Adding Microsoft Azure to vRA and vRB Part #2

In part 1 I showed how to add Microsoft Azure to vRA.  In this part 2 I will show how to add Microsoft Azure with Non-EA account to vRealize Business which will provide cost information for your MS Azure account.

I have to apologies for taking so long to publish this but I had the blog written and ready to go but it was created with vRB 7.2, which had a lot of bugs with Azure integration  and the documentation was not very thorough and made use of the old Azure portal interface for configuration.  The problem I ran into can be view in the community post here, but with a lot of views and not responses I decided to wait until vRB 7.3 to review this again.


  1. You must have a Microsoft Azure Enterprise Agreement (EA) or non-EA account.
  2. If using MS Azure non-EA you must have one of the following credits offers:
    1. Pay-as-you-go
    2. MSDN
    3. Monetary commitment
    4. Monetary credit

To add a non-EA account you will also need the following information during configuration so please make sure you have this available.  I am also providing the steps on how to configure your non-EA account.

  • Client ID
    • When you register a client app, such as a console app, you receive a Client ID. The Client ID is used by the application to identify themselves to the users that they are requesting permissions from.
  • Location of Purchase
  • Tenant ID
    • Value can be retrieved from the Azure default Active directory when you select manage -> properties in menu.
  • Secret Key
    • Value will be defined during app registration.

Continue reading

vRealize Business for Cloud 7.3 upgrade process

In my lab I am upgrading from vRB 7.1 to 7.3 using the Web console, so I will primarily be focused on providing steps for this scenario.  There are a couple of ways going about the upgrade for instance:

  • Web console
  • Downloadable ISO image through CDROM
  • Default or specific repository address
    • a Specific repository is useful when you update a specific version


  • Take snapshot of your appliance!
  • If using vRB with vRA, make sure you are on a supported vRA version ( => 6.2.4) before you start the upgrade.


Disclosure: I am registered to vIDM. In the documentation is states if you are registered to vIDM that it is not necessary to unregister. Well I ran through the upgrade and it did not create the new groups in vIDM, to which you are suppose to assign your users for administrator access.   To fix this I had to unregister and register after the upgrade was completed. Let me know if it works for you with VMware steps but it certainly did not for me.  In the steps below I reference unregistering with vRA or vIDM.  Use at own risk.

  • Login to vRB VAMI
  • Select registration tab
    • Depending on your registration preference,  make sure to disconnect first to either vRA or vIDM.  (read my disclosure above since VMware docs only mention vRA)
    • Select either vRA or vIDM tab
    • Enter username and password
      • admin/password
    • Click Unregister
    • Verify unregister was successful
    • Screen Shot 2017-06-14 at 3.56.57 PM.png
  • Select Update tab
    • Click Check Updates
      • You should get a message that a new version is available.
    • Click Install updates
  • Update will start and appliance will automatically reboot


  • After installation is complete
    • Login again to vRB VAMI
    • Click Systems
      • Verify new 7.3 version is shown.
    • Click Network
      • Verify Hostname is set to your server name, and NOT localhost
        • If it is set to localhost, select address tab
        • Enter server name within the hostname field
        • Click Save Settings
    • Select registration tab
      • Depending on your registration preference,  select either vRA or vIDM tab
      • Enter username and password
        • admin/password
      • Click Register
      • Verify Registration is successful

Post-upgrade configuration:

If you login now you will get errors like below.

Screen Shot 2017-06-14 at 4.27.58 PM.png

Screen Shot 2017-06-14 at 4.28.26 PM.png

The groups created in vIDM for vRB < 7.3 use to be:


These will still be visible as groups in vIDM, but are not being used, since they have been replace with new groups:

  • vRBC_Administrator
  • vRBC_Controller
  • vRBC_ViewOnly

Modify the users for the new vIDM groups create for vRB

  • Select Users & Groups
  • Select menu Users in This Group
  • Click Modify Users in this Group
  • Create rule
  • Click Next
  • Verify users in list to be added
  • Slick Save


Now you can login successfully to vRB with vIDM registration and enjoy the new user interface and product features.


VMware announces general availability for all vRealize Suite Standard products!

VMware has already been teasing us since June 6th with the upcoming releases of the following vRealize Suite products:

Today VMware announced GA for all products mentioned, with what seems to be a unified message to provide one integrated architecture, with greater/deeper integration across SDDC technologies and multiple public clouds.  I like where this is going…

Couple of key take aways for me which are shared amongst some of the products (not all):

  • Redesigned HTML5 UI
    • Log Insight jumped on this long ago.
  • OOTB Integration between the different products
    • We have started seeing this with previous release but not going into full swing
  • Standardizing on authentication with VIDM

Release notes for each product:


Hopefully I can make some time in the upcoming weeks to dive a bit deeper into some of the features, but due to my busy schedule I am not holding my breath 🙂 Happy downloads!

Adding Microsoft Azure to vRA and vRB Part #1

Azure has been available since vRA 7.2 release with OOTB support for building, delivering and lifecycle management of Azure-based workloads. Some features to take note of:

  • Adds native Azure support for hybrid cloud and provisioning use cases
  • First Endpoint to be built on top of extensibility platform (XaaS vs .NET)
  • Incorporate key vRA functionality, such as approvals, extensibility, and CBP
  • Azure services built in CBP, provides config granularity per component
  • Supports Azure Networking (subnets, load balancers)
  • OTB Day2 lifecycle operations include start, stop, restart, delete
  • Leverages new Azure vRO plugin (included OOTB)

As mentioned in bullet point 2 the Azure endpoint is not configured from the traditional Infrastructure tab location because it is not managed by the IaaS engine of vRA but presented via vRO and XaaS.

So how do get this all of this to install and configured?  Let’s start with vRA.

Azure installation steps for vRA 7.2 with external vRO

When using an external vRealize Orchestrator server with vRealize Automation, Microsoft Azure integration is not available so in order to make that work we need to export the Azure plug-in from the internal vRO, that resides on your vRA server, and then import the plugin to the external vRO server.  It sound complicate but not that bad.

    • Log in to the vRO Control Center for the internal vRealize Orchestrator on your vRealize Automation virtual appliance.
    • Under Plug-Ins -> click Manage Plug-Ins.
    • Find the Azure plug-in
      • Right-click Download plug-in in DAR file.
      • Save the file to your desktop.
    • Log in to the vRO Control Center for your external vRealize Orchestrator.
      • Follow same steps as in step 1, except point http address to external vRO server.
    • Under Plug-Ins -> click Manage Plug-Ins.
    • Under Install plug-in -> click Browse
      • Point to DAR file downloaded from internal vRO
    • Click Install.
      • If prompted to confirm
      • Click Install again.
    • In the Control Center under Startup-Options, click Restart to finish installing the new plugin.
    • Reboot all your vRealize Automation virtual appliances at the same time.
      Microsoft Azure integration functionality should be restored.

Verify Azure plugin:  (Remember this will not be under your regular Infrastructure endpoint)

  1. Login to vRA.
  2. Administration -> vRO configuration -> Endpoints
  3. Select New
  4. Open Plug-in drop down box
  5. Verify that you can see “Azure”
  6. Screen Shot 2017-03-07 at 11.10.31 AM.png
  7. Good to go!

If the integration does not function properly after the reboot, verify that the Azure package,, is present in the external vRO. If the Azure package is not present, complete these steps.

  1. Log in to your internal vRO client on your vRA virtual appliance.
  2. Export the Azure package, For instructions, see, Export a Package.
  3. Log in to the vRO client for your external vRO.
  4. Import the Azure package,, to your external vRO. For instructions, see Import a Package.


Create Azure Endpoint:

  1. Login to vRA.
  2. Administration -> vRO configuration -> Endpoints
  3. Click New
  4. Select Azure from Plug-in drop down box
  5. Click Next
  6. Give the Endpoint a name
  7. Click Next
    1. If you get an error “Service Workflow cannot be found”, then make sure the package is present with steps provide above.
  8. Fill in the detail settings
    1. You need to Azure Subscription ID, Tenant ID, Client ID as well as client secret.
    2. This information is available under

Before continuing with vRA configuration you have to prep your Azure environment, which is out of scope for this article, and make sure have the following information available:

  1. Subscription ID
  2. Tenant ID
  3. Resource Group name
  4. Storage account name
  5. Location
  6. Virtual Network name
  7. Client application ID
  8. Client application secret key
  9. Virtual Machine image URN

Create Azure resource reservation:

  1. Administration -> Users and Groups -< Business Groups
    1. Create Business Group if required or use existing
  2. Infrastructure -> Reservations -> Reservations
    1. Create Reservation
    2. Provide Name
    3. Select Business Group
    4. Optionally set Reservation Policy
    5. Set priority
    6. Very check on Enabled
    7. Click Next
      1. Enter Subscription ID
      2. Set Location
      3. Click New on Resource Group
      4. Enter Resource group name
      5. Click New on Storage Accounts
      6. Enter Storage account name
    8. Click Next
      1. Click New on Networks
      2. Enter Network name
      3. If required enter the name for the Load Balancers and Security Groups as well.
    9. Set alerts
    10. Finish


Create Azure Blueprint:

  1. Design -> BluePrint
  2. Create new
  3. Under machine types categories select Azure Machine
  4. Drag it to design canvas
  5. Select Azure Machine
    1. Set ID
    2. Under Build information tab
      1. Set Location
      2. Screen Shot 2017-03-07 at 11.39.55 AM.png
      3. Set Naming Prefix
        1. This can be based on Business group default or Custom
        2. Windows computer name cannot be more than 15 characters long, be entirely numeric, or contain the following characters: ` ~ ! @ # $ % ^ & * ( ) = + _ [ ] { } \ | ; : . ‘ ” , < > / ?
      4. Set Image type
      5. Enter Virtual Machine image name
      6. Set Authentication with username and password
        1. Cannot use the username “admin”, yes I tried that first.
        2. Password requires a minimum of 12 characters
      7. Set Instance size
        1. Set series
        2. Set size
      8. Screen Shot 2017-03-07 at 11.40.13 AM.png
    3. Under Machine resources tab
      1. Set Resources group by either creating a new or use an existing.
        1. Enter existing resource group name
      2. Set availability set
      3. Screen Shot 2017-03-07 at 11.40.21 AM
    4. Under Storage tab
      1. Set storage account name, if nothing is set the storage account will be picked from reservation.
      2. Screen Shot 2017-03-07 at 11.40.26 AM
    5. Under network tab
      1. Enter load balancer name
      2. Set IP address type
        1. I have Dynamic selected
      3. Set networking configuration
        1. I have specify Azure network selected
        2. Optionally, can fill out rest of network names
      4. Screen Shot 2017-03-07 at 11.40.40 AM

In part 2 I will discuss adding Microsoft Azure to vRealize Business for Cloud

vRealize Business 7.1 Standalone installation with VMware Identity Manager

With the new version of vRealize Business 7.1 released on 23 August they finally made it possible to install vRB standalone without using vRealize Automation which is great, however you still need to connect vRB to a VMware Identity Manager to authenticate. Below are the steps to follow to configure both vRB and vIDM.


  • DNS A record for vIDM server (unable to create the database in configuration wizard if using IP Address in browser)
  • DNS A record for vRB.


  1. Deploy both vIDM and vRB appliances. Not going to go into details here since this is pretty straight forward.
  2. After deployment is completed and appliance is up and running.
  3. Browse (https) to vIDM FQDN, which will give a configuration wizardScreen Shot 2016-08-24 at 12.04.16 PM
  4. Set passwordScreen Shot 2016-08-24 at 12.04.41 PM
  5. Set DatabaseScreen Shot 2016-08-24 at 12.05.25 PM
  6. Finish
  7. Login to vRB VAMI (https://FQDN:5480)
    1. Register with viDM. (admin username)Screen Shot 2016-08-24 at 12.47.55 PM
    2. Verify registration successful.
  1. Next step is to provide local admin user access to vRB
    1. Open a webpage to vIDM
    2. Login with admin/password
    3. Select Users and Groups
    4. Screen Shot 2016-08-24 at 1.06.52 PM
    5. Select VCBM_ALL
    6. Select Users in this group
    7. Click Modify users in this group
    8. Screen Shot 2016-08-24 at 1.07.23 PM
    9. Check box for “Additional specific Users”
    10. Type “admin”, press Enter
    11. Select Admin, Local (Admin@local Users)
    12. Next
    13. Save
  2. Provide domain user access to vRB.
    1. Open a webpage to vIDM
    2. Login with admin/<password>
    3. Select Identity & Access Management
    4. Select Directories
    5. Click “Add Directory” -> Add Active Directory over LDAP/IWA
    6. Screen Shot 2016-08-25 at 8.30.47 AM
    7. Select either Active Directory of LDAP or Active Director (Integrated Windows Authentication)Screen Shot 2016-08-25 at 8.32.06 AM
    8. (Option 1) If you select AD over LDAP:
      1. If you AD does not support DNS service Location then uncheck the box and specify your AD server.
      2. Specify Bind User details:
      3. In the Base DN field, enter DN from which to start account searches
      4. OU=department,DC=domain,DC=com
      5. In the Bind DN field, enter the account that can search for users
      6. CN=Users,OU=department,DC=domain,DC=com.
    9. (Option 2) If you select AD Integrated Windows Authentication
      1. Enter domain name
      2. Enter Domain Admin username
      3. Enter Domain password
      4. Enter Domain authenticated Bind User UPN (
      5. Save & Next
  3. Select the Domains you want associated with AD connection.
  4. Map user attributes
  5. Screen Shot 2016-08-25 at 8.41.45 AM
  6. Select the groups you want to sync
    1. CN=users,DC=example,DC=company,DC=com
    2. Screen Shot 2016-08-25 at 8.42.28 AM
  7. Select the users you want to sync
    1. CN=username,CN=users,DC=example,DC=company,DC=com
    2. Screen Shot 2016-08-25 at 8.47.20 AM
  8. Review the users and groups.
  9. Click Sync Directory
  10. Open a webpage to VRB.
    1. Login with Admin
    2. Enter serial number
    3. Select Administration tab
    4. Select Manage Private Cloud Connections -> vCenter Server
      1. Click Plus (+) button on right.
      2. Screen Shot 2016-08-25 at 8.52.42 AM
    5. Enter vCenter server information
    6. Screen Shot 2016-08-25 at 8.53.02 AM
    7. Select Update Reference Database
      1. Click Run Automatic Update if you have internet access. (If greyed out then might be on latest version or verify internet connectivity)
      2. Verify the following ports are open on firewall
        1. Port 443, which connects to
        2. Port 22, which connects to
  11. Complete

vRealize version releases today: vRA 7.1, vROPS 6.3, vRO 7.1 and vRB 7.1

VMware released new versions today for a couple of vRealize products.  Listed below with new features I think are relevant.  Full list of what’s new features provided in links at bottom of blog.

vRealize Automation 7.1

  • Silent installer
  • Migration tool to migrate data from vRA 6.2.x to fresh vRA 7.1 while preserving the source environment.
  • IPAM integration framework although Sovereign System’s SovLabs modules does a great job with this already.
  • Manual horizontal scale in and out of vRA deployments

vRealize Operations Manager 6.3

  • Enhanced workload placement and DRS integration
  • Improved log insight integration (hopefully write a blog on this soon)
  • Enhanced vSphere monitoring with new hardening policies.
  • Allow for multiple Advanced and Enterprise editions license in same deployment which means you can mix single and suite licenses.  License counting for individual license keys is handled through licensing groups.

vRealize Orchestrator 7.1

  • Extending automation configuration
  • Plugin improvements

vRealize Business for Cloud 7.1

  • Support for newer and latest vRA
  • Allow integration with external VMware Identity manager is probably the biggest one here since this now allows for a standalone installation with its own UI . I tested this earlier and you now have the option to register with either a vRA or vIDM instance.
  • Screen Shot 2016-08-23 at 5.59.57 PM
  • If you register with vIDM you get a new UI which is accessible through the FQDN of your vRB appliance.
  • Screen Shot 2016-08-23 at 6.01.31 PM
  • New version of reference database