vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part03

Part1, Part2 are simple in some ways & parts. Next part is bit difficult to understand. At least it was for me. I will explain what I’m going to do at high level. I’ll get Machine Name. Then I will get Machine Property –> Machine Property will give me custom property ( VM Size which  user be selecting from drop down menu as referred here and Backup Selection referred here ) finally I will Invoke VCO workflow.  In this workflow which needs VM Name input and VM Size, Backup Choice as input – I will put VM Name which I get from Get Machine Name property and VM Size, Backup choice which I got from Get Machine Property


Now lets find where to do this and how to do this. Once you understand the basic concept it is way too simple. First open vCAC designer. In that first select load and then select “WFStubMachineProvisioned”. Why “WFStubMachineProvisioned”. Well, this workflow is called immediately when the status of VM is provisioned. More information is available in guide




In below screen double click on “Machine Provisioned


Scroll down till you find custom code and double click on the custom code


From left hand side “DynamicOps.Cdk.Activities” Drag “GetMachineName



I have defined two variable for this custom code

  1. vmname (to capture VM Name)
  2. VMSize (to capture VM size e.g. Large, Medium and Small in string format)
  3. VarBackupOption (To capture user selection Yes/No in string format)


Double click on GetMachineName


In Machine Id field put a pre-defined variable “VirtualMachineId”. This is standard value. Please do not change it. Under machine name put the variable vmname. This variable we have defined above.

Machine Name will pickup name from virtualmachineid and pass it to vmname. Finally variable vmname will hold the name of the vm. We are done with GetMachineName.

Click on the custom code as shown in above figure, it will take you back to custom code screen. Now from left hand side ”DynamicOps.Cdk.Activities” Drag “GetMachineProperty


GetMachineProperty reads the custom property you have defined and the value associated with that property in vCAC. In our case I have defined custom property with name VMSize and it’s value will come from value select from drop down menu. This value (e.g. Large, Medium or Small) will be taken by variable VMSize


You will notice VMSize property name is in Quotes however Property Value is without quotes. It is because VMSize in property value is variable which will be captured from user interaction in vCAC and VMSize in property name is coming from custom property defined in vCAC.

Conceptually this is how it is related



I repeated the same procedure for Backup choice and here is how it looks below


VarBackupOption will hold the user selection string value which would be either Yes or No and pass it to vCO workflow

Now we have Virtual machine name captured in VMName variable, VMSize captured in VMSize variable and BackupOption capture in VarBackupOption we are ready for next drag and drop Smile . Drag vCO workflow by name InvokeVcoWorkflow

Simply put VMName and VMSize as input to VCO workflow.



Now below is how entire workflow looks like


Now you are done with, simple Send and that updates the WFStubMachineProvisioned


This is all you need to do. Request Virtual Machine and you will get what you have configured.

Complete log of VM provisioning via vCAC and VCO is presented below with sequence of action.


vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part02

If you have reached this post from Google, check this post first. That is where problem is discussed and this the second part of the solution. First thing you need is to pass three information from vCAC i.e. VM Name, Size of the VM and whether you need any backup. VM Name is parameter you will get from vCAC but for Backup Selection and VM Size selection I have created a custom property in build profile. Here is how I have created below

First go to infrastructure tab

In Infrastructure tab go to –> Blueprint –> Property Dictionary


Create a New Property Definition

Provide Name –VMSize

Display Name –Virtual Machine Size

Control Type – DropDownList

Please ensure Required check box is selected

Once done please click on green arrow.

Then click on Edit to edit Property Attributes


In the property attribute, select ValueList, Put same name “VM Sizes” and provide value as Large, Medium and Small which reflect the size of VM.


Similar exercise you follow for backup option

Here is how it looks when user selects the VM Size


For backup service selection this is how it looks below


Just ensure blueprint is updated as follows


This completes vCenter Automation Part at basic Level. Now comes the 3rd and final part. Follow third part here

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part01

This post is about extending vCAC in-built workflows. In last two post (Post1, Post2) I used vCenter Orchestrator (vCO) workflows and executed them using vCloud Automation Center’s (vCAC) advance service designer. It was like taking vCAC as front end to execute those workflows without taking any benefits of vCloud Automation Center’s product. vCAC was purely acting as front end.

Advance service designer doesn’t follow any reservation, policies configured for a particular tenant. It is purely taking inputs from whatever is configured in vCenter Orchestrator workflow and executing it. As I think of it is of help but then I miss all configuration, tracking ownership, multi-tenancy and metering in built in vCAC. In order to cover this I need to do additional scripting which is referred as day-2 operation. To cater this problem, vCAC provides you a way where you can modify in-built workflows. Basic details are provided into this document. I won’t repeat it here. But in order to understand this post you must read it.

To extend workflow you need vCAC designer. It is part of vCAC and can be downloaded from Install it. (it is next-next-next-Finish thing).

Problem Statement

User should be able to provision VM by selecting VM size within vCAC interface. Users should be able to understand what compute, storage details are provisioned when they select VM Size.

Here I’m going to modify my existing workflow which I created in post here. If you see the workflow there are three inputs needed

1. VM name

2. VM size

3. IP Address for the VM

If you review this post, 3rd point is automatically taken care. So I have to just focus on how to take two input (VM Name and VM Size) from vCAC and put in the vCO workflow. It was bit simple, just two inputs.

Cloning part will be taken care by vCAC but post provisioning task will be taken care by vCO workflow. So we need to only focus on creating a vCO workflow which will do the following

  1. Changing CPU count
  2. Change RAM
  3. Add Disk
  4. Add Backup Network if selected

If you execute this workflow from vCO or vCenter  VC:VirtualMachine as input is needed. But vCAC do not understand VC:VirtualMachine, it can only understand string input or can provide string output.  VC:VirtualMachine input is referred as complex object type. In order to deal with this input we need to put a wrapper around the workflow. How to put a wrapper around a workflow is explained by VCOTEAM.INFO. Thanks to this post. It is key post.

That post is a where you can start but that isn’t sufficient. You need more. If you refer below return type is array.


We need a VC:VirtualMachine as return type. I added script section and then I have created a new parameter with VC:VirtualMachine type with name as vm01 (referred in below screen)


In the first line of the script I converted array type i.e. Array/VC:VirtualMachine into VC:VirtualMachine and sent that as output. This is the core piece. If you understood this, you don’t need worry further. Everything else is straight forward. I thought so Winking smile

When I executed the VCO workflow from vCAC, it failed twice. First it failed with VMware tools not working and second time it failed with error “Hot add functionality” is disabled in VM.

First problem was when the provisioning activity was completed, my next workflow which was to shutdown the VM graceful was looking for VMware tools, it didn’t found vmware tools and abruptly failed. In order to shutdown VM gracefully VMware tools must be ready. So to address first problem I have to find a workflow which will check if VMware tools are ready. This can be easily checked by using “vim3WaitToolsStarted” action element. This workflow waits for VMware tools to be ready, as it is need to graceful shutdown VM.

Second problem was workflow didn’t wait for another workflow to be completed. After I shutdown VMs I have workflow which will change CPU count, then change RAM, Add Disk and finally powered ON the VM. So powered ON workflow didn’t wait to execute CPU count, Add Disk and RAM change workflow.  Therefore I use to get error about Hotplug not supported. It was like VM was started before even CPU and RAM change could be executed. So to solve this problem I added “vim3WaitTaskEnd” in-built workflow. This workflow checks previous tasks before executing next task.

With this additional work my final workflow was ready and shown below


NB: Except for the script section, everything in vCenter Orchestrator is in-built

Now next part is how to make vCAC to pick this VCO. I have discussed in next post here

vCloud Automation Center 6.0 –Creating Build Profiles, Custom Properties

Custom properties are one of the core part of self service provisioning, as it allows extending vCloud automation center (vCAC). This is the best feature of this product. This extensibility can be easily achieved as long as you know vCenter Orchestrator. This is the easiest product to learn, to start with the product you can find all the relevant videos for vCenter Orchestrator here by Brian Watrus. Ok back to the post.

Custom properties as the name denotes refers to customization. Therefore are used to override existing default values. You can also allow customer (end users) to make those choices.  End users are the personnel who are going to use self service provisioning day-in, day-out.

Initial Thoughts

There are many ways we can give flexibility to end users. But what are the use case for this end user? This is the first question we all need to ask. Is she an end user with no IT knowledge or she is merely a developer. These requirement drives what service offering you wish to expose to end users. I would ideally want to give to the user

  1. 1. VM type to provisioned (OS Variance, Variance by Size)
  2. 2. Ability to take VM backup on demand. Backup policy selection? Right now vCHS offers backup option but yet to offer restore service to enduser. You have to call support. Reference Blog 
  3. Ability to enable monitoring for a VM (and then choice of monitoring baseline)
  4. Ability to enable Antivirus support for a VM (and then file exclusion)
  5. Does it need DR (If yes, RPO/RTO definition option please)

This clearly is leading towards SDCC. Without SDDC architecture in place this kind of automation is impossible. 

Scope of this post

Below are the custom property I preferred to play with in this blog post

  • Allowing end user to select the portgroup to which to attach this VM
  • Allowing end user to select the folder in vCenter to place the VM
  • Remove unnecessary device from the VM e.g. CD ROM
  • Cleaning up computer accounts in active directory
  • Allowing end user to select the network type
  • Control snapshot numbers per VM
  • Control SCSI controller for a VM

That being said this is clearly a very small and simple list. I had initially plan to make use of most of them but I have cut this list down. Primary reason I did this is because custom properties are clearly dependent upon how are you deploying your VM. For cloning workflow these custom properties are limited. If you see my previous blog post on Blueprints here, I limited the scope to only Basicworkflow, Cloneworkflow and linkedclone workflow

What are reserved property

Custom properties which are defined by vCAC and cannot be used with same name are referred as reserved properties. Reserved properties allows you to add a property to a machine or override its default or existing value. vCloud Automation Center (vCAC) has defined some properties which are referred as reserved property. There are four types of properties explained below.

Properties types

Internal: This value is maintained in database only. You can query by using any programing interfaces. Below are few example of internal property. For full list of custom property please refer Custom Property Reference Guide here

  • VirtualMachine.Admin.Owner – The end user’s name who has requested the machine
  • VirtualMachine.Admin.Approver – The approver’s name who has approved the request
  • VirtualMachine.Admin.Description – The description of the machine as entered by the end users

    Read-only: These are values in read-only mode and cannot be changed. Examples could be UUID and other values which gets associated with VM for its life cycle. e.g. VirtualMachine.Admin.Name -name of the VM generated by vCAC using machine Prefix

External: This value is implemented in the VM and also updated in the Database. But if this value is changed in the VM, this value is not updated back in database. Kinda  of one time process only. e.g.

  • Hostname (to over write the VM name generated by vCAC using machine prefix)
  • VirtualMachine.Admin.AddOwnerToAdmins  – Not supported in cloning operations Crying face)
  • VirtualMachine.Admin.AllowLogin (boolean value) –To add owner to remote desktop user group. This allows requestor to login after machine is successfully provisioned. My experience in getting this work in cloning workflow has failed

Updated: Exactly opposite of external. Value is tracked till its lifetime via inventory updating mechanism when it is changed outside vCAC

  1. VirtualMachine.Admin.Hostname – Name of the host on which VM resides
  2. VirtualMachine.Memory.Size – Memory size of VM
  3. VirtualMachine.CPU.Count – CPU Count of VM
  4. VirtualMachine.Admin.TotalDiskUsage – Disk usage on the disk including swap file size

In my opinion Internal and read-only property can be of limited usage. However there is some scope for updated and external properties. From official documentation

External and updated properties can be used for cloned machines only if marked with (cloning). Others have no effect on cloned machines because they set attributes that are determined by the template and customization specification used and cannot be changed by vCAC.

Any property can be changed in the vCAC database only using the Edit option on the machine menu, except the read-only properties VirtualMachine.Admin.AgentID, VirtualMachine.Admin.UUID and Virtual-Machine.Admin.Name.

Now that we understood little bit of custom property, lets understand how we can better use them

What is build profile?

It is collection of the custom property under single title e.g Custom properties can be seen as members of a group. Collecting custom property under build profile helps to apply them to VMs and makes them more manageable. You have the option to add custom property to reservation or blueprint however in build profile you simply combine them under similar property sets. vCloud Automation center does provide in-built property set. We will look into property set at later part of the post while discussing Active Directory Clean up below

Create a build Profile

Creating  a build profile is way tooo simple. Login as a Fabric Admin Open Infrastructure –> Blueprints –> Build Profiles –> New Build Profile


I have created two Build profiles. One for a cloning workflow and other for Basic workflow. Primary reason for doing so is because with cloning workflow you basically deploy VM from the template. So lot of the VM properties and OS properties are being copied from the template into VM as referred in official documentation (also mentioned above in Italics). So there is a limited way you can play with VMs deployed using this cloning workflow and similar logic applies to Basic workflow

Let’s focus on custom properties that I have created for VMs to be provisioned from Basic workflow.

Select New Property. Enter name for the property. This name must be same as defined by vCloud Automation Center Custom Property Reference Guide. Put the value and select If you wish to encrypt and or prompt user for inputs


In above build profile I have created 6 custom properties to be part of Build profile by name BasicVM. Let’s discuss them one by one.

  1. VirtualMachine.CDROM.Attach –This property by default has True value, in above I have changed this to False as I don’t want to attach CD ROM to my machine
  2. VirtualMachine.Network0.Name –This property allows you to choose which port group you want your VM to be attached. I have left Value field as blank which means by default it won’t have any value. I have select this value not to be encrypted. In Prompt User I have selected that user should be prompted for input. In above property Network0 refers to first network card attached to the VM. If you wish to learn to more on how to do this, please refer to an excellent blog by Magnus Andersson –> I’m regular reader of this excellent blog.
  3. VMware.Network.Type –This property allows you to select the network adapter type you can select for VM to be provisioned. It based on Magnus’s blog. It is kind of I learnt from his post and I choose to find another use case to implement using same principle
  4. VMware.SCSI.Type – This property allows you to select SCSI controller for your VM. In this case I’ve not given user option but I made that choice on behalf of end user. By default SCSI controller of pvscsi will be created. For Windows 2008R2 default SCSI controller is LSI Logic SAS. It is worth observing you do not get a choice to user different types of controllers for different disk. All controllers of PVSCSI are created based on this property value
  5. VMware.VirtualCenter.Folder – This property allows you select the folder where you wish to place the VM.
  6. VMware.VirtualCenter.OperatingSystem – This property creates VM with Windows 2008 R2 operating system

Now all 6 properties forms part of build profile under name BasicVM. This build profile will automatically appear in Blueprint’s Properties tab as seen below. Just select it. Press Ok


Now when user request a virtual machine he gets three drop downs menu which are 1)select Destination Network (derived from VirtualMachine.Network0.Name property), Network Card Type (derived from VMware.Network.Type property) and VM Folder Location (derived from VMware.VirtualCenter.Folder).


NB: All the above properties except VMware.VirtualCenter.Folder are not possible to change when we use cloning workflow.

Below are the screens of how dropdown menu appears to end users for selection of choice.




Disclaimer: Properties which I have discussed for cloning workflow are based on my experience, trials and error. VMware doesn’t explicitly & correctly mentions about which properties are applicable/not applicable in particular workflow.


That being said So let’s discuss what properties we can use when we are using cloning workflow. Here I have created a build profile by name Customize VM.


  1. First 5 custom properties are inbuilt custom properties created for you under Active Directory Clean up plugin by vCAC. It is referred as property set. These we cannot change in the property set, we can just use them. The process to load them is as below
    1. In the Add from Property Set either scroll down or Type Active directory. After Active directory menu is visible, press Load button. After you press Load button properties related to the property set are loaded. In this case first 5 property are loaded for active directory clean up
    2. Plugin.AdMachineCleanup.Delete is set for false. If it is set for True, computer account is deleted and So property Plugin.AdMachineCleanup.MoveToOU which controls where delete computer account should go serves no purpose. So in order to use Plugin.AdMachineCleanup.MoveToOU, we must put Plugin.AdMachineCleanup.Delete value as false.
    3. Plugin.AdMachineCleanup.Execute is set for true. Unless this is true none of the plugin properties will be of use
    4. Plugin.AdMachineCleanup.Username & Plugin.AdMachineCleanup.Password these are credentials an account which has rights to delete computer accounts in AD. Please note for Plugin.AdMachineCleanup.Password I have selected encrypt checkbox which is the reason password is not visible in clear text.

Below screens shows the results of active directory plug-in values


  1. Snapshot.Policy.AgeLimit allows you to limit number of snapshot per VM. It is 3 in my case. If you go beyond it, you would get an error as shown below.


  1. VMware.Memory.Reservation it is the property where you can reserve memory for VM. We have reserved 512 MB and below this value is reflected in VM property. That being said I have not seen custom property for CPU.


VMware.VirtualCenter.Folder is as explained above

Hope you like this post.

Previous Posts



vCloud Automation Center 6.0 (vCAC 6.0)–Creating & Configuring Blueprints–Basics

Blueprints (BP) are fundamental building blocks for provisioning virtual machine, cloud machine and physical machine from vCloud Automation Center (vCAC). Blueprint represent processes and policies Tenant follows today.

Introduction to Blueprints

Before we start creating Blueprint (BP) we need to understand what kind of services you are planning for end users. When they request services (in this case IaaS only) are end users expecting a full fledge VM with OS installed, Full fledged VM with OS installed, configured and customized. Blueprints provides several of these options. I ‘m focusing only on VMware based VMs as highlighted below



Basic Workflow

In basic workflow VMs are provisioned without any Guest OS. Well at first thought I felt there is no point in discussing this BP type. But lets start with simple. Lets understand the process and see how Basic BP differs from others.

1. First logging using tenant administrator/business group manager. I’m logging as tenant, as in the end he need to take full control of how to consume resources

2. Go to Infrastructure –> Blueprints –> Blueprints

3. For our purpose we will select Virtual > Blueprint > vSphere (vCenter)



Blueprint information Tab

1. Type the name for the Blueprint. Name should reflect OS, Application or Service. Since in IaaS name of the OS and Version should be okay to start with.


In below screen please note how screen changes if you deselect Shared blueprint, Business group appears automatically. Since I’m using tenant admin credentials to create & configure blueprint I have to select Shared blueprint (can be Shared across groups) option


Build Information Tab

Build information tab is where you make choice about workflow type. In Blueprint type you have an option between Server and Desktop. I choose Server for this blog post. Next piece is Action. For basic workflow select create from the drop down menu. Next label Provisioning workflow automatically gets populated with list from which you select basicvmworkflow (shown in 2nd screen capture).




Lets move to Machine Resource section. Key in CPUs, Memory (MB), Storage (GB) &

Lease (days): How many days you want VM. Leave it blank to make it permanent.

Do make a note of maximum section. Using maximum value you give user flexibility to choose between minimum and maximum values while provisioning VMs. e.g. for Memory (MB) we have minimum 512 MB and maximum 1024 MB. So end user can request a VM with memory from anywhere between 512 to 1024 MB

Properties Tab

In property tab we have option to use Build profiles. Build profiles I have cover in this blog post. You can create custom properties. Custom properties are used to pass value to OS during its provisioning process. And every workflow has pre-define list of custom properties


I have used a very simple custom property here. VirtualMachine.Admin.ThinProvisionion which gives you control if you wish thin provision VM. This property is must if you are provisioning against local SCSI disk.


Select the actions you want to make available to the end users.



At this point all four tabs we have been configured. There is more to discuss about Blueprint. I plan to cover it future posts especially the advance configuration options. Now I will move to other workflows i.e. Cloned and linked clone workflow. In both these workflow Blueprint Information, Action and properties tabs are similar and what we discussed in Properties and Actions tab above applies for these workflows as well.

Use blueprint actions and entitlements together to maintain detailed control over provisioned machines.

Creating a Blueprint for Cloning

Word cloning clicks immediately. It means we need a reference VM inside vCenter. This workflow is nothing but wrapper over the process we had done for last so many years. That being said you need a reference, pre-customized VM, you need a sysprep for Windows 2003 or earlier on vCenter. Simplest workflow and I guess widely used as long as we are focusing on IaaS.

Blueprint Information

Nothing here to configure but ensure your naming convention matches the workflow.


Build Information

Select Blueprint type

Select action as Clone. This changes the workflow option to clone.


After you select clone, immediately an option to browse to select image to clone from becomes visible.


Browse to select the VM. This is actually a template must be available in vCenter


I didn’t liked the name of the workflow. Cloning workflow is incorrectly named. It should be inline with deploying from template. At first look it gave me a feeling that I’m cloning VM. Coming from Microsoft background I don’t like cloning. That being said in reality we are deploying from template and not cloning from VM. So it is doing thing which I was expecting.

Go to the Machine Resources section and you might be surprised (as I was) to see Minimum resource column is already populated with some values. These values are picked from the template values and cannot be modified. Now just fill (optionally) maximum value you want to proceed with.


NB:Custom properties available for CloneWorkflow are more in numbers compared basic workflow.

Linked Clone Blueprint

Linked clones are extremely popular with desktops and were introduced with VMware View. They work on simple concept of parent VM and base snapshot. Base snapshot is base virtual disk for virtual machines (often referred as delta disk) and points back to parent VM. All changes happens at base virtual disk only


Primary requirement is to have a VM with clean OS installed and with a snapshot.


After you click Clone from, you see a pop seen below. Select the VM to use as a reference/Parent VM.


Select a snapshot to clone from. You also get an option to take snapshot from this interface but since I have press refresh button during screen capture it is not visible below.


Nothing much in below screen, just read it and say Ok


You get a smart option to delete snapshot when you delete blueprint. I think it make complete sense and should be always checked.


With this we are done with basic blue print creation. In properties there are many custom properties available and more or less similar to cloned workflow. But one custom property is worth noting here is MaximumProvisionedMachines. By default vCloud Automation Center 6.0 (vCAC 6.0) allows you to create 20 linked clones of one machine snapshot. This property will allow us to override this default limit.

Next post I will be looking at exploring advance blueprint option.

vCloud Automation Center 6.0 (vCAC 6.0)–Reservation Policies, Storage Reservation Policies, Network Profiles

Before we proceed further let me revise where we are. In first post here we Installed and Configure vCloud Automation Center 6.0 Identity Appliance (vCAC 6.0 Identity Appliance) and vCloud Automation Center Appliance (vCAC 6.0) and in second post here we Installed and configured vCloud Automation Center IaaS (vCAC 6.0 IaaS). In third post we went further to configure Tenant. As per below diagram we completed almost every configuration. This post will be focusing on optional configuration part


We created sales business group, assigned Business group admin to it. We created reservation and assigned reservation to sales BU. 

While creating reservation we stopped at explaining Alert tab. Lets resume with its discussion. It is optional configuration but worth understanding and enabling it. In cloud environment where things change dynamically we must configure alert.

Click on the ALERTS tab, Set the capacity alerts to on various parameters seen below.


Unless you have configuration notification alerts emails won’t be sent

Few consideration about Reservation

Reservation is a portion/share of resources which we assign to multiple business group (e.g. Sales, HR, Marketing) and multiple business group can have different reservation types (e.g. Gold, Silver and Bronze). In my environment Gold cluster was assigned to Sales and Marketing Business group in above figure. I have linked PDF copy to the figure. However reservation cannot be shared across the Business group.
If you have created reservation for, end user cannot request a Hyper-V resource using that reservation. Reservation type must match the platform defined in blueprint. If you name your blueprint accordingly this shouldn’t be problem at all.

Reservation Policy

It is collection of resources into group to make specific type of service available. Below I have created a policy by name Production Reservation Policy and included silver and gold reservation.




In below figure I tried to explain that you can have different reservations assigned to single reservation policy but Blue prints can have only one reservation policy assigned. However when resources are provisioned, only reservation which match the blueprint type are considered & allocated.




Reservation policy needs to be populated with reservations. However this is not quite easy to correlate in practice. When you create reservation you have an option to assign that reservation to the reservation policy. This is where association between reservation and reservation policies is created. Reservations are created for Business group and Business group have multiple reservation from fabric. With reservation policy you have an option to bring all types of reservation assigned to a business group under single reservation policy. let me explain it via simple diagram below



In above example we have tenant, under which we have created a Sales Business group. Inside Sales Business group I have created three reservation of different types. I defined have multiple reservations e.g. Cloud, Virtual and Physical. As Fabric administrator I have created reservation policy by name “Virtual Reservation Policy” to collect resources of both Virtual and Cloud reservations. This policy will help me to provision all virtual resource as long as I select in Blueprint/Reservation “Virtual Reservation Policy”. This is just one way of doing it.

You can create reservation or reservation policy first. There is as such no dependence. In fact reservation policies are optional part of over all piece. Better way to do is create reservation policy first.

Reservation policy is actually a tag. All you need to put a name to the tag, little description for it. To create reservation policy, Go to Infrastructure –> Reservation –>Reservation Policies and Click New Reservation Policies. As described above I have created two reservation policy and can be seen below.

  1. Production Reservation Policy for Gold and Silver reservation
  2. Gold Storage for production virtual machines


Creating reservation policy is not sufficient. You must Assign reservation policy to reservations which you intended to group together. So below I’m creating new reservations and assigning newly creating reservation policies each one of them as described above.


Storage Reservation Policy

Storage reservation policy is similar to reservation policy. Primary purpose is to collect datastore of similar characteristic into a group. Below I have created a storage reservation policy by name GOLD and got three different datastores (Datastore01, Datastore02 & Datastore03) of same characteristic into single storage reservation policy.


This tag helps to assign storage as per the requirement of application. In case Datastore 01 one is full, VM will be automatically provision to datastore 02. It means we just need to have storage reservation policy in place. Behind scene Gold storage from either of datastore01,02 or 03 is assigned for sure.

It is similar to storage profiles released in vSphere 5.0. However these tags were inherited by Dynamic ops. I wonder if there is still a use case of this tag when vSphere DRS cluster is becoming so much popular. Datastore cannot have multiple storage reservation policy e.g. Datastore 01 cannot have another storage reservation policy assigned but storage reservation policy can have different datastores. After storage reservation policy is created to be effective you must assigned it to volume.

Do not create storage reservation policy if you have well designed Storage DRS cluster

Similar to reservation policy, storage reservation policy is also a tag. You can create storage reservation policy from same interface as from reservation policy. Both are almost similar, at least I have not discovered any difference but logically they cannot be combined.

Assigning storage reservation policy differs from the assigning reservation policy. Storage reservation policy must be applied directly on datastores. Go to Infrastructure – Compute Resources – Compute Resources


Network Profiles

By default vCAC will assigns DHCP IP Address to all machine it can provision. DHCP is ok for non-production Server VMs but production Server VMs needs IP address. Probably we never need to worry about Desktop VMs as far as networking policies are considered. To allocate static IP is the primary intention of network profiles. It is way to create a pool of IPs using a pre-defined. You can apply network profiles while creating reservation or while creating Blueprint. 

Network profiles do not apply to AWS

Fabric Administrators defines the IP ranges, subnet mask, DNS, DHCP, WINS (does it exist yet???), DNS suffix and combine all these values into single profile referred as network profile. Network profile like reservation policies can be applied to the reservation, blueprints.

Create a Network Profile for Static IP Address Assignment

Login as fabric admin, navigate to infrastructure –> reservations –> New Network Profiles –>External


1) Name of network profile –Append the name with type of profile e.g. Production External

2) Subnet mask for the network range

3) Gateway ( for NAT type network profile this field is compulsory)

4) Primary DNS server

5) DNS Suffix


6) Click on IP Range tab. Below screen enter  IP Address you need to reserved for this profile. Provide name and description. Press OK once done


After you press OK, below screen displays IP range and allocation status in status column.


Now we have network profile, we need to assign it to reservation. Below here I’m  assigning it to existing reservation. Go to Infrastructure –> Reservations –> Edit Existing Reservation configured. For network path “VM Network” select network profile from drop down menu. Press OK


So in this post we learn the importance of reservation policy. How to configure reservation policy. We learnt about storage reservation policy and how to configure storage reservation policy. Storage reservation policy needs to applied to compute resource, while reservation policy needs to be configured at reservation screen. Then we went and checked the Network profile, it’s use cases. Finally we learnt How to configure network profile so that static IP’s can be assigned to Servers.

Next post I will be discussing how to create and configure vCloud Automation Center 6.0 (vCAC 6.0) Blueprints

Part:08 Zerto Checkpoints–Automatic and Manual

Checkpoints are very important part of Zerto’s technical innovation. It is strong selling point of the product and strong uses cases for Business critical application. In fact VMware vSphere replication quite recently added similar feature. These checkpoint provide point in time (PIT) copies of VMs. Point in time(PIT) allows VMs to be rolled back to any point of your request. PIT term is widely used in High-end Enterprise scale storage arrays


Checkpoints are automatically taken every seconds or as early as possible. These checkpoints are crash consistent and written to the journals by ZVM. During recovery you pickup crash consistent checkpoints in the journal and recover to this point


You can manually create checkpoints. Manually allows you to control time and date. You can think of it as a snapshot which you take it manually for particular reason.

So it gives you an option to recovery VMs to either manually or automatically created checkpoints allowing to do PIT recovery

Let’s see how to add manual checkpoint. Go to any tab of GUI you will see Checkpoint button there.


Click it, give name for the checkpoint. Select VPG for which you wish to take checkpoint and press Save.

Below is the event logged “insert tagged CP” in GUI and you should also see similar event in vCenter tasks


To recovery application using VSS agent

Zerto provides VSS agent. We discussed in this post here how to install VSS agent. VSS agent helps to backup application data in a consistent state.  Application data consistent is of utmost importance when you want to protect and recover application data. All good backup product includes VSS integration. Though VSS only works with Microsoft products.

After you successfully install VSS agent shortcut by name “Add VSS Checkpoint” is created on the desktop. You can take checkpoint using this shortcut, command line or schedule task. This checkpoint is sent to ZVM. ZVM then add this to Journal. VSS ensures it is in application consistent state.

NB: Such checkpoints are initiated within VM but are considered for entire entire VPG. Other VMs in that VPG will have crash consistent checkpoint. It is design consideration of VPG as to how many application need a protection and if they have to be part of same VPG group as VSS can take application consistent backup of only one VM


Figure: 01 when you double click the shortcut, give name to checkpoint


Figure: 02 confirms checkpoint is taken successfully


Figure: 03 Checkpoint event is successfully logged in vSphere client


Figure: 04 Checkpoint event is successfully logged in GUI

In below figure you see the checkpoints which are available for you when initiated failover (Test/Actual). I have marked VSS endpoint as yellow. Both checkpoint has name on it. It helps you identify the reason for checkpoint


Finally few things to keep in mind regarding checkpoints

  1. Checkpoints will have a performance impact. This impact is ruled by how much of the data is in memory of the VM. So be wary about this impact especially during production hours.
  2. VSS Agent can take application consistent backup of single VM only, Even if VSS agent is installed on all VMs of a particular VPG group. This is due write order fidelity implemented by Zerto
  3. Any changes in VPG that leads to re-synchronization of VPG will remove all checkpoints and synchronization starts from zero again. If there are no checkpoints there is no other way to get PIT (point in time).

Let discuss few things on checkpoints and Journal history. If you look at the slider here. This slide start position below is at 10:15:03 PM


And slider’s stop end position is at 10:56:28


It suggest you have checkpoints for last  41 minutes, 25 Seconds. But by default journal history is set for 4 hours, Ideally you should see difference between beginning and end position up to 4 hours.If it goes less than it e.g. if you have history for last 3 hours it starts sending warningFreezing and if it has history of just last 1 hour, it will start sending alerts Angry smile

The slider shows a maximum of 180 checkpoints spread over the most recent 24 hours stored in the journal. The older the checkpoints over this period the fewer checkpoints are shown, with at least two shown per hour. The majority of the checkpoints cover the most recent hour in the journal. To be even more specific use the Manual Select option.


In Manual Select option you get more granular options to choose. It is checkpoint taken every 5 second if you observe carefully. It also suggest you have the option of rolling back to minimum 5 seconds. In above figure you can also see the checkpoint manually taken from the VM. This explains the value of this product. Such granular protection few years ago was possible using only costly enterprise grade storage arrays.

If you wish to follow entire series of Zerto go to the Landing Page

Pay-as-you-go Resource Allocation Model behind the scene

When organization is created it won’t have any resources. We must assign resources to the organization. When you allocate resource to organization you end up creating organization vDC. These resources comes from Provider vDC as explained in earlier blog. We need resource allocation model to ensure right kind of service could be delivered to the consumers/BU. Only CPU and Memory are part of resource allocation model.

vCloud provides three different types of resource allocation model

  1. Pay-as-you-go

Pay-as-you-go model is primarily used for varying workload and it is most suitable for developer and QA workload. This model is unique in many ways. In this model resources are applied per VM basis. It means memory and CPU limits and reservations are applied per VM basis and not at resource pool level. Resources are allocated only when workload are powered ON. This model assumes there is infinite pool of resource. As cloud administrator you have to ensure this assumption is not taken seriously by organization administrator. You can control it using various options. These are CPU, Memory quota and maximum number of VMs that can be started. You can use either of parameter to control resource usage. Over and above there is way you can also provide some kind of guarantee (reservation) on CPU and Memory when VM is powered ON.

In below screen organization vDC is created with the following values

  1. CPU quota = 6 GHz (read this as a limit)
  2. CPU Resources Guaranteed = 50%
  3. vCPU Speed = 1 GHz (read this as a limit per vCPU at VM level)
  4. Memory quota = 3.33 GB ((read this as a limit))
  5. Memory Resources Guaranteed=50%


lets create three VM’s each with 2 vCPU and 512 GB memory. Below table explains what will be VM level memory and limit configuration


From the above table it can be read that Total CPU configured per VM will be 2000 GHz (see below –it is configured as limit) and 50% of total resources are guaranteed (see below out 2000 MHZ, 1000 MHZ are reserved).


One thing you must note 6 GHZ and 3.33 GB RAM is cumulative limit. It means you can have 1 VM of 6 GHZ and 3.33 GB RAM or you can have any number of VMs as long 6 GHZ and 3.33 GB RAM resources are not exceeded.

To prove it, I have configured two VM with 3 vCPU which amounts to 6 GHZ. I Left the 3rd VM un touched to 2 vCPU. Since we have allocated only 6 GHZ it cannot powered on 3rd VM.





Similar fact can be proved for memory reservation as well


Quota you configure in this allocation model is the maximum a VM or VM’s in this Organization vDC can use. CPU and Memory quota is the another way to limit the resource allocated in Pay-as-you-go model.If you do not configure any quota then there is high risk that provider vDC’s entire resource might get consumed without being warned. So please use these controls always.

Reservations and limits are set at the VM level and not at the resource pool level.

Another point one should note, it is not the consumption of resources by VM but allocation of resource to the VM are considered by admission control before powering on additional VM. E.g :- If you allocate 6 GHZ to this organization vDC and you configure 1 VM with 6 vCPU (assuming vCPU speed =1 GHz), you cannot power ON another VM as 6 GHZ limit is reached. However it not concerned about how much out of 6 GHz this VM is actually using. This is monitoring consumer must do and make a decision to resize it. Of course provider can provide these utilization numbers if requested.

If you look at it, it is different kind of admission control compared with the one we have learnt from vSphere HA cluster. Therefore design Pay-as-go model accordingly.

In next blog post I will be discussing the allocation pool model.