vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part02

If you have reached this post from Google, check this post first. That is where problem is discussed and this the second part of the solution. First thing you need is to pass three information from vCAC i.e. VM Name, Size of the VM and whether you need any backup. VM Name is parameter you will get from vCAC but for Backup Selection and VM Size selection I have created a custom property in build profile. Here is how I have created below

First go to infrastructure tab

In Infrastructure tab go to –> Blueprint –> Property Dictionary

image

Create a New Property Definition

Provide Name –VMSize

Display Name –Virtual Machine Size

Control Type – DropDownList

Please ensure Required check box is selected

Once done please click on green arrow.

Then click on Edit to edit Property Attributes

image

In the property attribute, select ValueList, Put same name “VM Sizes” and provide value as Large, Medium and Small which reflect the size of VM.

image

Similar exercise you follow for backup option

Here is how it looks when user selects the VM Size

image

For backup service selection this is how it looks below

image

Just ensure blueprint is updated as follows

image

This completes vCenter Automation Part at basic Level. Now comes the 3rd and final part. Follow third part here

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part01

This post is about extending vCAC in-built workflows. In last two post (Post1, Post2) I used vCenter Orchestrator (vCO) workflows and executed them using vCloud Automation Center’s (vCAC) advance service designer. It was like taking vCAC as front end to execute those workflows without taking any benefits of vCloud Automation Center’s product. vCAC was purely acting as front end.

Advance service designer doesn’t follow any reservation, policies configured for a particular tenant. It is purely taking inputs from whatever is configured in vCenter Orchestrator workflow and executing it. As I think of it is of help but then I miss all configuration, tracking ownership, multi-tenancy and metering in built in vCAC. In order to cover this I need to do additional scripting which is referred as day-2 operation. To cater this problem, vCAC provides you a way where you can modify in-built workflows. Basic details are provided into this document. I won’t repeat it here. But in order to understand this post you must read it.

To extend workflow you need vCAC designer. It is part of vCAC and can be downloaded from https://vCACAppliance.hostname.com:5480/installer/. Install it. (it is next-next-next-Finish thing).

Problem Statement

User should be able to provision VM by selecting VM size within vCAC interface. Users should be able to understand what compute, storage details are provisioned when they select VM Size.

Here I’m going to modify my existing workflow which I created in post here. If you see the workflow there are three inputs needed

1. VM name

2. VM size

3. IP Address for the VM

If you review this post, 3rd point is automatically taken care. So I have to just focus on how to take two input (VM Name and VM Size) from vCAC and put in the vCO workflow. It was bit simple, just two inputs.

Cloning part will be taken care by vCAC but post provisioning task will be taken care by vCO workflow. So we need to only focus on creating a vCO workflow which will do the following

  1. Changing CPU count
  2. Change RAM
  3. Add Disk
  4. Add Backup Network if selected

If you execute this workflow from vCO or vCenter  VC:VirtualMachine as input is needed. But vCAC do not understand VC:VirtualMachine, it can only understand string input or can provide string output.  VC:VirtualMachine input is referred as complex object type. In order to deal with this input we need to put a wrapper around the workflow. How to put a wrapper around a workflow is explained by VCOTEAM.INFO. Thanks to this post. It is key post.

That post is a where you can start but that isn’t sufficient. You need more. If you refer below return type is array.

image

We need a VC:VirtualMachine as return type. I added script section and then I have created a new parameter with VC:VirtualMachine type with name as vm01 (referred in below screen)

image

In the first line of the script I converted array type i.e. Array/VC:VirtualMachine into VC:VirtualMachine and sent that as output. This is the core piece. If you understood this, you don’t need worry further. Everything else is straight forward. I thought so Winking smile

When I executed the VCO workflow from vCAC, it failed twice. First it failed with VMware tools not working and second time it failed with error “Hot add functionality” is disabled in VM.

First problem was when the provisioning activity was completed, my next workflow which was to shutdown the VM graceful was looking for VMware tools, it didn’t found vmware tools and abruptly failed. In order to shutdown VM gracefully VMware tools must be ready. So to address first problem I have to find a workflow which will check if VMware tools are ready. This can be easily checked by using “vim3WaitToolsStarted” action element. This workflow waits for VMware tools to be ready, as it is need to graceful shutdown VM.

Second problem was workflow didn’t wait for another workflow to be completed. After I shutdown VMs I have workflow which will change CPU count, then change RAM, Add Disk and finally powered ON the VM. So powered ON workflow didn’t wait to execute CPU count, Add Disk and RAM change workflow.  Therefore I use to get error about Hotplug not supported. It was like VM was started before even CPU and RAM change could be executed. So to solve this problem I added “vim3WaitTaskEnd” in-built workflow. This workflow checks previous tasks before executing next task.

With this additional work my final workflow was ready and shown below

image

NB: Except for the script section, everything in vCenter Orchestrator is in-built

Now next part is how to make vCAC to pick this VCO. I have discussed in next post here

How to use vCenter Orchestrator to reduce your template maintenance overhead

When I choose to blog about this workflow I was bit hesitant if it is going to be really any value add to my readers. This is the extension of previous blog and it related to custom property post which I had done earlier. In custom property I raised the concern that with clone workflow you have very limited choice. As I explore in depth about integrating vCenter Orchestrator and vCenter Cloud Automation Center I found a better way to do. Clone workflow is the best workflow but vCloud Automation Center by default provides a limited customization it. I have not inclination to get into deploy mechanism of each and every OS e.g. WIM or any other method. So any thing extra I can do with cloning will be always a value add. In this post I explore this pain point.

You must have had heard VM sprawl. Have you heard of Gold templates sprawl. I have experienced it a lot. We created as many VM template as we had service type and again for each OS. Currently our VM sizing looks like below

image

There are total nine templates I have to maintain. Maintenance includes patching these VMs every time new patches are released. This is very common problem with MS OS. Upgrading VM tools, Upgrade VM hardware. If either of this is left it created huge incompliance in VM hardware, vmware tools and patches.

We always have searched a better solution for this. One was to use PowerShell but it was really clumsy and support was not using it at all.

Using this post I also wish to focused on resolving this problem.

Support wanted a complete automated method where in either end user (non-IT) provision the VM and he gets the VM as per the size he has selected or IT provision them

So they were looking for end to end automatic provisioning a VM without any additional effort to customize the existing deployment method. Cloning was the only option. So I felt cloning existing VM and changing the CPU, Memory and Disk size would be the best way to resolve it. vCenter Orchestrator is wonderful product. It just helps you do it without any effort as long as you know the tips and tricks about it.

All the Workflows are in-built in vCO. All I did is put them in right place.

image

Crux of this entire workflow is script section.

image

Script section is very simple. Let me explain it you

First I created a input parameter by name VMService. I have added property to it with pre-defined answers Large, Medium and Small. This create a drop down menu where user selects VM size

Second I created three attributes by name. Remember attributes gets there value from somewhere else

  1. vmNbOfCpus (type number)
  2. vmMemorySize (type number)
  3. AdditionalDisk (type number)

I used “If else” loop. So when user select VMService as Large, script under curly bracket will be executed i.e. it is take value for vCPU=4, MemorySize=4096MB and Disk size=40 GB. All I have to pass these values to next workflow. In this case they are

  1. ChangeCPUcount gets vmNbOfCpus  as 4
  2. ChangeRAM gets vmMemorySize as 4096 MB
  3. Add Data disk gets 40 GB
  4. Change the custom attribute

End User gets below screen to provision VM. Just select IP address, VM Name and Size of the VM. That is all end user has to worry. VM will be ready within 15-20 minutes.

image

Below is the example of workflow logs

image

And Below is the example of VM which was created.

image

As part of workflow I also added custom attribute to VM based on the size created. VM size provisioned below is Medium.

image

This has been achieved using vCenter Orchestrator Video training available freely at this location.

If you wish to integrate this workflow with vCloud Automation Center you should use advance workflow designer feature. I have discussed it here. Process is more or less similar.

Note: In cloning workflow vim3WaitDnsNameInTools was behaving abnormally. This action element reads DNS name of the VM. Once it read DNS name of the VM using VMware tools, it takes this as trigger to end sysprep operation and proceed next workflow. In my case I got quite varying results. While searching a bit I came across new plug-in introduced for vCenter 5.5.1. Please use latest plug-in which is right now under Technical Preview as I post this.

vCloud Automation Center 6.0 (vCAC 6.0)–Publish Blueprints, Configure Services, Configure Entitlements

Publish Blueprint

In previous post we discussed very basic about Blueprints. Blueprints are now ready, now we need to publish them. Publish Blueprint is simple two click task. Select the Blueprint you wish to publish, from the drop down menu select Publish.

image

Next screen (seen below) provides you option to review the Blueprint details. Press OK to confirm Blueprint publishing. Please note Blueprint name will be reflected in catalog items in subsequent screen. Naming convention makes significant difference.

image

 After Blueprint is published how I do I differentiate Blueprint publish from the Blueprint unpublished? After Blueprint is published, publish option disappears which implicitly confirms Blueprint is published.

image

Next natural step is create a services and make it available for end user

Create & Configure Services

The word catalog was always easier for me to understand. But term service made me do some search to understand how it differs from catalog. And I was right it is catalog re-coined as service. In Infrastructure as a Service (IaaS) we have to define service which will focus more on Infra side of things. These generally include Hardware (now virtual), software (OS) 

I personally see following as core part of IaaS

  • CPU & Memory (Compute)
  • Network
  • Storage
  • OS

    So far we discussed Blueprints and it did cover all above aspects. Most of the services are driven by service definition. What you see as a IaaS, some would see IaaS as foundation to build PaaS. Bottom line : Always stick to service definition.

    Service Catalogs are a fundamental part of service delivery.

    image

    By definition a service Catalogue is a list of services that an organization provides to its customers. Each service within the catalogue typically includes the type of the service, Who is entitled to request/view the service, Costs, support hours and description of service.

    To create a service we must have blueprint published. As we already have published Blueprint, Lets go and create a service. To create service login as tenant administrator.

    First time we’re going into 1)Administration tab (in the past it was all about infrastructure tab). Then 2)Catalog Management and then 3)Services. Click on big fat green Icon.

    image

     

    Provide the name to the service. This is bit important. Name of the service must reflect the content inside the service. I called my service Basic Windows Services. I choose this name as I have only windows VM inside my small lab and at the most I can configure them in T-Shirt size image e.g. Small, Medium, Large, Extra Large. So it is basic windows services with different sizes of VM. Use meaningful description. Description will provide information to end user to make decision about the service. Pickup the Icons from Here.

    Status for service

  • Inactive : Service creation is in progress. State used when you don’t want end users to use it. It helps to pause the service in case there is maintenance windows or when we need update blueprint image.
  • Active: Service is available to all entitled users
  • Deleted: Service is no longer i.e. Service is decommissioned

    image

    Additional information

  • Hours: Visible to the customer as support hours
  • Owner: Business owner for this service
  • Support Team: DL for support/Contact number/email
  • Change Window: Planned maintenance windows

    Finally press Add to complete service creation. So service is purely a definition, it is of little use unless you add catalog items to it.

    Add Catalog Items in a Service

    To add items inside the catalog is nothing but adding blueprints to it. Blueprints by themselves represent a template, business policies or application. It is the same place where we went earlier i.e. Administration –> Catalog Management –> Services. Select the service you want to add to the catalog item. Since we have created Basic Windows Service we will select it and at the right side 1) click on down arrow and select 2) Manage Catalog Items

    image

    After you click Manage Catalog Items, you get a screen to add Catalog Items shown below. You can see it in the background (in light brown color). Click on fat green button to open another window.

    image

    In the above window you see Blueprint is listed which we published earlier.

    So if we try to join the dots the moment we publish blueprint, it becomes a catalog item.

    From the down arrow, select Configure option to configure the blue print. Personally I felt there is not much to configure but you lot to edit.

    image

    Just do some embellishment in configuring catalog item. Other field I have shown in screen capture below. Once you are done press the Update button

    image

    At this stage service is ready, catalog are added to the service. But we are yet to decide who can request service.

    Create & Configure Entitlements

    The term here is entitlements. I could recall the right word from my windows background i.e. Privileges. If you compare technical details with different technology they are almost similar. Terminology changes but technology more or less remains unchanged. Knowing one hypervisor makes easier to learn another hypervisor. I digress.

    ok. I’m back. Entitlements can be done at three levels. First top most container i.e. service level, second at catalog item level and then in the catalog item on the resource action level. Resource action e.g. are controlling the service i.e poweron/off, reset, reprovisioning. Now you can recollect why the word privileges applies here. You can also assign approval policy for Entitlements. Approval policy and entitlement are closely related. Approval policy I’ve discussed in next blog. Considering the length of this post I have to keep approval policy out of this post.

    Entitlements are assigned to users, group. So you need to know which users/groups entitlement must be assigned and which entitlements. Entitlements can be done in any order. To keep things simple I created single entitlement and assign it to Service, catalog item and resource actions.

    Creation of entitlement is quite simple, go to administration –>Catalog management –>Entitlements

    image

    Provide name for the entitlement which reflect the user or group who use it. Add users & groups who will receive entitlements. Select status to be active for users to access items. I guess Draft option could be used for testing/maintenance purpose as you can imagine the moment you put entitlement in draft status users loose access to all items these entitlement is configured for.

    image

    Select the business group. Users & groups must belong to same business group. Since I have single business group I’m unable to confirm if there is a validation check there in place. However tenant administration guide does implicitly mentions it.

    This information includes the name and status of the entitlement and the business group whose selected  users and groups are entitled to request the services and catalog items and perform the actions listed in the entitlement.

    I have not understood the use cases for expiration date. I will skip it. In above screen I did played with it and configured it till 2016.

    Entitle users to Services

    Now it is time to assign entitlement to the service, catalog item and resource action. If you are at the same location i.e. Administration –> Catalog Management –> Entitlements –>Coca Cola Sales Users. Just toggle to Items & Approvals. Procedure is more or less similar for every item i.e. Press green fat button.

    image

    As mentioned earlier entitlement can happen in any order. Below is an example of adding service to entitlement.

    image

    Pretty simple, select the service with a checkbox. Press OK.

    Similarly you can add catalog items to entitlement. I have not shown this as I realize post is getting bigger now. We need to cover how to assign rights to entitlement. Here we go.

    Click on Entitled Actions, new window pops with list of Actions you wish to assign it to entitlements

    image

    In above screen I select some basic power operation command.

    image

    Now next section I would be sharing user experience while provisioning services.

 

vCloud Automation Center 6.0 (vCAC 6.0)–Reservation Policies, Storage Reservation Policies, Network Profiles

Before we proceed further let me revise where we are. In first post here we Installed and Configure vCloud Automation Center 6.0 Identity Appliance (vCAC 6.0 Identity Appliance) and vCloud Automation Center Appliance (vCAC 6.0) and in second post here we Installed and configured vCloud Automation Center IaaS (vCAC 6.0 IaaS). In third post we went further to configure Tenant. As per below diagram we completed almost every configuration. This post will be focusing on optional configuration part

ComponentLevel

We created sales business group, assigned Business group admin to it. We created reservation and assigned reservation to sales BU. 

While creating reservation we stopped at explaining Alert tab. Lets resume with its discussion. It is optional configuration but worth understanding and enabling it. In cloud environment where things change dynamically we must configure alert.

Click on the ALERTS tab, Set the capacity alerts to on various parameters seen below.

image

Unless you have configuration notification alerts emails won’t be sent

Few consideration about Reservation

Reservation is a portion/share of resources which we assign to multiple business group (e.g. Sales, HR, Marketing) and multiple business group can have different reservation types (e.g. Gold, Silver and Bronze). In my environment Gold cluster was assigned to Sales and Marketing Business group in above figure. I have linked PDF copy to the figure. However reservation cannot be shared across the Business group.
If you have created reservation for, end user cannot request a Hyper-V resource using that reservation. Reservation type must match the platform defined in blueprint. If you name your blueprint accordingly this shouldn’t be problem at all.

Reservation Policy

It is collection of resources into group to make specific type of service available. Below I have created a policy by name Production Reservation Policy and included silver and gold reservation.

 

image

 

In below figure I tried to explain that you can have different reservations assigned to single reservation policy but Blue prints can have only one reservation policy assigned. However when resources are provisioned, only reservation which match the blueprint type are considered & allocated.

 

image

 

Reservation policy needs to be populated with reservations. However this is not quite easy to correlate in practice. When you create reservation you have an option to assign that reservation to the reservation policy. This is where association between reservation and reservation policies is created. Reservations are created for Business group and Business group have multiple reservation from fabric. With reservation policy you have an option to bring all types of reservation assigned to a business group under single reservation policy. let me explain it via simple diagram below

 

image

In above example we have tenant, under which we have created a Sales Business group. Inside Sales Business group I have created three reservation of different types. I defined have multiple reservations e.g. Cloud, Virtual and Physical. As Fabric administrator I have created reservation policy by name “Virtual Reservation Policy” to collect resources of both Virtual and Cloud reservations. This policy will help me to provision all virtual resource as long as I select in Blueprint/Reservation “Virtual Reservation Policy”. This is just one way of doing it.

You can create reservation or reservation policy first. There is as such no dependence. In fact reservation policies are optional part of over all piece. Better way to do is create reservation policy first.

Reservation policy is actually a tag. All you need to put a name to the tag, little description for it. To create reservation policy, Go to Infrastructure –> Reservation –>Reservation Policies and Click New Reservation Policies. As described above I have created two reservation policy and can be seen below.

  1. Production Reservation Policy for Gold and Silver reservation
  2. Gold Storage for production virtual machines

image

Creating reservation policy is not sufficient. You must Assign reservation policy to reservations which you intended to group together. So below I’m creating new reservations and assigning newly creating reservation policies each one of them as described above.

image

Storage Reservation Policy

Storage reservation policy is similar to reservation policy. Primary purpose is to collect datastore of similar characteristic into a group. Below I have created a storage reservation policy by name GOLD and got three different datastores (Datastore01, Datastore02 & Datastore03) of same characteristic into single storage reservation policy.

image

This tag helps to assign storage as per the requirement of application. In case Datastore 01 one is full, VM will be automatically provision to datastore 02. It means we just need to have storage reservation policy in place. Behind scene Gold storage from either of datastore01,02 or 03 is assigned for sure.

It is similar to storage profiles released in vSphere 5.0. However these tags were inherited by Dynamic ops. I wonder if there is still a use case of this tag when vSphere DRS cluster is becoming so much popular. Datastore cannot have multiple storage reservation policy e.g. Datastore 01 cannot have another storage reservation policy assigned but storage reservation policy can have different datastores. After storage reservation policy is created to be effective you must assigned it to volume.

Do not create storage reservation policy if you have well designed Storage DRS cluster

Similar to reservation policy, storage reservation policy is also a tag. You can create storage reservation policy from same interface as from reservation policy. Both are almost similar, at least I have not discovered any difference but logically they cannot be combined.

Assigning storage reservation policy differs from the assigning reservation policy. Storage reservation policy must be applied directly on datastores. Go to Infrastructure – Compute Resources – Compute Resources

image

Network Profiles

By default vCAC will assigns DHCP IP Address to all machine it can provision. DHCP is ok for non-production Server VMs but production Server VMs needs IP address. Probably we never need to worry about Desktop VMs as far as networking policies are considered. To allocate static IP is the primary intention of network profiles. It is way to create a pool of IPs using a pre-defined. You can apply network profiles while creating reservation or while creating Blueprint. 

Network profiles do not apply to AWS

Fabric Administrators defines the IP ranges, subnet mask, DNS, DHCP, WINS (does it exist yet???), DNS suffix and combine all these values into single profile referred as network profile. Network profile like reservation policies can be applied to the reservation, blueprints.

Create a Network Profile for Static IP Address Assignment

Login as fabric admin, navigate to infrastructure –> reservations –> New Network Profiles –>External

SNAGHTML3937ea3

1) Name of network profile –Append the name with type of profile e.g. Production External

2) Subnet mask for the network range

3) Gateway ( for NAT type network profile this field is compulsory)

4) Primary DNS server

5) DNS Suffix

SNAGHTML3a5e957

6) Click on IP Range tab. Below screen enter  IP Address you need to reserved for this profile. Provide name and description. Press OK once done

SNAGHTML3adcf91

After you press OK, below screen displays IP range and allocation status in status column.

SNAGHTML3ad3fd0

Now we have network profile, we need to assign it to reservation. Below here I’m  assigning it to existing reservation. Go to Infrastructure –> Reservations –> Edit Existing Reservation configured. For network path “VM Network” select network profile from drop down menu. Press OK

image

So in this post we learn the importance of reservation policy. How to configure reservation policy. We learnt about storage reservation policy and how to configure storage reservation policy. Storage reservation policy needs to applied to compute resource, while reservation policy needs to be configured at reservation screen. Then we went and checked the Network profile, it’s use cases. Finally we learnt How to configure network profile so that static IP’s can be assigned to Servers.

Next post I will be discussing how to create and configure vCloud Automation Center 6.0 (vCAC 6.0) Blueprints