How to use Reservation Policy to place VMDKs across different datastores

Reservation policy is often unused feature and to some extend not fully understood. Primary reason could be that reservation policy creation process very simple and during policy creation we don’t glue pieces together. That being said there are very valid use cases for using reservation policy and comes very handy in VM Placement. One of the core principles of Software Defined Datacenter (SDDC) suggests we need to have policy based automation and common management platform across the entire infrastructure.

With reservation policy we address this requirement. It is my personal belief that features in any products are aimed to solve some or other business problems. All we should attempt is to find those relevant business case or help someone find them. In this blog I aim for later.

Continue here

Advertisements

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part03

Part1, Part2 are simple in some ways & parts. Next part is bit difficult to understand. At least it was for me. I will explain what I’m going to do at high level. I’ll get Machine Name. Then I will get Machine Property –> Machine Property will give me custom property ( VM Size which  user be selecting from drop down menu as referred here and Backup Selection referred here ) finally I will Invoke VCO workflow.  In this workflow which needs VM Name input and VM Size, Backup Choice as input – I will put VM Name which I get from Get Machine Name property and VM Size, Backup choice which I got from Get Machine Property

image_thumb1

Now lets find where to do this and how to do this. Once you understand the basic concept it is way too simple. First open vCAC designer. In that first select load and then select “WFStubMachineProvisioned”. Why “WFStubMachineProvisioned”. Well, this workflow is called immediately when the status of VM is provisioned. More information is available in http://pubs.vmware.com/vCAC-60/topic/com.vmware.ICbase/PDF/vcloud-automation-center-60-extensibility.pdf guide

image_thumb8

 

image_thumb12

In below screen double click on “Machine Provisioned

image_thumb14

Scroll down till you find custom code and double click on the custom code

image_thumb16

From left hand side “DynamicOps.Cdk.Activities” Drag “GetMachineName

SNAGHTML10b7be85_thumb3

 

I have defined two variable for this custom code

  1. vmname (to capture VM Name)
  2. VMSize (to capture VM size e.g. Large, Medium and Small in string format)
  3. VarBackupOption (To capture user selection Yes/No in string format)

SNAGHTML10b93f29_thumb3

Double click on GetMachineName

image_thumb31

In Machine Id field put a pre-defined variable “VirtualMachineId”. This is standard value. Please do not change it. Under machine name put the variable vmname. This variable we have defined above.

Machine Name will pickup name from virtualmachineid and pass it to vmname. Finally variable vmname will hold the name of the vm. We are done with GetMachineName.

Click on the custom code as shown in above figure, it will take you back to custom code screen. Now from left hand side ”DynamicOps.Cdk.Activities” Drag “GetMachineProperty

image_thumb35

GetMachineProperty reads the custom property you have defined and the value associated with that property in vCAC. In our case I have defined custom property with name VMSize and it’s value will come from value select from drop down menu. This value (e.g. Large, Medium or Small) will be taken by variable VMSize

image_thumb42

You will notice VMSize property name is in Quotes however Property Value is without quotes. It is because VMSize in property value is variable which will be captured from user interaction in vCAC and VMSize in property name is coming from custom property defined in vCAC.

Conceptually this is how it is related

image_thumb45

 

I repeated the same procedure for Backup choice and here is how it looks below

image

VarBackupOption will hold the user selection string value which would be either Yes or No and pass it to vCO workflow

Now we have Virtual machine name captured in VMName variable, VMSize captured in VMSize variable and BackupOption capture in VarBackupOption we are ready for next drag and drop Smile . Drag vCO workflow by name InvokeVcoWorkflow

Simply put VMName and VMSize as input to VCO workflow.

image

 

Now below is how entire workflow looks like

image_thumb52

Now you are done with, simple Send and that updates the WFStubMachineProvisioned

image_thumb56

This is all you need to do. Request Virtual Machine and you will get what you have configured.

Complete log of VM provisioning via vCAC and VCO is presented below with sequence of action.

image

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part02

If you have reached this post from Google, check this post first. That is where problem is discussed and this the second part of the solution. First thing you need is to pass three information from vCAC i.e. VM Name, Size of the VM and whether you need any backup. VM Name is parameter you will get from vCAC but for Backup Selection and VM Size selection I have created a custom property in build profile. Here is how I have created below

First go to infrastructure tab

In Infrastructure tab go to –> Blueprint –> Property Dictionary

image

Create a New Property Definition

Provide Name –VMSize

Display Name –Virtual Machine Size

Control Type – DropDownList

Please ensure Required check box is selected

Once done please click on green arrow.

Then click on Edit to edit Property Attributes

image

In the property attribute, select ValueList, Put same name “VM Sizes” and provide value as Large, Medium and Small which reflect the size of VM.

image

Similar exercise you follow for backup option

Here is how it looks when user selects the VM Size

image

For backup service selection this is how it looks below

image

Just ensure blueprint is updated as follows

image

This completes vCenter Automation Part at basic Level. Now comes the 3rd and final part. Follow third part here

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part01

This post is about extending vCAC in-built workflows. In last two post (Post1, Post2) I used vCenter Orchestrator (vCO) workflows and executed them using vCloud Automation Center’s (vCAC) advance service designer. It was like taking vCAC as front end to execute those workflows without taking any benefits of vCloud Automation Center’s product. vCAC was purely acting as front end.

Advance service designer doesn’t follow any reservation, policies configured for a particular tenant. It is purely taking inputs from whatever is configured in vCenter Orchestrator workflow and executing it. As I think of it is of help but then I miss all configuration, tracking ownership, multi-tenancy and metering in built in vCAC. In order to cover this I need to do additional scripting which is referred as day-2 operation. To cater this problem, vCAC provides you a way where you can modify in-built workflows. Basic details are provided into this document. I won’t repeat it here. But in order to understand this post you must read it.

To extend workflow you need vCAC designer. It is part of vCAC and can be downloaded from https://vCACAppliance.hostname.com:5480/installer/. Install it. (it is next-next-next-Finish thing).

Problem Statement

User should be able to provision VM by selecting VM size within vCAC interface. Users should be able to understand what compute, storage details are provisioned when they select VM Size.

Here I’m going to modify my existing workflow which I created in post here. If you see the workflow there are three inputs needed

1. VM name

2. VM size

3. IP Address for the VM

If you review this post, 3rd point is automatically taken care. So I have to just focus on how to take two input (VM Name and VM Size) from vCAC and put in the vCO workflow. It was bit simple, just two inputs.

Cloning part will be taken care by vCAC but post provisioning task will be taken care by vCO workflow. So we need to only focus on creating a vCO workflow which will do the following

  1. Changing CPU count
  2. Change RAM
  3. Add Disk
  4. Add Backup Network if selected

If you execute this workflow from vCO or vCenter  VC:VirtualMachine as input is needed. But vCAC do not understand VC:VirtualMachine, it can only understand string input or can provide string output.  VC:VirtualMachine input is referred as complex object type. In order to deal with this input we need to put a wrapper around the workflow. How to put a wrapper around a workflow is explained by VCOTEAM.INFO. Thanks to this post. It is key post.

That post is a where you can start but that isn’t sufficient. You need more. If you refer below return type is array.

image

We need a VC:VirtualMachine as return type. I added script section and then I have created a new parameter with VC:VirtualMachine type with name as vm01 (referred in below screen)

image

In the first line of the script I converted array type i.e. Array/VC:VirtualMachine into VC:VirtualMachine and sent that as output. This is the core piece. If you understood this, you don’t need worry further. Everything else is straight forward. I thought so Winking smile

When I executed the VCO workflow from vCAC, it failed twice. First it failed with VMware tools not working and second time it failed with error “Hot add functionality” is disabled in VM.

First problem was when the provisioning activity was completed, my next workflow which was to shutdown the VM graceful was looking for VMware tools, it didn’t found vmware tools and abruptly failed. In order to shutdown VM gracefully VMware tools must be ready. So to address first problem I have to find a workflow which will check if VMware tools are ready. This can be easily checked by using “vim3WaitToolsStarted” action element. This workflow waits for VMware tools to be ready, as it is need to graceful shutdown VM.

Second problem was workflow didn’t wait for another workflow to be completed. After I shutdown VMs I have workflow which will change CPU count, then change RAM, Add Disk and finally powered ON the VM. So powered ON workflow didn’t wait to execute CPU count, Add Disk and RAM change workflow.  Therefore I use to get error about Hotplug not supported. It was like VM was started before even CPU and RAM change could be executed. So to solve this problem I added “vim3WaitTaskEnd” in-built workflow. This workflow checks previous tasks before executing next task.

With this additional work my final workflow was ready and shown below

image

NB: Except for the script section, everything in vCenter Orchestrator is in-built

Now next part is how to make vCAC to pick this VCO. I have discussed in next post here

How to use vCenter Orchestrator to reduce your template maintenance overhead

When I choose to blog about this workflow I was bit hesitant if it is going to be really any value add to my readers. This is the extension of previous blog and it related to custom property post which I had done earlier. In custom property I raised the concern that with clone workflow you have very limited choice. As I explore in depth about integrating vCenter Orchestrator and vCenter Cloud Automation Center I found a better way to do. Clone workflow is the best workflow but vCloud Automation Center by default provides a limited customization it. I have not inclination to get into deploy mechanism of each and every OS e.g. WIM or any other method. So any thing extra I can do with cloning will be always a value add. In this post I explore this pain point.

You must have had heard VM sprawl. Have you heard of Gold templates sprawl. I have experienced it a lot. We created as many VM template as we had service type and again for each OS. Currently our VM sizing looks like below

image

There are total nine templates I have to maintain. Maintenance includes patching these VMs every time new patches are released. This is very common problem with MS OS. Upgrading VM tools, Upgrade VM hardware. If either of this is left it created huge incompliance in VM hardware, vmware tools and patches.

We always have searched a better solution for this. One was to use PowerShell but it was really clumsy and support was not using it at all.

Using this post I also wish to focused on resolving this problem.

Support wanted a complete automated method where in either end user (non-IT) provision the VM and he gets the VM as per the size he has selected or IT provision them

So they were looking for end to end automatic provisioning a VM without any additional effort to customize the existing deployment method. Cloning was the only option. So I felt cloning existing VM and changing the CPU, Memory and Disk size would be the best way to resolve it. vCenter Orchestrator is wonderful product. It just helps you do it without any effort as long as you know the tips and tricks about it.

All the Workflows are in-built in vCO. All I did is put them in right place.

image

Crux of this entire workflow is script section.

image

Script section is very simple. Let me explain it you

First I created a input parameter by name VMService. I have added property to it with pre-defined answers Large, Medium and Small. This create a drop down menu where user selects VM size

Second I created three attributes by name. Remember attributes gets there value from somewhere else

  1. vmNbOfCpus (type number)
  2. vmMemorySize (type number)
  3. AdditionalDisk (type number)

I used “If else” loop. So when user select VMService as Large, script under curly bracket will be executed i.e. it is take value for vCPU=4, MemorySize=4096MB and Disk size=40 GB. All I have to pass these values to next workflow. In this case they are

  1. ChangeCPUcount gets vmNbOfCpus  as 4
  2. ChangeRAM gets vmMemorySize as 4096 MB
  3. Add Data disk gets 40 GB
  4. Change the custom attribute

End User gets below screen to provision VM. Just select IP address, VM Name and Size of the VM. That is all end user has to worry. VM will be ready within 15-20 minutes.

image

Below is the example of workflow logs

image

And Below is the example of VM which was created.

image

As part of workflow I also added custom attribute to VM based on the size created. VM size provisioned below is Medium.

image

This has been achieved using vCenter Orchestrator Video training available freely at this location.

If you wish to integrate this workflow with vCloud Automation Center you should use advance workflow designer feature. I have discussed it here. Process is more or less similar.

Note: In cloning workflow vim3WaitDnsNameInTools was behaving abnormally. This action element reads DNS name of the VM. Once it read DNS name of the VM using VMware tools, it takes this as trigger to end sysprep operation and proceed next workflow. In my case I got quite varying results. While searching a bit I came across new plug-in introduced for vCenter 5.5.1. Please use latest plug-in which is right now under Technical Preview as I post this.

Service Provisioning using vCenter Orchestrator (vCO)

I think we are living in the most dynamic time of our life. I have done good number of post on vCAC and want to do more. My plan is to focus on vCAC is to do with VMware Certified Design Expert – Cloud (VCDX-Cloud). It is long long journey. See here the amount work Derek has to put to get there

But this time I don’t want to focus on install and config ones. Main component of vCAC is its extensibility which is referred as XaaS in the document. You can only achieve it when you have some background in scripting and keen to develop new things. It is predicated that every infrastructure administrator must have some scripting and or developers skills to survive in IT in next decade. One of the link which support this is http://it20.info/2014/01/vchs-meets-vco-and-boris-becomes-a-hero/

I loving solving problems and while working in operations team it is the primary thing we do. But then optimize it, do it effectively, Do more with less where the constant instructions from the management. I fortunately got introduced to PowerShell quite early. I’m glad I know little bit of it. I did good amount of scripting on PowerShell. I use to blog about it here. But with self-service provisioning, agility attributes of cloud computing I realized this skill is not sufficient. You need to know a how to orchestrator thing. With PowerShell this is possible but it increases code complexity and also it becomes very difficult to maintain and update the code every time environment changes.

I’m working on the project where I have to provide an end user option to provision VM with different SLA e.g. Gold, Silver and Bronze. User should be able to select VM as per SLA. User should be made aware of what comes with Gold, Silver and Bronze VMs. User must be able to select whether he wish to backup his VM.

Here is how I have crudely defined Gold, Silver and Bronze Services

image

Lets now focus on how to allow user to select these VMs.

vCO  have lot of built-in workflow. For this exercise lets use in-built one. It is well suited for our objective.

Let me define workflow. Workflows consist of a schema, attributes, and parameters. Schema is nothing but actual program or script (If I may call ). Attributes are something we pre-define like declaring variables right at the top of the script. Parameters are of two types. Input and out parameters. Input parameters are where user input is needed or some form of input is needed. Output parameter is result of execution of workflow.

I have duplicated three workflows based on inbuilt workflow by name “create simple virtual machine”.

image

Renamed them as Gold VM, Silver VM and Bronze VM as seen below. This is pretty basic.

image

Now the challenge was how to invoke these workflows when user selects services he needs. I created a new workflow by name Coca cola services. Inside this I created an input parameter by name Services. Since we want end user to select services, I have to change the presentation for the input parameter in the form of drop down list. Go to the presentation tab, select Services and select blue triangle and select the Properties as Predefined answers. In Predefined answers Insert Values as Gold, Silver and Bronze

image

This will create a drop down menu from which user can select the service . Now I have to initiate the action based on user selection. e.g. If users selects Gold, I want Gold VM workflow to be initiated or if user selects Silver, I want Silver VM workflow to be initiated and similar for bronze. This can be achieved in workflow by using decision.

Since user input defined are string parameter, In decision I have selected Services if it Gold – it is True condition.

image

Drag decision into this place as shown/ Below is the complete workflow schema

image

Here you have simple Go-No-go kind of workflow. I have defined here if you see Gold, please Go and initiate GOLD VM 1.1 workflow. If you see No-go, I have dragged and dropped another decision and there I have defined if you get from user Silver request, Go for silver VM 1.1 workflow and again for No-go, I have dropped another decision, here for bronze I have requested to execute Bronze VM 1.1 workflow.

If you know little bit of scripting this is as simple as below. And if you look at the workflow it is reflecting similar picture

 ServiceWorkflow

So if you know the workflow elements, it makes things much easier. If you know scripting you will understand how much pain has been reduced by vCO. Thanks vCO team for this.

So this covers the service tiering. Now the next portion is of allowing user to select backup.

This was bit difficult for me to construct at surface.Got hold of vCenter Orchestrator Book and there I got a hint. I have to modify default workflow. Since we need to give user an option to select Backup. So when user selects he wants backup I want to add additional network and that network card must get attached to Backup port group. Logic is quite simple here, User selects the Radio button (yes/no), if says Yes, I wrote a this code to additional network card.

   1:  //Add Backup Network
   2:  if(

BackupVM

==true){
   3:  deviceConfigSpec = System.getModule("com.VMware.library.vc.vm.spec.config.device").createVirtualEthernetCardNetworkConfigSpec(

vmBackupNetwork

);
   4:  deviceConfigSpecs[ii++] = deviceConfigSpec;
   5:  }

Don’t worry much about this code. Just worry about the variables here.

1) BackupVM is input variable which I have defined, and defined it as Boolean type. If User select Yes, it will create VM network

2) vmBackupNetwork is an attribute I have defined in each workflow (Gold VM1.1, Silver1.1 & Bronze1.1) which will always attach itself to backup network as shown below

image

After you save, validate workflow below Presentation screen is seen. This is just a workflow. We need to get this executed from vCloud Automation Center. Let me keep this for next post.

image

vCloud Automation Center 6.0 –Creating Build Profiles, Custom Properties

Custom properties are one of the core part of self service provisioning, as it allows extending vCloud automation center (vCAC). This is the best feature of this product. This extensibility can be easily achieved as long as you know vCenter Orchestrator. This is the easiest product to learn, to start with the product you can find all the relevant videos for vCenter Orchestrator here by Brian Watrus. Ok back to the post.

Custom properties as the name denotes refers to customization. Therefore are used to override existing default values. You can also allow customer (end users) to make those choices.  End users are the personnel who are going to use self service provisioning day-in, day-out.

Initial Thoughts

There are many ways we can give flexibility to end users. But what are the use case for this end user? This is the first question we all need to ask. Is she an end user with no IT knowledge or she is merely a developer. These requirement drives what service offering you wish to expose to end users. I would ideally want to give to the user

  1. 1. VM type to provisioned (OS Variance, Variance by Size)
  2. 2. Ability to take VM backup on demand. Backup policy selection? Right now vCHS offers backup option but yet to offer restore service to enduser. You have to call support. Reference Blog 
  3. Ability to enable monitoring for a VM (and then choice of monitoring baseline)
  4. Ability to enable Antivirus support for a VM (and then file exclusion)
  5. Does it need DR (If yes, RPO/RTO definition option please)

This clearly is leading towards SDCC. Without SDDC architecture in place this kind of automation is impossible. 

Scope of this post

Below are the custom property I preferred to play with in this blog post

  • Allowing end user to select the portgroup to which to attach this VM
  • Allowing end user to select the folder in vCenter to place the VM
  • Remove unnecessary device from the VM e.g. CD ROM
  • Cleaning up computer accounts in active directory
  • Allowing end user to select the network type
  • Control snapshot numbers per VM
  • Control SCSI controller for a VM

That being said this is clearly a very small and simple list. I had initially plan to make use of most of them but I have cut this list down. Primary reason I did this is because custom properties are clearly dependent upon how are you deploying your VM. For cloning workflow these custom properties are limited. If you see my previous blog post on Blueprints here, I limited the scope to only Basicworkflow, Cloneworkflow and linkedclone workflow

What are reserved property

Custom properties which are defined by vCAC and cannot be used with same name are referred as reserved properties. Reserved properties allows you to add a property to a machine or override its default or existing value. vCloud Automation Center (vCAC) has defined some properties which are referred as reserved property. There are four types of properties explained below.

Properties types

Internal: This value is maintained in database only. You can query by using any programing interfaces. Below are few example of internal property. For full list of custom property please refer Custom Property Reference Guide here

  • VirtualMachine.Admin.Owner – The end user’s name who has requested the machine
  • VirtualMachine.Admin.Approver – The approver’s name who has approved the request
  • VirtualMachine.Admin.Description – The description of the machine as entered by the end users

    Read-only: These are values in read-only mode and cannot be changed. Examples could be UUID and other values which gets associated with VM for its life cycle. e.g. VirtualMachine.Admin.Name -name of the VM generated by vCAC using machine Prefix

External: This value is implemented in the VM and also updated in the Database. But if this value is changed in the VM, this value is not updated back in database. Kinda  of one time process only. e.g.

  • Hostname (to over write the VM name generated by vCAC using machine prefix)
  • VirtualMachine.Admin.AddOwnerToAdmins  – Not supported in cloning operations Crying face)
  • VirtualMachine.Admin.AllowLogin (boolean value) –To add owner to remote desktop user group. This allows requestor to login after machine is successfully provisioned. My experience in getting this work in cloning workflow has failed

Updated: Exactly opposite of external. Value is tracked till its lifetime via inventory updating mechanism when it is changed outside vCAC

  1. VirtualMachine.Admin.Hostname – Name of the host on which VM resides
  2. VirtualMachine.Memory.Size – Memory size of VM
  3. VirtualMachine.CPU.Count – CPU Count of VM
  4. VirtualMachine.Admin.TotalDiskUsage – Disk usage on the disk including swap file size

In my opinion Internal and read-only property can be of limited usage. However there is some scope for updated and external properties. From official documentation

External and updated properties can be used for cloned machines only if marked with (cloning). Others have no effect on cloned machines because they set attributes that are determined by the template and customization specification used and cannot be changed by vCAC.

Any property can be changed in the vCAC database only using the Edit option on the machine menu, except the read-only properties VirtualMachine.Admin.AgentID, VirtualMachine.Admin.UUID and Virtual-Machine.Admin.Name.

Now that we understood little bit of custom property, lets understand how we can better use them

What is build profile?

It is collection of the custom property under single title e.g Custom properties can be seen as members of a group. Collecting custom property under build profile helps to apply them to VMs and makes them more manageable. You have the option to add custom property to reservation or blueprint however in build profile you simply combine them under similar property sets. vCloud Automation center does provide in-built property set. We will look into property set at later part of the post while discussing Active Directory Clean up below

Create a build Profile

Creating  a build profile is way tooo simple. Login as a Fabric Admin Open Infrastructure –> Blueprints –> Build Profiles –> New Build Profile

image

I have created two Build profiles. One for a cloning workflow and other for Basic workflow. Primary reason for doing so is because with cloning workflow you basically deploy VM from the template. So lot of the VM properties and OS properties are being copied from the template into VM as referred in official documentation (also mentioned above in Italics). So there is a limited way you can play with VMs deployed using this cloning workflow and similar logic applies to Basic workflow

Let’s focus on custom properties that I have created for VMs to be provisioned from Basic workflow.

Select New Property. Enter name for the property. This name must be same as defined by vCloud Automation Center Custom Property Reference Guide. Put the value and select If you wish to encrypt and or prompt user for inputs

image

In above build profile I have created 6 custom properties to be part of Build profile by name BasicVM. Let’s discuss them one by one.

  1. VirtualMachine.CDROM.Attach –This property by default has True value, in above I have changed this to False as I don’t want to attach CD ROM to my machine
  2. VirtualMachine.Network0.Name –This property allows you to choose which port group you want your VM to be attached. I have left Value field as blank which means by default it won’t have any value. I have select this value not to be encrypted. In Prompt User I have selected that user should be prompted for input. In above property Network0 refers to first network card attached to the VM. If you wish to learn to more on how to do this, please refer to an excellent blog by Magnus Andersson –>vcdx56.com. I’m regular reader of this excellent blog.
  3. VMware.Network.Type –This property allows you to select the network adapter type you can select for VM to be provisioned. It based on Magnus’s blog. It is kind of I learnt from his post and I choose to find another use case to implement using same principle
  4. VMware.SCSI.Type – This property allows you to select SCSI controller for your VM. In this case I’ve not given user option but I made that choice on behalf of end user. By default SCSI controller of pvscsi will be created. For Windows 2008R2 default SCSI controller is LSI Logic SAS. It is worth observing you do not get a choice to user different types of controllers for different disk. All controllers of PVSCSI are created based on this property value
  5. VMware.VirtualCenter.Folder – This property allows you select the folder where you wish to place the VM.
  6. VMware.VirtualCenter.OperatingSystem – This property creates VM with Windows 2008 R2 operating system

Now all 6 properties forms part of build profile under name BasicVM. This build profile will automatically appear in Blueprint’s Properties tab as seen below. Just select it. Press Ok

image

Now when user request a virtual machine he gets three drop downs menu which are 1)select Destination Network (derived from VirtualMachine.Network0.Name property), Network Card Type (derived from VMware.Network.Type property) and VM Folder Location (derived from VMware.VirtualCenter.Folder).

image

NB: All the above properties except VMware.VirtualCenter.Folder are not possible to change when we use cloning workflow.

Below are the screens of how dropdown menu appears to end users for selection of choice.

image

image

image

Disclaimer: Properties which I have discussed for cloning workflow are based on my experience, trials and error. VMware doesn’t explicitly & correctly mentions about which properties are applicable/not applicable in particular workflow.

image

That being said So let’s discuss what properties we can use when we are using cloning workflow. Here I have created a build profile by name Customize VM.

SNAGHTML1254e34

  1. First 5 custom properties are inbuilt custom properties created for you under Active Directory Clean up plugin by vCAC. It is referred as property set. These we cannot change in the property set, we can just use them. The process to load them is as below
    1. In the Add from Property Set either scroll down or Type Active directory. After Active directory menu is visible, press Load button. After you press Load button properties related to the property set are loaded. In this case first 5 property are loaded for active directory clean up
    2. Plugin.AdMachineCleanup.Delete is set for false. If it is set for True, computer account is deleted and So property Plugin.AdMachineCleanup.MoveToOU which controls where delete computer account should go serves no purpose. So in order to use Plugin.AdMachineCleanup.MoveToOU, we must put Plugin.AdMachineCleanup.Delete value as false.
    3. Plugin.AdMachineCleanup.Execute is set for true. Unless this is true none of the plugin properties will be of use
    4. Plugin.AdMachineCleanup.Username & Plugin.AdMachineCleanup.Password these are credentials an account which has rights to delete computer accounts in AD. Please note for Plugin.AdMachineCleanup.Password I have selected encrypt checkbox which is the reason password is not visible in clear text.

Below screens shows the results of active directory plug-in values

image

  1. Snapshot.Policy.AgeLimit allows you to limit number of snapshot per VM. It is 3 in my case. If you go beyond it, you would get an error as shown below.

image

  1. VMware.Memory.Reservation it is the property where you can reserve memory for VM. We have reserved 512 MB and below this value is reflected in VM property. That being said I have not seen custom property for CPU.

image

VMware.VirtualCenter.Folder is as explained above

Hope you like this post.

Previous Posts

 

 

vCloud Automation Center 6.0 (vCAC 6.0)–Publish Blueprints, Configure Services, Configure Entitlements

Publish Blueprint

In previous post we discussed very basic about Blueprints. Blueprints are now ready, now we need to publish them. Publish Blueprint is simple two click task. Select the Blueprint you wish to publish, from the drop down menu select Publish.

image

Next screen (seen below) provides you option to review the Blueprint details. Press OK to confirm Blueprint publishing. Please note Blueprint name will be reflected in catalog items in subsequent screen. Naming convention makes significant difference.

image

 After Blueprint is published how I do I differentiate Blueprint publish from the Blueprint unpublished? After Blueprint is published, publish option disappears which implicitly confirms Blueprint is published.

image

Next natural step is create a services and make it available for end user

Create & Configure Services

The word catalog was always easier for me to understand. But term service made me do some search to understand how it differs from catalog. And I was right it is catalog re-coined as service. In Infrastructure as a Service (IaaS) we have to define service which will focus more on Infra side of things. These generally include Hardware (now virtual), software (OS) 

I personally see following as core part of IaaS

  • CPU & Memory (Compute)
  • Network
  • Storage
  • OS

    So far we discussed Blueprints and it did cover all above aspects. Most of the services are driven by service definition. What you see as a IaaS, some would see IaaS as foundation to build PaaS. Bottom line : Always stick to service definition.

    Service Catalogs are a fundamental part of service delivery.

    image

    By definition a service Catalogue is a list of services that an organization provides to its customers. Each service within the catalogue typically includes the type of the service, Who is entitled to request/view the service, Costs, support hours and description of service.

    To create a service we must have blueprint published. As we already have published Blueprint, Lets go and create a service. To create service login as tenant administrator.

    First time we’re going into 1)Administration tab (in the past it was all about infrastructure tab). Then 2)Catalog Management and then 3)Services. Click on big fat green Icon.

    image

     

    Provide the name to the service. This is bit important. Name of the service must reflect the content inside the service. I called my service Basic Windows Services. I choose this name as I have only windows VM inside my small lab and at the most I can configure them in T-Shirt size image e.g. Small, Medium, Large, Extra Large. So it is basic windows services with different sizes of VM. Use meaningful description. Description will provide information to end user to make decision about the service. Pickup the Icons from Here.

    Status for service

  • Inactive : Service creation is in progress. State used when you don’t want end users to use it. It helps to pause the service in case there is maintenance windows or when we need update blueprint image.
  • Active: Service is available to all entitled users
  • Deleted: Service is no longer i.e. Service is decommissioned

    image

    Additional information

  • Hours: Visible to the customer as support hours
  • Owner: Business owner for this service
  • Support Team: DL for support/Contact number/email
  • Change Window: Planned maintenance windows

    Finally press Add to complete service creation. So service is purely a definition, it is of little use unless you add catalog items to it.

    Add Catalog Items in a Service

    To add items inside the catalog is nothing but adding blueprints to it. Blueprints by themselves represent a template, business policies or application. It is the same place where we went earlier i.e. Administration –> Catalog Management –> Services. Select the service you want to add to the catalog item. Since we have created Basic Windows Service we will select it and at the right side 1) click on down arrow and select 2) Manage Catalog Items

    image

    After you click Manage Catalog Items, you get a screen to add Catalog Items shown below. You can see it in the background (in light brown color). Click on fat green button to open another window.

    image

    In the above window you see Blueprint is listed which we published earlier.

    So if we try to join the dots the moment we publish blueprint, it becomes a catalog item.

    From the down arrow, select Configure option to configure the blue print. Personally I felt there is not much to configure but you lot to edit.

    image

    Just do some embellishment in configuring catalog item. Other field I have shown in screen capture below. Once you are done press the Update button

    image

    At this stage service is ready, catalog are added to the service. But we are yet to decide who can request service.

    Create & Configure Entitlements

    The term here is entitlements. I could recall the right word from my windows background i.e. Privileges. If you compare technical details with different technology they are almost similar. Terminology changes but technology more or less remains unchanged. Knowing one hypervisor makes easier to learn another hypervisor. I digress.

    ok. I’m back. Entitlements can be done at three levels. First top most container i.e. service level, second at catalog item level and then in the catalog item on the resource action level. Resource action e.g. are controlling the service i.e poweron/off, reset, reprovisioning. Now you can recollect why the word privileges applies here. You can also assign approval policy for Entitlements. Approval policy and entitlement are closely related. Approval policy I’ve discussed in next blog. Considering the length of this post I have to keep approval policy out of this post.

    Entitlements are assigned to users, group. So you need to know which users/groups entitlement must be assigned and which entitlements. Entitlements can be done in any order. To keep things simple I created single entitlement and assign it to Service, catalog item and resource actions.

    Creation of entitlement is quite simple, go to administration –>Catalog management –>Entitlements

    image

    Provide name for the entitlement which reflect the user or group who use it. Add users & groups who will receive entitlements. Select status to be active for users to access items. I guess Draft option could be used for testing/maintenance purpose as you can imagine the moment you put entitlement in draft status users loose access to all items these entitlement is configured for.

    image

    Select the business group. Users & groups must belong to same business group. Since I have single business group I’m unable to confirm if there is a validation check there in place. However tenant administration guide does implicitly mentions it.

    This information includes the name and status of the entitlement and the business group whose selected  users and groups are entitled to request the services and catalog items and perform the actions listed in the entitlement.

    I have not understood the use cases for expiration date. I will skip it. In above screen I did played with it and configured it till 2016.

    Entitle users to Services

    Now it is time to assign entitlement to the service, catalog item and resource action. If you are at the same location i.e. Administration –> Catalog Management –> Entitlements –>Coca Cola Sales Users. Just toggle to Items & Approvals. Procedure is more or less similar for every item i.e. Press green fat button.

    image

    As mentioned earlier entitlement can happen in any order. Below is an example of adding service to entitlement.

    image

    Pretty simple, select the service with a checkbox. Press OK.

    Similarly you can add catalog items to entitlement. I have not shown this as I realize post is getting bigger now. We need to cover how to assign rights to entitlement. Here we go.

    Click on Entitled Actions, new window pops with list of Actions you wish to assign it to entitlements

    image

    In above screen I select some basic power operation command.

    image

    Now next section I would be sharing user experience while provisioning services.

 

Creating & Configuring Tenant/s in vCloud Automation Center 6.0 (vCAC 6.0)

Mutli-tenancy is built into vCAC6.0. What it means? It simply means for every tenant you do not need to install vCAC. You can have multi-tenant on single vCAC. Each tenant can have its own branding, Active Directory Authentication source, group, Business policies, Catalog offering and dedicated infrastructure. Tenants in vCAC are an organizational unit. Tenant represent business unit within an organization or can be organization itself.

In vCAC each tenants gets

  • Dedicated URL
  • Identity Stores
  • Branding
  • Notification Providers (email alerts)
  • Business Policies
  • Service Catalog offering (small VM, Big VM, Web service, Apache Service)
  • Infrastructure Resources (virtual. Physical, Cloud)

    vCAC gets a default tenant vSphere.local (cannot be changed/avoided) and can be accessed via http://vCACApplianceFQDN/shell-ui-app

     

    image_thumb3

    1) To create a new tenant click on green Icon encircled above. New window opens up. When all details are entered, press Submit and Next

    image_thumb5[1]

    2) Lets add the identity source. In my case I’m using my own AD.

    image_thumb15

    Here you as Administrator create two very important roles.

  • Tenant Administrators

  • Infrastructure Administrators (I have referred it as IaaS Admin in this post)

    image_thumb19

    Parameters

    Explanation

    Name Name by which you wish to identify the Identity source
    Type You’ve option to choose from Active Directory or LDAP. Native AD option is available only for vsphere.local
    URL Provide the LDAP format even if you are using AD. It is referred as accessing AD over LDAP connection
    Domain Name of your domain
    Alias You can put any name here which is easier to remember and it helps to use to login this alias. In my case I can use spreetam@vZare.com or just spreetam@vZare . Both works.
    Login user DN User who has read only permissions on Active directory
    Password Password for Login user
    User search base DN Place in AD/LDAP where you wish to search the Users. I have put my Favorite company OU as a location to search users. Effectively I will be adding users only in my Favorite OU
    Group search base DN Same as above except that it will be used to search groups

    Branding and other parameters in tenant creation I left it default as there isn’t much to learn

     

    Configuring Tenant

     

    Below is the workflow we should follow to configure Tenants

    image

     

     


    IaaS Administrator is created by administrator and is responsible to perform

    • Management of endpoints, endpoints credentials and virtualization proxy agent
    • Management of cloud service accounts as well as physical machines and storage devices
    • Monitoring of IaaS system logs

image

  • Here in below screen I have logged in using IaaS Admin (userid:iAdmin). Go to the myfavoritecompany tenant in the infrastructure tab (9 out of 10 times you will be in infrastructure tab).

     

    Credentials

    Let’s first create the credentials. This credential is like a template of credential which can be used several times without typing every time same credential or if credential of vCenter/endpoint cannot be shared with vCAC admins.Enter the Name for credential. I recommend to put FQDN name of the vCenter so that you’re aware of connection details. Put some short meaningful Description, Username and Password. Press the green check box.

    NB: I always keep searching for image Button. That green button should be on right hand side not left hand side.

    EndPoints

    Go to the endpoints tab. Now here Name is the most important field. This name must match to the name you have selected while installing the vSphere Endpoint.

  • Just for reference purpose I’m pasting that screen here.
  • SNAGHTML562d69b

    imageSo now we need to put the same name as we have configured in above screen. It is case sensitive.

    imageAddress of vCenter. This is the address of end point. For vCenter it has to be https://vCenterFQDN/sdk format

    imageNow select the credentials you had created earlier. You can use integrated authentication If you have selected integrated credentials while installing vSphere agent.

    imageSelect the checkbox for Specify manager for network and security platform If  you have vShield manager (vCNS Manager) or NSX Instance in your environment. After you select checkbox you get need to put the URL and credentials for it (not shown & explored by me here. It is topic which I will deal with vCloud Director endpoint).

    imagePress OK and we are done configuring vSphere Endpoint

    At this point if vSphere endpoint is configured correctly you should see compute resources e.g. clusters are discovered. Quickest way to check this is to go to Agents tab and in the description tab from the drop down menu you should see vSphere agent. It confirms agent and endpoint are communicating

    image

     

    Below depicts how data collection works out using end points and what kind of data is collected

    image

    Organize Compute Resource

    In order to organize resources we must create fabric group. Fabric group manages resources within their group. e.g. if you create a fabric group just for virtual resource then it cannot manage anything outside this assignment. Below I have create a fabric group and assigned a vCluster (later on I renamed this cluster to Gold cluster to make sense). So VirtualFabgroup will be able to manage only resources inside vCluster. However these resources are restricted to Memory and Storage as we will see it during creation of reservation.

    This where vCloud Director must more superior product. You can configure things at much more granular level

  • image

  • Type name for Fabric Admins as VirtualFabgroup. This name should reflect type of fabric this group is going to manage. It helps a lot. Assign administrator to manage this Fabric as shown below. Select the resource it will manage.

    Now that we have organize resource and appointed fabric admin. Let’s use fabric admin credential to login. It is worth noting all configuration till has been done by IaaS admin

    Fabric Administrator Role

    Machine Prefix

    You cannot create business group before creating Machine Prefix. It is must parameter for business group. You need at least one machine prefix. As mentioned above machine prefix are created by Fabric admin. Using Fabric admin lets create some meaningful prefix

    image

    I have created another two prefix offline just in case we need it and named them starting with CC-UAT and CC-DEV as seen below

    image

    Business Group

    Now that machine prefix is sorted out, let’s do business group. Business group represents BU within a organization. It could represent sales BU, Marketing BU or HR BU. In below example I considered  Sales BU. So if tenant is organization then BU becomes part of Tenant.

    test

  • You get an option within business group to create Business group administrator, support user and end user.

    Business group manager Role 

    1. Approves machines and lease requests.
    2. Manages machines created by all users in the business group.

    Business Support Role: Support user helps you to request resources on behalf of the user. User role can request/self-provision machines/services from the catalog

    Name for the Business group. Ensure it reflects Business group name.

  • Business group admins group/user name.
  • Email id of business group admin.
  • Support Role.
  • User Role.

    Active directory container is optional, I left it unfilled.

    image

    Only Tenant Administrators can create business group

    image

    Create Reservation and Reservation Policy

    Using fabric admin credentials lets create a simple reservation

    Click Infrastructure tab, –>> Click Reservations, –>> select Reservations, –>> click New Reservation, –>> vSphere (vCenter)

    image

    image

    I have not configured reservation policy. I left machine quota and Priority to default values.

    Lets move to Resources tab. Actual reservation is done here. You choose to reserve memory & storage. In Memory section you get to know how much of is available i.e. Physical, How much is reserved and how much is allocated out of this reservation.

    image

    Similar way I have reserved 27 GB out of 40 GB on Gold cluster. None is allocated.

    Finally select network label by moving into Network tab. I have just one network label. But you can have as many as. But remember you must plan about it in advance.

    image

    I think I’ll pause my post here as I see it is already very big. But I’ll continue in next post. That being said lot of configuration of tenant is still pending.