vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part03

Part1, Part2 are simple in some ways & parts. Next part is bit difficult to understand. At least it was for me. I will explain what I’m going to do at high level. I’ll get Machine Name. Then I will get Machine Property –> Machine Property will give me custom property ( VM Size which  user be selecting from drop down menu as referred here and Backup Selection referred here ) finally I will Invoke VCO workflow.  In this workflow which needs VM Name input and VM Size, Backup Choice as input – I will put VM Name which I get from Get Machine Name property and VM Size, Backup choice which I got from Get Machine Property

image_thumb1

Now lets find where to do this and how to do this. Once you understand the basic concept it is way too simple. First open vCAC designer. In that first select load and then select “WFStubMachineProvisioned”. Why “WFStubMachineProvisioned”. Well, this workflow is called immediately when the status of VM is provisioned. More information is available in http://pubs.vmware.com/vCAC-60/topic/com.vmware.ICbase/PDF/vcloud-automation-center-60-extensibility.pdf guide

image_thumb8

 

image_thumb12

In below screen double click on “Machine Provisioned

image_thumb14

Scroll down till you find custom code and double click on the custom code

image_thumb16

From left hand side “DynamicOps.Cdk.Activities” Drag “GetMachineName

SNAGHTML10b7be85_thumb3

 

I have defined two variable for this custom code

  1. vmname (to capture VM Name)
  2. VMSize (to capture VM size e.g. Large, Medium and Small in string format)
  3. VarBackupOption (To capture user selection Yes/No in string format)

SNAGHTML10b93f29_thumb3

Double click on GetMachineName

image_thumb31

In Machine Id field put a pre-defined variable “VirtualMachineId”. This is standard value. Please do not change it. Under machine name put the variable vmname. This variable we have defined above.

Machine Name will pickup name from virtualmachineid and pass it to vmname. Finally variable vmname will hold the name of the vm. We are done with GetMachineName.

Click on the custom code as shown in above figure, it will take you back to custom code screen. Now from left hand side ”DynamicOps.Cdk.Activities” Drag “GetMachineProperty

image_thumb35

GetMachineProperty reads the custom property you have defined and the value associated with that property in vCAC. In our case I have defined custom property with name VMSize and it’s value will come from value select from drop down menu. This value (e.g. Large, Medium or Small) will be taken by variable VMSize

image_thumb42

You will notice VMSize property name is in Quotes however Property Value is without quotes. It is because VMSize in property value is variable which will be captured from user interaction in vCAC and VMSize in property name is coming from custom property defined in vCAC.

Conceptually this is how it is related

image_thumb45

 

I repeated the same procedure for Backup choice and here is how it looks below

image

VarBackupOption will hold the user selection string value which would be either Yes or No and pass it to vCO workflow

Now we have Virtual machine name captured in VMName variable, VMSize captured in VMSize variable and BackupOption capture in VarBackupOption we are ready for next drag and drop Smile . Drag vCO workflow by name InvokeVcoWorkflow

Simply put VMName and VMSize as input to VCO workflow.

image

 

Now below is how entire workflow looks like

image_thumb52

Now you are done with, simple Send and that updates the WFStubMachineProvisioned

image_thumb56

This is all you need to do. Request Virtual Machine and you will get what you have configured.

Complete log of VM provisioning via vCAC and VCO is presented below with sequence of action.

image

Advertisements

vCloud Automation Center 6.0 –Creating Build Profiles, Custom Properties

Custom properties are one of the core part of self service provisioning, as it allows extending vCloud automation center (vCAC). This is the best feature of this product. This extensibility can be easily achieved as long as you know vCenter Orchestrator. This is the easiest product to learn, to start with the product you can find all the relevant videos for vCenter Orchestrator here by Brian Watrus. Ok back to the post.

Custom properties as the name denotes refers to customization. Therefore are used to override existing default values. You can also allow customer (end users) to make those choices.  End users are the personnel who are going to use self service provisioning day-in, day-out.

Initial Thoughts

There are many ways we can give flexibility to end users. But what are the use case for this end user? This is the first question we all need to ask. Is she an end user with no IT knowledge or she is merely a developer. These requirement drives what service offering you wish to expose to end users. I would ideally want to give to the user

  1. 1. VM type to provisioned (OS Variance, Variance by Size)
  2. 2. Ability to take VM backup on demand. Backup policy selection? Right now vCHS offers backup option but yet to offer restore service to enduser. You have to call support. Reference Blog 
  3. Ability to enable monitoring for a VM (and then choice of monitoring baseline)
  4. Ability to enable Antivirus support for a VM (and then file exclusion)
  5. Does it need DR (If yes, RPO/RTO definition option please)

This clearly is leading towards SDCC. Without SDDC architecture in place this kind of automation is impossible. 

Scope of this post

Below are the custom property I preferred to play with in this blog post

  • Allowing end user to select the portgroup to which to attach this VM
  • Allowing end user to select the folder in vCenter to place the VM
  • Remove unnecessary device from the VM e.g. CD ROM
  • Cleaning up computer accounts in active directory
  • Allowing end user to select the network type
  • Control snapshot numbers per VM
  • Control SCSI controller for a VM

That being said this is clearly a very small and simple list. I had initially plan to make use of most of them but I have cut this list down. Primary reason I did this is because custom properties are clearly dependent upon how are you deploying your VM. For cloning workflow these custom properties are limited. If you see my previous blog post on Blueprints here, I limited the scope to only Basicworkflow, Cloneworkflow and linkedclone workflow

What are reserved property

Custom properties which are defined by vCAC and cannot be used with same name are referred as reserved properties. Reserved properties allows you to add a property to a machine or override its default or existing value. vCloud Automation Center (vCAC) has defined some properties which are referred as reserved property. There are four types of properties explained below.

Properties types

Internal: This value is maintained in database only. You can query by using any programing interfaces. Below are few example of internal property. For full list of custom property please refer Custom Property Reference Guide here

  • VirtualMachine.Admin.Owner – The end user’s name who has requested the machine
  • VirtualMachine.Admin.Approver – The approver’s name who has approved the request
  • VirtualMachine.Admin.Description – The description of the machine as entered by the end users

    Read-only: These are values in read-only mode and cannot be changed. Examples could be UUID and other values which gets associated with VM for its life cycle. e.g. VirtualMachine.Admin.Name -name of the VM generated by vCAC using machine Prefix

External: This value is implemented in the VM and also updated in the Database. But if this value is changed in the VM, this value is not updated back in database. Kinda  of one time process only. e.g.

  • Hostname (to over write the VM name generated by vCAC using machine prefix)
  • VirtualMachine.Admin.AddOwnerToAdmins  – Not supported in cloning operations Crying face)
  • VirtualMachine.Admin.AllowLogin (boolean value) –To add owner to remote desktop user group. This allows requestor to login after machine is successfully provisioned. My experience in getting this work in cloning workflow has failed

Updated: Exactly opposite of external. Value is tracked till its lifetime via inventory updating mechanism when it is changed outside vCAC

  1. VirtualMachine.Admin.Hostname – Name of the host on which VM resides
  2. VirtualMachine.Memory.Size – Memory size of VM
  3. VirtualMachine.CPU.Count – CPU Count of VM
  4. VirtualMachine.Admin.TotalDiskUsage – Disk usage on the disk including swap file size

In my opinion Internal and read-only property can be of limited usage. However there is some scope for updated and external properties. From official documentation

External and updated properties can be used for cloned machines only if marked with (cloning). Others have no effect on cloned machines because they set attributes that are determined by the template and customization specification used and cannot be changed by vCAC.

Any property can be changed in the vCAC database only using the Edit option on the machine menu, except the read-only properties VirtualMachine.Admin.AgentID, VirtualMachine.Admin.UUID and Virtual-Machine.Admin.Name.

Now that we understood little bit of custom property, lets understand how we can better use them

What is build profile?

It is collection of the custom property under single title e.g Custom properties can be seen as members of a group. Collecting custom property under build profile helps to apply them to VMs and makes them more manageable. You have the option to add custom property to reservation or blueprint however in build profile you simply combine them under similar property sets. vCloud Automation center does provide in-built property set. We will look into property set at later part of the post while discussing Active Directory Clean up below

Create a build Profile

Creating  a build profile is way tooo simple. Login as a Fabric Admin Open Infrastructure –> Blueprints –> Build Profiles –> New Build Profile

image

I have created two Build profiles. One for a cloning workflow and other for Basic workflow. Primary reason for doing so is because with cloning workflow you basically deploy VM from the template. So lot of the VM properties and OS properties are being copied from the template into VM as referred in official documentation (also mentioned above in Italics). So there is a limited way you can play with VMs deployed using this cloning workflow and similar logic applies to Basic workflow

Let’s focus on custom properties that I have created for VMs to be provisioned from Basic workflow.

Select New Property. Enter name for the property. This name must be same as defined by vCloud Automation Center Custom Property Reference Guide. Put the value and select If you wish to encrypt and or prompt user for inputs

image

In above build profile I have created 6 custom properties to be part of Build profile by name BasicVM. Let’s discuss them one by one.

  1. VirtualMachine.CDROM.Attach –This property by default has True value, in above I have changed this to False as I don’t want to attach CD ROM to my machine
  2. VirtualMachine.Network0.Name –This property allows you to choose which port group you want your VM to be attached. I have left Value field as blank which means by default it won’t have any value. I have select this value not to be encrypted. In Prompt User I have selected that user should be prompted for input. In above property Network0 refers to first network card attached to the VM. If you wish to learn to more on how to do this, please refer to an excellent blog by Magnus Andersson –>vcdx56.com. I’m regular reader of this excellent blog.
  3. VMware.Network.Type –This property allows you to select the network adapter type you can select for VM to be provisioned. It based on Magnus’s blog. It is kind of I learnt from his post and I choose to find another use case to implement using same principle
  4. VMware.SCSI.Type – This property allows you to select SCSI controller for your VM. In this case I’ve not given user option but I made that choice on behalf of end user. By default SCSI controller of pvscsi will be created. For Windows 2008R2 default SCSI controller is LSI Logic SAS. It is worth observing you do not get a choice to user different types of controllers for different disk. All controllers of PVSCSI are created based on this property value
  5. VMware.VirtualCenter.Folder – This property allows you select the folder where you wish to place the VM.
  6. VMware.VirtualCenter.OperatingSystem – This property creates VM with Windows 2008 R2 operating system

Now all 6 properties forms part of build profile under name BasicVM. This build profile will automatically appear in Blueprint’s Properties tab as seen below. Just select it. Press Ok

image

Now when user request a virtual machine he gets three drop downs menu which are 1)select Destination Network (derived from VirtualMachine.Network0.Name property), Network Card Type (derived from VMware.Network.Type property) and VM Folder Location (derived from VMware.VirtualCenter.Folder).

image

NB: All the above properties except VMware.VirtualCenter.Folder are not possible to change when we use cloning workflow.

Below are the screens of how dropdown menu appears to end users for selection of choice.

image

image

image

Disclaimer: Properties which I have discussed for cloning workflow are based on my experience, trials and error. VMware doesn’t explicitly & correctly mentions about which properties are applicable/not applicable in particular workflow.

image

That being said So let’s discuss what properties we can use when we are using cloning workflow. Here I have created a build profile by name Customize VM.

SNAGHTML1254e34

  1. First 5 custom properties are inbuilt custom properties created for you under Active Directory Clean up plugin by vCAC. It is referred as property set. These we cannot change in the property set, we can just use them. The process to load them is as below
    1. In the Add from Property Set either scroll down or Type Active directory. After Active directory menu is visible, press Load button. After you press Load button properties related to the property set are loaded. In this case first 5 property are loaded for active directory clean up
    2. Plugin.AdMachineCleanup.Delete is set for false. If it is set for True, computer account is deleted and So property Plugin.AdMachineCleanup.MoveToOU which controls where delete computer account should go serves no purpose. So in order to use Plugin.AdMachineCleanup.MoveToOU, we must put Plugin.AdMachineCleanup.Delete value as false.
    3. Plugin.AdMachineCleanup.Execute is set for true. Unless this is true none of the plugin properties will be of use
    4. Plugin.AdMachineCleanup.Username & Plugin.AdMachineCleanup.Password these are credentials an account which has rights to delete computer accounts in AD. Please note for Plugin.AdMachineCleanup.Password I have selected encrypt checkbox which is the reason password is not visible in clear text.

Below screens shows the results of active directory plug-in values

image

  1. Snapshot.Policy.AgeLimit allows you to limit number of snapshot per VM. It is 3 in my case. If you go beyond it, you would get an error as shown below.

image

  1. VMware.Memory.Reservation it is the property where you can reserve memory for VM. We have reserved 512 MB and below this value is reflected in VM property. That being said I have not seen custom property for CPU.

image

VMware.VirtualCenter.Folder is as explained above

Hope you like this post.

Previous Posts

 

 

vCloud Automation Center 6.0 (vCAC 6.0) Creating and Configuring Approval Policies

Approval policies has changed significantly compared to previous releases of vCloud Automation Center. Approval policies provides a key control over your Infrastructure. It forms core component of Cloud governance. Below is schematic view of approval policy. Approval policy is ruled by policy type and directly influences approval phases.

image

There are two Approval phases -Post-Approval and Pre-Approval phases. For every phase there are levels to define. These levels are approval levels can be seen as Business steps. At each level you have to select how approval proceeds. Approval steps/levels is influenced by two options 1).Is Approval Required, 2). Who are the approvers . In first option we decide if approval is needed (always required/based on condition) and second option we define approvers (single/group, All must approve/anyone approve).

Creating Approval Policies

As tenant administrator go to Administration tab => Approval Policies and select fat green button to create a new approval policy

 

image

 

Select the approval Policy Type from the drop down menu. Most relevant for me is Service Catalog –Catalog Item Request (Virtual Machines)

image

Approval level can be designated as always required for strict governance or you can keep it flexible by defining condition. e.g. end user is requesting a machine of 16 GB RAM. For uses cases of this kind a condition must be defined -whenever user request a machine memory more than 4 GB, approval policy must be invoked.

image

 

You can designate single person an approver or you can add group of users as approvers. You also have option to decide if approval is needed from any one person from the group or all the group members must approve it.

Sometime it does happen, user requests VM with 16 GB RAM, IT manager explains it is not possible now however once we have adequate capacity we can meet you requirement. End user agrees. So instead of asking him to re-sent another provisioning request IT manager can edit the memory to level which is possible with current utilization and approval process proceeds further.

image

 

image

If you wish to update approval policy you must make a copy of the policy. It is not possible to edit the existing policy. Reason is not explained why one cannot edit but I could think it could be that once entitlement gets associated with approval policy it might be difficult to break the relationship.

To understand how the approval level works, I went ahead and added another level (Business approval stage), press Big fat green tab

image

Fill in the details, repeat all inputs we did to add L1 approver except the approver must be fabric admin

image

Below you can see each approval policy has at least one phase and each phase can have multiple level. I have seen only two phases in the screen below i.e Pre Approval and Post Approval.  Phases includes level of approvals. e.g. In Pre Approval phase I have created two levels of approval. Phases are clearly controlled by the approval policy type. In Pre Approval phase all approval are needed before service provisioning can start, while in Post Approval phase approval is needed when service is provisioned but before it is released to the owner.

image

As per above screen Level 1 (L1) needs approval from manager and Level 2 (L2) needs approval from Finance controller. L2 is dependent on L1, unless L1 approves L2 cannot approve. You can also change sequence of approval shown in the screen above.

Assigning Approval Policy to Entitlements

Now that approval policy is created we must assign it with entitlements. Go the Administration => Catalog Management =>Entitlements page.  Select the entitlement you wish to applying approval policy

image

Please note some Approval policy can be applied only to new catalog item requests, while other policies can be applied only to post provisioning actions on provisioned items. In our case we created a simple pre-provisioning policy which will invoke approval when you initiate request for new VM (Service catalog –Catalog item Request (Virtual Machine). You can apply this policy only to catalog item as could be seen above. Though this relation is automatically established you probably do not have to memorize this relation. Reason I say this is because If you try to associate such policy with incorrect entitlement it won’t show. Since this policy is not applicable to Entitled services and Actions, In below screen I observed they are not visible at all

image

 

image

All previous post of vCloud Automation Center 6.0 (vCAC 6.0)

Next post I will be focusing on build profiles

vCloud Automation Center 6.0 (vCAC 6.0)–Creating & Configuring Blueprints–Basics

Blueprints (BP) are fundamental building blocks for provisioning virtual machine, cloud machine and physical machine from vCloud Automation Center (vCAC). Blueprint represent processes and policies Tenant follows today.

Introduction to Blueprints

Before we start creating Blueprint (BP) we need to understand what kind of services you are planning for end users. When they request services (in this case IaaS only) are end users expecting a full fledge VM with OS installed, Full fledged VM with OS installed, configured and customized. Blueprints provides several of these options. I ‘m focusing only on VMware based VMs as highlighted below

 

image

Basic Workflow

In basic workflow VMs are provisioned without any Guest OS. Well at first thought I felt there is no point in discussing this BP type. But lets start with simple. Lets understand the process and see how Basic BP differs from others.

1. First logging using tenant administrator/business group manager. I’m logging as tenant, as in the end he need to take full control of how to consume resources

2. Go to Infrastructure –> Blueprints –> Blueprints

3. For our purpose we will select Virtual > Blueprint > vSphere (vCenter)

image

 

Blueprint information Tab

1. Type the name for the Blueprint. Name should reflect OS, Application or Service. Since in IaaS name of the OS and Version should be okay to start with.

image

In below screen please note how screen changes if you deselect Shared blueprint, Business group appears automatically. Since I’m using tenant admin credentials to create & configure blueprint I have to select Shared blueprint (can be Shared across groups) option

image

Build Information Tab

Build information tab is where you make choice about workflow type. In Blueprint type you have an option between Server and Desktop. I choose Server for this blog post. Next piece is Action. For basic workflow select create from the drop down menu. Next label Provisioning workflow automatically gets populated with list from which you select basicvmworkflow (shown in 2nd screen capture).

SNAGHTML3541e79

 

SNAGHTML17c58e0

Lets move to Machine Resource section. Key in CPUs, Memory (MB), Storage (GB) &

Lease (days): How many days you want VM. Leave it blank to make it permanent.

Do make a note of maximum section. Using maximum value you give user flexibility to choose between minimum and maximum values while provisioning VMs. e.g. for Memory (MB) we have minimum 512 MB and maximum 1024 MB. So end user can request a VM with memory from anywhere between 512 to 1024 MB

Properties Tab

In property tab we have option to use Build profiles. Build profiles I have cover in this blog post. You can create custom properties. Custom properties are used to pass value to OS during its provisioning process. And every workflow has pre-define list of custom properties

image

I have used a very simple custom property here. VirtualMachine.Admin.ThinProvisionion which gives you control if you wish thin provision VM. This property is must if you are provisioning against local SCSI disk.

Actions

Select the actions you want to make available to the end users.

image

 

At this point all four tabs we have been configured. There is more to discuss about Blueprint. I plan to cover it future posts especially the advance configuration options. Now I will move to other workflows i.e. Cloned and linked clone workflow. In both these workflow Blueprint Information, Action and properties tabs are similar and what we discussed in Properties and Actions tab above applies for these workflows as well.

Use blueprint actions and entitlements together to maintain detailed control over provisioned machines.

Creating a Blueprint for Cloning

Word cloning clicks immediately. It means we need a reference VM inside vCenter. This workflow is nothing but wrapper over the process we had done for last so many years. That being said you need a reference, pre-customized VM, you need a sysprep for Windows 2003 or earlier on vCenter. Simplest workflow and I guess widely used as long as we are focusing on IaaS.

Blueprint Information

Nothing here to configure but ensure your naming convention matches the workflow.

image

Build Information

Select Blueprint type

Select action as Clone. This changes the workflow option to clone.

image

After you select clone, immediately an option to browse to select image to clone from becomes visible.

SNAGHTML427f79c[6]

Browse to select the VM. This is actually a template must be available in vCenter

image

I didn’t liked the name of the workflow. Cloning workflow is incorrectly named. It should be inline with deploying from template. At first look it gave me a feeling that I’m cloning VM. Coming from Microsoft background I don’t like cloning. That being said in reality we are deploying from template and not cloning from VM. So it is doing thing which I was expecting.

Go to the Machine Resources section and you might be surprised (as I was) to see Minimum resource column is already populated with some values. These values are picked from the template values and cannot be modified. Now just fill (optionally) maximum value you want to proceed with.

image

NB:Custom properties available for CloneWorkflow are more in numbers compared basic workflow.

Linked Clone Blueprint

Linked clones are extremely popular with desktops and were introduced with VMware View. They work on simple concept of parent VM and base snapshot. Base snapshot is base virtual disk for virtual machines (often referred as delta disk) and points back to parent VM. All changes happens at base virtual disk only

SNAGHTMLf1bd89

Primary requirement is to have a VM with clean OS installed and with a snapshot.

image

After you click Clone from, you see a pop seen below. Select the VM to use as a reference/Parent VM.

image

Select a snapshot to clone from. You also get an option to take snapshot from this interface but since I have press refresh button during screen capture it is not visible below.

image

Nothing much in below screen, just read it and say Ok

image

You get a smart option to delete snapshot when you delete blueprint. I think it make complete sense and should be always checked.

image

With this we are done with basic blue print creation. In properties there are many custom properties available and more or less similar to cloned workflow. But one custom property is worth noting here is MaximumProvisionedMachines. By default vCloud Automation Center 6.0 (vCAC 6.0) allows you to create 20 linked clones of one machine snapshot. This property will allow us to override this default limit.

Next post I will be looking at exploring advance blueprint option.

Creating & Configuring Tenant/s in vCloud Automation Center 6.0 (vCAC 6.0)

Mutli-tenancy is built into vCAC6.0. What it means? It simply means for every tenant you do not need to install vCAC. You can have multi-tenant on single vCAC. Each tenant can have its own branding, Active Directory Authentication source, group, Business policies, Catalog offering and dedicated infrastructure. Tenants in vCAC are an organizational unit. Tenant represent business unit within an organization or can be organization itself.

In vCAC each tenants gets

  • Dedicated URL
  • Identity Stores
  • Branding
  • Notification Providers (email alerts)
  • Business Policies
  • Service Catalog offering (small VM, Big VM, Web service, Apache Service)
  • Infrastructure Resources (virtual. Physical, Cloud)

    vCAC gets a default tenant vSphere.local (cannot be changed/avoided) and can be accessed via http://vCACApplianceFQDN/shell-ui-app

     

    image_thumb3

    1) To create a new tenant click on green Icon encircled above. New window opens up. When all details are entered, press Submit and Next

    image_thumb5[1]

    2) Lets add the identity source. In my case I’m using my own AD.

    image_thumb15

    Here you as Administrator create two very important roles.

  • Tenant Administrators

  • Infrastructure Administrators (I have referred it as IaaS Admin in this post)

    image_thumb19

    Parameters

    Explanation

    Name Name by which you wish to identify the Identity source
    Type You’ve option to choose from Active Directory or LDAP. Native AD option is available only for vsphere.local
    URL Provide the LDAP format even if you are using AD. It is referred as accessing AD over LDAP connection
    Domain Name of your domain
    Alias You can put any name here which is easier to remember and it helps to use to login this alias. In my case I can use spreetam@vZare.com or just spreetam@vZare . Both works.
    Login user DN User who has read only permissions on Active directory
    Password Password for Login user
    User search base DN Place in AD/LDAP where you wish to search the Users. I have put my Favorite company OU as a location to search users. Effectively I will be adding users only in my Favorite OU
    Group search base DN Same as above except that it will be used to search groups

    Branding and other parameters in tenant creation I left it default as there isn’t much to learn

     

    Configuring Tenant

     

    Below is the workflow we should follow to configure Tenants

    image

     

     


    IaaS Administrator is created by administrator and is responsible to perform

    • Management of endpoints, endpoints credentials and virtualization proxy agent
    • Management of cloud service accounts as well as physical machines and storage devices
    • Monitoring of IaaS system logs

image

  • Here in below screen I have logged in using IaaS Admin (userid:iAdmin). Go to the myfavoritecompany tenant in the infrastructure tab (9 out of 10 times you will be in infrastructure tab).

     

    Credentials

    Let’s first create the credentials. This credential is like a template of credential which can be used several times without typing every time same credential or if credential of vCenter/endpoint cannot be shared with vCAC admins.Enter the Name for credential. I recommend to put FQDN name of the vCenter so that you’re aware of connection details. Put some short meaningful Description, Username and Password. Press the green check box.

    NB: I always keep searching for image Button. That green button should be on right hand side not left hand side.

    EndPoints

    Go to the endpoints tab. Now here Name is the most important field. This name must match to the name you have selected while installing the vSphere Endpoint.

  • Just for reference purpose I’m pasting that screen here.
  • SNAGHTML562d69b

    imageSo now we need to put the same name as we have configured in above screen. It is case sensitive.

    imageAddress of vCenter. This is the address of end point. For vCenter it has to be https://vCenterFQDN/sdk format

    imageNow select the credentials you had created earlier. You can use integrated authentication If you have selected integrated credentials while installing vSphere agent.

    imageSelect the checkbox for Specify manager for network and security platform If  you have vShield manager (vCNS Manager) or NSX Instance in your environment. After you select checkbox you get need to put the URL and credentials for it (not shown & explored by me here. It is topic which I will deal with vCloud Director endpoint).

    imagePress OK and we are done configuring vSphere Endpoint

    At this point if vSphere endpoint is configured correctly you should see compute resources e.g. clusters are discovered. Quickest way to check this is to go to Agents tab and in the description tab from the drop down menu you should see vSphere agent. It confirms agent and endpoint are communicating

    image

     

    Below depicts how data collection works out using end points and what kind of data is collected

    image

    Organize Compute Resource

    In order to organize resources we must create fabric group. Fabric group manages resources within their group. e.g. if you create a fabric group just for virtual resource then it cannot manage anything outside this assignment. Below I have create a fabric group and assigned a vCluster (later on I renamed this cluster to Gold cluster to make sense). So VirtualFabgroup will be able to manage only resources inside vCluster. However these resources are restricted to Memory and Storage as we will see it during creation of reservation.

    This where vCloud Director must more superior product. You can configure things at much more granular level

  • image

  • Type name for Fabric Admins as VirtualFabgroup. This name should reflect type of fabric this group is going to manage. It helps a lot. Assign administrator to manage this Fabric as shown below. Select the resource it will manage.

    Now that we have organize resource and appointed fabric admin. Let’s use fabric admin credential to login. It is worth noting all configuration till has been done by IaaS admin

    Fabric Administrator Role

    Machine Prefix

    You cannot create business group before creating Machine Prefix. It is must parameter for business group. You need at least one machine prefix. As mentioned above machine prefix are created by Fabric admin. Using Fabric admin lets create some meaningful prefix

    image

    I have created another two prefix offline just in case we need it and named them starting with CC-UAT and CC-DEV as seen below

    image

    Business Group

    Now that machine prefix is sorted out, let’s do business group. Business group represents BU within a organization. It could represent sales BU, Marketing BU or HR BU. In below example I considered  Sales BU. So if tenant is organization then BU becomes part of Tenant.

    test

  • You get an option within business group to create Business group administrator, support user and end user.

    Business group manager Role 

    1. Approves machines and lease requests.
    2. Manages machines created by all users in the business group.

    Business Support Role: Support user helps you to request resources on behalf of the user. User role can request/self-provision machines/services from the catalog

    Name for the Business group. Ensure it reflects Business group name.

  • Business group admins group/user name.
  • Email id of business group admin.
  • Support Role.
  • User Role.

    Active directory container is optional, I left it unfilled.

    image

    Only Tenant Administrators can create business group

    image

    Create Reservation and Reservation Policy

    Using fabric admin credentials lets create a simple reservation

    Click Infrastructure tab, –>> Click Reservations, –>> select Reservations, –>> click New Reservation, –>> vSphere (vCenter)

    image

    image

    I have not configured reservation policy. I left machine quota and Priority to default values.

    Lets move to Resources tab. Actual reservation is done here. You choose to reserve memory & storage. In Memory section you get to know how much of is available i.e. Physical, How much is reserved and how much is allocated out of this reservation.

    image

    Similar way I have reserved 27 GB out of 40 GB on Gold cluster. None is allocated.

    Finally select network label by moving into Network tab. I have just one network label. But you can have as many as. But remember you must plan about it in advance.

    image

    I think I’ll pause my post here as I see it is already very big. But I’ll continue in next post. That being said lot of configuration of tenant is still pending.

Installing & Configuring VMware vCloud Automation Center 6.0 (vCAC 6.0) IaaS Component– Part02

In previous post we discussed installing and configuring vCAC identity and vCAC appliance. In this post we will continue and finish initial configuration of VMware IaaS Component. At the end of this post all installation of vCAC will be done.

Requirements

vCPU Mem (GB) Disk (GB) OS (Windows) Application Database
2 8 30 GB Windows 2008 R2 SP1
Windows 2012
IIS7.5,
IIS 8.0. Net Framework 4.5
SQL Server 2008 R2 express and above

Pre-requisite

We need IIS and .Net Framework to be installed. By default windows 2008R2 comes with 3.5 (.Net Framework). You must upgrade it to 4.5 once below steps are done.

No need to download 4.5 .Net frame work. It is included in the vCAC appliance which I have mentioned below.

1) Below screen explains installation of .Net Frame work and IIS component

image

2) Select all services except Named Pipes Activation.

image

Installation document doesn’t mention components you should select for .net frame installation. You can select all.

3) Select IIS component

image

3a) Select self signed certificate. During installation you should choose self-signed certificate and later on change it to CA signed

3b) Select IIS Management Compatibility, ASP, CGI (CGI not mentioned in the document)

image

image

 

IIS Authentication Settings

1) Disable Anonymous Authentication

SNAGHTML5186fad

If you are new (like me) to IIS, click on authentication icon that see in first page and then you will be able to see above screen.

2) Enable Windows Authentication

In the same window at the bottom you will see Windows Authentication. Enable it.

image

3) Enable NTLM Provider & Negotiate Provider

By default both these settings are enabled. But some unknown reason these settings are not  detected by installer. we just have to toggle these settings i.e. remove NTLM and Negotiate provider as shown below and re-add

image

3a) In above screen we removed the providers and in below screen we are adding it back. Follow the sequence

SNAGHTML32bab7b 

 

4) Similar thing we need to for Windows authentication Kernel mode. Follow steps in the order mentioned below

image

4a) Follow steps in reverse order to restore the setting to the original (not shown here).

5) Secondary Logon service must be running if you are installing DEM, Manager Service. By default this service is to start manually, please change it to Automatic.

6) You must also enable MSDTC on all nodes of SQL.

image

7) Document does mention PowerShell as a pre-requisite but starting 2008R2 it is integral part of the OS. So with this all pre-requisite are covered, just change the execution mode to remotesigned.

SNAGHTML54f30ea

Now let’s start the actual installation.

Installation

1) To start installation you have to download IaaS setup file from vCAC appliance. Just login to vCAC appliance and download it as shown below

image

It is recommended not to change the name of the download. It will assist IaaS installable to read the vCAC appliance details automatically.

SNAGHTML343cb2b

image

2) Just enter root credentials for the vCAC appliance and press Next

SNAGHTML51ad266

vCAC appliance name (seen above) is automatically populated if you have not changed the name of downloaded file

3) Select Complete installation option here.

SNAGHTML3475c72

Select Custom Install to scale installation where you want to install components on different machine. Using custom install you also get option to install proxy agents to talk to end points.

image

5) Now pre-flight checklist is shown.Options which are red must be corrected. Best thing about this preflight check list is that it explains how to fix the problem.

image

6) Please note after you fixed the problem you just need to press Check Again button. Another helpful thing developers did for us

7) Fill in the credentials for vCAC service account and Passphrase.

image

SNAGHTMLb65b594

In Second half of the screen please provide MSSQL server details. Wizard automatically checks the connection to the SQL server. Mention the name for DB. You can pre-create DB using script provide by VMware in vCAC appliance screen shown above.

Database permission needed vCAC are of sysadmin level. Please see that these permission assigned to service account

image

8) Below are default names automatically populated for DEM worker and Orchestrator (DEO). No need to change the default name unless you have good reason to do so.

image

Also select the check box to Install and configure vSphere agent if you are going to use vCenter as endpoint.

At this stage all user inputs are completed. Now we must review what we selected and what is going to be installed. It is worth pointing out most of the core components can be scaled out. I will be discussing scaling out option in detailed in future posts

image

Installation progress takes anywhere between 7-10 mins. Please be patient

SNAGHTMLb0a01ae

image

image

It is recommended to check if all core services of vCAC have been started.

image

Reference: I learnt vCAC’s IaaS installation from Jad El-Zein website. I’m thankful to him for sharing it.

Installing & Configuring VMware vCloud Automation Center 6.0 (vCAC 6.0) Identity Appliance (IA), vCAC virtual appliance -Part01

Starting today I will be doing vCAC6.0 series. I have attended vCAC official VMware course on 5.2 and I see significant changes in architecture in vCAC6.0. This series is upgrading myself on vCAC6.0 from 5.2. I will be starting with Installation directly. It is lengthy and full of screens. Use it during you installation and configuration of your labs or manuals.

There are basically three main components of vCAC. From these three component you can scale out entire infrastructure as per your requirement.

  • vCAC Identity Appliance (Please read this as SSO, with vCenter 5.5b you don’t need identity appliance)
  • vCAC Appliance
  • vCAC IaaS (windows based)

    Minimum Requirements for vCAC components

    Identity Appliance vCAC Appliance IaaS Components (Windows)
    1 vCPU 2 vCPU 2 vCPU
    2 GB RAM 8 GB RAM 8 GB RAM
    2 GB Disk space 30 GB Disk space 30 Disk space

     

    Deploying Identity Appliance

    1) Grab the OVF file. Connect to vSphere Web client. Select Deploy OVF Template

    image

     

    image

     

    SNAGHTMLc36c7c

    2) Accept EULA

    image

    3) Select the folder where you wish to place this appliance

    image

    4) Select the Virtual disk format and VM storage policy if you configured any

    image

    5) Select the network label and select IP protocol. 9 out 10 people select IPv4

    SNAGHTMLe2719b

    6) Below screen is self-explainable. All you need to remember is username is root. Also always populate hostname with the FQDN name.

    image

    7) Review the screen and select Finish to start deployment of OVF

    image

    Configuration of Identity Appliance

    After successfully deploying OVF file, power On the appliance. Wait till you see below screen.

    image

    image

    1) First Change time setting. By default appliance picks up time from host. It is optional step, I have configured below my own NTP server.

    image

    2) Change the time zone if it is applicable to you. By default it picks UTC. Since VMware also uses UTC. It would be good to keep it at default

    image

    3) Now go to the network tab. Check if all details are proper populated. These are all settings which we configured while deploying OVF appliance. If any value is incorrect –correct it and don’t forget to press Save Settings

     image

    4) Only thing you probably must configure in this appliance is SSO. SSO must be initialized. SSO domain is by default selected. you cannot modify it. Enter admin password and confirm it. Here the user is administrator. Apply to initialize SSO. SSO initialize takes any from 2-4 mins

    SNAGHTML7ccef

    Notes: By default vSphere.local tenant is also created when we deploy vCAC.

    4a) After SSO is initialize, following confirmation is seen.

    SNAGHTMLcee44

    5) Now go to Host settings tab. Hostname is automatically populated. Append 7444. It is only port SSO works. Don’t forget to press Apply button

    SNAGHTML10751f

    6) Now go to the host tab to generate self-signed certificate. Please observe common name value. For some reason this value is incorrectly populated. I’m unsure if it is do with my installation or others have faced it as well. This value has dependency on vCAC’s connection to SSO.

    image

    Below screen shows the right values that must be insert into fields below.

    Please note Common Name is most import field in certificate field

    image

    Below screen confirms SSL certificate is successfully restored

    SNAGHTML18b827

     

    You can optionally join identity appliance to active directory. Since its main function is SSO. It is not needed. However when I did this exercise I was not aware of the recommendation by VMware

    image

    Here Identify Appliance is successfully configured.

     

    Installing and Configuring vCAC Appliance

    Steps from 1-7 as described in installing identity appliance are similar for vCAC appliance. There is nothing much to learn and repeat. I have pasted below final screens of vCAC appliance.

    image

    image

     

    Configuring vCAC Appliance

    1) After deploying vCAC appliance lets get to it’s configuration part. First get the hostname resolved. Go to vCAC settings tab, under it Host Settings

    image

    2) Now lets go to SSL certificate. Below I’m generating self-signed certificate. Follow the details on the screen.

    image

     

    3) Now get the vCAC talk to SSO. vCAC must connect to SSO. As shown below screen enter the details

    image

    Below screen shows SSO is successfully connected.

    image

    4) Enter the license. This license is for appliance. When you configure tenant you must configure license there as well, key might be same

    image

    After SSO is configured various services will start getting registered

    image

    In next post I will be focusing on IaaS. I wanted to cover IaaS in this section however post is already very lengthy.

    Note I have not covered any technical stuff in this blog. Architecture has changed and many components which were separated 5.2 are merged either in vCAC or in IaaS. I have explained them via PPT here.