vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part03

Part1, Part2 are simple in some ways & parts. Next part is bit difficult to understand. At least it was for me. I will explain what I’m going to do at high level. I’ll get Machine Name. Then I will get Machine Property –> Machine Property will give me custom property ( VM Size which  user be selecting from drop down menu as referred here and Backup Selection referred here ) finally I will Invoke VCO workflow.  In this workflow which needs VM Name input and VM Size, Backup Choice as input – I will put VM Name which I get from Get Machine Name property and VM Size, Backup choice which I got from Get Machine Property

image_thumb1

Now lets find where to do this and how to do this. Once you understand the basic concept it is way too simple. First open vCAC designer. In that first select load and then select “WFStubMachineProvisioned”. Why “WFStubMachineProvisioned”. Well, this workflow is called immediately when the status of VM is provisioned. More information is available in http://pubs.vmware.com/vCAC-60/topic/com.vmware.ICbase/PDF/vcloud-automation-center-60-extensibility.pdf guide

image_thumb8

 

image_thumb12

In below screen double click on “Machine Provisioned

image_thumb14

Scroll down till you find custom code and double click on the custom code

image_thumb16

From left hand side “DynamicOps.Cdk.Activities” Drag “GetMachineName

SNAGHTML10b7be85_thumb3

 

I have defined two variable for this custom code

  1. vmname (to capture VM Name)
  2. VMSize (to capture VM size e.g. Large, Medium and Small in string format)
  3. VarBackupOption (To capture user selection Yes/No in string format)

SNAGHTML10b93f29_thumb3

Double click on GetMachineName

image_thumb31

In Machine Id field put a pre-defined variable “VirtualMachineId”. This is standard value. Please do not change it. Under machine name put the variable vmname. This variable we have defined above.

Machine Name will pickup name from virtualmachineid and pass it to vmname. Finally variable vmname will hold the name of the vm. We are done with GetMachineName.

Click on the custom code as shown in above figure, it will take you back to custom code screen. Now from left hand side ”DynamicOps.Cdk.Activities” Drag “GetMachineProperty

image_thumb35

GetMachineProperty reads the custom property you have defined and the value associated with that property in vCAC. In our case I have defined custom property with name VMSize and it’s value will come from value select from drop down menu. This value (e.g. Large, Medium or Small) will be taken by variable VMSize

image_thumb42

You will notice VMSize property name is in Quotes however Property Value is without quotes. It is because VMSize in property value is variable which will be captured from user interaction in vCAC and VMSize in property name is coming from custom property defined in vCAC.

Conceptually this is how it is related

image_thumb45

 

I repeated the same procedure for Backup choice and here is how it looks below

image

VarBackupOption will hold the user selection string value which would be either Yes or No and pass it to vCO workflow

Now we have Virtual machine name captured in VMName variable, VMSize captured in VMSize variable and BackupOption capture in VarBackupOption we are ready for next drag and drop Smile . Drag vCO workflow by name InvokeVcoWorkflow

Simply put VMName and VMSize as input to VCO workflow.

image

 

Now below is how entire workflow looks like

image_thumb52

Now you are done with, simple Send and that updates the WFStubMachineProvisioned

image_thumb56

This is all you need to do. Request Virtual Machine and you will get what you have configured.

Complete log of VM provisioning via vCAC and VCO is presented below with sequence of action.

image

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part02

If you have reached this post from Google, check this post first. That is where problem is discussed and this the second part of the solution. First thing you need is to pass three information from vCAC i.e. VM Name, Size of the VM and whether you need any backup. VM Name is parameter you will get from vCAC but for Backup Selection and VM Size selection I have created a custom property in build profile. Here is how I have created below

First go to infrastructure tab

In Infrastructure tab go to –> Blueprint –> Property Dictionary

image

Create a New Property Definition

Provide Name –VMSize

Display Name –Virtual Machine Size

Control Type – DropDownList

Please ensure Required check box is selected

Once done please click on green arrow.

Then click on Edit to edit Property Attributes

image

In the property attribute, select ValueList, Put same name “VM Sizes” and provide value as Large, Medium and Small which reflect the size of VM.

image

Similar exercise you follow for backup option

Here is how it looks when user selects the VM Size

image

For backup service selection this is how it looks below

image

Just ensure blueprint is updated as follows

image

This completes vCenter Automation Part at basic Level. Now comes the 3rd and final part. Follow third part here

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part01

This post is about extending vCAC in-built workflows. In last two post (Post1, Post2) I used vCenter Orchestrator (vCO) workflows and executed them using vCloud Automation Center’s (vCAC) advance service designer. It was like taking vCAC as front end to execute those workflows without taking any benefits of vCloud Automation Center’s product. vCAC was purely acting as front end.

Advance service designer doesn’t follow any reservation, policies configured for a particular tenant. It is purely taking inputs from whatever is configured in vCenter Orchestrator workflow and executing it. As I think of it is of help but then I miss all configuration, tracking ownership, multi-tenancy and metering in built in vCAC. In order to cover this I need to do additional scripting which is referred as day-2 operation. To cater this problem, vCAC provides you a way where you can modify in-built workflows. Basic details are provided into this document. I won’t repeat it here. But in order to understand this post you must read it.

To extend workflow you need vCAC designer. It is part of vCAC and can be downloaded from https://vCACAppliance.hostname.com:5480/installer/. Install it. (it is next-next-next-Finish thing).

Problem Statement

User should be able to provision VM by selecting VM size within vCAC interface. Users should be able to understand what compute, storage details are provisioned when they select VM Size.

Here I’m going to modify my existing workflow which I created in post here. If you see the workflow there are three inputs needed

1. VM name

2. VM size

3. IP Address for the VM

If you review this post, 3rd point is automatically taken care. So I have to just focus on how to take two input (VM Name and VM Size) from vCAC and put in the vCO workflow. It was bit simple, just two inputs.

Cloning part will be taken care by vCAC but post provisioning task will be taken care by vCO workflow. So we need to only focus on creating a vCO workflow which will do the following

  1. Changing CPU count
  2. Change RAM
  3. Add Disk
  4. Add Backup Network if selected

If you execute this workflow from vCO or vCenter  VC:VirtualMachine as input is needed. But vCAC do not understand VC:VirtualMachine, it can only understand string input or can provide string output.  VC:VirtualMachine input is referred as complex object type. In order to deal with this input we need to put a wrapper around the workflow. How to put a wrapper around a workflow is explained by VCOTEAM.INFO. Thanks to this post. It is key post.

That post is a where you can start but that isn’t sufficient. You need more. If you refer below return type is array.

image

We need a VC:VirtualMachine as return type. I added script section and then I have created a new parameter with VC:VirtualMachine type with name as vm01 (referred in below screen)

image

In the first line of the script I converted array type i.e. Array/VC:VirtualMachine into VC:VirtualMachine and sent that as output. This is the core piece. If you understood this, you don’t need worry further. Everything else is straight forward. I thought so Winking smile

When I executed the VCO workflow from vCAC, it failed twice. First it failed with VMware tools not working and second time it failed with error “Hot add functionality” is disabled in VM.

First problem was when the provisioning activity was completed, my next workflow which was to shutdown the VM graceful was looking for VMware tools, it didn’t found vmware tools and abruptly failed. In order to shutdown VM gracefully VMware tools must be ready. So to address first problem I have to find a workflow which will check if VMware tools are ready. This can be easily checked by using “vim3WaitToolsStarted” action element. This workflow waits for VMware tools to be ready, as it is need to graceful shutdown VM.

Second problem was workflow didn’t wait for another workflow to be completed. After I shutdown VMs I have workflow which will change CPU count, then change RAM, Add Disk and finally powered ON the VM. So powered ON workflow didn’t wait to execute CPU count, Add Disk and RAM change workflow.  Therefore I use to get error about Hotplug not supported. It was like VM was started before even CPU and RAM change could be executed. So to solve this problem I added “vim3WaitTaskEnd” in-built workflow. This workflow checks previous tasks before executing next task.

With this additional work my final workflow was ready and shown below

image

NB: Except for the script section, everything in vCenter Orchestrator is in-built

Now next part is how to make vCAC to pick this VCO. I have discussed in next post here

Service Provisioning using vCenter Orchestrator (vCO)

I think we are living in the most dynamic time of our life. I have done good number of post on vCAC and want to do more. My plan is to focus on vCAC is to do with VMware Certified Design Expert – Cloud (VCDX-Cloud). It is long long journey. See here the amount work Derek has to put to get there

But this time I don’t want to focus on install and config ones. Main component of vCAC is its extensibility which is referred as XaaS in the document. You can only achieve it when you have some background in scripting and keen to develop new things. It is predicated that every infrastructure administrator must have some scripting and or developers skills to survive in IT in next decade. One of the link which support this is http://it20.info/2014/01/vchs-meets-vco-and-boris-becomes-a-hero/

I loving solving problems and while working in operations team it is the primary thing we do. But then optimize it, do it effectively, Do more with less where the constant instructions from the management. I fortunately got introduced to PowerShell quite early. I’m glad I know little bit of it. I did good amount of scripting on PowerShell. I use to blog about it here. But with self-service provisioning, agility attributes of cloud computing I realized this skill is not sufficient. You need to know a how to orchestrator thing. With PowerShell this is possible but it increases code complexity and also it becomes very difficult to maintain and update the code every time environment changes.

I’m working on the project where I have to provide an end user option to provision VM with different SLA e.g. Gold, Silver and Bronze. User should be able to select VM as per SLA. User should be made aware of what comes with Gold, Silver and Bronze VMs. User must be able to select whether he wish to backup his VM.

Here is how I have crudely defined Gold, Silver and Bronze Services

image

Lets now focus on how to allow user to select these VMs.

vCO  have lot of built-in workflow. For this exercise lets use in-built one. It is well suited for our objective.

Let me define workflow. Workflows consist of a schema, attributes, and parameters. Schema is nothing but actual program or script (If I may call ). Attributes are something we pre-define like declaring variables right at the top of the script. Parameters are of two types. Input and out parameters. Input parameters are where user input is needed or some form of input is needed. Output parameter is result of execution of workflow.

I have duplicated three workflows based on inbuilt workflow by name “create simple virtual machine”.

image

Renamed them as Gold VM, Silver VM and Bronze VM as seen below. This is pretty basic.

image

Now the challenge was how to invoke these workflows when user selects services he needs. I created a new workflow by name Coca cola services. Inside this I created an input parameter by name Services. Since we want end user to select services, I have to change the presentation for the input parameter in the form of drop down list. Go to the presentation tab, select Services and select blue triangle and select the Properties as Predefined answers. In Predefined answers Insert Values as Gold, Silver and Bronze

image

This will create a drop down menu from which user can select the service . Now I have to initiate the action based on user selection. e.g. If users selects Gold, I want Gold VM workflow to be initiated or if user selects Silver, I want Silver VM workflow to be initiated and similar for bronze. This can be achieved in workflow by using decision.

Since user input defined are string parameter, In decision I have selected Services if it Gold – it is True condition.

image

Drag decision into this place as shown/ Below is the complete workflow schema

image

Here you have simple Go-No-go kind of workflow. I have defined here if you see Gold, please Go and initiate GOLD VM 1.1 workflow. If you see No-go, I have dragged and dropped another decision and there I have defined if you get from user Silver request, Go for silver VM 1.1 workflow and again for No-go, I have dropped another decision, here for bronze I have requested to execute Bronze VM 1.1 workflow.

If you know little bit of scripting this is as simple as below. And if you look at the workflow it is reflecting similar picture

 ServiceWorkflow

So if you know the workflow elements, it makes things much easier. If you know scripting you will understand how much pain has been reduced by vCO. Thanks vCO team for this.

So this covers the service tiering. Now the next portion is of allowing user to select backup.

This was bit difficult for me to construct at surface.Got hold of vCenter Orchestrator Book and there I got a hint. I have to modify default workflow. Since we need to give user an option to select Backup. So when user selects he wants backup I want to add additional network and that network card must get attached to Backup port group. Logic is quite simple here, User selects the Radio button (yes/no), if says Yes, I wrote a this code to additional network card.

   1:  //Add Backup Network
   2:  if(

BackupVM

==true){
   3:  deviceConfigSpec = System.getModule("com.VMware.library.vc.vm.spec.config.device").createVirtualEthernetCardNetworkConfigSpec(

vmBackupNetwork

);
   4:  deviceConfigSpecs[ii++] = deviceConfigSpec;
   5:  }

Don’t worry much about this code. Just worry about the variables here.

1) BackupVM is input variable which I have defined, and defined it as Boolean type. If User select Yes, it will create VM network

2) vmBackupNetwork is an attribute I have defined in each workflow (Gold VM1.1, Silver1.1 & Bronze1.1) which will always attach itself to backup network as shown below

image

After you save, validate workflow below Presentation screen is seen. This is just a workflow. We need to get this executed from vCloud Automation Center. Let me keep this for next post.

image

vCloud Automation Center 6.0 (vCAC 6.0)–Reservation Policies, Storage Reservation Policies, Network Profiles

Before we proceed further let me revise where we are. In first post here we Installed and Configure vCloud Automation Center 6.0 Identity Appliance (vCAC 6.0 Identity Appliance) and vCloud Automation Center Appliance (vCAC 6.0) and in second post here we Installed and configured vCloud Automation Center IaaS (vCAC 6.0 IaaS). In third post we went further to configure Tenant. As per below diagram we completed almost every configuration. This post will be focusing on optional configuration part

ComponentLevel

We created sales business group, assigned Business group admin to it. We created reservation and assigned reservation to sales BU. 

While creating reservation we stopped at explaining Alert tab. Lets resume with its discussion. It is optional configuration but worth understanding and enabling it. In cloud environment where things change dynamically we must configure alert.

Click on the ALERTS tab, Set the capacity alerts to on various parameters seen below.

image

Unless you have configuration notification alerts emails won’t be sent

Few consideration about Reservation

Reservation is a portion/share of resources which we assign to multiple business group (e.g. Sales, HR, Marketing) and multiple business group can have different reservation types (e.g. Gold, Silver and Bronze). In my environment Gold cluster was assigned to Sales and Marketing Business group in above figure. I have linked PDF copy to the figure. However reservation cannot be shared across the Business group.
If you have created reservation for, end user cannot request a Hyper-V resource using that reservation. Reservation type must match the platform defined in blueprint. If you name your blueprint accordingly this shouldn’t be problem at all.

Reservation Policy

It is collection of resources into group to make specific type of service available. Below I have created a policy by name Production Reservation Policy and included silver and gold reservation.

 

image

 

In below figure I tried to explain that you can have different reservations assigned to single reservation policy but Blue prints can have only one reservation policy assigned. However when resources are provisioned, only reservation which match the blueprint type are considered & allocated.

 

image

 

Reservation policy needs to be populated with reservations. However this is not quite easy to correlate in practice. When you create reservation you have an option to assign that reservation to the reservation policy. This is where association between reservation and reservation policies is created. Reservations are created for Business group and Business group have multiple reservation from fabric. With reservation policy you have an option to bring all types of reservation assigned to a business group under single reservation policy. let me explain it via simple diagram below

 

image

In above example we have tenant, under which we have created a Sales Business group. Inside Sales Business group I have created three reservation of different types. I defined have multiple reservations e.g. Cloud, Virtual and Physical. As Fabric administrator I have created reservation policy by name “Virtual Reservation Policy” to collect resources of both Virtual and Cloud reservations. This policy will help me to provision all virtual resource as long as I select in Blueprint/Reservation “Virtual Reservation Policy”. This is just one way of doing it.

You can create reservation or reservation policy first. There is as such no dependence. In fact reservation policies are optional part of over all piece. Better way to do is create reservation policy first.

Reservation policy is actually a tag. All you need to put a name to the tag, little description for it. To create reservation policy, Go to Infrastructure –> Reservation –>Reservation Policies and Click New Reservation Policies. As described above I have created two reservation policy and can be seen below.

  1. Production Reservation Policy for Gold and Silver reservation
  2. Gold Storage for production virtual machines

image

Creating reservation policy is not sufficient. You must Assign reservation policy to reservations which you intended to group together. So below I’m creating new reservations and assigning newly creating reservation policies each one of them as described above.

image

Storage Reservation Policy

Storage reservation policy is similar to reservation policy. Primary purpose is to collect datastore of similar characteristic into a group. Below I have created a storage reservation policy by name GOLD and got three different datastores (Datastore01, Datastore02 & Datastore03) of same characteristic into single storage reservation policy.

image

This tag helps to assign storage as per the requirement of application. In case Datastore 01 one is full, VM will be automatically provision to datastore 02. It means we just need to have storage reservation policy in place. Behind scene Gold storage from either of datastore01,02 or 03 is assigned for sure.

It is similar to storage profiles released in vSphere 5.0. However these tags were inherited by Dynamic ops. I wonder if there is still a use case of this tag when vSphere DRS cluster is becoming so much popular. Datastore cannot have multiple storage reservation policy e.g. Datastore 01 cannot have another storage reservation policy assigned but storage reservation policy can have different datastores. After storage reservation policy is created to be effective you must assigned it to volume.

Do not create storage reservation policy if you have well designed Storage DRS cluster

Similar to reservation policy, storage reservation policy is also a tag. You can create storage reservation policy from same interface as from reservation policy. Both are almost similar, at least I have not discovered any difference but logically they cannot be combined.

Assigning storage reservation policy differs from the assigning reservation policy. Storage reservation policy must be applied directly on datastores. Go to Infrastructure – Compute Resources – Compute Resources

image

Network Profiles

By default vCAC will assigns DHCP IP Address to all machine it can provision. DHCP is ok for non-production Server VMs but production Server VMs needs IP address. Probably we never need to worry about Desktop VMs as far as networking policies are considered. To allocate static IP is the primary intention of network profiles. It is way to create a pool of IPs using a pre-defined. You can apply network profiles while creating reservation or while creating Blueprint. 

Network profiles do not apply to AWS

Fabric Administrators defines the IP ranges, subnet mask, DNS, DHCP, WINS (does it exist yet???), DNS suffix and combine all these values into single profile referred as network profile. Network profile like reservation policies can be applied to the reservation, blueprints.

Create a Network Profile for Static IP Address Assignment

Login as fabric admin, navigate to infrastructure –> reservations –> New Network Profiles –>External

SNAGHTML3937ea3

1) Name of network profile –Append the name with type of profile e.g. Production External

2) Subnet mask for the network range

3) Gateway ( for NAT type network profile this field is compulsory)

4) Primary DNS server

5) DNS Suffix

SNAGHTML3a5e957

6) Click on IP Range tab. Below screen enter  IP Address you need to reserved for this profile. Provide name and description. Press OK once done

SNAGHTML3adcf91

After you press OK, below screen displays IP range and allocation status in status column.

SNAGHTML3ad3fd0

Now we have network profile, we need to assign it to reservation. Below here I’m  assigning it to existing reservation. Go to Infrastructure –> Reservations –> Edit Existing Reservation configured. For network path “VM Network” select network profile from drop down menu. Press OK

image

So in this post we learn the importance of reservation policy. How to configure reservation policy. We learnt about storage reservation policy and how to configure storage reservation policy. Storage reservation policy needs to applied to compute resource, while reservation policy needs to be configured at reservation screen. Then we went and checked the Network profile, it’s use cases. Finally we learnt How to configure network profile so that static IP’s can be assigned to Servers.

Next post I will be discussing how to create and configure vCloud Automation Center 6.0 (vCAC 6.0) Blueprints

Creating & Configuring Tenant/s in vCloud Automation Center 6.0 (vCAC 6.0)

Mutli-tenancy is built into vCAC6.0. What it means? It simply means for every tenant you do not need to install vCAC. You can have multi-tenant on single vCAC. Each tenant can have its own branding, Active Directory Authentication source, group, Business policies, Catalog offering and dedicated infrastructure. Tenants in vCAC are an organizational unit. Tenant represent business unit within an organization or can be organization itself.

In vCAC each tenants gets

  • Dedicated URL
  • Identity Stores
  • Branding
  • Notification Providers (email alerts)
  • Business Policies
  • Service Catalog offering (small VM, Big VM, Web service, Apache Service)
  • Infrastructure Resources (virtual. Physical, Cloud)

    vCAC gets a default tenant vSphere.local (cannot be changed/avoided) and can be accessed via http://vCACApplianceFQDN/shell-ui-app

     

    image_thumb3

    1) To create a new tenant click on green Icon encircled above. New window opens up. When all details are entered, press Submit and Next

    image_thumb5[1]

    2) Lets add the identity source. In my case I’m using my own AD.

    image_thumb15

    Here you as Administrator create two very important roles.

  • Tenant Administrators

  • Infrastructure Administrators (I have referred it as IaaS Admin in this post)

    image_thumb19

    Parameters

    Explanation

    Name Name by which you wish to identify the Identity source
    Type You’ve option to choose from Active Directory or LDAP. Native AD option is available only for vsphere.local
    URL Provide the LDAP format even if you are using AD. It is referred as accessing AD over LDAP connection
    Domain Name of your domain
    Alias You can put any name here which is easier to remember and it helps to use to login this alias. In my case I can use spreetam@vZare.com or just spreetam@vZare . Both works.
    Login user DN User who has read only permissions on Active directory
    Password Password for Login user
    User search base DN Place in AD/LDAP where you wish to search the Users. I have put my Favorite company OU as a location to search users. Effectively I will be adding users only in my Favorite OU
    Group search base DN Same as above except that it will be used to search groups

    Branding and other parameters in tenant creation I left it default as there isn’t much to learn

     

    Configuring Tenant

     

    Below is the workflow we should follow to configure Tenants

    image

     

     


    IaaS Administrator is created by administrator and is responsible to perform

    • Management of endpoints, endpoints credentials and virtualization proxy agent
    • Management of cloud service accounts as well as physical machines and storage devices
    • Monitoring of IaaS system logs

image

  • Here in below screen I have logged in using IaaS Admin (userid:iAdmin). Go to the myfavoritecompany tenant in the infrastructure tab (9 out of 10 times you will be in infrastructure tab).

     

    Credentials

    Let’s first create the credentials. This credential is like a template of credential which can be used several times without typing every time same credential or if credential of vCenter/endpoint cannot be shared with vCAC admins.Enter the Name for credential. I recommend to put FQDN name of the vCenter so that you’re aware of connection details. Put some short meaningful Description, Username and Password. Press the green check box.

    NB: I always keep searching for image Button. That green button should be on right hand side not left hand side.

    EndPoints

    Go to the endpoints tab. Now here Name is the most important field. This name must match to the name you have selected while installing the vSphere Endpoint.

  • Just for reference purpose I’m pasting that screen here.
  • SNAGHTML562d69b

    imageSo now we need to put the same name as we have configured in above screen. It is case sensitive.

    imageAddress of vCenter. This is the address of end point. For vCenter it has to be https://vCenterFQDN/sdk format

    imageNow select the credentials you had created earlier. You can use integrated authentication If you have selected integrated credentials while installing vSphere agent.

    imageSelect the checkbox for Specify manager for network and security platform If  you have vShield manager (vCNS Manager) or NSX Instance in your environment. After you select checkbox you get need to put the URL and credentials for it (not shown & explored by me here. It is topic which I will deal with vCloud Director endpoint).

    imagePress OK and we are done configuring vSphere Endpoint

    At this point if vSphere endpoint is configured correctly you should see compute resources e.g. clusters are discovered. Quickest way to check this is to go to Agents tab and in the description tab from the drop down menu you should see vSphere agent. It confirms agent and endpoint are communicating

    image

     

    Below depicts how data collection works out using end points and what kind of data is collected

    image

    Organize Compute Resource

    In order to organize resources we must create fabric group. Fabric group manages resources within their group. e.g. if you create a fabric group just for virtual resource then it cannot manage anything outside this assignment. Below I have create a fabric group and assigned a vCluster (later on I renamed this cluster to Gold cluster to make sense). So VirtualFabgroup will be able to manage only resources inside vCluster. However these resources are restricted to Memory and Storage as we will see it during creation of reservation.

    This where vCloud Director must more superior product. You can configure things at much more granular level

  • image

  • Type name for Fabric Admins as VirtualFabgroup. This name should reflect type of fabric this group is going to manage. It helps a lot. Assign administrator to manage this Fabric as shown below. Select the resource it will manage.

    Now that we have organize resource and appointed fabric admin. Let’s use fabric admin credential to login. It is worth noting all configuration till has been done by IaaS admin

    Fabric Administrator Role

    Machine Prefix

    You cannot create business group before creating Machine Prefix. It is must parameter for business group. You need at least one machine prefix. As mentioned above machine prefix are created by Fabric admin. Using Fabric admin lets create some meaningful prefix

    image

    I have created another two prefix offline just in case we need it and named them starting with CC-UAT and CC-DEV as seen below

    image

    Business Group

    Now that machine prefix is sorted out, let’s do business group. Business group represents BU within a organization. It could represent sales BU, Marketing BU or HR BU. In below example I considered  Sales BU. So if tenant is organization then BU becomes part of Tenant.

    test

  • You get an option within business group to create Business group administrator, support user and end user.

    Business group manager Role 

    1. Approves machines and lease requests.
    2. Manages machines created by all users in the business group.

    Business Support Role: Support user helps you to request resources on behalf of the user. User role can request/self-provision machines/services from the catalog

    Name for the Business group. Ensure it reflects Business group name.

  • Business group admins group/user name.
  • Email id of business group admin.
  • Support Role.
  • User Role.

    Active directory container is optional, I left it unfilled.

    image

    Only Tenant Administrators can create business group

    image

    Create Reservation and Reservation Policy

    Using fabric admin credentials lets create a simple reservation

    Click Infrastructure tab, –>> Click Reservations, –>> select Reservations, –>> click New Reservation, –>> vSphere (vCenter)

    image

    image

    I have not configured reservation policy. I left machine quota and Priority to default values.

    Lets move to Resources tab. Actual reservation is done here. You choose to reserve memory & storage. In Memory section you get to know how much of is available i.e. Physical, How much is reserved and how much is allocated out of this reservation.

    image

    Similar way I have reserved 27 GB out of 40 GB on Gold cluster. None is allocated.

    Finally select network label by moving into Network tab. I have just one network label. But you can have as many as. But remember you must plan about it in advance.

    image

    I think I’ll pause my post here as I see it is already very big. But I’ll continue in next post. That being said lot of configuration of tenant is still pending.

Installing & Configuring VMware vCloud Automation Center 6.0 (vCAC 6.0) IaaS Component– Part02

In previous post we discussed installing and configuring vCAC identity and vCAC appliance. In this post we will continue and finish initial configuration of VMware IaaS Component. At the end of this post all installation of vCAC will be done.

Requirements

vCPU Mem (GB) Disk (GB) OS (Windows) Application Database
2 8 30 GB Windows 2008 R2 SP1
Windows 2012
IIS7.5,
IIS 8.0. Net Framework 4.5
SQL Server 2008 R2 express and above

Pre-requisite

We need IIS and .Net Framework to be installed. By default windows 2008R2 comes with 3.5 (.Net Framework). You must upgrade it to 4.5 once below steps are done.

No need to download 4.5 .Net frame work. It is included in the vCAC appliance which I have mentioned below.

1) Below screen explains installation of .Net Frame work and IIS component

image

2) Select all services except Named Pipes Activation.

image

Installation document doesn’t mention components you should select for .net frame installation. You can select all.

3) Select IIS component

image

3a) Select self signed certificate. During installation you should choose self-signed certificate and later on change it to CA signed

3b) Select IIS Management Compatibility, ASP, CGI (CGI not mentioned in the document)

image

image

 

IIS Authentication Settings

1) Disable Anonymous Authentication

SNAGHTML5186fad

If you are new (like me) to IIS, click on authentication icon that see in first page and then you will be able to see above screen.

2) Enable Windows Authentication

In the same window at the bottom you will see Windows Authentication. Enable it.

image

3) Enable NTLM Provider & Negotiate Provider

By default both these settings are enabled. But some unknown reason these settings are not  detected by installer. we just have to toggle these settings i.e. remove NTLM and Negotiate provider as shown below and re-add

image

3a) In above screen we removed the providers and in below screen we are adding it back. Follow the sequence

SNAGHTML32bab7b 

 

4) Similar thing we need to for Windows authentication Kernel mode. Follow steps in the order mentioned below

image

4a) Follow steps in reverse order to restore the setting to the original (not shown here).

5) Secondary Logon service must be running if you are installing DEM, Manager Service. By default this service is to start manually, please change it to Automatic.

6) You must also enable MSDTC on all nodes of SQL.

image

7) Document does mention PowerShell as a pre-requisite but starting 2008R2 it is integral part of the OS. So with this all pre-requisite are covered, just change the execution mode to remotesigned.

SNAGHTML54f30ea

Now let’s start the actual installation.

Installation

1) To start installation you have to download IaaS setup file from vCAC appliance. Just login to vCAC appliance and download it as shown below

image

It is recommended not to change the name of the download. It will assist IaaS installable to read the vCAC appliance details automatically.

SNAGHTML343cb2b

image

2) Just enter root credentials for the vCAC appliance and press Next

SNAGHTML51ad266

vCAC appliance name (seen above) is automatically populated if you have not changed the name of downloaded file

3) Select Complete installation option here.

SNAGHTML3475c72

Select Custom Install to scale installation where you want to install components on different machine. Using custom install you also get option to install proxy agents to talk to end points.

image

5) Now pre-flight checklist is shown.Options which are red must be corrected. Best thing about this preflight check list is that it explains how to fix the problem.

image

6) Please note after you fixed the problem you just need to press Check Again button. Another helpful thing developers did for us

7) Fill in the credentials for vCAC service account and Passphrase.

image

SNAGHTMLb65b594

In Second half of the screen please provide MSSQL server details. Wizard automatically checks the connection to the SQL server. Mention the name for DB. You can pre-create DB using script provide by VMware in vCAC appliance screen shown above.

Database permission needed vCAC are of sysadmin level. Please see that these permission assigned to service account

image

8) Below are default names automatically populated for DEM worker and Orchestrator (DEO). No need to change the default name unless you have good reason to do so.

image

Also select the check box to Install and configure vSphere agent if you are going to use vCenter as endpoint.

At this stage all user inputs are completed. Now we must review what we selected and what is going to be installed. It is worth pointing out most of the core components can be scaled out. I will be discussing scaling out option in detailed in future posts

image

Installation progress takes anywhere between 7-10 mins. Please be patient

SNAGHTMLb0a01ae

image

image

It is recommended to check if all core services of vCAC have been started.

image

Reference: I learnt vCAC’s IaaS installation from Jad El-Zein website. I’m thankful to him for sharing it.

Installing & Configuring VMware vCloud Automation Center 6.0 (vCAC 6.0) Identity Appliance (IA), vCAC virtual appliance -Part01

Starting today I will be doing vCAC6.0 series. I have attended vCAC official VMware course on 5.2 and I see significant changes in architecture in vCAC6.0. This series is upgrading myself on vCAC6.0 from 5.2. I will be starting with Installation directly. It is lengthy and full of screens. Use it during you installation and configuration of your labs or manuals.

There are basically three main components of vCAC. From these three component you can scale out entire infrastructure as per your requirement.

  • vCAC Identity Appliance (Please read this as SSO, with vCenter 5.5b you don’t need identity appliance)
  • vCAC Appliance
  • vCAC IaaS (windows based)

    Minimum Requirements for vCAC components

    Identity Appliance vCAC Appliance IaaS Components (Windows)
    1 vCPU 2 vCPU 2 vCPU
    2 GB RAM 8 GB RAM 8 GB RAM
    2 GB Disk space 30 GB Disk space 30 Disk space

     

    Deploying Identity Appliance

    1) Grab the OVF file. Connect to vSphere Web client. Select Deploy OVF Template

    image

     

    image

     

    SNAGHTMLc36c7c

    2) Accept EULA

    image

    3) Select the folder where you wish to place this appliance

    image

    4) Select the Virtual disk format and VM storage policy if you configured any

    image

    5) Select the network label and select IP protocol. 9 out 10 people select IPv4

    SNAGHTMLe2719b

    6) Below screen is self-explainable. All you need to remember is username is root. Also always populate hostname with the FQDN name.

    image

    7) Review the screen and select Finish to start deployment of OVF

    image

    Configuration of Identity Appliance

    After successfully deploying OVF file, power On the appliance. Wait till you see below screen.

    image

    image

    1) First Change time setting. By default appliance picks up time from host. It is optional step, I have configured below my own NTP server.

    image

    2) Change the time zone if it is applicable to you. By default it picks UTC. Since VMware also uses UTC. It would be good to keep it at default

    image

    3) Now go to the network tab. Check if all details are proper populated. These are all settings which we configured while deploying OVF appliance. If any value is incorrect –correct it and don’t forget to press Save Settings

     image

    4) Only thing you probably must configure in this appliance is SSO. SSO must be initialized. SSO domain is by default selected. you cannot modify it. Enter admin password and confirm it. Here the user is administrator. Apply to initialize SSO. SSO initialize takes any from 2-4 mins

    SNAGHTML7ccef

    Notes: By default vSphere.local tenant is also created when we deploy vCAC.

    4a) After SSO is initialize, following confirmation is seen.

    SNAGHTMLcee44

    5) Now go to Host settings tab. Hostname is automatically populated. Append 7444. It is only port SSO works. Don’t forget to press Apply button

    SNAGHTML10751f

    6) Now go to the host tab to generate self-signed certificate. Please observe common name value. For some reason this value is incorrectly populated. I’m unsure if it is do with my installation or others have faced it as well. This value has dependency on vCAC’s connection to SSO.

    image

    Below screen shows the right values that must be insert into fields below.

    Please note Common Name is most import field in certificate field

    image

    Below screen confirms SSL certificate is successfully restored

    SNAGHTML18b827

     

    You can optionally join identity appliance to active directory. Since its main function is SSO. It is not needed. However when I did this exercise I was not aware of the recommendation by VMware

    image

    Here Identify Appliance is successfully configured.

     

    Installing and Configuring vCAC Appliance

    Steps from 1-7 as described in installing identity appliance are similar for vCAC appliance. There is nothing much to learn and repeat. I have pasted below final screens of vCAC appliance.

    image

    image

     

    Configuring vCAC Appliance

    1) After deploying vCAC appliance lets get to it’s configuration part. First get the hostname resolved. Go to vCAC settings tab, under it Host Settings

    image

    2) Now lets go to SSL certificate. Below I’m generating self-signed certificate. Follow the details on the screen.

    image

     

    3) Now get the vCAC talk to SSO. vCAC must connect to SSO. As shown below screen enter the details

    image

    Below screen shows SSO is successfully connected.

    image

    4) Enter the license. This license is for appliance. When you configure tenant you must configure license there as well, key might be same

    image

    After SSO is configured various services will start getting registered

    image

    In next post I will be focusing on IaaS. I wanted to cover IaaS in this section however post is already very lengthy.

    Note I have not covered any technical stuff in this blog. Architecture has changed and many components which were separated 5.2 are merged either in vCAC or in IaaS. I have explained them via PPT here.