Adding Microsoft Azure to vRA and vRB Part #2

In part 1 I showed how to add Microsoft Azure to vRA.  In this part 2 I will show how to add Microsoft Azure with Non-EA account to vRealize Business which will provide cost information for your MS Azure account.

I have to apologies for taking so long to publish this but I had the blog written and ready to go but it was created with vRB 7.2, which had a lot of bugs with Azure integration  and the documentation was not very thorough and made use of the old Azure portal interface for configuration.  The problem I ran into can be view in the community post here, but with a lot of views and not responses I decided to wait until vRB 7.3 to review this again.

Prerequisites:

  1. You must have a Microsoft Azure Enterprise Agreement (EA) or non-EA account.
  2. If using MS Azure non-EA you must have one of the following credits offers:
    1. Pay-as-you-go
    2. MSDN
    3. Monetary commitment
    4. Monetary credit

To add a non-EA account you will also need the following information during configuration so please make sure you have this available.  I am also providing the steps on how to configure your non-EA account.

  • Client ID
    • When you register a client app, such as a console app, you receive a Client ID. The Client ID is used by the application to identify themselves to the users that they are requesting permissions from.
  • Location of Purchase
  • Tenant ID
    • Value can be retrieved from the Azure default Active directory when you select manage -> properties in menu.
  • Secret Key
    • Value will be defined during app registration.

Continue reading

vRA & SovLabs: Infoblox IPAM Module

An IP address is an integral part of the server architecture and is required by all servers, LB VIPs, NATs etc. Many customers still make use of spreadsheets, which is very difficult to automate when you have to manually enter data, and this eventually leads to inconsistencies due to the file not getting updated when a IP address is assigned, changed or deleted.

What you need is a robust high performance, highly available IP solution that you can manage from a single interface and provides  features like:

  • Manage a large pool of IP addresses
  • Improve availability, and simplified administration.
  • User based roles and permissions.
  • Provide vital operational and troubleshooting data:
    • IP address history, MAC address, Owner, Location, OS, etc.
  • Reports summarizing IP address resources and utilization.

There are many IPAM solutions out there with SovLabs support for the following:

I will be using the SovLabs Infoblox module in my example but if you have read this far you probably asked yourself “Infoblox has native integration with vRealize Automation, why use the SovLabs Infoblox module?”  I did some research and hopefully this information is useful in your decision making:

Differentiators between SovLabs Infoblox IPAM and Infoblox native integration vRA:

  • SovLabs do not require the Infoblox cloud adapter
  • SovLabs has different modules, which seamlessly integrates with each other and enhances the IPAM functionality:
    • Separate DNS and IPAM modules to allow each to be driven independently even between different providers.
    • Ability to create multiple independent DNS profiles that can drive DNS for multiple different providers independent of IPAM.  DNS is able to register against multiple domains out of the box and drive host records, CNAMEs, PTR and A records independently.
  • SovLabs has pre-validation logic for IP and DNS forward/reverse duplication detection.
  • SovLabs Template engine can be used for custom comments, fields in Infoblox based on vRA metadata.
  • SovLabs is design for ease of use.  No Infoblox schema changes or lengthy install and upgrade process.
  • SovLabs is completely policy driven, no need for custom workflow development.

The SovLabs module also has many other features which can viewed on the website here, but some of the highlights are:

  • Obtain and reserve unique IP address(es) and release automatically during appropriate machine lifecycle
  • Reserves unique IP address(es) and assigns to the VM NIC(s) based on IPAM profile(s)
  • IPAM profiles can span multiple networks, each consisting of a network name, subnet CIDR block and gateway address
  • IPAM configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional IPAM providers with other IPAM modules from SovLabs
  • No custom workflows required, completely policy driven
  • SovLabs IPAM configurations may also be used with SovLabs network load balancer modules

Prerequisites:

  1. Infoblox user on (all) Infoblox appliance(s) with the following permissions:
    • API and GUI access configured
    • Add/remove Host Records, A Records and/or PTR Records
  2. Infoblox WAPI version must be 1.2+

    Access https://{infoblox-fqdn}/wapidoc/ and look in the upper-left corner

  3. Login to the vRA tenant
    1. Add license for Infoblox IPAM module
    2. Validate the following show up on the Catalog page:
      1. Add Infoblox Endpoint
      2. Add IPAM Profile

 

Configuration:

  1. Add InfoBlox Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-05-10 at 6.09.35 PM.png
    4. Click Request button on “Add Infoblox Endpoint”
    5. Screen Shot 2017-05-10 at 6.10.29 PM.png
    6. Infoblox Endpoint
    7. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    8. Enter hostname
      • FQDN of Infoblox server
    9. HTTPS = yes
    10. Port – 443
    11. WAPI version = pick from dropdown box based the version your found through prerequisites
    12. DNS View = optional, which DNS views this endpoint supports
      • Not using Infoblox for DNS in this example
    13. Network View = optional, which Network views this endpoint supports
      • All my networks are crated under the default view
    14. Credential Configuration
    15. Enter username
      • Username should have API access and permissions to add/remove records to/from Infoblox
    16. Enter password
    17. Click Next
    18. Advanced Options
      • These are optional and can be left blank which will populate with default value.
    19. Host record template
    20. A record template
    21. PTR record template
    22. Fixed Address template
    23. Click Submit
  2. Add IPAM profile
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-05-11 at 8.05.34 AM.png
    3. Click Request on Add IPAM Profile
    4. Screen Shot 2017-05-11 at 8.06.10 AM.png
    5. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Enter Description
      • I like to add the name of the network and subnet information here.
    7. Type = Infoblox
      • Since we are using Infoblox, that is what i picked.
    8. Provider host = select configuration label for previously created Infoblox endpoint
    9. Nic number = 0
      • On which NIC do you want to assign the IP address for the VM
    10. Subnets, Gateways and Network names
      1. The network name should match the vDS port group name.
      2. Enter values subnet, gateway and network name with comma separated and click on green + Sign
    11. Excluded IPs
      1. If you want to exclude some IP address, then enter them here individually.
    12. DNS Configuration
    13. Enter Primary DNS
    14. Enter Secondary DNS
    15. Enter DNS Suffix
    16. Enter DNS search Suffix
    17. Wins Configuration
    18. Enter WINS Server if necessary
    19. Click Submit

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Login to vRA
  2. Click on the Infrastructure -> Reservations -> Network Profiles
  3. Edit the network profile that best matches the IPAM profile created above
  4. Click DNS tab
    1. Verify that the DNS suffix is set.
  5. Click on the Infrastructure -> Reservations
  6. Edit the reservation associated with the network profile review above in step 3.
    1. Click network tab
    2. Uncheck the network paths
    3. Also clear out the network paths dropdown value.
  7. Click OK
  8. Now we need to enable the custom properties module on our blueprint
  9. Click on Design -> Blueprint
  10. Edit Blueprint
  11. Click on the blueprint vSphere machine on the Design Canvas.
  12. Click on properties tab
  13. In the properties group section click +Add
  14. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • Check the appropriate IPAM property group (starts with SovLabs-IPAM- and ends with -nic#)
    • Do not attach more than 1 IPAM profile property group to a blueprint VM object
  15. Click OK
  16. Repeat these steps for all blueprints that should get an IP address through IPAM.

Now deploy a VM and verify in Infoblox that the IP address is assigned to the network in the default view.

vRA & SovLabs: ServiceNow CMDB module

Having a centralize management database (CMDB) is crucial to provide insight into your environment especially with IT service management architectures becoming a lot more complex.  Some of the benefits of a CMDB are:

  • Increase control with asset management
  • Make systems more reliable by quickly identifying configuration drift like unplanned changes and improper configs that can cause performance issues
  • Maintain service levels through faster troubleshooting and identify key components, owners and dependencies

The CMDB contains valuable in-depth data about maintenance, repair histories, problems, changes, but this is all pretty much useless if the CMDB is not kept up to date and consistent.  There are many ways to achieve the necessary consistency, but the SovLabs ServiceNow CMDB modules for vRA provides a lot of additional benefits over something like auto-discovery with features which can viewed on the website here, but some of the highlights are:

  • Flexible mapping via JSON-based templates which can utilize dynamic or static values and vRA metadata, e.g. using vRA custom properties like business groups, catalog item owner, software installed,
  • Multiple operations permitted (insert/update/delete) on multiple related or independent tables using the direct to table method
  • CMDB configurations can be applied generically at the compute resource or business group level or more specifically at the blueprint level
  • Compatible with ServiceNow Discovery
  • Instantaneous CMDB inserts/updates occur during time of provisioning/de-provisioning/re-configure
  • Flexible de-provisioning/clean options
  • Supports import set or direct to table

Prerequisites:

  1. ServiceNow CMDB is properly configured
  2. ServiceNow CMDB service user account must have Web Service admin rights and rights to add/update/delete records
  3. If you are using VMware’s ITSM plug-in, set the “u_vra_uid” column to read/write from read only:
    1. In ServiceNow, navigate to System Definition
    2. Under Column name, search for u_vra_uid
    3. Click the cmdb_ci table from the results
    4. Uncheck Read only and Check Read/Write
    5. Click Update
  4. Login to the vRA tenant
    1. Add license for ServiceNow CMDB module
    2. Validate the following show up on the Catalog page:
      1. Add ServiceNow Endpoint
      2. Add ServiceNow CMDB

Configuration:

  1. Add DNS configuration
    • If you want the VIP host name to be automatically registered with DNS then you need to have the SovLabs DNS module installed and configured.  This was covered in my previous post which can be viewed here.
  2. Add ServiceNOW Endpoint

    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-05-23 at 2.08.45 PM.png
    3. Click Request on “Add ServiceNow Endpoint – SovLabs Modules”
    4. Screen Shot 2017-05-23 at 2.10.00 PM.png
    5. ServiceNow Endpoint
    6. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Enter ServiceNow host URL
    8. Select Current ServiceNow version
    9. Credential Configuration
    10. Create credential = yes
    11. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    12. Enter username and password
    13. Click Submit
  3.  Add ServiceNow CMDB Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-05-23 at 2.18.37 PM.png
    3. Click Request on “Add ServiceNow CMDB Endpoint – SovLabs Modules”
    4. Screen Shot 2017-05-23 at 2.18.46 PM.png
    5. ServiceNow CMDB Configuration
    6. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select ServiceNow Endpoint previously created
    8. Use import set?
      • Selecting no will make of use import direct to table
    9. Select template name
      • I am using the default linux and windows templates provided by SovLabs so will be creating two separate CMDB configurations associated to each.
    10. Enter JSON template
      • This should be populate with the default template but additional information can be added within the template for instance the owner and the business group the owner belongs too.

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • ServiceNow CMDB property group (starts with SovLabs-SnowCMDB-)
  7. Do not attach more than 1 ServiceNow CMDB property group to a blueprint
  8. Click OK
  9. Repeat these steps for all blueprints that should use this custom naming.

 

SovLabs ServiceNOW CMDB module     VS    VMware’s vRA plugin for ITSM:

VMware’s vRA plugin for ITSM provides a way to expose vRA’s Catalog items to ServiceNOW for machine provisioning with an approval process workflow that run in SNOW instead of vRA.

SovLabs CMDB module will automatically update the SNOW CMDB with the valuable information obtained from vRA after a Catalog Item request and successful deployment, either direct to table or through import sets.

Here are some limitations for each of the solutions that I think everyone needs to take into consideration.

VMware’s  vRA plugin for ITSM feature limitation: (base on my v1 experience)

  1. Only community supported!
  2. Only ADFS 2.0 is supported for authentication.
    Note: ADFS 2.0 comes with Windows 2008 R2 where as ADFS 3.0 comes with Windows 2012 R2. ADFS 2.0 is single point of failure.  ADFS 3.0 supports farms with primary and secondary servers.

    • Email address must match in both SNOW and the AD connection used by ADFS
  3. Custom properties of the following types are not supported- slider, spinner, yes/no, hyperlink, and SecureString as well as any properties using external values from vRealize Orchestrator.
    • Encrypted vRA custom properties not supported
  4. Only the vSphere.local tenant is supported (this might be fixed in v2 which I have not yet had a chance to test)
  5. Requesting XaaS blueprints or composite blueprints that contain dynamic form inputs from vRealize Orchestrator is not supported.
  6. Requesting machines from AWS or Azure or any other non-vCenter endpoint not supported.
  7. Resource mapping only on the vSphere virtual vRA inventory type which is limiting if you have OS-level CIs defined.
  8. Once configured, newly provisioned resources are imported into a new CMDB class while existing resources are available in the old CMDB class and would have to be imported into new.

SovLabs ServiceNOW CMDB module limitations:

  1. VM re-configure (should be available soon)
  2. Resource mappings for resources other than for machines except where they can be derived via machine properties

 

Links:

https://sovlabs.com/products/servicenow-cmdb/

http://docs.sovlabs.com/vRA7x/current.html#servicenow-cmdb

https://marketplace.vmware.com/vsx/solutions/vmware-vrealize-automation-plug-in-for-itsm-2-0-0

 

vRA & SovLabs: Snapshot management module

If you are a VMware administrator you know what a pain it is to manage snapshots.  Virtualization makes it easy to snapshot a VM before a patch or an upgrade is applied to an application or OS and gives you that peace of mind that you can revert back if it fails.   The reality is that users never clean up there snapshots and it starts getting used as a backup method in environments which places the burden on VMware admins to manage the clean up efforts.  VMware recommends not using snapshots for more than 3 days since it can cause serious performance, storage and corruption problems in your environment.

So how you do you handle snapshots?  A lot of customers just give up and take the chance of nothing going wrong, or they end up disabling this very valuable feature so users cannot use it all.  None of these methods are good.

SovLabs modules provides policies that control the expiration and deletion of VM snapshots as well as the ability to provide notifications to the VM owner. The VM owner is not given the option to extend the time of how long the snapshot lives and it will be automatically removed based on the lifespan in days set by the vRA administrator.

Configuration:

  1. Add SovLabs vCenter Endpoint
    1. This configuration was covered in my previous post which can be viewed here.
  2. Add SovLabs vRA CAFE Endpoint
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 8.44.15 AM.png
    3. Click Request on “Add SovLabs vRA CAFE Endpoint”
    4. Screen Shot 2017-04-20 at 8.44.47 AM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Version and Hostname are  auto-generated and based on querying vRA CAFE, verify that the information is correct
    7. If you have not configure this endpoint module then you need to create credentials.
    8. Click Submit
  3. Add SovLabs vRA IaaS Endpoint
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 8.51.06 AM.png
    3. Click Request on “Add SovLabs IaaS CAFE Endpoint”
    4. Screen Shot 2017-04-20 at 8.51.27 AM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Version, Hostname  and Domain are auto-generated and based on querying vRA CAFE, verify that the information is correct
    7. If you have not configure this endpoint module then you need to create credentials.
    8. Click Submit
  4. Add Notification Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 8.55.27 AM.png
    3. Click Request on “Add Notification Configuration”
    4. Screen Shot 2017-04-20 at 8.55.36 AM.png
    5. New message server = yes
      1. new fields will appear
    6. Screen Shot 2017-04-20 at 8.58.39 AM.png
    7. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    8. Enter message server address
    9. Enable SSL if required
    10. Enter message port
    11. Select message type
    12. Select message server protocol
    13. Select yes from drop down box if your SMTP requires authentication.
      1. Select yes from new credentials
      2. Enter configuration label
      3. Enter username and password
    14. Enable STARTTLS if required
    15. Set network timeout
    16. Since I selected message type as email, you need to setup your email groups.
      1. Select yes to create new group
      2. Enter email group configuration label
      3. Enter To and/or CC and BCC addresses
    17. Click Next
    18. Screen Shot 2017-04-20 at 9.10.04 AM.png
    19. Enter notification configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    20. Select type = SNAPSHOT
    21. Select state = Whether or not to send notifications when a new snapshot is found (NEW), when a snapshot is about to be deleted (WARNING), and/or when a snapshot has been deleted (DELETE)
    22. Select format
    23. Enter From address
    24. Enter Title
    25. Enter Body
      • In the documentation they have some notification examples which you can just copy/paste and customize, which is very helpful.
    26. Screen Shot 2017-04-20 at 9.19.44 AM.png
    27. Click Submit
  5. Add Notification Group Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 4.08.11 PM.png
    3. Click Request on “Add Notification Group Configuration”
    4. Screen Shot 2017-04-20 at 4.08.56 PM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Select Type = snapshot
    7. Select Notification = previously create notification configuration.
  6. Add Snapshot Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-20 at 9.45.42 AM.png
    3. Click Request on “Add Snapshot Configuration”
    4. Screen Shot 2017-04-20 at 9.46.15 AM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
      • sovlabs_snapshot_config_BG_all_2days
    6. Select SovLabs vRA CAFE Endpoint from dropdown.  This was configured earlier.
    7. Select SovLabs vRA IaaS Endpoint from dropdown. This was also configured earlier.
    8. Select Notification Group.  Make sure you have a notification group of type snapshot define. This was also configured earlier.
    9. Select if you want to manage snapshots for all business groups = yes
    10. Enter snapshot lifespan in days
      1. Per VMware’ recommendation try to stay within less than 3 days
    11. Enter the days before expiration a warning notification should be send out.
    12. Screen Shot 2017-04-20 at 4.14.42 PM.png
    13. Click Next
    14. Set the snapshot scheduler.  So the scheduler you set here goes out and checks each VM if they have a snapshot that might be expiring or is expired and needs to be deleted.  Once create, a vRO schedule task is created which runs every 15min to make sure that the snapshot scheduler sends out the notification at the specified time.
    15. Screen Shot 2017-04-20 at 4.36.03 PM.png
    16. Leave schedule as active
    17. Set schedule type = daily
      • most customers would pick daily
    18. Set the time to run in military format
    19. Can leave schedule end date blank to run forever.
    20. Click Submit

Enable the module:

  1. Based on the set scheduler, an inventory update will automatically run and send notifications.
    • If a snapshot’s age has met the expiration day, it will automatically get deleted.
  2. The last SovLabs Snapshot Configuration deleted, deletes the vRealize Orchestrator scheduled task for Snapshot Management.  It automatically creates it again if a snapshot configuration is created and scheduled task is not found.

Disable the module:

  1. Login to the vRA tenant
  2. Select Catalog -> SovLabs vRA Extensibility
  3. Click Request on “Manage Snapshot Scheduler”
    1. Select Suspend from the Action dropdown list.
    2. Click Submit
    3. (if you want to resume this module again you can perform the same actions as above but select Action “resume” from dropdown list.

 

vRA & SovLabs: vSphere DRS

This modules allows you to make use of VMware’s DRS to sub-divide your vSphere clusters for consumption by defining DRS groups, affinity and anti-affinity rules. A good use case for this would the deployment of a VM that needs to be tied to specific host due to licensing or hardware constraints, or VMs behind load balancers that you want to make sure run on different ESXi hosts.

The module has many features which can viewed on the website here, but some of the highlights are:

  • Create and manage vSphere DRS profile configurations directly in vRA and tie them to existing blueprints to enable affinity or anti-affinity relationships between VMs provisioned and existing DRS host groups.
  • Automatic cleanup of appropriate linked VM rules and groups during VM de-provisioning lifecycles
  • Allows for VM provisioning into specific pre-defined DRS host groups
  • Dynamically creates VM group(s) and rule(s) during VM provisioning based on the corresponding SovLabs DRS profile configuration

Prerequisites:

  • vCenter Server is properly configured
  • vCenter cluster is properly configured and the host groups defined

Configuration:

  1. Add vCenter Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-04-18 at 5.08.40 PM.png
    4. Click Request button for “Add SovLabs vCenter Endpoint”
    5. Screen Shot 2017-04-18 at 5.10.07 PM.png
    6. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select vCenter version
    8. Enter PSC FQDN
    9. Embedded PSC = yes/no
    10. Enter vCenter Server FQDN
      • this should get populated
    11. Create credentials = yes
      1. This is not the vRA credentials so if you have not set this up through the catalog item request then you have to do so first.
    12. Enter username
    13. Enter password
    14. Click Submit
  2. Add DRS Profile
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-04-18 at 5.24.17 PM.png
    4. Click Request on “Add DRS Profile”
    5. Screen Shot 2017-04-18 at 5.24.51 PM.png
    6. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select vCenter Endpoint
    8. Select Cluster
      • If the clusters do not show up, make sure you have Host groups defined in DRS or that the credentials are entered correctly.  Credentials can be updated through the SovLabs Catalog “Manage Credential Configuration”
    9. Select host group
      • I create 2 hosts groups within the cluster, with separate hosts in each, which will be assignment to each blueprint.
    10. Select Rule
      • I selected should run on hosts in group
    11. Click Submit

 

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • Check the appropriate vSphere DRS property group (starts with SovLabs-DRS-)
    • Do not attach more than 1 vSphere DRS property group to a vSphere machine blueprint
  7. Click OK
  8. Repeat these steps for all blueprints that should use this custom naming.

 

 

vRA & SovLabs: DNS module

DNS plays a very important role in making sure your deployed VMs are accessible, and if this is not configured correctly you can run into problems that can sometime be difficult to diagnose.

SovLabs modules make sure that no stale, duplication or orphaned DNS records exist which is great since we have all had those days where we are to lazy to unregister a VM from AD before we delete it, right!?

SovLabs also supports DNS integration with Infoblox, Bluecat and BT Diamond IP which is very helpful since these might be used for different departments and give you that flexibility to accommodate those scenarios.

For this blog I am focusing on using just the regular old Microsoft Active Directory.

The module has many features which can viewed on the website here, but some of the highlights are:

  • Handles simple to complex globally distributed multi-zone, multi-site MS DNS environments
  • Employs several methods to improve DNS data integrity and mitigate issues from stale, duplicate or orphaned DNS records, such as retry logic, record availability and DNS propagation/post validation checks
  • DNS configurations are interchangeable between endpoint providers; avoid lock-in by easily adding additional DNS providers with other DNS modules from SovLabs
  • Allows for independent configurations for forward and reverse records, if desired
  • Supports up to 10 network interfaces per machine

 

Prerequisites:

  1. Identify the Domain Controllers to be used, or if policy dictates no direct connections are allowed then identify a proxy server.
    • If using a proxy server then make sure the environment setup is complete by following these steps
  2. If you are not using the SovLabs IPAM module, then you need to make you sure you set the DNS suffix within your network profiles that will be used.
  3. Setup WinRM
    • WinRM must be enabled for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
    • Follow these steps
  4. Install AD Webservices on all the DC’s that will be used.
  5. Verify NTP settings

 

Configuration:

  1. Add Microsoft Endpoint
    1. This configuration was covered in my previous post which can be viewed here.
  2. Add DNS configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-18 at 3.54.05 PM.png
    3. Click Request on “Add DNS Configuration – SovLabs Modules”
    4. Screen Shot 2017-04-18 at 3.54.56 PM.png
    5. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Domains
      • Add all the domains for this DNS config
      • Enter name
      • Press Green plus sign
    7. Networks
      • Add all the networks for this DNS config
      • Enter name
      • Press Green plus sign
    8. DNS server type
      • MS DNS in my case
    9. DNS server endpoints
      • Select the one that was previously created
    10. Create A record = yes
    11. Create PTR record = yes
    12. Use a default server
      • Can specify this server if no match on domain and network.
    13. Screen Shot 2017-04-18 at 4.08.46 PM.png
    14. Click Submit

 

Enable the module:

Now we need to enable the custom properties module on our blueprint

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • SovLabs-EnableLifecycleStubs
  7. Click OK
  8. Repeat these steps for all blueprints that should use this custom naming.

Now deploy a VM and watch the magic happen.  The provisioned VM will automatically attempt to register with Microsoft DNS only if the VM is in the configured domain and network defined for Microsoft DNS.

Disable the module:

If you have the DNS module installed but for some reason are not using it or need to disable it then following the steps below:

  • If you do not have the DNS module configured, and try to deploy a catalog item, you will get an error like “Error: DNS Registeration could not find a DNS Configuration for the Hostname and/or IP of <servername> / 192.168.1.10 (Workflow:DNS machineBuilding / Add DNS (item10)#65)”
  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. Click on Custom Properties tab
  6. Click +New
    • Name = “SovLabs_DisableDNS”
    • Value = “true”
  7. Click OK
  8. Click Save
  9. Repeat these steps for all blueprints that should use this custom naming.

Links:

http://docs.sovlabs.com/vRA7x/current.html#microsoft-dns

http://docs.sovlabs.com/vRA7x/current.html#infoblox-dns

http://docs.sovlabs.com/vRA7x/current.html#bluecat-dns

http://docs.sovlabs.com/vRA7x/current.html#bt-diamond-ip-dns

 

SovLabs: Microsoft Active Directory module

Windows servers require Microsoft AD, it is an integral part of the server architecture. I am not going to get into much detail on the directory service since this blog is focused on how SovLabs interacts with it.

The module has many features which can viewed on the website here, but some of the highlights are:

  • Handles simple to complex globally distributed multi-domain, multi-site MS AD environments
  • Registers/cleans computer account with Active Directory
  • Supports placement in a “build OU” during provisioning in order to facilitate software deployments/configurations that require a less restrictive Group Policy
  • Supports dynamic creation and removal of OUs
  • Employs several methods to improve reliability of registration/cleanup to mitigate failures, such as retry logic and post validation checks

 

Prerequisites:

  1. Identify the Domain Controllers to be used, or if policy dictates no direct connections are allowed then identify a proxy server.
    • If using a proxy server then make sure the environment setup is complete by following these steps
    • Windows 2012 R2 required
  2. Setup WinRM
    • WinRM must be enabled for SovLabs modules utilizing any Windows servers in the environment (for AD, DNS, IPAM, Puppet and etc.)
    • Follow these steps
  3. Install AD Webservices on all the DC’s that will be used.
  4. Verify NTP settings
  5. “Shell access type” for the user account with permissions must be set to Command Prompt.

 

Active Directory Example:

I am going to initially deploy the computer object in the following OU which is used for pen testing: (BUILD OU)

  • OU=vra_BuildDeployment,OU=Servers,OU=Lab,DC=sovsys,DC=com

Then after pen testing is completed, I will move the computer object to the following OU:

  • OU=vra_Deployment,OU=Servers,OU=Lab,DC=sovsys,DC=com

Since I have production and development(lab) environment I would like create the computer object in different OUs.  This I can handle through a custom property and SovLabs Template engine.

SovLabs.AD.Environment.OU        –       defined on Business group

This will update my OU to following:

  • OU=vra_BuildDeployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com
  • OU=vra_Deployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com

 

Configuration:

  1. Add Microsoft Endpoint
    1. Login to vRA Tenant
    2. Select Catalog -> SovLabs vRA Extensibility
    3. Screen Shot 2017-04-18 at 2.41.33 PM.png
    4. Click Request button on “Add Microsoft Endpoint”
    5. Screen Shot 2017-04-18 at 2.41.53 PM.png
    6. Enter Configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    7. Select connection method
      • Select how the SovLabs modules will connect to the target or proxy Microsoft server
    8. Enter hostname
      • FQDN of AD server
    9. Use non-standard ports = no
    10. Is a proxy host = no
      • for my instance I am connecting directly to the AD server.
    11. Enter username and password
    12. Advanced configuration is only necessary when local administrator access cannot be given to the service account.
      • temporary directory = blank
      • share path = blank
    13. Click Submit
  2. Add Active Directory Configuration
    1. Select Catalog -> SovLabs vRA Extensibility
    2. Screen Shot 2017-04-18 at 2.52.13 PM.png
    3. Click Request on Add ActiveDirectory Configuration
    4. Screen Shot 2017-04-18 at 2.53.03 PM.png
    5. Enter configuration label
      • Only AlphaNumeric characters, no spaces or special characters except: - and _
    6. Select Microsoft Endpoint
      • created earlier
    7. Select Computer name case
      • Choose whether or not the computer name added in AD is all uppercase or lowercase
      • If you are using the Puppet module set this to lowercase since it will cause problems with authentication due the certificates created for the Puppet agent is always in lowercase.
    8. Use Build OU
      • Select yes if computer needs to be placed in an interim OU.
      • If yes, fill in create and remove OU, otherwise leave those blank.
      • OU=vra_BuildDeployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com
    9. OU
      • ActiveDirectory Organizational Unit (OU) in DN format for computer/VM to join
      • OU=vra_Deployment,OU=Servers,OU={{SovLabs.AD.Environment.OU}},DC=sovsys,DC=com
    10. Security Group
      • List all AD security groups the server should join
    11. Delete computer account
      • If you select yes it will try to find computer account and delete it, regardless of which OU it is in.
    12. Screen Shot 2017-04-18 at 3.23.05 PM.png
    13. Click Submit

 

Enable the module:

Now we need to enable the custom properties module on our blueprint:

  1. Click on Design -> Blueprint
  2. Edit Blueprint
  3. Click on the blueprint vSphere machine on the Design Canvas.
  4. Click on properties tab
  5. In the properties group section click +Add
  6. Check the box for:
    • SovLabs-EnableLifecycleStubs
    • Microsoft Active Directory property group (starts with SovLabs-AD-)
    • Do not attach more than 1 Microsoft Active Directory property group to a blueprint vSphere machine object.
  7. Click OK
  8. Repeat these steps for all blueprints that should use this custom naming.

 

Now deploy a VM and watch the magic happen. Effortless, predictable, consistent and best of all no manual input of placing the created computer object in a specific OU.