Using vRealize Suite LifeCycle Manager to deploy an Enterprise Distributed vRealize Automation environment.

vRealize Suite LifeCycle Manager (vRSLM) has now been around for a while and if you are a vRealize or vCloud Suite license holder this is definitely a product that should be part of our VMware portfolio. I am a bit backward because in my last post is showed how to upgrade your vRA environment using vRSLM and only now will I show how to actually install vRA which actually just comes out of necessity because one of my colleagues accidentally delete all my lab servers ūüôā

For this post, I am using the latest vRSLM 1.3 and will be deploying a distributed vRA 7.4.

  • jvra01 – vRA appliance with embedded vRO (recommended design to use embedded instead of external vRO since 7.3)
  • jvra02 – vRA appliance with embedded vRO
  • jvraweb01 – vRA IaaS Web
  • jvraweb02 –¬†vRA IaaS Web
  • jvramgr01 – vRA IaaS Manager
  • jvramgr02-¬†vRA IaaS Manager

Since vSSLM automates and simplifies the deployment of your VMware SDDC stack, most of your time will be spent on prerequisites, so let’s start with that.

vRA prerequisites:

  • Manually deploy 4 x vRA Iaas Windows Servers in your vCenter Server environment.
    • Make sure they are added to the domain and DNS and NTP is working.
    • Disable UAC on all Windows servers. Make sure to reboot if you have to disable this.
    • Make sure that IPv6 is disabled on all Windows servers
    • Add the windows service account as part of User Rights Assignment under Local Security Policies for Log on as a Service and Log on as a batch job on all windows machines.
    • Verify the minimum resource requirements is set on all Windows servers.¬† Set to at least 8GB.
  • SQL Database
    • Make sure the domain user has added the SQL server to the domain
    • Make sure the domain user is added as part of the SQL DB user Logins list with the sysadmin privilege
  • ¬†Load Balancer
    • Make sure that the second member of each pool in the vRealize Automation load balancer is disabled.

There are also some scripts available to download to verify the prerequisites when you run the precheck for the creation of the vRA environment so this can be done later as well.

vRSLM prerequisites:

  • Ensure that the vRSLCM appliance has correct FQDN configured
    • Command for correcting the hostname is “/opt/vmware/share/vami/vami_set_hostname <hostname>”
    • After setting the correct hostname, verify by using the command “hostname -f” or from 1.3 version of LCM, we can also verify from the settings page.
  • Under vRSLM settings:
    • Register with My VMware to access licenses, download Product Binaries, and consume Marketplace content.
    • Download the vRealize Automation 7.4.0 product
      • If you already have the OVA downloaded then you can import it under the Product binaries tab.
    • Verify that you have vRealize Automation binaries status as completed.
    • If you using a self-signed certificated in your environment (not recommended), then create a self-signed wildcard certificate for vRealize Suite product deployments.
      • Best is to generate a single SAN certificate with all the product or management virtual host names or a wildcard certificate and provide this certificate when you create the environment for the first time. This ensures support for post provisioning actions such as Add Products and Scale Out.
    • Configure NTP Servers for deploying products in environments
  • Under Data Centers
    • Create a Data Center with an associated location.
    • Add the vCenter Server where the vRA environment will be deployed to.
      • Make sure the data collection is successful.

vRealize Automation deployment steps:

  • First off, we need to create an environment for vRA
  • Login to vRSLM
  • Screen Shot 2018-08-03 at 2.31.55 PM.png
  • On the Getting started page select Create Environment
  • Screen Shot 2018-08-03 at 2.34.53 PM.png
    • Select Data Center
    • Select Environment Type
    • Enter an Environment name
    • Enter the Administrator email address
    • Enter a default password which is for both root on the appliance and admin account if applicable on the product being deployed
    • Verify the entered password
    • Disable CEIP if you want
    • Click Next
  • Screen Shot 2018-08-03 at 2.38.42 PM.png
    • In the vRealize Automation Product window, check the selection box in top right-hand corner.
    • Make sure it is set to New install
    • Verify version is 7.4.0
    • Under deployment, select your deployment size¬†with HA
    • Screen Shot 2018-08-06 at 5.20.03 PM.png
      • If you pick Tiny with HA, it will not automatically add your secondary components, and you have to do so manually.¬† Best is to pick Medium with HA.
    • Select Next
  • Scroll to the bottom and accept EULA
  • Click Next
  • License Details
  • Screen Shot 2018-08-03 at 2.44.31 PM.png
    • Enter your license key for vRA, if you are using vRSLM you probably have a vRealize or vCloud Suite license to add.
    • Click Next
  • Infrastructure Details
  • Screen Shot 2018-08-03 at 2.52.27 PM.png
    • Select the vCenter Server enter in the vRSLM data center
    • Select the cluster
    • Select the Network where appliances will be deployed on
    • Select the Datastore¬†where appliances will be deployed on
    • Select disk format
    • Select Applicable Time sync mode with recommendation NTP servers.
      • Select the NTP servers created in settings
    • Click Next
  • Network details
  • Screen Shot 2018-08-03 at 3.00.02 PM.png
    • Enter the default gateway
    • Enter the domain name
    • Enter the domain search path
    • Enter the domain name servers, with comma separated
    • Enter netmask
    • Click Next
  • Certificate details
  • Screen Shot 2018-08-03 at 3.02.38 PM.png
    • Under Manage Certificate select Import Certificate
    • Enter the Passphrase for your wildcard certificate
    • Enter the Private key
    • Enter the Certificate chain
      • This should include the certificate, intermediate and root
  • Product details
  • Screen Shot 2018-08-06 at 5.22.43 PM.png
    • Under Product Properties
      • Enter the Windows service account which will be used for installation and has administrator access on the server.
      • Enter the Windows service account password
      • Select NTP servers
      • Select Yes for Configure Cluster Virtual IPs
      • Select Cluster Virtual IPs
      • Screen Shot 2018-08-03 at 3.36.15 PM.png
        • Enter vRA appliance hostname and IP address
        • Enter IaaS web hostname and IP address
        • Enter Iaas Manager hostname and IP address
    • Under Components
      • Select Primary vRealize Automation Server
        • Enter the Primary vRA VM name
        • Enter the vRA Hostname
        • Enter the vRA IP address
        • If you have some custom configuration for vRA then select the Advanced settings button.
      • Select vRealize Automation Secondary Server
        • Enter the Primary vRA VM name
        • Enter the vRA Hostname
        • Enter the vRA IP address
        • If you have some custom configuration for vRA then select the Advanced settings button.
      • Select Database
        • Enter hostname
        • Enter IP address
        • If you require custom configuration for the database then select the Advanced settings button
      • Select IaaS Web
        • Enter Web hostname
        • Enter IP address
        • If you have some custom configuration for vRA then select the Advanced settings button
      • Select IaaS Manager Active
        • Enter Manager hostname
        • Enter DEM Orchestrator name
        • Enter IP address
        • If you have some custom configuration for vRA then select the Advanced settings button.
      • Select IaaS Manager Passive
        • Enter Manager hostname
        • Enter DEM Orchestrator name
        • Enter IP address
        • If you have some custom configuration for vRA then select the Advanced settings button.
      • Select IaaS Dem Worker
        • Enter Web hostname
        • Enter IP address
        • If you have some custom configuration for vRA then select the Advanced settings button
      • Select vSphere Proxy Agent
        • Enter Web hostname
        • Enter IP address
        • Select Advanced configuration
          • Change the Agent name to be something more descriptive that you will remember because you have to enter the same name when you define the endpoint in vRA
      • If you want to add additional components you can do so at the top of the Product Details.
        • Screen Shot 2018-08-06 at 5.24.50 PM.png
    • Click Next
  • ¬†PreCheck Details
  • Screen Shot 2018-08-03 at 4.07.05 PM.png
    • Click Run PreCheck
    • If error or warning appears, follow the instructions from the required actions. Run the pre-check again to verify fixes.¬† I have performed the installation with the older releases and since v1.3 the preCheck has been greatly improved.
    • Screen Shot 2018-08-06 at 11.27.03 AM.png
    • If the precheck validation comes back successful, Click Next
    • Request Summary:
      • Before clicking submit
        • Create Snapshots of your Windows IaaS servers.
        • Review your configuration and scroll all the way to the bottom.
        • Click on Download Configuration.
          • This will save your configuration settings, which are very useful if for some or other reason you have to reinstall.
    • Click Submit
  • Installation Status
    • Click on requests
    • Screen Shot 2018-08-06 at 10.33.48 AM.png
    • Click on the status “In Progress”
    • Screen Shot 2018-08-06 at 10.36.54 AM.png
    • Here you can follow the process
    • Screen Shot 2018-08-06 at 10.37.43 AM.png
    • If you want to know what the current workflow is that is running, then you can click on the blue dot.
  • Once successfully completed, and this can take up to 2 hours, you can view vRA deployment under Environments
    • Screen Shot 2018-08-06 at 4.55.35 PM.png
    • Click View Details
    • Screen Shot 2018-08-06 at 4.55.51 PM.png
    • Click View Details again
    • Here you will find all the details regarding your existing environment.
  • Now to really make full use of vRSLM, and complete you full SDDC stack environment, you can add additional products to your environment like:
    • vRBC
    • vROPS
    • vRLI (since 1.3)
    • vRNI

Step by Step upgrade of distributed vRealize Automation 7.2 with external vRO to 7.4

As with most of my other blog posts, I am just providing a step by step guide for quick reference.  Please refer to the documentation here for detailed information and please read the vRealize Automation 7.4 Release Notes known issues section which is updated regularly and helps you to be better prepare for the upgrade.

My environment consists of a distributed vRealize Automation running version 7.2 with an¬†external clustered vRealize Orchestrator,¬†which I am upgrading and not migrating to 7.4 Build 8182598.¬† This will be a similar process if you have vRA 7.1 and greater.¬† If you have an older version, refer to VMware’s documentation here.

The in-place upgrade process for the distributed vRA environment happens in 3 stages in the following order:

  1. vRealize Automation appliances
  2. IaaS Web server
  3. vRealize Orchestrator

Pre-requisites before we start:

  1. Make sure all VMware products are compatible with vRA’s current and new release by consulting the Product Interoperability Matrix.
  2. Verify enough storage space on servers
    • At least 5GB on IaaS, SQL and Model Manager
    • At least 5 GB on the root partition of vRA¬†appliance

    • 5 GB on the /storage/db partition for the master vRA appliance

    • 5 GB on the root partition for each replica virtual appliance

  3. Verify that MSDTC is enabled on all vRA and associated SQL servers.
    • Check that the service “Distributed Transaction Coordinator” is running.
  4. The primary IaaS Website node (Model Manager data is installed) must have JAVA SE Runtime Environment 8, 64 bits, update 161 or later installed, and also verify JAVA_HOME environment variable is set correctly after the upgrade.
  5. If using embedded Postgres DB in a distributed vRA environment
    • On master vRA node, navigate to¬†/var/vmware/vpostgres/current/pgdata/
    • Close any opened files in the pgdata directory and remove any files with a .swp suffix
    • Verify the correct ownership of all files in this directories: postgres:users
  6. In a distributed vRA environment, change Postgres synchronous replication to async.
    • Click vRA Settings > Database.
    • Click Async Mode and wait until the action completes.
    • Verify that all nodes in the Sync State column display Async status
    • I have only a master and replica so I am already async but just FYI
  7. In vRA tenants verify the following
    • Make sure that no custom properties have spaces in the names.
    • All saved and in-progress requests have finished successfully

Additional requirements before we start:

Continue reading

Upgrade vRealize Automation 7.2 to 7.4 using vRealize Suite LifeCycle Manager

VMware’s vRealize Suite of Products are great, and each provides a lot of features and capabilities, and VMware has been working hard on integration between the products. However, these products are very much standalone with no cohesion between them from a lifecycle management perspective.¬† This creates a lot of management overhead to install, upgrade, configure and manage all these products, as well the additional solution extensions.

In comes vRealize Suite LifeCycle Manager (vRSLCM) which is a relatively new product and is available to all customers with a vRealize Suite license. It automates the installation, configuration, and upgrading of the following products:

  • vRealize Automation
  • vRealize Operations Managers
  • vRealize Log Insight
  • vRealize Business for Cloud

In this blog, I am going to provide the steps on how to import an existing distributed Enterprise vRA 7.2 environment and perform the upgrade to 7.4 using vRSLCM 1.2.

Let’s start off with the initial creation of the environment, which does require a lot of information up front, but once you create or import products into the environment at a later time, it will make use of this stored environment information.

  1. Log in to your vRSLCM
  2. Screen Shot 2018-05-21 at 3.46.11 PM.png
  3. Select Create Environments
  4. Screen Shot 2018-05-21 at 3.45.43 PM.png
  5. Enter Environment Data
    1. Data Center (this you should have created during the initial configuration of your vRSLCM environment)
    2. Environment Type
    3. Environment Name
    4. Administrator email
    5. Default root password
    6. Click Next
  6. Create Environment
    1. Screen Shot 2018-05-21 at 3.49.10 PM.png
    2. Check the box for vRealize Automation
    3. Since we already have an environment that we need to import, select the import Radio button.
    4. Click Next
  7. EULA
    1. Scroll down to bottom.
    2. Check the box to accept the terms and conditions.
  8. License
    1. Screen Shot 2018-05-21 at 3.52.11 PM.png
    2. Either pick a vRealize Suite license which will populate from your my.vmware.com account, or enter one manually.
    3. Click Next
  9. Infrastructure Details (This information is used if you deploy new products)
    1. Screen Shot 2018-05-21 at 3.55.06 PM.png
    2. Select vCenter Server where your vRealize Suite products reside in.
    3. Select Cluster
    4. Select Network
    5. Select Datastore
    6. Select preferred Disk format for product deployments.
    7. Click Next
  10. Network (This information is used if you deploy new products)
    1. Screen Shot 2018-05-21 at 3.59.39 PM.png
    2. Enter default gateway of the network where your vRealize Suite products are deployed or will be deployed too.
    3. Enter Domain Name
    4. Enter search path
    5. Enter DNS
    6. Enter Netmask
    7. Click Next
  11. Certificates (I import a wildcard certificate or you can use multi-domain certificate would be a good choice to simplify the process)
    1. Screen Shot 2018-05-21 at 4.04.03 PM.png
    2. Click Next to use the self-signed generated certificate or click the import certificate button to add existing wildcard or SAN certificate.
    3. Click Next
  12. Import (Since we selected import we now get ask questions about our existing environment)
    1. Screen Shot 2018-05-21 at 4.06.18 PM.png
    2. Enter vRA root password
    3. Enter vRA Default Administrator password
    4. Enter Tenant User name.
      1. Selecting the “administrator” user works just fine here.
    5. Enter vRA Primary Node FQDN
    6. Enter IaaS Username.
      1. I used the domain service account assigned to all IaaS servers
    7. ¬†Default vRA Tenant name is select “vsphere.local”
    8. Enter vRA Tenant password
    9. Enter IaaS Password for the domain account.
    10. Select vCenter Server from the drop-down where the vRA server is running on.
    11. Click Next
  13. Review summary
    1. Click Download configuration to save the JSON file for later use.
    2. Click Submit
  14. This will run for a while to configure the environment and import vRA
    1. If it fails, you have a couple of options
      1. Review the requests
        1. Screen Shot 2018-05-21 at 4.19.27 PM.png
        2. Under actions select retry and verify the information that you have entered.
      2. Delete the environment and start over (1.2 provides the ability to specify if you also want to delete the VMs when you delete a fully configured environment, definitely not recommended to do so in most cases!)
    2. If you want to pause the import, you can always come back later and resume\
  15. Verify the vRA product environment
    1. Select Environment tab on the left side
    2. Screen Shot 2018-05-21 at 4.25.18 PM.png
    3. Select View details of the newly created environment
    4. Screen Shot 2018-05-21 at 4.24.32 PM.png
    5. Verify that all the information of your distributed vRA environment is accurate. vRSLCM collects all your VIP names, vRA-, IaaS- and Database Servers as well as where each component resides.
    6. Screen Shot 2018-05-21 at 4.24.21 PM.png

Continue reading

SovLabs: Upgrading your software

SovLabs isn’t just a vRA plugin, it’s enterprise software that extends the capabilities of your vRealize Automation environment providing you with that end-to-end solution you have been craving for. ¬†As with any other enterprise software they periodically provide new patches and releases and with SoLabs that is no different.

The new 2017.3.x was released in August and provides some awesome new modules:

  • Men & Mice DNS and IPAM
  • SolarWinds DNS
  • Backup as a Service
    • Automate policy-driven backups and provide self-service VM and file-level recovery for –
    • Cohesity
    • Rubrik
    • Veeam
  • SovLabs VM tagging
    • Drive rich metadata using VM tags and categories
  • SovLabs Property Toolkit
    • Manage your existing custom properties on VMs with the SovLabs Template Engine
  • ServiceNow Support for Jakarta
  • Puppet support for 2017.1
  • VMware Tools connection
    • Connect to Windows/Linux servers can now be done through VMware Tools which removes the requirement for WinRM, CygwinSSH or WinSSHD to be installed. ¬†This is huge!
  • As a customer you can sign up under the self-service portal and view the detailed release notes here:

So how do we go about upgrading SovLabs to the latest version?

Step by step guide to upgrading from 2017.2.x to 2017.3.x.  (there are some additional steps if you are upgrading from <= 2017.1.x so please contact SovLabs support) 

  1. First off we want to create a backup of the vRO package
    1. Login to vRO Client
    2. Click Design
    3. Click on the package tab
    4. Click on the package icon on right hand side menu bar
    5. Enter name “com.sovlabs.backup.resources”
    6. Edit the newly create package, click on the pencil icon on the right hand side menu bar
    7. Click the Resources tab
    8. Click the Folder + icon
    9. Expand the Library folder,  select the SovLabs folder
    10. Click on the Select button
    11. Once loaded, click save and close
    12. Right click the saved package and click export package
      1. Create a folder called sovlabs under downloads
      2. leave the rest of settings as default
    13. Save to your local system
    14. Now, lets save the old SovLabs Plugin:
      1. Use WinSCP and login as root to vRO appliance
      2. Go to directory /var/lib/vco/app-server/plugins
      3. Save the o11nplugin-sovlabs.dar to your local file system in same sovlabs folder created earlier under download.s
    15. Done!
  2. We need to update the vRO Heap size
    1. If you have done this before then you can skip this step but this is needed to install the larger sized SovLabs module file into vRO otherwise the appliance might run out of memory during install/upgrade.
    2. Remember if you a vRO cluster, then you have to perform the steps on both server
    3. SSH into vRO appliance with user root
    4. Run # vi /var/lib/vco/configuration/bin/setenv.sh
    5. Find the #MEM_OPTS section
    6. Replace the -Xmx512m \ with -Xmx768m \
    7. Save the file
  3. Delete all SovLabs license keys
    1. Login to vRA tenant
    2. Click on Items tab -> SovLabs vRA Extensibility modules -> SovLabs License
    3. For each SovLabs License item listed
      1. Select Actions -> Delete License
  4. Download the SovLabs plugin
    1. Talk to SovLabs support about getting the software downloaded.
  5. Install the plugin into vRO appliance
    1. Login to controlcenter
      1. https://<vroserver&gt;:8283/vco-controlcenter
    2. Select Plug-Ins -> Manage Plug-ins
    3. Click Browse
    4. Select the plugin
    5. Accept EULA
    6. Click on Install
    7. Accept the EULA
    8. Restart the vRO server
      1. On the Home page, click on the Startup Options icon
      2. Click on Restart
      3. Wait for vRO to restart successfully
    9. Log back in to the vRO configuration page
    10. Click on the Manage Plug-Ins icon
    11. Verify that the installed plugin is listed among the vRO plugins
    12. Now if you have a clustered vRO 7.2 and above, then the plugin should sync but I have seen some problems with 7.2 so follow these steps
      1. Perform a full reboot on primary so that the pending and active config fingerprint ID match.
      2. Then push the config to the other standby node
      3. It will need to rebooted which it often will not do so make sure you perform this step yourself.
      4. Verify that Synchronization state shows synchronized and verify the version of the plugin on both active and standby nodes.
  6. Login to the vRO Client and run the configuration
    1. Click on Design mode
    2. Click on WorkFlow tab
    3. Right click vRO workflow, “SovLabs/Configuration/SovLabs Configuration”
    4. Select Start Workflow
    5. The SovLabs Configuration workflow only needs to be run on one vRO in a clustered environment
      1. Select yes to accept the EULA
      2. Click Next
      3. Select the appropriate tenant and business group
      4. Create SovLabs vRA Catalog Service? = No
      5. Publish License Content? = No
      6. Click Next
      7. Upgrade existing SovLabs vRA content? = Yes
      8. Click Next
      9. Install or Update SovLabs workflow subscriptions (vRA7.x)? = Yes
        1. *Enables vRA to call vRO during machine lifecycles
      10. Click Submit
      11. Verify that the SovLabs Configuration workflow completed successfully
  7. Lastly, let’s verify the SovLabs Plugin in vRA
    1. Select Catalog tab
    2. Verify that Add license -> SovLabs Modules catalog exists
  8. Now lets install the new license key for 2017.3.x
    1. This process has also been drastically simplified with a single license key which will license all modules, where previously this was done one at a time.
    2. Select Catalog tab -> SovLabs vRA Extensibility Modules -> Add license – SovLabs Modules
    3. Copy the text from license file and paste into field
    4. Click Submit
    5. Verify all catalog tab -> SovLabs vRA Extensibility Modules that all catalogs are available.
  9. If you ever need to roll back then follow the steps in the document provided by SovLabs:
    1. https://s3.amazonaws.com/docs.sovlabs.com/vRA7x/guides/SovLabs_BackupRestore-vROPackage.pdf

 

 

 

 

vRealize Automation: Request stuck in progress

I ran into an interesting problem today on my distributed (enterprise) vRA 7.2 environment and wanted to share how I got it resolved.

I have not deployed anything in my environment for a while but when I tried today my request was not completing and status is showing “In Progress”

Troubleshooting:

Review logs:

  • Infrastructure -> Monitoring -> Audit Logs
    • Machine requests shows that is was started
  • Infrastructure -> Monitoring -> Log
    • Found error on my manager services nodes “[EventBrokerService] Failed resuming workflow.. State VMPSMasterWorkflow32.Requested(POST). Event
      Event Queue operation failed with MessageQueueErrorCode QueueNotFound for queue ’30da8a16-c532-4e13-bd81-39b09114a887′.”
  • Logged into Service manager nodes and review the logs in Event Viewer
    • Found error “Error occurred while registering the DEM.
      System.Data.Services.Client.DataServiceTransportException: The underlying connection was closed: An unexpected error occurred on a send. —> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. —> System.IO.IOException: Authentication failed because the remote party has closed the transport stream”
  • Logged into the Web server nodes¬†and review the logs in Event Viewer
    • Found similar error as above
    • Found error messages like “Error occurred writing to the repository tracking log”, “Error occurred while pinging repository”

Review DEM status:

  • Infrastructure -> Monitoring -> DEM status
    • both my DEM worker and Orchestrator shows with Status Active (Green)

Resolution:

I did some investigation and found really 2 problems that I needed to address

  1. If you find errors like “Event Queue operation failed with MessageQueueErrorCode QueueNotFound for queue” then you probably have manager service running on both instances (nodes).
  2. If you find errors like “System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it” then the problem is most¬†likely with certificates and found in the vRA documentation that if you have commas in your OU section of the IaaS certificate, that your VM provisioning might fail and the following work around is provided
    1. Remove the commas from the OU section of the IaaS certificate, OR
    2. Change the polling method from WebSocket to HTTP to resolve the issues.
      • Open the Manager Service configuration file in a text editor.
      • C:\:Program Files (x86)\VMware\vCAC\Server\Manager Service.exe.config.
      • Add the following lines to <appSettings>
      • <add key=”Extensibility.Client.RetrievalMethod” value=”Polling”/>
        <add key=”Extensibility.Client.PollingInterval” value=”2000″/>
        <add key=”Extensibility.Client.PollingMaxEvents” value=”128″/>
      • Restart the manager services

Some other things to verify:

  • On Web server Windows OS nodes
      • Verify that the VMware Cloud Automation Center Management agent services is running
  • On Manager service Window OS nodes
    • Verify that the VMware Cloud Automation Center Service is running
      • This should only be running on 1 server if have a load balancer in front.
      • Set the Startup type to Manual on the 2nd server so you don’t have worry about this service starting but remember you have to failover manually by changing the service to automatic and starting the service.
        • In vRA 7.3 the failover process is now automated which is great!
    • Verify that the VMware Cloud Automation Center Management agent services is running on your instances
  • On DEM server Windows OS nodes
    • Verify that your VMware vCloud Automation Center Agent and Management agent services is running
  • Most people do not know this but VMware also has a very cool vRealize production test tool which I will blog about shortly.

Links:

https://docs.vmware.com/en/vRealize-Automation/7.2/com.vmware.vrealize.automation.doc/GUID-71F4F6F1-DBAE-4E0B-83A5-B4B25921B6A7.html

https://docs.vmware.com/en/vRealize-Automation/7.0/com.vmware.vra.extensibility.doc/GUID-7E54F8B9-9F76-4470-9B6F-6DAE5972E740.html

 

 

Adding Microsoft Azure to vRA and vRB Part #2

In part 1 I showed how to add Microsoft Azure to vRA.  In this part 2 I will show how to add Microsoft Azure with Non-EA account to vRealize Business which will provide cost information for your MS Azure account.

I have to apologies for taking so long to publish this but I had the blog written and ready to go but it was created with vRB 7.2, which had a lot of bugs with Azure integration  and the documentation was not very thorough and made use of the old Azure portal interface for configuration.  The problem I ran into can be view in the community post here, but with a lot of views and not responses I decided to wait until vRB 7.3 to review this again.

Prerequisites:

  1. You must have a Microsoft Azure Enterprise Agreement (EA) or non-EA account.
  2. If using MS Azure non-EA you must have one of the following credits offers:
    1. Pay-as-you-go
    2. MSDN
    3. Monetary commitment
    4. Monetary credit

To add a non-EA account you will also need the following information during configuration so please make sure you have this available.  I am also providing the steps on how to configure your non-EA account.

  • Client ID
    • When you register a client app, such as a console app, you receive a Client ID. The Client ID is used by the application to identify themselves to the users that they are requesting permissions from.
  • Location of Purchase
  • Tenant ID
    • Value can be retrieved from the Azure default Active directory when you select manage -> properties in menu.
  • Secret Key
    • Value will be defined during app registration.

Continue reading

vRA & SovLabs: Infoblox IPAM Module

An IP address is an integral part of the server architecture and is required by all servers, LB VIPs, NATs etc. Many customers still make use of spreadsheets, which is very difficult to automate when you have to manually enter data, and this eventually leads to inconsistencies due to the file not getting updated when a IP address is assigned, changed or deleted.

What you need is a robust high performance, highly available IP solution that you can manage from a single interface and provides  features like:

  • Manage a large pool of IP addresses
  • Improve availability, and simplified administration.
  • User based¬†roles and permissions.
  • Provide vital operational and troubleshooting data:
    • IP address history, MAC address, Owner,¬†Location, OS, etc.
  • Reports summarizing IP address resources and utilization.

There are many IPAM solutions out there with SovLabs support for the following:

I will be using the SovLabs Infoblox module in my example but if you have read this far you probably asked yourself “Infoblox has native integration with vRealize Automation, why use the SovLabs Infoblox module?” ¬†I did some research and hopefully this information is useful in your decision making:

Differentiators between SovLabs Infoblox IPAM and Infoblox native integration vRA:

  • SovLabs do not require the Infoblox cloud adapter
  • SovLabs has different modules, which seamlessly integrates with each other and enhances the IPAM functionality:
    • Separate DNS and IPAM modules to allow each to be driven independently even between different providers.
    • Ability to create multiple independent DNS profiles that can drive DNS for multiple different providers independent of IPAM.¬† DNS is able to register against multiple domains out of the box and¬†drive host records, CNAMEs, PTR and A records independently.
  • SovLabs has pre-validation logic for IP and DNS forward/reverse duplication detection.
  • SovLabs Template engine can be used for custom comments, fields in Infoblox based on vRA metadata.
  • SovLabs is design for ease of use.¬† No Infoblox schema changes or lengthy install and upgrade process.
  • SovLabs is completely policy driven, no need for custom workflow development.

The SovLabs module also has many other features which can viewed on the website here, but some of the highlights are:

  • Obtain and reserve unique IP address(es) and release automatically during appropriate machine lifecycle
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • No custom workflows required, completely policy driven
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites:

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant
    1. Add license for Infoblox IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add Infoblox Endpoint
      2. Add IPAM Profile

 

Configuration:

  1. Add InfoBlox Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-05-10 at 6.09.35 PM.png
    4. Click Request button on “Add Infoblox¬†Endpoint”
    5. Screen Shot 2017-05-10 at 6.10.29 PM.png
    6. Infoblox Endpoint
    7. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    8. Enter hostname
      • FQDN of Infoblox¬†server
    9. HTTPS = yes
    10. Port – 443
    11. WAPI version = pick from dropdown box based the version your found through prerequisites
    12. DNS View = optional, which DNS views this endpoint supports
      • Not using Infoblox for DNS in this example
    13. Network View = optional, which Network views this endpoint supports
      • All¬†my networks are crated under the default view
    14. Credential Configuration
    15. Enter username
      • Username should have API access and permissions to add/remove records to/from Infoblox
    16. Enter password
    17. Click Next
    18. Advanced Options
      • These are optional and can be left blank which will populate with default value.
    19. Host record template
    20. A record template
    21. PTR record template
    22. Fixed Address template
    23. Click Submit
  2. Add IPAM profile
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-05-11 at 8.05.34 AM.png
    3. Click Request on Add IPAM Profile
    4. Screen Shot 2017-05-11 at 8.06.10 AM.png
    5. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Enter Description
      • I like to add the name of the network and subnet information here.
    7. Type = Infoblox
      • Since we are using Infoblox, that is what i picked.
    8. Provider host = select configuration label for previously created Infoblox endpoint
    9. Nic number = 0
      • On which NIC do you want to assign the IP address for the VM
    10. Subnets, Gateways and Network names
      1. The network name should match the vDS port group name.
      2. Enter values subnet, gateway and network name with comma separated and click on green + Sign
    11. Excluded IPs
      1. If you want to exclude some IP address, then enter them here individually.
    12. DNS Configuration
    13. Enter Primary DNS
    14. Enter Secondary DNS
    15. Enter DNS Suffix
    16. Enter DNS search Suffix
    17. Wins Configuration
    18. Enter WINS Server if necessary
    19. Click Submit

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Login to vRA
  2. Click on the Infrastructure -> Reservations -> Network Profiles
  3. Edit the network profile that best matches the IPAM profile created above
  4. Click DNS tab
    1. Verify that the DNS suffix is set.
  5. Click on the Infrastructure -> Reservations
  6. Edit the reservation associated with the network profile review above in step 3.
    1. Click network tab
    2. Uncheck the network paths
    3. Also clear out the network paths dropdown value.
  7. Click OK
  8. Now we need to enable the custom properties module on our blueprint
  9. Click on Design -> Blueprint
  10. Edit Blueprint
  11. Click on the blueprint vSphere machine on the Design Canvas.
  12. Click on properties tab
  13. In the properties group section click +Add
  14. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)
    • Do not attach more than 1¬†IPAM profile¬†property group to a blueprint VM object
  15. Click OK
  16. Repeat these steps for all blueprints that should get an IP address through IPAM.

Now deploy a VM and verify in Infoblox that the IP address is assigned to the network in the default view.