A Quick Lesson on vRA Entitlements

vRealize Automation provides a ton of granularity for roles and permissions, service availability, lifecycle management (e.g. day-2 operations). It essentially boils down to a set of logic that defines who can see and do any given task on any given resource. This can be as simple as a handful of configurations, or get as complex as you want it to be.

vRA’s Entitlements feature is just one of many ways to add governance and additional controls to your environment. Entitlements allow admins to create a set of policies that determine which services any given consumer can deploy and how they can [lifecycle] manage their services post-provisioning. The following entitlement options are available per Business Group User or Group.

  • IaaS Blueprints
  • PaaS / AppServices Blueprints
  • XaaS Services
  • Actions / Custom Actions (Day 2 Operations)
  • Service Catalogs
  • Approval Policies

Entitlements are created and managed under Catalog Management (Administration tab -> Catalog Management -> Entitlements) for all available services. It is important to note that entitlements are a REQUIRED function for service delivery (e.g. all services must be entitled at some level before they are available for consumption). Since this isn’t a HOW-TO post (see the vRA Live Install and Config videos and/or the vRA 6.0 POC Guide for a detailed how-to), here’s a summary of how to get from here to there…

 

 

 

 

 

 

 

 

 

 

Once an Entitlement is created, there are several options that will help you fine-tune exactly what gets entitled, who this entitlement effects, which actions are available, and whether or not component-level approval policies are in the mix.…

Increasing vRA’s Concurrent Provisioning Operations

I get this question on a weekly basis (at least) – how many concurrent provisioning operations can vRA handle?
…and as soon as I say “2”, i get the [expected] follow up – how can I change that to something ridiculous?

Here’s how:

But first, let’s revisit the blanket statements above because they’re missing a lot of details. The REAL answer is “it depends”. Concurrency primarily depends on which Endpoint is configured, whether or not a proxy agent is used, and what the endpoint itself can handle. The vast majority of vRA customers have at least 1 vSphere Endpoint — which leverages a proxy agent — so I can confidently divulge the default concurrency of 2. Here’s a glimpse of those defaults…

  • Proxy Agent-based (vSphere, XEN, Hyper-V) – 2 per agent
  • DEM-based (all other supported endpoints) – no fixed limit (sort of, see below)

There are a few additional considerations:

  • The number of concurrent workflows per DEM instance. That number is 15 (per DEM).
  • While DEM-based endpoints have no theoretical limit, the DEM workflow concurrency of 15 (per DEM) does apply.
  • Endpoint limits are at play (that is, the endpoints themselves). For example, vSphere 6 can handle 8 concurrent operations by default.

ProTip – Changing a Provisioned Machine’s Owner in vRA

This one comes up all the time…a Business Group Manager (see prereqs) requests an entitled machine, does XYZ configuration on it post-provisioning, then wants to transfer it on to someone else for ownership (whatever the reason that may be).

There are a couple of options for changing the Machine Owner in vRA — during Request, during a Bulk Import (using the Infrastructure Organizer, or by Reconfiguring the machine. You can also allow an Approver to change ownership mid-flight, but that’s a bit more involved.

To change a provisioned [IaaS] machine’s owner by using the “Reconfigure” Day-2 operation…

Some Prerequisites:

  • you must be a Business Group Manager to make the change
  • you must have “Reconfigure” action enabled (via entitlements)
  • the NEW owner must be a Business Group User

Steps:

  1. Log in to vRA with using an account with “Business Group Manager” role
  2. Navigate to the Items tab
  3. Click to open the desired Machine from the list (NOTE: Business Group Managers can manage machines from all users within the business group and can change change the owner of any visible machine.

vRA Live! – Extensibility Videos Published

In the second act of vRA Live!, we took a dive into extensibility and uncovered many of the ways in which vRealize Automation can be incorporated into a broader ecosystem of tools and extensions, largely leveraging vRA’s BFF, vRealize Orchestrator (vRO). This session was part of an ongoing series of vRA deep-dives and a follow up to the inaugural session, vRA Live! – Install and Configure. With more than 350 RSVP’s and ~140 hanging out for 3 1/2 hours, I’d say this was another success…so thanks to all that attended!These sessions wouldn’t be what they are without the awesome panel. A ton of thanks and a huge shout-out goes to this crew, who presented their own use cases (live), etched an epic vRO whiteboard on the fly, and answered more than 110 attendee questions throughout the session…

vRA Live!, Session 2 – Extensibility

** Update 12/31/14: Videos have been posted! – https://www.virtualjad.com/2015/05/vra-live-extensibility-videos-published.html

As a much overdue follow-up to vRA Live! – Install and Configure, I will be hosting the next session on April 17th @ 1:00PM EST.  vRA Live! – Extensibility will focus on extending vRealize Automation through vRA’s extensibility tools.

Extensibility is used to unlock the power of vRA’s integration and automation of the cloud ecosystem, deliver custom services, and help bridge the gap between what is available “out of the box” vs. the reality that is an enterprise’s high-customized and often complex environment. While vRA can deliver basic IaaS services with relatively little effort, the real value for enterprises and those leveraging vRA for managing a software-defined datacenter is delivered by the ability for it to integrate, automate, and orchestrate the surrounding environment.…

Installing the vROps Management Pack for vRealize Automation

Following the general availability of vRealize Operations (vROps) 6.0 and vRealize Automation (vRA) 6.2, VMware has released several integration and management packs that bring the solutions together to help streamline management between consumption and operations. These management packs connect external sources and “solutions” into vROps to provide a more holistic view of the ecosystem. vROps has provided this capability for a small set external sources for quite some time, but not until vROps 6 has that included more of VMware’s own cloud management solutions. Considering the number of VMware customers that purchase these products together (e.g. vCloud Suite or vRealize Suite), these integrations add a ton of overall value. One great example is the vROps Management Pack for vRealize Automation.…

ProTip – Importing and Exporting ASD Content Between vRA Instances

Many customers have asked for the ability to move Blueprints built in the Advanced Services Designer (ASD) between environments. Up until vRA 6.2 this wasn’t possible – but now this capability will make moving content in and out of vRA instances significantly easier. Use the Import/Export wizards to move ASD Blueprints from a Test/Dev environment to a Production instance, across regions, or even across Tenants.


“Content” refers to any logic that supports the ASD Blueprint, including vRO workflows, custom resources, resource mappings, resource actions, and the service blueprint itself.


The wizards are located at Administration -> Advanced Services -> Import (or Export) Content.

+++++
@virtualjad…

vRealize Automation 6.2 Install and Config (Live!) Videos

Earlier this month I hosted “vRA 6.2 Install and Config Live!“, an open-invite social event dubbed “vRA Live” (#vralive). To my surprise, I had 185 RSVP’s with more than 100 people — VMware partners, customers, and several of my peers — attending the 4 1/2+ hour online session. Although I tried to focus on the fundamentals of deploying vRA and associated services, the online Q&A and dialog provided by the experts panel added several examples, lesson’s learned, and plenty of colorful commentary. I couldn’t be more pleased with the turnout and hope to get the next session(s) queued up very soon!…