Adding Backup vNetwork card in Bulk using vCenter Orchestrator

Last week I was given task to create a vCO workflow which will allow L1 sysadmins to add a network card to all VMs. I was arguing why not use Powershell? Powershell script was ready in minutes. IT manager was not comfortable with script as his experience were not good in the past and above all this task must be done by L1 during non-business hours. It should be easily executed by them.

I did took his point where in Level-1 won’t have sufficient knowledge to troubleshoot or understand the powershell script. But my point was workflow will take some time as I didn’t saw any built in workflow for it.

I started to search a better way to do it. simplest way was to use Onyx. Onyx didn’t  proved much of help here. Script given by Onyx is not at all workable. I spent lot of my time in understanding it. And some Google search. It wasn’t easy for me.

I took a powershell out from Onyx and started working on it. It gave me fare bit of idea how it should be achieved.

image

I have designed Workflow which could be seen above. In the workflow I first searched all the VMs in particular resource pool. You can search in the Custer, folder or other places. After I got the VMs, I have to add them network card. Since I’m expected to get more than one VM, I get all VMs in an array. To go through each VM, I used foreach loop.That is all.

User interface below only asks Level –I to select resource pool. Inside the resource pool all VMs will be added with additional network card.

image

In my case I selected TESTVMs resource pool as seen below

image

Press Submit and Booom, network cards are attached as seen below

image

Let me explain you the script. If you don’t read my comments go to the bottom of this post to download the script.


var managedObject = VM;<- VM is Virtual machine to which you wish to add network card
var spec = new VcVirtualMachineConfigSpec();<- You need to initialized virtual machine configuration spec
var myDeviceChange = new Array(); <- you also need to initialized a array to hold all changes.
var myVirtualMachineNICCard = new VcVirtualE1000(); <- you need to initialized  VcVirtualE1000 network card and below you fill all the required values
var configSpec = new VcVirtualDeviceConfigSpec(); <- initialized virtual machine device configuration specification

myVirtualMachineNICCard.key = 0;
myVirtualMachineNICCard.backing = new VcVirtualEthernetCardNetworkBackingInfo();
<- initialized virtual machine network backing information
myVirtualMachineNICCard.backing.deviceName = “VM Network”;
myVirtualMachineNICCard.connectable = new VcVirtualDeviceConnectInfo();
<- initialized virtual machine connectable information
myVirtualMachineNICCard.connectable.startConnected = true;
myVirtualMachineNICCard.connectable.allowGuestControl = true;
myVirtualMachineNICCard.connectable.connected = true;
myVirtualMachineNICCard.addressType = “generated”;
myVirtualMachineNICCard.wakeOnLanEnabled = true;
configSpec.operation = VcVirtualDeviceConfigSpecOperation.add;
<-since we want to add the network card, we use add
configSpec.device = myVirtualMachineNICCard
myDeviceChange.push(configSpec)
spec.deviceChange = myDeviceChange
managedObject.reconfigVM_Task(spec)


Script is the most difficult part for this post. I tried my best to explain it. Hope it helps you all.

I also took opportunity to update my previous post and now workflow looks as shown below. User gets option to select backup network. In order to implement it I used decision workflow. If user has selected Backup Network required as Yes, then green line will be followed where network card will be added and next workflow will be executed. If he says No, add backup network workflow is skipped and next workflow is followed.

image

image

Hope it helps.

Anyone want to use or modify this script can download it from here.

And modified workflow can be downloaded from here

Advertisements

How to use vCenter Orchestrator to reduce your template maintenance overhead

When I choose to blog about this workflow I was bit hesitant if it is going to be really any value add to my readers. This is the extension of previous blog and it related to custom property post which I had done earlier. In custom property I raised the concern that with clone workflow you have very limited choice. As I explore in depth about integrating vCenter Orchestrator and vCenter Cloud Automation Center I found a better way to do. Clone workflow is the best workflow but vCloud Automation Center by default provides a limited customization it. I have not inclination to get into deploy mechanism of each and every OS e.g. WIM or any other method. So any thing extra I can do with cloning will be always a value add. In this post I explore this pain point.

You must have had heard VM sprawl. Have you heard of Gold templates sprawl. I have experienced it a lot. We created as many VM template as we had service type and again for each OS. Currently our VM sizing looks like below

image

There are total nine templates I have to maintain. Maintenance includes patching these VMs every time new patches are released. This is very common problem with MS OS. Upgrading VM tools, Upgrade VM hardware. If either of this is left it created huge incompliance in VM hardware, vmware tools and patches.

We always have searched a better solution for this. One was to use PowerShell but it was really clumsy and support was not using it at all.

Using this post I also wish to focused on resolving this problem.

Support wanted a complete automated method where in either end user (non-IT) provision the VM and he gets the VM as per the size he has selected or IT provision them

So they were looking for end to end automatic provisioning a VM without any additional effort to customize the existing deployment method. Cloning was the only option. So I felt cloning existing VM and changing the CPU, Memory and Disk size would be the best way to resolve it. vCenter Orchestrator is wonderful product. It just helps you do it without any effort as long as you know the tips and tricks about it.

All the Workflows are in-built in vCO. All I did is put them in right place.

image

Crux of this entire workflow is script section.

image

Script section is very simple. Let me explain it you

First I created a input parameter by name VMService. I have added property to it with pre-defined answers Large, Medium and Small. This create a drop down menu where user selects VM size

Second I created three attributes by name. Remember attributes gets there value from somewhere else

  1. vmNbOfCpus (type number)
  2. vmMemorySize (type number)
  3. AdditionalDisk (type number)

I used “If else” loop. So when user select VMService as Large, script under curly bracket will be executed i.e. it is take value for vCPU=4, MemorySize=4096MB and Disk size=40 GB. All I have to pass these values to next workflow. In this case they are

  1. ChangeCPUcount gets vmNbOfCpus  as 4
  2. ChangeRAM gets vmMemorySize as 4096 MB
  3. Add Data disk gets 40 GB
  4. Change the custom attribute

End User gets below screen to provision VM. Just select IP address, VM Name and Size of the VM. That is all end user has to worry. VM will be ready within 15-20 minutes.

image

Below is the example of workflow logs

image

And Below is the example of VM which was created.

image

As part of workflow I also added custom attribute to VM based on the size created. VM size provisioned below is Medium.

image

This has been achieved using vCenter Orchestrator Video training available freely at this location.

If you wish to integrate this workflow with vCloud Automation Center you should use advance workflow designer feature. I have discussed it here. Process is more or less similar.

Note: In cloning workflow vim3WaitDnsNameInTools was behaving abnormally. This action element reads DNS name of the VM. Once it read DNS name of the VM using VMware tools, it takes this as trigger to end sysprep operation and proceed next workflow. In my case I got quite varying results. While searching a bit I came across new plug-in introduced for vCenter 5.5.1. Please use latest plug-in which is right now under Technical Preview as I post this.

Integrating vCenter Orchestrator with vCloud Automation Center–Advance Service Design

In the Last post we saw how to use vCenter Orchestrator (vCO) to create service based VM. In this post we will look at how to import the vCenter Orchestrator workflow into the vCloud Automation center (vCAC). Integration process is straight provided as long as you know some unknown bugs or workarounds. To do this we have to use Advanced Service Designer. Once integration is done we can publish vCenter Orchestrator workflow as catalog items, include them in the services and publish the services in the catalog.

Little Background Information

vCenter orchestrator comes embedded with vCAC appliance.

image

If you use embedded vCenter orchestrator (referred as default orchestrator server) and also if you use identity appliance, vCenter Orchestrator will register itself with Identity appliance. As result vCenter orchestrator can be accessed only using SSO user i.e. administrator@vsphere.local. If you try to register the vCenter orchestrator with vCenter SSO or LDAP, vCenter orchestrator breaks. It keeps saying “Node is not active”. I don’t know yet what is the solution for this.

I simply removed identity appliance and started using SSO the one which comes with vCenter. As a result we have one SSO. vCenter orchestrator register itself to vCenter’s SSO and I can access vCO using any domain account. However if you wish to register this vCenter Orchestrator via vCAC it doesn’t work. It works only if external vCO is register using LDAP rather SSO as shown below.

image

Primary reason I want to highlight as I have spent almost a week on this problem and I have built vCAC environment twice. Hope it saves my reader’s time .

Lets go back to the main topic. Lets make vCenter Orchestrator vCO talk to each other.

Now we have made the connection. Next steps are simpler. Foundation is already created in the last post. All we need to do make vCAC aware of it.

Configure External vCenter Orchestrator

I preferred using external vCenter Orchestrator as it gives more flexibility in operating and managing than the embedded and looks more stable. Go to Administration Tab using Tenant Administration credentials

1. Select Server Configuration

2. Select Radio Button “Use an external Orchestrator server

3. Field details are explained below.

image

Most of the screen of vCloud Automation Center Provides test option. It makes things really helpful to troubleshoot. Above Test Connection button confirms if the connection is made or not. After testing connection don’t forget to press Update

As vCloud Automation Center Administrator you also have option to configure each tenant to specific folder insider vCenter Orchestrator. This is simplest way to achieve multi-tenancy inside vCAC but it still leaves you exposed at vCenter Orchestrator level.

Login as administrator to default tenant which is vsphere.local. Go to Advanced Services select Default Orchestrator Folder and edit the path as shown in screen next to below this screen

image

In below screen I’m selecting path for Coca-Cola Tenant. In below screen tree structured is actually being exposed by vCenter Orchestrator. Therefore folders you see below are pre-created by me.

image

In above screen you also see Server Configuration tab. In this tab have option to configure vCenter Orchestrator for all tenants. I have not used this.

Now lets create a custom resource

Create Custom Resources

Login with a user who has privileges of service architect. In the Advanced Services tab go to the Custom Resources tab and select the Inventory type . These inventory type are vCenter Orchestrator Objects exposed through the API of vCenter Orchestrator connection we just established above

image

Give Name to this inventory type. This is something you should be able to relate. This name will be needed during Service Blueprints configuration as resource you will be provisioning.

image

In the Details Form tab I haven’t touched anything, just left it default. Below is the screen for reference.

image

Service blueprints

Service blueprints allow us to publish vCenter Orchestrator workflows (pre-defined or customized) as catalog items.

image

Next screen you see vCenter Orchestrator’s tree structure of workflow. Select the workflow of your choice. Since I have created customized workflow in previous post, I’ve selected Coca Cola Services

image

On the right hand side of above screen you get to see all the parameter we have defined in the workflow. You can rename the parameter. In above screen VMName01 doesn’t make complete sense, so I will rename it as we proceed. Review and then select Next. In the Details tab put the name for the service and put some meaningful description as it presented to the customer when you request service as shown by arrow . See below how Description is reflected in catalog request form

SNAGHTML187af23b

In below screen in Blueprint form tab you’ve lot of option. e.g. you can change the order of tab. Simply drag and drop as per your requirement.

image

In each display items like Services, VMName01 and Backup you have ability to control default values, select whether value is required. Simply select Edit button to make modifications. Let me change the name of VMName01.

image

You also see Constraints tab in above figure. Below is the Constraints screen. All values are picked from the workflow e.g. I have kept VM Name to be have minimum length of string as 5.

image

You can change these values as per your requirement. In request form I have shown that error control is invoked when the length of string is less than 5

image

After Blueprint Form tab is filled, press Next in Provisioned Resource tab select the custom resource we have created earlier.

SNAGHTML1864c486

Press Add to create Service Blueprint. After Service Blueprint is created it is in draft stage. You must publish so that this is available as a catalog item while creating service.

SNAGHTML186e1f81

Creating services is explained in depth in my previous posts here and here . Follow all steps in those two articles, you will be ready with service.

Login as user and select the service to be published

SNAGHTML1873ec90

Fill in the details as requested below.

image

Press Next to go to Step tab.

Select Name of the Virtual Machine

Select Services

Select if you need Backup ( I selected Yes)

image

After the service is successfully provisioned, in vCenter we can see HR-Gold-009 is provisioned as expected

image

Conclusion: If you know vCO and vCAC I think you can do wonderful orchestration that too without have very little development background.

I’m thankful to post of  Viktor van den Berg (VCDX121) for this post on Advance Service Designer Post-I and Post-II 

Service Provisioning using vCenter Orchestrator (vCO)

I think we are living in the most dynamic time of our life. I have done good number of post on vCAC and want to do more. My plan is to focus on vCAC is to do with VMware Certified Design Expert – Cloud (VCDX-Cloud). It is long long journey. See here the amount work Derek has to put to get there

But this time I don’t want to focus on install and config ones. Main component of vCAC is its extensibility which is referred as XaaS in the document. You can only achieve it when you have some background in scripting and keen to develop new things. It is predicated that every infrastructure administrator must have some scripting and or developers skills to survive in IT in next decade. One of the link which support this is http://it20.info/2014/01/vchs-meets-vco-and-boris-becomes-a-hero/

I loving solving problems and while working in operations team it is the primary thing we do. But then optimize it, do it effectively, Do more with less where the constant instructions from the management. I fortunately got introduced to PowerShell quite early. I’m glad I know little bit of it. I did good amount of scripting on PowerShell. I use to blog about it here. But with self-service provisioning, agility attributes of cloud computing I realized this skill is not sufficient. You need to know a how to orchestrator thing. With PowerShell this is possible but it increases code complexity and also it becomes very difficult to maintain and update the code every time environment changes.

I’m working on the project where I have to provide an end user option to provision VM with different SLA e.g. Gold, Silver and Bronze. User should be able to select VM as per SLA. User should be made aware of what comes with Gold, Silver and Bronze VMs. User must be able to select whether he wish to backup his VM.

Here is how I have crudely defined Gold, Silver and Bronze Services

image

Lets now focus on how to allow user to select these VMs.

vCO  have lot of built-in workflow. For this exercise lets use in-built one. It is well suited for our objective.

Let me define workflow. Workflows consist of a schema, attributes, and parameters. Schema is nothing but actual program or script (If I may call ). Attributes are something we pre-define like declaring variables right at the top of the script. Parameters are of two types. Input and out parameters. Input parameters are where user input is needed or some form of input is needed. Output parameter is result of execution of workflow.

I have duplicated three workflows based on inbuilt workflow by name “create simple virtual machine”.

image

Renamed them as Gold VM, Silver VM and Bronze VM as seen below. This is pretty basic.

image

Now the challenge was how to invoke these workflows when user selects services he needs. I created a new workflow by name Coca cola services. Inside this I created an input parameter by name Services. Since we want end user to select services, I have to change the presentation for the input parameter in the form of drop down list. Go to the presentation tab, select Services and select blue triangle and select the Properties as Predefined answers. In Predefined answers Insert Values as Gold, Silver and Bronze

image

This will create a drop down menu from which user can select the service . Now I have to initiate the action based on user selection. e.g. If users selects Gold, I want Gold VM workflow to be initiated or if user selects Silver, I want Silver VM workflow to be initiated and similar for bronze. This can be achieved in workflow by using decision.

Since user input defined are string parameter, In decision I have selected Services if it Gold – it is True condition.

image

Drag decision into this place as shown/ Below is the complete workflow schema

image

Here you have simple Go-No-go kind of workflow. I have defined here if you see Gold, please Go and initiate GOLD VM 1.1 workflow. If you see No-go, I have dragged and dropped another decision and there I have defined if you get from user Silver request, Go for silver VM 1.1 workflow and again for No-go, I have dropped another decision, here for bronze I have requested to execute Bronze VM 1.1 workflow.

If you know little bit of scripting this is as simple as below. And if you look at the workflow it is reflecting similar picture

 ServiceWorkflow

So if you know the workflow elements, it makes things much easier. If you know scripting you will understand how much pain has been reduced by vCO. Thanks vCO team for this.

So this covers the service tiering. Now the next portion is of allowing user to select backup.

This was bit difficult for me to construct at surface.Got hold of vCenter Orchestrator Book and there I got a hint. I have to modify default workflow. Since we need to give user an option to select Backup. So when user selects he wants backup I want to add additional network and that network card must get attached to Backup port group. Logic is quite simple here, User selects the Radio button (yes/no), if says Yes, I wrote a this code to additional network card.

   1:  //Add Backup Network
   2:  if(

BackupVM

==true){
   3:  deviceConfigSpec = System.getModule("com.VMware.library.vc.vm.spec.config.device").createVirtualEthernetCardNetworkConfigSpec(

vmBackupNetwork

);
   4:  deviceConfigSpecs[ii++] = deviceConfigSpec;
   5:  }

Don’t worry much about this code. Just worry about the variables here.

1) BackupVM is input variable which I have defined, and defined it as Boolean type. If User select Yes, it will create VM network

2) vmBackupNetwork is an attribute I have defined in each workflow (Gold VM1.1, Silver1.1 & Bronze1.1) which will always attach itself to backup network as shown below

image

After you save, validate workflow below Presentation screen is seen. This is just a workflow. We need to get this executed from vCloud Automation Center. Let me keep this for next post.

image

My Notes on vCloud Automation Center for VMware Architects

It took bit long to come up with next post. Lot of posts on vCAC are ready in draft stage but I’m unable to collate in the blog post. Here I’m sharing my notes for vCAC Architects. It is based on my understanding of vCAC architecture. I sincerely hope it saves  my colleagues, friends time.
It is 25 slides deck. Covers some basic things. How design can evolve, scale and can be made highly available. This is the first draft, I’m aiming to cover more aspect and will be updating it accordingly. Even If you find this of little use I can guarantee that slide 24 and 25 would be of some use to you. Thanks for visiting the site, I welcome comments.

Here is the PPT format https://drive.google.com/file/d/0BxY7kXZb0x8tenowQWtjd0ZfN2s/edit?usp=sharing

vCloud Automation Center 6.0 –Creating Build Profiles, Custom Properties

Custom properties are one of the core part of self service provisioning, as it allows extending vCloud automation center (vCAC). This is the best feature of this product. This extensibility can be easily achieved as long as you know vCenter Orchestrator. This is the easiest product to learn, to start with the product you can find all the relevant videos for vCenter Orchestrator here by Brian Watrus. Ok back to the post.

Custom properties as the name denotes refers to customization. Therefore are used to override existing default values. You can also allow customer (end users) to make those choices.  End users are the personnel who are going to use self service provisioning day-in, day-out.

Initial Thoughts

There are many ways we can give flexibility to end users. But what are the use case for this end user? This is the first question we all need to ask. Is she an end user with no IT knowledge or she is merely a developer. These requirement drives what service offering you wish to expose to end users. I would ideally want to give to the user

  1. 1. VM type to provisioned (OS Variance, Variance by Size)
  2. 2. Ability to take VM backup on demand. Backup policy selection? Right now vCHS offers backup option but yet to offer restore service to enduser. You have to call support. Reference Blog 
  3. Ability to enable monitoring for a VM (and then choice of monitoring baseline)
  4. Ability to enable Antivirus support for a VM (and then file exclusion)
  5. Does it need DR (If yes, RPO/RTO definition option please)

This clearly is leading towards SDCC. Without SDDC architecture in place this kind of automation is impossible. 

Scope of this post

Below are the custom property I preferred to play with in this blog post

  • Allowing end user to select the portgroup to which to attach this VM
  • Allowing end user to select the folder in vCenter to place the VM
  • Remove unnecessary device from the VM e.g. CD ROM
  • Cleaning up computer accounts in active directory
  • Allowing end user to select the network type
  • Control snapshot numbers per VM
  • Control SCSI controller for a VM

That being said this is clearly a very small and simple list. I had initially plan to make use of most of them but I have cut this list down. Primary reason I did this is because custom properties are clearly dependent upon how are you deploying your VM. For cloning workflow these custom properties are limited. If you see my previous blog post on Blueprints here, I limited the scope to only Basicworkflow, Cloneworkflow and linkedclone workflow

What are reserved property

Custom properties which are defined by vCAC and cannot be used with same name are referred as reserved properties. Reserved properties allows you to add a property to a machine or override its default or existing value. vCloud Automation Center (vCAC) has defined some properties which are referred as reserved property. There are four types of properties explained below.

Properties types

Internal: This value is maintained in database only. You can query by using any programing interfaces. Below are few example of internal property. For full list of custom property please refer Custom Property Reference Guide here

  • VirtualMachine.Admin.Owner – The end user’s name who has requested the machine
  • VirtualMachine.Admin.Approver – The approver’s name who has approved the request
  • VirtualMachine.Admin.Description – The description of the machine as entered by the end users

    Read-only: These are values in read-only mode and cannot be changed. Examples could be UUID and other values which gets associated with VM for its life cycle. e.g. VirtualMachine.Admin.Name -name of the VM generated by vCAC using machine Prefix

External: This value is implemented in the VM and also updated in the Database. But if this value is changed in the VM, this value is not updated back in database. Kinda  of one time process only. e.g.

  • Hostname (to over write the VM name generated by vCAC using machine prefix)
  • VirtualMachine.Admin.AddOwnerToAdmins  – Not supported in cloning operations Crying face)
  • VirtualMachine.Admin.AllowLogin (boolean value) –To add owner to remote desktop user group. This allows requestor to login after machine is successfully provisioned. My experience in getting this work in cloning workflow has failed

Updated: Exactly opposite of external. Value is tracked till its lifetime via inventory updating mechanism when it is changed outside vCAC

  1. VirtualMachine.Admin.Hostname – Name of the host on which VM resides
  2. VirtualMachine.Memory.Size – Memory size of VM
  3. VirtualMachine.CPU.Count – CPU Count of VM
  4. VirtualMachine.Admin.TotalDiskUsage – Disk usage on the disk including swap file size

In my opinion Internal and read-only property can be of limited usage. However there is some scope for updated and external properties. From official documentation

External and updated properties can be used for cloned machines only if marked with (cloning). Others have no effect on cloned machines because they set attributes that are determined by the template and customization specification used and cannot be changed by vCAC.

Any property can be changed in the vCAC database only using the Edit option on the machine menu, except the read-only properties VirtualMachine.Admin.AgentID, VirtualMachine.Admin.UUID and Virtual-Machine.Admin.Name.

Now that we understood little bit of custom property, lets understand how we can better use them

What is build profile?

It is collection of the custom property under single title e.g Custom properties can be seen as members of a group. Collecting custom property under build profile helps to apply them to VMs and makes them more manageable. You have the option to add custom property to reservation or blueprint however in build profile you simply combine them under similar property sets. vCloud Automation center does provide in-built property set. We will look into property set at later part of the post while discussing Active Directory Clean up below

Create a build Profile

Creating  a build profile is way tooo simple. Login as a Fabric Admin Open Infrastructure –> Blueprints –> Build Profiles –> New Build Profile

image

I have created two Build profiles. One for a cloning workflow and other for Basic workflow. Primary reason for doing so is because with cloning workflow you basically deploy VM from the template. So lot of the VM properties and OS properties are being copied from the template into VM as referred in official documentation (also mentioned above in Italics). So there is a limited way you can play with VMs deployed using this cloning workflow and similar logic applies to Basic workflow

Let’s focus on custom properties that I have created for VMs to be provisioned from Basic workflow.

Select New Property. Enter name for the property. This name must be same as defined by vCloud Automation Center Custom Property Reference Guide. Put the value and select If you wish to encrypt and or prompt user for inputs

image

In above build profile I have created 6 custom properties to be part of Build profile by name BasicVM. Let’s discuss them one by one.

  1. VirtualMachine.CDROM.Attach –This property by default has True value, in above I have changed this to False as I don’t want to attach CD ROM to my machine
  2. VirtualMachine.Network0.Name –This property allows you to choose which port group you want your VM to be attached. I have left Value field as blank which means by default it won’t have any value. I have select this value not to be encrypted. In Prompt User I have selected that user should be prompted for input. In above property Network0 refers to first network card attached to the VM. If you wish to learn to more on how to do this, please refer to an excellent blog by Magnus Andersson –>vcdx56.com. I’m regular reader of this excellent blog.
  3. VMware.Network.Type –This property allows you to select the network adapter type you can select for VM to be provisioned. It based on Magnus’s blog. It is kind of I learnt from his post and I choose to find another use case to implement using same principle
  4. VMware.SCSI.Type – This property allows you to select SCSI controller for your VM. In this case I’ve not given user option but I made that choice on behalf of end user. By default SCSI controller of pvscsi will be created. For Windows 2008R2 default SCSI controller is LSI Logic SAS. It is worth observing you do not get a choice to user different types of controllers for different disk. All controllers of PVSCSI are created based on this property value
  5. VMware.VirtualCenter.Folder – This property allows you select the folder where you wish to place the VM.
  6. VMware.VirtualCenter.OperatingSystem – This property creates VM with Windows 2008 R2 operating system

Now all 6 properties forms part of build profile under name BasicVM. This build profile will automatically appear in Blueprint’s Properties tab as seen below. Just select it. Press Ok

image

Now when user request a virtual machine he gets three drop downs menu which are 1)select Destination Network (derived from VirtualMachine.Network0.Name property), Network Card Type (derived from VMware.Network.Type property) and VM Folder Location (derived from VMware.VirtualCenter.Folder).

image

NB: All the above properties except VMware.VirtualCenter.Folder are not possible to change when we use cloning workflow.

Below are the screens of how dropdown menu appears to end users for selection of choice.

image

image

image

Disclaimer: Properties which I have discussed for cloning workflow are based on my experience, trials and error. VMware doesn’t explicitly & correctly mentions about which properties are applicable/not applicable in particular workflow.

image

That being said So let’s discuss what properties we can use when we are using cloning workflow. Here I have created a build profile by name Customize VM.

SNAGHTML1254e34

  1. First 5 custom properties are inbuilt custom properties created for you under Active Directory Clean up plugin by vCAC. It is referred as property set. These we cannot change in the property set, we can just use them. The process to load them is as below
    1. In the Add from Property Set either scroll down or Type Active directory. After Active directory menu is visible, press Load button. After you press Load button properties related to the property set are loaded. In this case first 5 property are loaded for active directory clean up
    2. Plugin.AdMachineCleanup.Delete is set for false. If it is set for True, computer account is deleted and So property Plugin.AdMachineCleanup.MoveToOU which controls where delete computer account should go serves no purpose. So in order to use Plugin.AdMachineCleanup.MoveToOU, we must put Plugin.AdMachineCleanup.Delete value as false.
    3. Plugin.AdMachineCleanup.Execute is set for true. Unless this is true none of the plugin properties will be of use
    4. Plugin.AdMachineCleanup.Username & Plugin.AdMachineCleanup.Password these are credentials an account which has rights to delete computer accounts in AD. Please note for Plugin.AdMachineCleanup.Password I have selected encrypt checkbox which is the reason password is not visible in clear text.

Below screens shows the results of active directory plug-in values

image

  1. Snapshot.Policy.AgeLimit allows you to limit number of snapshot per VM. It is 3 in my case. If you go beyond it, you would get an error as shown below.

image

  1. VMware.Memory.Reservation it is the property where you can reserve memory for VM. We have reserved 512 MB and below this value is reflected in VM property. That being said I have not seen custom property for CPU.

image

VMware.VirtualCenter.Folder is as explained above

Hope you like this post.

Previous Posts

 

 

vCloud Automation Center 6.0 (vCAC 6.0) Creating and Configuring Approval Policies

Approval policies has changed significantly compared to previous releases of vCloud Automation Center. Approval policies provides a key control over your Infrastructure. It forms core component of Cloud governance. Below is schematic view of approval policy. Approval policy is ruled by policy type and directly influences approval phases.

image

There are two Approval phases -Post-Approval and Pre-Approval phases. For every phase there are levels to define. These levels are approval levels can be seen as Business steps. At each level you have to select how approval proceeds. Approval steps/levels is influenced by two options 1).Is Approval Required, 2). Who are the approvers . In first option we decide if approval is needed (always required/based on condition) and second option we define approvers (single/group, All must approve/anyone approve).

Creating Approval Policies

As tenant administrator go to Administration tab => Approval Policies and select fat green button to create a new approval policy

 

image

 

Select the approval Policy Type from the drop down menu. Most relevant for me is Service Catalog –Catalog Item Request (Virtual Machines)

image

Approval level can be designated as always required for strict governance or you can keep it flexible by defining condition. e.g. end user is requesting a machine of 16 GB RAM. For uses cases of this kind a condition must be defined -whenever user request a machine memory more than 4 GB, approval policy must be invoked.

image

 

You can designate single person an approver or you can add group of users as approvers. You also have option to decide if approval is needed from any one person from the group or all the group members must approve it.

Sometime it does happen, user requests VM with 16 GB RAM, IT manager explains it is not possible now however once we have adequate capacity we can meet you requirement. End user agrees. So instead of asking him to re-sent another provisioning request IT manager can edit the memory to level which is possible with current utilization and approval process proceeds further.

image

 

image

If you wish to update approval policy you must make a copy of the policy. It is not possible to edit the existing policy. Reason is not explained why one cannot edit but I could think it could be that once entitlement gets associated with approval policy it might be difficult to break the relationship.

To understand how the approval level works, I went ahead and added another level (Business approval stage), press Big fat green tab

image

Fill in the details, repeat all inputs we did to add L1 approver except the approver must be fabric admin

image

Below you can see each approval policy has at least one phase and each phase can have multiple level. I have seen only two phases in the screen below i.e Pre Approval and Post Approval.  Phases includes level of approvals. e.g. In Pre Approval phase I have created two levels of approval. Phases are clearly controlled by the approval policy type. In Pre Approval phase all approval are needed before service provisioning can start, while in Post Approval phase approval is needed when service is provisioned but before it is released to the owner.

image

As per above screen Level 1 (L1) needs approval from manager and Level 2 (L2) needs approval from Finance controller. L2 is dependent on L1, unless L1 approves L2 cannot approve. You can also change sequence of approval shown in the screen above.

Assigning Approval Policy to Entitlements

Now that approval policy is created we must assign it with entitlements. Go the Administration => Catalog Management =>Entitlements page.  Select the entitlement you wish to applying approval policy

image

Please note some Approval policy can be applied only to new catalog item requests, while other policies can be applied only to post provisioning actions on provisioned items. In our case we created a simple pre-provisioning policy which will invoke approval when you initiate request for new VM (Service catalog –Catalog item Request (Virtual Machine). You can apply this policy only to catalog item as could be seen above. Though this relation is automatically established you probably do not have to memorize this relation. Reason I say this is because If you try to associate such policy with incorrect entitlement it won’t show. Since this policy is not applicable to Entitled services and Actions, In below screen I observed they are not visible at all

image

 

image

All previous post of vCloud Automation Center 6.0 (vCAC 6.0)

Next post I will be focusing on build profiles

vCloud Automation Center 6.0 (vCAC 6.0)–Publish Blueprints, Configure Services, Configure Entitlements

Publish Blueprint

In previous post we discussed very basic about Blueprints. Blueprints are now ready, now we need to publish them. Publish Blueprint is simple two click task. Select the Blueprint you wish to publish, from the drop down menu select Publish.

image

Next screen (seen below) provides you option to review the Blueprint details. Press OK to confirm Blueprint publishing. Please note Blueprint name will be reflected in catalog items in subsequent screen. Naming convention makes significant difference.

image

 After Blueprint is published how I do I differentiate Blueprint publish from the Blueprint unpublished? After Blueprint is published, publish option disappears which implicitly confirms Blueprint is published.

image

Next natural step is create a services and make it available for end user

Create & Configure Services

The word catalog was always easier for me to understand. But term service made me do some search to understand how it differs from catalog. And I was right it is catalog re-coined as service. In Infrastructure as a Service (IaaS) we have to define service which will focus more on Infra side of things. These generally include Hardware (now virtual), software (OS) 

I personally see following as core part of IaaS

  • CPU & Memory (Compute)
  • Network
  • Storage
  • OS

    So far we discussed Blueprints and it did cover all above aspects. Most of the services are driven by service definition. What you see as a IaaS, some would see IaaS as foundation to build PaaS. Bottom line : Always stick to service definition.

    Service Catalogs are a fundamental part of service delivery.

    image

    By definition a service Catalogue is a list of services that an organization provides to its customers. Each service within the catalogue typically includes the type of the service, Who is entitled to request/view the service, Costs, support hours and description of service.

    To create a service we must have blueprint published. As we already have published Blueprint, Lets go and create a service. To create service login as tenant administrator.

    First time we’re going into 1)Administration tab (in the past it was all about infrastructure tab). Then 2)Catalog Management and then 3)Services. Click on big fat green Icon.

    image

     

    Provide the name to the service. This is bit important. Name of the service must reflect the content inside the service. I called my service Basic Windows Services. I choose this name as I have only windows VM inside my small lab and at the most I can configure them in T-Shirt size image e.g. Small, Medium, Large, Extra Large. So it is basic windows services with different sizes of VM. Use meaningful description. Description will provide information to end user to make decision about the service. Pickup the Icons from Here.

    Status for service

  • Inactive : Service creation is in progress. State used when you don’t want end users to use it. It helps to pause the service in case there is maintenance windows or when we need update blueprint image.
  • Active: Service is available to all entitled users
  • Deleted: Service is no longer i.e. Service is decommissioned

    image

    Additional information

  • Hours: Visible to the customer as support hours
  • Owner: Business owner for this service
  • Support Team: DL for support/Contact number/email
  • Change Window: Planned maintenance windows

    Finally press Add to complete service creation. So service is purely a definition, it is of little use unless you add catalog items to it.

    Add Catalog Items in a Service

    To add items inside the catalog is nothing but adding blueprints to it. Blueprints by themselves represent a template, business policies or application. It is the same place where we went earlier i.e. Administration –> Catalog Management –> Services. Select the service you want to add to the catalog item. Since we have created Basic Windows Service we will select it and at the right side 1) click on down arrow and select 2) Manage Catalog Items

    image

    After you click Manage Catalog Items, you get a screen to add Catalog Items shown below. You can see it in the background (in light brown color). Click on fat green button to open another window.

    image

    In the above window you see Blueprint is listed which we published earlier.

    So if we try to join the dots the moment we publish blueprint, it becomes a catalog item.

    From the down arrow, select Configure option to configure the blue print. Personally I felt there is not much to configure but you lot to edit.

    image

    Just do some embellishment in configuring catalog item. Other field I have shown in screen capture below. Once you are done press the Update button

    image

    At this stage service is ready, catalog are added to the service. But we are yet to decide who can request service.

    Create & Configure Entitlements

    The term here is entitlements. I could recall the right word from my windows background i.e. Privileges. If you compare technical details with different technology they are almost similar. Terminology changes but technology more or less remains unchanged. Knowing one hypervisor makes easier to learn another hypervisor. I digress.

    ok. I’m back. Entitlements can be done at three levels. First top most container i.e. service level, second at catalog item level and then in the catalog item on the resource action level. Resource action e.g. are controlling the service i.e poweron/off, reset, reprovisioning. Now you can recollect why the word privileges applies here. You can also assign approval policy for Entitlements. Approval policy and entitlement are closely related. Approval policy I’ve discussed in next blog. Considering the length of this post I have to keep approval policy out of this post.

    Entitlements are assigned to users, group. So you need to know which users/groups entitlement must be assigned and which entitlements. Entitlements can be done in any order. To keep things simple I created single entitlement and assign it to Service, catalog item and resource actions.

    Creation of entitlement is quite simple, go to administration –>Catalog management –>Entitlements

    image

    Provide name for the entitlement which reflect the user or group who use it. Add users & groups who will receive entitlements. Select status to be active for users to access items. I guess Draft option could be used for testing/maintenance purpose as you can imagine the moment you put entitlement in draft status users loose access to all items these entitlement is configured for.

    image

    Select the business group. Users & groups must belong to same business group. Since I have single business group I’m unable to confirm if there is a validation check there in place. However tenant administration guide does implicitly mentions it.

    This information includes the name and status of the entitlement and the business group whose selected  users and groups are entitled to request the services and catalog items and perform the actions listed in the entitlement.

    I have not understood the use cases for expiration date. I will skip it. In above screen I did played with it and configured it till 2016.

    Entitle users to Services

    Now it is time to assign entitlement to the service, catalog item and resource action. If you are at the same location i.e. Administration –> Catalog Management –> Entitlements –>Coca Cola Sales Users. Just toggle to Items & Approvals. Procedure is more or less similar for every item i.e. Press green fat button.

    image

    As mentioned earlier entitlement can happen in any order. Below is an example of adding service to entitlement.

    image

    Pretty simple, select the service with a checkbox. Press OK.

    Similarly you can add catalog items to entitlement. I have not shown this as I realize post is getting bigger now. We need to cover how to assign rights to entitlement. Here we go.

    Click on Entitled Actions, new window pops with list of Actions you wish to assign it to entitlements

    image

    In above screen I select some basic power operation command.

    image

    Now next section I would be sharing user experience while provisioning services.

 

vCloud Automation Center 6.0 (vCAC 6.0)–Creating & Configuring Blueprints–Basics

Blueprints (BP) are fundamental building blocks for provisioning virtual machine, cloud machine and physical machine from vCloud Automation Center (vCAC). Blueprint represent processes and policies Tenant follows today.

Introduction to Blueprints

Before we start creating Blueprint (BP) we need to understand what kind of services you are planning for end users. When they request services (in this case IaaS only) are end users expecting a full fledge VM with OS installed, Full fledged VM with OS installed, configured and customized. Blueprints provides several of these options. I ‘m focusing only on VMware based VMs as highlighted below

 

image

Basic Workflow

In basic workflow VMs are provisioned without any Guest OS. Well at first thought I felt there is no point in discussing this BP type. But lets start with simple. Lets understand the process and see how Basic BP differs from others.

1. First logging using tenant administrator/business group manager. I’m logging as tenant, as in the end he need to take full control of how to consume resources

2. Go to Infrastructure –> Blueprints –> Blueprints

3. For our purpose we will select Virtual > Blueprint > vSphere (vCenter)

image

 

Blueprint information Tab

1. Type the name for the Blueprint. Name should reflect OS, Application or Service. Since in IaaS name of the OS and Version should be okay to start with.

image

In below screen please note how screen changes if you deselect Shared blueprint, Business group appears automatically. Since I’m using tenant admin credentials to create & configure blueprint I have to select Shared blueprint (can be Shared across groups) option

image

Build Information Tab

Build information tab is where you make choice about workflow type. In Blueprint type you have an option between Server and Desktop. I choose Server for this blog post. Next piece is Action. For basic workflow select create from the drop down menu. Next label Provisioning workflow automatically gets populated with list from which you select basicvmworkflow (shown in 2nd screen capture).

SNAGHTML3541e79

 

SNAGHTML17c58e0

Lets move to Machine Resource section. Key in CPUs, Memory (MB), Storage (GB) &

Lease (days): How many days you want VM. Leave it blank to make it permanent.

Do make a note of maximum section. Using maximum value you give user flexibility to choose between minimum and maximum values while provisioning VMs. e.g. for Memory (MB) we have minimum 512 MB and maximum 1024 MB. So end user can request a VM with memory from anywhere between 512 to 1024 MB

Properties Tab

In property tab we have option to use Build profiles. Build profiles I have cover in this blog post. You can create custom properties. Custom properties are used to pass value to OS during its provisioning process. And every workflow has pre-define list of custom properties

image

I have used a very simple custom property here. VirtualMachine.Admin.ThinProvisionion which gives you control if you wish thin provision VM. This property is must if you are provisioning against local SCSI disk.

Actions

Select the actions you want to make available to the end users.

image

 

At this point all four tabs we have been configured. There is more to discuss about Blueprint. I plan to cover it future posts especially the advance configuration options. Now I will move to other workflows i.e. Cloned and linked clone workflow. In both these workflow Blueprint Information, Action and properties tabs are similar and what we discussed in Properties and Actions tab above applies for these workflows as well.

Use blueprint actions and entitlements together to maintain detailed control over provisioned machines.

Creating a Blueprint for Cloning

Word cloning clicks immediately. It means we need a reference VM inside vCenter. This workflow is nothing but wrapper over the process we had done for last so many years. That being said you need a reference, pre-customized VM, you need a sysprep for Windows 2003 or earlier on vCenter. Simplest workflow and I guess widely used as long as we are focusing on IaaS.

Blueprint Information

Nothing here to configure but ensure your naming convention matches the workflow.

image

Build Information

Select Blueprint type

Select action as Clone. This changes the workflow option to clone.

image

After you select clone, immediately an option to browse to select image to clone from becomes visible.

SNAGHTML427f79c[6]

Browse to select the VM. This is actually a template must be available in vCenter

image

I didn’t liked the name of the workflow. Cloning workflow is incorrectly named. It should be inline with deploying from template. At first look it gave me a feeling that I’m cloning VM. Coming from Microsoft background I don’t like cloning. That being said in reality we are deploying from template and not cloning from VM. So it is doing thing which I was expecting.

Go to the Machine Resources section and you might be surprised (as I was) to see Minimum resource column is already populated with some values. These values are picked from the template values and cannot be modified. Now just fill (optionally) maximum value you want to proceed with.

image

NB:Custom properties available for CloneWorkflow are more in numbers compared basic workflow.

Linked Clone Blueprint

Linked clones are extremely popular with desktops and were introduced with VMware View. They work on simple concept of parent VM and base snapshot. Base snapshot is base virtual disk for virtual machines (often referred as delta disk) and points back to parent VM. All changes happens at base virtual disk only

SNAGHTMLf1bd89

Primary requirement is to have a VM with clean OS installed and with a snapshot.

image

After you click Clone from, you see a pop seen below. Select the VM to use as a reference/Parent VM.

image

Select a snapshot to clone from. You also get an option to take snapshot from this interface but since I have press refresh button during screen capture it is not visible below.

image

Nothing much in below screen, just read it and say Ok

image

You get a smart option to delete snapshot when you delete blueprint. I think it make complete sense and should be always checked.

image

With this we are done with basic blue print creation. In properties there are many custom properties available and more or less similar to cloned workflow. But one custom property is worth noting here is MaximumProvisionedMachines. By default vCloud Automation Center 6.0 (vCAC 6.0) allows you to create 20 linked clones of one machine snapshot. This property will allow us to override this default limit.

Next post I will be looking at exploring advance blueprint option.

vCloud Automation Center 6.0 (vCAC 6.0)–Reservation Policies, Storage Reservation Policies, Network Profiles

Before we proceed further let me revise where we are. In first post here we Installed and Configure vCloud Automation Center 6.0 Identity Appliance (vCAC 6.0 Identity Appliance) and vCloud Automation Center Appliance (vCAC 6.0) and in second post here we Installed and configured vCloud Automation Center IaaS (vCAC 6.0 IaaS). In third post we went further to configure Tenant. As per below diagram we completed almost every configuration. This post will be focusing on optional configuration part

ComponentLevel

We created sales business group, assigned Business group admin to it. We created reservation and assigned reservation to sales BU. 

While creating reservation we stopped at explaining Alert tab. Lets resume with its discussion. It is optional configuration but worth understanding and enabling it. In cloud environment where things change dynamically we must configure alert.

Click on the ALERTS tab, Set the capacity alerts to on various parameters seen below.

image

Unless you have configuration notification alerts emails won’t be sent

Few consideration about Reservation

Reservation is a portion/share of resources which we assign to multiple business group (e.g. Sales, HR, Marketing) and multiple business group can have different reservation types (e.g. Gold, Silver and Bronze). In my environment Gold cluster was assigned to Sales and Marketing Business group in above figure. I have linked PDF copy to the figure. However reservation cannot be shared across the Business group.
If you have created reservation for, end user cannot request a Hyper-V resource using that reservation. Reservation type must match the platform defined in blueprint. If you name your blueprint accordingly this shouldn’t be problem at all.

Reservation Policy

It is collection of resources into group to make specific type of service available. Below I have created a policy by name Production Reservation Policy and included silver and gold reservation.

 

image

 

In below figure I tried to explain that you can have different reservations assigned to single reservation policy but Blue prints can have only one reservation policy assigned. However when resources are provisioned, only reservation which match the blueprint type are considered & allocated.

 

image

 

Reservation policy needs to be populated with reservations. However this is not quite easy to correlate in practice. When you create reservation you have an option to assign that reservation to the reservation policy. This is where association between reservation and reservation policies is created. Reservations are created for Business group and Business group have multiple reservation from fabric. With reservation policy you have an option to bring all types of reservation assigned to a business group under single reservation policy. let me explain it via simple diagram below

 

image

In above example we have tenant, under which we have created a Sales Business group. Inside Sales Business group I have created three reservation of different types. I defined have multiple reservations e.g. Cloud, Virtual and Physical. As Fabric administrator I have created reservation policy by name “Virtual Reservation Policy” to collect resources of both Virtual and Cloud reservations. This policy will help me to provision all virtual resource as long as I select in Blueprint/Reservation “Virtual Reservation Policy”. This is just one way of doing it.

You can create reservation or reservation policy first. There is as such no dependence. In fact reservation policies are optional part of over all piece. Better way to do is create reservation policy first.

Reservation policy is actually a tag. All you need to put a name to the tag, little description for it. To create reservation policy, Go to Infrastructure –> Reservation –>Reservation Policies and Click New Reservation Policies. As described above I have created two reservation policy and can be seen below.

  1. Production Reservation Policy for Gold and Silver reservation
  2. Gold Storage for production virtual machines

image

Creating reservation policy is not sufficient. You must Assign reservation policy to reservations which you intended to group together. So below I’m creating new reservations and assigning newly creating reservation policies each one of them as described above.

image

Storage Reservation Policy

Storage reservation policy is similar to reservation policy. Primary purpose is to collect datastore of similar characteristic into a group. Below I have created a storage reservation policy by name GOLD and got three different datastores (Datastore01, Datastore02 & Datastore03) of same characteristic into single storage reservation policy.

image

This tag helps to assign storage as per the requirement of application. In case Datastore 01 one is full, VM will be automatically provision to datastore 02. It means we just need to have storage reservation policy in place. Behind scene Gold storage from either of datastore01,02 or 03 is assigned for sure.

It is similar to storage profiles released in vSphere 5.0. However these tags were inherited by Dynamic ops. I wonder if there is still a use case of this tag when vSphere DRS cluster is becoming so much popular. Datastore cannot have multiple storage reservation policy e.g. Datastore 01 cannot have another storage reservation policy assigned but storage reservation policy can have different datastores. After storage reservation policy is created to be effective you must assigned it to volume.

Do not create storage reservation policy if you have well designed Storage DRS cluster

Similar to reservation policy, storage reservation policy is also a tag. You can create storage reservation policy from same interface as from reservation policy. Both are almost similar, at least I have not discovered any difference but logically they cannot be combined.

Assigning storage reservation policy differs from the assigning reservation policy. Storage reservation policy must be applied directly on datastores. Go to Infrastructure – Compute Resources – Compute Resources

image

Network Profiles

By default vCAC will assigns DHCP IP Address to all machine it can provision. DHCP is ok for non-production Server VMs but production Server VMs needs IP address. Probably we never need to worry about Desktop VMs as far as networking policies are considered. To allocate static IP is the primary intention of network profiles. It is way to create a pool of IPs using a pre-defined. You can apply network profiles while creating reservation or while creating Blueprint. 

Network profiles do not apply to AWS

Fabric Administrators defines the IP ranges, subnet mask, DNS, DHCP, WINS (does it exist yet???), DNS suffix and combine all these values into single profile referred as network profile. Network profile like reservation policies can be applied to the reservation, blueprints.

Create a Network Profile for Static IP Address Assignment

Login as fabric admin, navigate to infrastructure –> reservations –> New Network Profiles –>External

SNAGHTML3937ea3

1) Name of network profile –Append the name with type of profile e.g. Production External

2) Subnet mask for the network range

3) Gateway ( for NAT type network profile this field is compulsory)

4) Primary DNS server

5) DNS Suffix

SNAGHTML3a5e957

6) Click on IP Range tab. Below screen enter  IP Address you need to reserved for this profile. Provide name and description. Press OK once done

SNAGHTML3adcf91

After you press OK, below screen displays IP range and allocation status in status column.

SNAGHTML3ad3fd0

Now we have network profile, we need to assign it to reservation. Below here I’m  assigning it to existing reservation. Go to Infrastructure –> Reservations –> Edit Existing Reservation configured. For network path “VM Network” select network profile from drop down menu. Press OK

image

So in this post we learn the importance of reservation policy. How to configure reservation policy. We learnt about storage reservation policy and how to configure storage reservation policy. Storage reservation policy needs to applied to compute resource, while reservation policy needs to be configured at reservation screen. Then we went and checked the Network profile, it’s use cases. Finally we learnt How to configure network profile so that static IP’s can be assigned to Servers.

Next post I will be discussing how to create and configure vCloud Automation Center 6.0 (vCAC 6.0) Blueprints