  • SovLabs Restipes can create/delete F5 BIG-IP VIP/Pool/Nodes and assign Nodes to/from Pool
  • Ability to specify F5 BIG-IP VIP name, IP address, and port at request time
  • Option to integrate IPAM and/or DNS for F5 BIG-IP VIP assignment and DNS registration with Infoblox, BlueCat, Microsoft, SolarWinds, Men and Mice, BT Diamond IP at request time
  • Supports multiple DNS domains for optional DNS registration at request time
  • Option to integrate naming standard/sequence definitions for F5 BIG-IP VIPs and Pools at request time
  • When a Catalog item is destroyed, F5 entries will automatically be cleaned up.

 

Prerequisites:

  1. A user account configured in F5 BIG-IP® that has Administrator role/access:
    • Add/Remove F5 BIG-IP Virtual Servers
    • Add/Remove F5 BIG-IP Pools
    • Add/Remove F5 BIG-IP Nodes and Pool node members
    • Optional: Add F5 BIG-IP Virtual Server iRules, Add F5 BIG-IP Server/Client SSL Profiles, Add F5 BIG-IP Pool Health Monitors
  2. Login to the vRA tenant
    1. Add license for F5 module
    2. Validate the following show up on the Catalog page:
      • Add F5 Endpoint
      • F5 Virtual
      • Manage Credential Configurations
      • Manage Restipe Configurations

 

Configuration:

  1. Add F5 Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-05-11 at 11.21.34 AM.png
    4. Click Request button on “Add F5 Endpoint”
    5. Screen Shot 2017-05-11 at 11.22.02 AM.png
    6. F5 Endpoint
    7. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    8. Enter hostname
      • FQDN or IP address of the F5 management address
    9. HTTPS = yes
    10. Port = 443
    11. Credential Configuration
    12. Create credentials = yes
      • If you have not setup any yet which is the case for me
    13. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    14. Enter username and password
      • I am using the build it admin account
    15. Screen Shot 2017-05-11 at 11.27.05 AM.png
    16. Click Submit
  2. Manage Restipe configuration
    1. What is a restipe you might ask, well I had the same question or should I say look on my face?  The documentation states the following ““infrastructure as code” approach for defining the steps used to create, reuse, remove and scale F5 BIG-IP structures, such as VIPs, Pools, and Nodes/Member”
    2. You do not have to create or update a recipe and will be used for specific use case, so for now you can skip this, but I did want to provide information below on how to access it.
    3. Select Catalog -> SovLabs vRA Extensibility
    4. Screen Shot 2017-05-11 at 11.28.44 AM.png
    5. Click Request on Manage Restipe configuration
    6. Screen Shot 2017-05-11 at 11.29.09 AM.png
    7. You can either create a new restipe, or update/delete respites.
      • Screen Shot 2017-05-11 at 11.59.19 AM.png
      •  If you select action = update it will populate the restipe field with the default functional restipe that SovLabs provides.  Bonus!
      • If you do make an update, I would recommend copy out the restipe text and save a file to have a backup.
    8. If you need to create a custom restipe, then read the SovLabs Restipe guide here.

F5 example:

I have a blueprint with 2 x vSphere machine objects.  Each VM has a Puppet Node group assigned which installs Apache through the SovLabs Puppet enterprise module.

Screen Shot 2017-05-17 at 9.54.04 AM.png

  • I created a new Naming standard for the F5 VIP names, which will also be assigned automatically to MS DNS.
  • I created a new Naming standard for the F5 Pool names

 

Enable the module:

The F5 plugin is a first class citizen in vRA which allows for it to be dragged into a blueprint through the design canvas, sweet!   This is a first for SovLabs and makes this plugin very easy to consume.

Screen Shot 2017-05-11 at 12.23.39 PM.png

  1. Login to the vRA tenant
  2. Click on the Design tab > Blueprints
  3. Create a new blueprint or select an existing blueprint name and click Edit
    1. Under Categories (on left pane), click on Other Components
    2. Drag and drop F5 Virtual – SovLabs Modules onto the Design Canvas
    3. Tie the F5 Virtual  VIP canvas item to the vSphere Machine canvas item by dragging the arrow FROM F5 Virtual  VIP TO the vSphere Machine.
    4. Screen Shot 2017-05-17 at 9.52.31 AM.png
    5. Click on the F5_Virtual canvas item and a window pane will appear on the bottom
    6. Click Step tab
    7. Screen Shot 2017-05-17 at 9.56.34 AM.png
    8. Modify fields as desired by setting the default values for fields and other advanced settings and clicking on Apply for each field
      By setting default fields or having advanced settings on the fields, what a requester sees and can select is controlled upon request time of the vRA blueprint

      1. General
      2. Select F5 Endpoint, which we created earlier in this blog
      3. Select the Restipe F5Config-Default.
        • I did not have to make any changes to the default restipe provide by SovLabs.
      4. Virtual Server
      5. Create new VIP = yes
      6. Screen Shot 2017-05-11 at 12.35.05 PM.png
      7. Select Partition
        • In my case I selected Common
      8. Register VIP in DNS using Virtual name and IP = yes
        • So easy with just a checkbox!
      9. Automatically assign Virtual name = yes
        • This requires that you have a naming standard created using the SovLabs custom naming module.
        • Select Naming Standard for Virtual Machine = select custom naming label from drop down box.
      10. Enter domain name for DNS registration
      11. Automatically assign Virtual IP = yes
        • This requires that you have an IPAM profile created using the SovLabs IPAM module.
        • Select IPAM Profile for Virtual IP = select from the drop down box.
      12. Virtual port = 0
      13. Select SSL Profile (Client)
        • This will populate with the SSL profiles that your networking team has configured on the selected F5 endpoint, which means they do not have worry about loosing control of these important configuration.
      14. Select SSL Profile (Server)
        • This will populate with the SSL profiles that your networking team has configured on the selected F5 endpoint, which means they do not have worry about loosing control of these important configuration.
      15. Select Virtual iRules
        • This will populate with the iRules that your networking team has configured on the selected F5 endpoint, which means they do not have worry about loosing control of these important configuration.
      16. Pool
      17. Automatically assign pool name = yes
        • This requires that you have a naming standard created using the SovLabs custom naming module.
      18. Select Naming Standard for Virtual Machine = select custom naming label from drop down box.
      19. Load Balancing method = round-robin
      20. Screen Shot 2017-05-11 at 1.18.18 PM.png
      21. Assign Health Monitors = yes
        • I added http for my test
      22. Health Monitor Availability Requirement
        • Pick if you want a single health monitor to match or multiple.
  4. Click Save
  5. Click Finish

To add additional node level settings during request time:

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on the Properties tab
  5. In the Property Groups section:
    •  Check the SovLabs-F5NodeConfigurations property group
  6. Click OK

 

Manage the vRA users ability to make changes to the virtual F5 configuration during request:

By default, when a user requests a blueprint, which has the F5 module added, they will only see blank fields where the Blueprint Architect previously configured the F5 settings.  These settings can then be altered by the user.

Screen Shot 2017-05-17 at 10.31.23 AM.png

But what if you do not want to user to make any changes and just want them to use all the settings of the F5 that was configured in the blueprint.

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the F5_Virtual on the Design Canvas.
  4. Select the Step tab
  5. For any of the configuration settings that you want to set a permanently for this blueprint, or even make invisible, follow these steps
  6. Select the settings field which could either be a dropdown box, text field or check box. This will display additional information on the right hands side.
    1. Screen Shot 2017-05-17 at 10.35.17 AM.png
    2.  Set required yes or no
    3. Set the default value to display.
    4. Click on Advanced settings
      • Screen Shot 2017-05-17 at 10.40.49 AM.png
      • Set required = constant = no
      • Set read only = constant = yes
      • Set visible = constant = no
        1. If you do not want to users to see the field during the request.
    5. Click Apply
  7. Click Save
  8. Click Finish

 

Scale out and Scale in capabilities:

One last cool part is the automatic scale-out and scale-in of your deployed application.  As you can see I have a deployed Catalog item which consists of two CentOS Web servers, which I deployed Apache on through the Puppet Enterprise SovLabs module, as well as the F5 load balancer configuration.

Screen Shot 2017-05-17 at 10.47.14 AM.png

Screen Shot 2017-05-17 at 10.47.38 AM.png

  1. Select on the top level catalog item
  2. Click Actions
  3. Screen Shot 2017-05-17 at 10.49.26 AM.png
  4. Click Scale Out
  5. Screen Shot 2017-05-17 at 10.50.47 AM.png
  6. Select the virtual machine
  7. Screen Shot 2017-05-17 at 10.52.09 AM.png
  8. Select the number of instance that you want to scale out to.
  9. Click Submit.
  10. Click OK to confirm the number of scale out instance and total number of instances.

This request will now automatically perform the following tasks:

  • Add a new VM
    • Pull IP address from SovLabs IPAM endpoint
    • Create custom name from SovLabs custom naming module
    • Add the DNS a-record to MS DNS through SovLabs DNS module
    • Install Apache on the VM through SovLabs Puppet Enterprise module
  • Add server to F5 pool
    • Add the custom name and IP Address associated to the newly created VM object to the F5 pool through the SovLabs F5 module.

Screen Shot 2017-05-17 at 11.47.24 AM.png

Scale out was successful and only took just over 10minutes to complete with an application installation.

Screen Shot 2017-05-17 at 11.07.04 AM.pngScreen Shot 2017-05-17 at 11.07.34 AM.png

The new VM was added to catalog item in vRA as well as to the existing F5 pool.  Awesome, and same can be done for Scale in!

As you can see the configuration of this module is super simple and it provides a big relief from the mundane work of manual provisioning, not just for the VMware admins and application owners but also for the network team, while still keeping control of the F5 configuration.

vRA & SovLabs: Custom Naming module

My previous post showed how to run through all the pre-requisites, installation and licensing of the SovLabs modules.  Now it is time to configure it and I am starting off with the Custom Naming module.

This you might think is not important, but you always need to specify a name for a computer and the more descriptive this is, the easier it is to identify it without having to reference some type of database, spreadsheet or your own custom notes.

The problem with most automated solutions is that it provides a very basic custom naming solution out of the box with some characters for the pre-fix and numbers for post-fix.

If you have a complex Company naming standing then this will not work for you.  SovLabs custom naming modules makes use of the SovLabs template engine  which allows for static text in combination with dynamic content such as vRA custom properties and/or custom logic. Another cool feature is that you can assign different naming standards to your blueprint, so your departments are not force to use the same naming convention.  There are a lot of other great features to justify this module and they can be reviewed here.

My naming convention example:

LLLT-OEEEAAA##

L = location

T = Type

  • (p)hysical
  • (v)irtual

O = OS

  • (w)indows
  • (l)inux

E  = Environment  (in brackets is what will be used)

  • (pr)o(d)uction
  • (dev)elopment
  • (q)uality (a)ssurance
  • (st)a(g)e

A = Application

  • Various 3 character code.  This could either be provided to user in dropdown during request or can be a custom text field. There are many options available here.

## = numbers sequence

  • Begins with 01 and is specific to each combination of identifying prefixes.

For all these identifiers i am going to create a custom property and assign it in vRA.

  • SovLabs.Naming.Location           -> Assigned to Endpoint
  • SovLabs.Naming.Type                  -> Assigned to Endpoint
  • SovLabs.Naming.OS                      -> Assigned to VM object in Blueprint
  • SovLabs.Naming.Environment  -> Assigned to Business group
  • SovLabs.Naming.Application     -> Assigned to VM object in Blueprint

Configuration:

  1. First off we need to define our Naming Sequence
    1. (This can be used in one or more Naming Standards)
    2. Login to vRA tenant
    3. Catalog -> SovLabs vRA Extensibility Modules
    4. Screen Shot 2017-04-18 at 11.53.03 AM.png
    5. Click Request button on “Add naming sequence”
    6. Screen Shot 2017-04-18 at 11.54.06 AM.png
    7. Enter Configuration Label
      • Only AlphaNumeric characters, no spaces or special characters except: – and _
    8. Select sequence type
      • Mostly you will just pick Decimal
    9. Reuse sequence values = no
      • This you would select yes if you want to use the sequence number again once the computer is deleted.
    10. Max sequence length = 2
    11. Initial value = 01
    12. Sequence padding = 0
    13. Unique key
      • I want to use all the variables to make up the unique key.
      • {{SovLabs.Naming.Location}}{{SovLabs.Naming.Type | substring: 0,1}}-{{SovLabs.Naming.OS | substring: 0,1}}{{SovLabs.Naming.Environment}}{{SovLabs.Naming.Application}}
    14. Click Submit
  2. Now we need to define our Naming Standard
    1. Login to vRA tenant
    2. Catalog -> SovLabs vRA Extensibility Modules
    3. Screen Shot 2017-04-18 at 11.53.03 AM.png
    4. Click Request on Add Naming Standard – SovLabs Module
    5. Screen Shot 2017-04-18 at 1.34.05 PM.png
    6. Enter the Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: – and _
    7. Select the naming sequence
      • The only option available right now is the one I just created
    8. Template
      • This is based on the custom property names I created for my standard naming convention example.
      • The template must include the sequence(s):  {{sequence.sequencename}}
      • {{SovLabs.Naming.Location}}{{SovLabs.Naming.Type | substring: 0,1}}-{{SovLabs.Naming.OS | substring: 0,1}}{{SovLabs.Naming.Environment}}{{SovLabs.Naming.Application}}{{sequence.standard_2_digit}}

    9. Screen Shot 2017-04-18 at 1.54.00 PM.png
    10. Click Submit

You can review, update or delete your configuration under your catalog items.

  • Select Items -> SovLabs Extensibility Modules
  • Select the module name in left menu
  • Highlight the item
  • Click Actions -> Select Delete or Update

 

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Screen Shot 2017-04-18 at 1.55.56 PM.png
  7. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • Starts with SovLabs-NamingStandard- for single machine scenarios
    • Starts with SovLabs-NamingStandardMultiMachineContainer for multi-machine container scenarios
  8. Click OK
  9. Repeat these steps for all blueprints that should use this custom naming.

 

Now deploy a VM and watch the magic happen. Effortless, predictable, consistent and best of all no manual input of trying to figure out a name.

vRA & SovLabs: Installing the plugin modules

As mentioned in my initial blog post on SovLabs, you would have to create custom code in vRO to support the automation of many of the additional steps like custom naming, IPAM, DNS, AD, Load Balancer, but with SovLabs software modules this is really easy. Below are my notes for the prerequisites and the initial installation of the SovLabs modules.

Some prerequisites needs to be completed before installing the plugin:

  1. Configure the vRO service accounting in vRA
    1. Login to the root vRA tenant
    2. Click Administration -> Users & Groups > Custom Groups
    3. Create a Custom Group
    4. Enter a group name and description.
      1. DO NOT put spaces in the group name.
    5. Select the following roles listed in the Add Roles to this Group box
      1.  Tenant Administrator
      2. XaaS Architect
      3. Screen Shot 2017-04-13 at 2.00.41 PM.png
    6. Click Next
    7. Type in the vRO service account or vRO service account group
      1. If this account does not appear make sure it is sync’d.
    8. Click Add
  2. Configure vRO endpoint in vRA
    1. I have an enterprise install with external vRO so I am assuming you already setup the external vRO server in vRA.
    2. Login to vRA tenant
    3. Click Infrastructure tab > Endpoints > Endpoints
    4. Click on New > Orchestration > vRealize Orchestrator
    5. Screen Shot 2017-04-13 at 2.11.58 PM.png
    6. Enter the information
    7. Click on New Custom Property.
    8. Name: VMware.VCenterOrchestrator.Priority
    9. Value: (number, 1 being highest priority)
    10. Click OK
  3. Configure extensibility message timeout in vRA
    1. Login to vRA tenant
    2. Click Infrastructure tab -> administration -> Global Settings
    3. Click the Extensibility lifecycle message timeout row
    4. Click the Edit button
    5. Screen Shot 2017-04-13 at 2.44.44 PM.png
    6. Input a value that will be greater than the longest event workflow subscription timeout (e.g. 04:00:00)
  4.  Execution permission in vRO
    1. This is necessary for vRO to execute external applications and perform actions like ping. 
    2. These steps also need to be performed on all vRO nodes.
    3. SSH/Putty vRO server as root
    4. Modify the vmo.properties file:
      1. vi /etc/vco/app-server/vmo.properties
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. com.vmware.js.allow-local-process=true
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    5. Modify the js-io-rights.conf file:
      1. vi /etc/vco/app-server/js-io-rights.conf
      2. Press the i key on the keyboard
      3. Copy & paste the following line to the end file:
      4. +rwx /tmp
      5. Press the esc key on the keyboard
      6. Type in :wq! and press the Enter key
    6. Ensure that the file has the appropriate permissions:
      1. cd /etc/vco/app-server
      2. chown vco:vco js-io-rights.conf
      3. chmod 640 js-io-rights.conf
    7. Restart the vRO server(s)
      1. service vco-server restart
  5. EMC and Kerberos configuration in vRO
    1. There are some additional steps that you need perform if you are using EMC FEHC 3 and 4, as well as Kerberos.
    2. I am not using these so will skip but documentation provides all the information needed.
    3. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
  6. Configure vRA Endpoints in vRO  (use vRO to create workflows in order to interact with vRA)
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select Design mode
    4. Click workflow tab
    5. Run workflow:  /Library/vRelease Automation/Configuration/Add a vRA host
      1. Screen Shot 2017-04-13 at 2.56.29 PM.png
      2. Enter vRA host name
      3. Host URL
      4. Automatically install Certs = yes
      5. Session mode = shared session
      6. Tenant name
      7. Username and password
        • username@domain.com
      8. Rest of fields not mentioned just leave default
    6. Click Submit
    7. If this fails make sure the service account is searchable in vRA directory users and groups.
  7. Add an IaaS host in vRO
    1. Perform the following once in vRO for each vRA tenant
    2. Login to vRO Client
    3. Select the Design mode
    4. Click Workflow tab
    5. Run workflow:  /Library/vRealize Automation/Infrastructure Administration/Configuration/Add an IaaS host
      1. Screen Shot 2017-04-13 at 3.41.47 PM.png
      2. Enter Host Name (IaaS Host FQDN)
      3. Enter Host URL (https://IaaS Host FQDN)
      4. Automatically install Certs = yes
      5. Use proxy = no
      6. Click Next
      7. Default connection settings = yes
      8. Click Next
      9. Host authentication type = NTLM
        • For the NTLM, is it a local user or an LDAP/AD user?
        • If it’s local, you use user@tenant
        • You can also use SSO
      10. Enter Username and password
        • for Username only specify the username and do not add the domain
      11. Workstation leave blank
      12. Enter domain name for NTLM authentication
    6. Click Submit
  8. Environment setup
    1. Review the documentation for additional setup configurations.
    2. http://docs.sovlabs.com/vRA7x/current.html#4.2-first-install
      1. Firewall configurations provided in documentation
      2. WinRM setup for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
      3. Configuration of Windows member server when direct access to AD server is not permitted in the environment.

Continue reading

SovLabs: Extending vRealize Automation to achieve an automated end to end solution

All CMP solutions let you deploy a VM out of the box, but what then?
We all know that it takes way more than just a VM to get a fully functional system.
There are many steps to consider when deploying a VM and application, here are just to name a few but this list can get very long:

  • Computer name assignment base on company computer naming policy
  • IP address assignment
  • Register with DNS
  • Join Active Directory
  • Appropriate security permission applied
  • Server build runbook applied
  • Get a virtual IP address from Load Balancer
  • Create/Modify firewall rules
  • Install application

In most IT organizations these steps would normally require a handoff between different departments and this is where IT becomes too slow to provide services and resources to the business to get their products to market faster.  Cue in “Shadow IT“.

If you want this extensibility you have to either develop it yourself or reach out to some manufacturer for custom services.  This is very expensive and might work on day 1 but when vRA or an application gets updated, and API’s change then your custom code no longer works, ouch!

SovLabs solution is great because it provides you with software that you can own and pay support for and provide the automation for all the steps mentioned above.  This means you can get to that Day 1 much faster and don’t have to worry about Day 2. Awesome where do I sign up!

The list of SovLabs modules available are extensive which means the business applications you use today is probably supported so SovLabs will just tie in directly without many changes required.  The following modules are listed on the website and can also be review here:

Core Pack:

  • Custom naming
  • Microsoft AD
  • DNS
    • Microsoft
    • Infoblox
    • Bluecat
    • BT Diamand IP
  • IPAM
    • Microsoft
    • Infoblox
    • Bluecat
    • BT Diamand IP
    • Solarwinds
  • Notification
  • vSphere DRS
  • vSphere Snapshot management

Advanced bundle:

  • Configuration Management
    • Puppet Enterprise
    • Puppet OpenSource with Foreman
    • Ansible Tower
    • Red Had Satellite
  • Service Management
    • Servicenow (SNOW) CMDB

Container management:

  • Multi-cloud Docker

 

In my upcoming blogs I will be showing just how easy it easy to install and configure these modules.