The Scoop – vRealize Automation 7.3

Oh my how time flies. It was just about 6 months ago that I was blogging about the release of vRA 7.2 and all the awesomeness within. Since then, VMware’s Cloud Management Business Unit has been hard at work developing, testing, tweaking and innovating towards the next big release. Today, I’m happy to announce the general availability of vRealize Automation 7.3. It’s an incremental release (i.e. a “dot” release), but don’t be fooled. Here you’ll learn just how much “umph” a .1 can have.

This release continues the trend of delivering awesome innovations, improved user experience, and greater / deeper integration into the ecosystem its managing. Below is a summary of the “spotlight” features and capabilities that are packed into vRA 7.3……

vRA 7.2 DIG – 08, IaaS Fabric Configuration

The IaaS Fabric is made up of all the infrastructure components that are configured to provide aggregate resources to provisioned machines and applications. This is represented by several logical constructs that are configured to identify and collect private and public cloud resources (Endpoints), aggregate those resources into manageable segments (Fabric Groups), and sub-allocate hybrid resources (Reservations) to the consumers (Business Groups).

In this chapter, we’ll walk through the end-to-end details of building out the IaaS Fabric — on vSphere — to support machine provisioning.

Configuration Checklist

  • Configure Roles and Permissions
  • Add (vSphere) IaaS Endpoint
  • Add vRO IaaS Endpoint
  • Create a Fabric Group
  • Create a Custom Group
  • Create Machine Prefixes
  • Create (2x) Business Groups
  • Create External Network Profiles
  • Create (2x) resource Reservations

Video

vRA7.2 DIG – Microsoft Azure Integration

vRealize Automation 7.2 added native support for Microsoft Azure as a cloud Endpoint. This allows customers to quickly add their subscribed Azure resources to vRA for management and consumption. Azure is the latest addition to the list of native IaaS Endpoints, but the integration takes a different approach from the traditional IaaS Endpoints. For starters, Azure integration is built entirely on vRA’s native extensibility platform vs. the traditional [.net] engine. Likewise, the Azure endpoint is added to vRA as an extensibility endpoint, unlike most other native endpoints that are configured in the Infrastructure section.

Behind the scenes, vRA heavily leverages vRealize Orchestrator (vRO) and a set of OOTB workflows to orchestrate various Azure functions. The included workflows are provided to deliver core Azure functionality and a handful of Day2 operations, but can also be copied and customized to provide additional functionality and XaaS services as needed. This can help fill any gaps in native functionality and, more importantly, deliver unique integrations that would otherwise be quite complex.

But don’t let any of this scare you. Building, provisioning, and managing Azure workloads is accomplished using all the familiar user interfaces in vRA. From a consumption perspective, vRO is tucked in the background and is invoked by vRA based on the task at hand.

vRA 7.2 Detailed Implementation VIDEO Guide

Welcome to the vRealize Automation 7.2 Detailed Implementation VIDEO Guide. This is a collection of all the videos making up the full vRealize Automation 7.2 Detailed Implementation Guide.

The guide (and these videos) was put together to help you deploy and configure a highly-available, production-worthy vRealize Automation 7.2 distributed environment, complete with SDDC integration (e.g. VSAN, NSX), extensibility examples and ecosystem integrations. The design assumes VMware NSX will provide the load balancing capabilities and includes details on deploying and configuring NSX from from scratch to deliver these capabilities.

Be sure to refer back to the full guide for detailed configuration steps or more info on any given topic.

 

01, Introduction

High-Level Overview

  • Production deployments of vRealize Automation (vRA) should be configured for high availability (HA)
  • The vRA Deployment Wizard supports Minimal (staging / POC) and Enterprise (distributed / HA) for production-ready deployments, per the Reference Architecture
  • Enterprise deployments require external load balancing services to support high availability and load distribution for several vRA services
  • VMware validates (and documents) distributed deployments with F5 and NSX load balancers
  • This document provides a sample configuration of a vRealize Automation 7.2 Distributed HA Deployment Architecture using VMware NSX for load balancing

Implementation Overview

To set the stage, here’s a high-level view of the vRA nodes that will be deployed in this exercise.…

vRA 7.2 DIG – 06.1, NSX Load Balancer Config

Next we’ll be configuring load balancing and high availability policies for the distributed components. An NSX Edge Service Gateway (ESG) will be providing the load balancing and availability services to vRA as an infrastructure service. vRA supports In-Line and One-Arm load balancing policies. This implementation will be based on an In-Line configuration, where the vRA nodes and the load balancer VIPs are on the same subnet.

(If you do not plan on using NSX for HA services, you can skip this configuration)

 

 

The vRA Load Balancing Guide provides additional details and load balancing guidelines for NSX, F5, and NetScaler.

NSX Load Balancing configuration consists of creating a Application Profile, Health Monitoring policy, Server Pool(s), and a Virtual Server (VIP) per load-balanced pair. These services can be configured after the initial deployment (preferred) to avoid any potential deployment issues related to load balancing config.

 

 

Load Balancer Application Profile Config

Server Role Type SSL Pass-through Persistence Persistence Time-Out (sec)
vRealize Automation HTTPS Enabled Source IP 1800
vRealize Automation IaaS Web HTTPS Enabled Source IP 1800
vRealize Automation IaaS Manager HTTPS Enabled NONE N/A

 

Load Balancer Service Monitoring Config

Server Role Type Interval Timeout Retries Method URL Receive Expected
vRealize Automation HTTPS 3 10 3 GET /vcac/services/api/health 204
vRealize Automation IaaS Web HTTPS 3 10 3 GET /wapi/api/status/web REGISTERED
vRealize Automation IaaS Manager HTTPS 3 10 3 GET /VMPSProvision ProvisionService

 

Load Balancer Pool Config

Server Role Algorithm Monitors Members Port Monitor Port
vRealize Automation ROUND-ROBIN <vRealize Automation monitor> vRA VA Nodes 443 443
 vRA Remote Console ROUND-ROBIN <vRealize Automation monitor> vRA VA Nodes 8444 443
vRealize Automation IaaS Web ROUND-ROBIN <vRealize Automation IaaS Web monitor> IaaS Web Nodes 443 443
vRealize Automation IaaS Manager ROUND-ROBIN <vRealize Automation IaaS Manager monitor> IaaS Manager Nodes 443 443

 

Virtual Server (VIP) Config

Server Role Port Default Pool Application Profile
vRealize Automation Pool 443 <vRealize Automation Pool> <vRealize Automation Profile>
 vRA Remote Console 8444 <vRealize Automation Remote Console Pool> <vRealize Automation Profile>
vRealize Automation IaaS Web 443 <vRealize Automation IaaS Web Pool> <vRealize Automation IaaS Web Profile>
vRealize Automation IaaS Manager 443 <vRealize Automation IaaS Manager Pool> <vRealize Automation IaaS Manager Profile>

 

vRA 7.2 DIG – 07, Initial Tenant Configuration

vIDM is policy-driven and adds a significant amount capability over the IDVA. vRA 7 customers will gain many of the OOTB capabilities of the stand-alone vIDM product and be able to configure and manage these features directly with the vRA UI. For anyone who has used vIDM as a stand-alone solution or as part of another product (e.g. Horizon Workspace), configuring vIDM will be just as straight forward. But even if you’ve never configured it before, it is intuitive and walks you through the logical steps of setting up auth sources and advanced policies…

For Active Directory integration, vIDM Directories are configured to sync with one or more domains.

vRA 7.2 DIG – 01, Introduction

vRA 7.x focuses a lot on the user experience (UX), starting with one of the most critical — deploying the solution — then the second most critical, configuring it.  Following through with the promise of a more streamlined deployment experience, vRA 7’s release made a significant UX leap with the debut of the wizard-driven and completely automated installation of the entire platform and automated initial configuration.  And all of this in a significantly reduced deployment architecture.

The overall footprint of vRA has been drastically reduced. For a typical highly-available 6,x implementation, you would need at least 8 VA’s to cover just the core services (not including IaaS/windows components and the external App Services VA). In contrast, vRA 7’s deployment architecture brings that all down to a single pair of VA’s for core services. Once deployed, just 2 load-balanced VA’s will deliver vRA’s framework services, Identity Manager (SSO/vIDM), vPostgres DB, vRO, and RabbitMQ — all clustered and configurable behind a single load balance VIP and a single SSL cert. All that goodness, now down to 2 VA’s and all done automatically (!) during deployment.

While the IaaS (.net) components remain external, several services have moved to the VA(s). This will continue to be the case over time as more and more services make it over — eventually eliminating the Windows dependencies all together.…

vRA 7.2 Detailed Implementation Guide

Welcome to the vRealize Automation 7.2 Detailed Implementation Guide (DIG). This series of posts — made up of detailed how-to, end-to-end videos, plenty of commentary, and other related content — was put together to help you deploy and configure a highly-available, production-worthy vRealize Automation 7.2 distributed environment, complete with SDDC integration (e.g. VSAN, NSX), extensibility examples and ecosystem integrations. The design assumes VMware NSX will provide the load balancing capabilities and includes details on deploying and configuring NSX from from scratch to deliver these capabilities.

This little project has been in the works for quite some time and will continue to expand as I include additional how-to’s for a variety of use cases (e.g. IPAM and ITSM integration).

Target Audience

This guide was created for anyone looking to install and/or configure vRealize Automation 7.2 in any environment. And, as were my intentions in previous POC guides, the content here can be used as a form of training and education or simply a reference document for existing or new vRA environments.

As for skill level, this guide assumes you have a general idea of vRealize Automation and VMware’s broader Cloud Management products. However there is no expectation that you’ve previously deployed and configured vRA.…