A Quick Lesson on vRA Entitlements

vRealize Automation provides a ton of granularity for roles and permissions, service availability, lifecycle management (e.g. day-2 operations). It essentially boils down to a set of logic that defines who can see and do any given task on any given resource. This can be as simple as a handful of configurations, or get as complex as you want it to be.

vRA’s Entitlements feature is just one of many ways to add governance and additional controls to your environment. Entitlements allow admins to create a set of policies that determine which services any given consumer can deploy and how they can [lifecycle] manage their services post-provisioning. The following entitlement options are available per Business Group User or Group.

  • IaaS Blueprints
  • PaaS / AppServices Blueprints
  • XaaS Services
  • Actions / Custom Actions (Day 2 Operations)
  • Service Catalogs
  • Approval Policies

Entitlements are created and managed under Catalog Management (Administration tab -> Catalog Management -> Entitlements) for all available services. It is important to note that entitlements are a REQUIRED function for service delivery (e.g. all services must be entitled at some level before they are available for consumption). Since this isn’t a HOW-TO post (see the vRA Live Install and Config videos and/or the vRA 6.0 POC Guide for a detailed how-to), here’s a summary of how to get from here to there…

 

 

 

 

 

 

 

 

 

 

Once an Entitlement is created, there are several options that will help you fine-tune exactly what gets entitled, who this entitlement effects, which actions are available, and whether or not component-level approval policies are in the mix.…

VMware SDDC / vCloud Suite Whiteboard

I recently had the opportunity to brief several dozen VMware Public Sector (US-Fed / SLED) partners in anticipation of the vCloud Automation Center (vCAC) 6.0 GA release. While most of the day focused on vCAC, I spent about an hour or so delivering an updated version of my SDDC Whiteboard brief to help set the stage for vCAC.

The whiteboard provides an overview of VMware’s SDDC / vCloud vision — starting from the foundation (i.e. vSphere) and capped off by the cloud automation layer (vCAC)…and all the loveliness in between.

This is a presentation I do often, but no two are the same. If you’ve got 45ish minutes to spare, please do and feel free to provide some feedback!


VMware vCloud Suite / vCAC Whiteboard from @virtualjad on Vimeo.

 

++++
@virtualjad

vCAC 6.0 XaaS Use Case – DaaS with Horizon View

vCloud Automation Center 6.0’s “XaaS” feature will allow our customers to utilize any prepackaged, new, or existing vCenter Orchestrator workflow and deliver it as a Self-Serviced, Entitled, Governed, and Lifecycle-managed service. VMware will be shipping a more integrated View/vCAC DaaS integration in Q1’2014.  Until then we have to improvise to come up with a “DaaS-like” solution that will help fill in the gap until the products are natively integrated.

vCAC’s Advanced Service Designer (ASD) provides a quick-fix for this needed capability using rather unsophisticated means.  This use case guide will walk you on building a Desktop Request service using the ASD and vCenter Orchestrator’s Active Directory Plug-in.

DaaS Use Case Objectives:

  • Allow cloud users to request a Horizon View Desktop machine from vCAC’s Service Catalog and add Self-Service, Governance, and Entitlement to existing View Environments
  • Use vCAC’s Advanced Service Designer to create a Custom Service to deliver DaaS
  • Configure a Governance (Approval) policy for VDI Desktop Requests
  • Utilize vCO’s built-in Active Directory plug-in and a simple workflow to do the magic

DaaS Solution Summary:

  • Horizon View is configured with 2 Desktop Pools: 
  • Floating Desktop Pool: DaaS-Engineering
  • Dedicated Desktop Pool: DaaS-Operations 
  • Both pools are configured to pre-provision 20 (e.g.) desktops and always have 5 desktops available (unused) in the pool
  • Each pool is entitled to an existing Active Directory Security Group 
    • DaaS-Engineering -> “DaaS-Eng” 
    • DaaS-Development-> “DaaS-Ops”
  • A “Desktop Services” catalog item is created using the Advanced Service Designer, which utilizes an existing vCO Active Directory [plug-in] workflow “add a user to a group
  • When invoked, the user selects an AD User and one of 2 available Groups
  • Once submitted, vCO adds the selected user to the selected group, which entitles the user that that group (and associated View Pool)
  •  XaaS Lab Logical Architecture

      

     
    Assumptions

    This guide
    assumes you have good working knowledge of vCloud Automation Center 6.0
    and Horizon View 5.x,…

    VMware vCloud Automation Center 6.0 is LIVE!

    It has been a long time coming…lots of hard work, energy, collaboration, and a massive investment from VMware to ensure this release marks the beginning of a game-changing technology for organizations looking to accelerate and optimize their cloud strategy. vCloud Automation Center 6.0 was made Generally Available today (as promised). This release does more than update an existing platform — it sets the stage for what’s next for VMware, its Partners, and customers.

     vCAC 6.0 addresses real IT problems with the Business in mind. And it does this with “time to value” at the forefront. We’ve moved beyond the days of delivering cloud solutions that promise the world but start with a blank canvas, “Here’s your cloud…it can do anything…but first I’ll need 6 FTE’s and 18mos to turn it into something consumable…fingers crossed”. Sound familiar? Unfortunately that strategy is alive and well today. I call it “custom COTS” (commercial-off-the-shelf).

    What our customers are looking for is real COTS, something that delivers time to value and begins to address real IT problems immediately. A solution that promises ecosystem integration while allowing them to utilize existing investments. A solution that will help organizations realize the value of the Software-Defined Datacenter on day 1.…

    vCAC 6.0 Implementation, Part 2 – Configuring vCAC’s VA’s

    VMware’s vCloud Automation Center 6.0 solution is made up of 3 core components:

    • vCAC VA – Delivered as a Virtual Appliance (.OVA), vCAC’s primary interface for administration and user self-service. Also includes an imbedded vCO server.
    • vCAC ID – Delivered as a Virtual Appliance (.OVA), vCAC’s stand-alone Single Sign-On engine, which provides multi-tenant LDAP and Active Directory authentication services for vCAC tenants.
    • vCAC IaaS – Windows Installable (.exe), vCAC’s IaaS engine for heterogeneous infrastructure as a service (covered in detail in Parts 3 & 4).
    source: vCAC 6.0 Install and Configure [beta] documentation

     

    Additional components to the solution (based on licensing) include the vCAC Financial Management engine (delivered as an .OVA), and the Appication Provisioning engine (also an .OVA).  Both are covered much later.

    Part 2 of this series will dive into the the configuration/integration of the vCAC VA and ID/SSO VA components.

    NOTE: this video guide was created using vCAC BETA builds and some of the steps will differ from the generally-available builds.  I will try to update all the videos pre-GA.

    Other videos available in this series:

     

    ++++
    @virtualjad

    vCAC 6.0 Implementation, Part 1 – Deploying vCAC and ID (SSO) Appliances

    VMware’s vCloud Automation Center (vCAC) 6.0 release is just around the corner and the anticipation for what’s next is tremendous.  vCAC 6.0 introduces a brand-new interface, new concepts, new echosystem integrations, and the quickest path to realizing the benefits of the Software-Defined Datacenter.  And then there’s XaaS — the killer technology that will allow cloud shops to deliver their entire datacenter operation as a governed, entitled, life-cycled service.

    To learn more about vCAC 6.0, visit VMware’s cloud management blog.

    vCAC 6.0 has been in beta for a couple of months and continues to peek the interests of several early adopters.  Being the beta code that it is, there are several caveats and gotchas with the implementation that can sneak up at you.  To help mitigate those gotchas, I have created a set of videos that will help through the implementation of an end-to-end vCAC 6.0 solution.  The 10 videos in the series will cover the following topics:

    I will be rolling out these videos as they get through editing…aiming for 1/week.

    To get us started, here’s Part 1 – Deploying vCAC and ID (SSO) Appliances..…