Nov 27 2014

Cost Profiles in vRealize Automation

Category: Automation,Changes,Configuration,vCAC,vRA,vRealize AutomationPreetam Zare @ 4:48 pm

Recently I was queried on how to apply cost profile. I thought, it is super simple to do so. However when I tried in my lab, it took quite a while to find cost profiles screen and how does it work. While working on cost profile in my lab I realized few things. In this post I’m sharing how to use cost profiles and how it is related to compute resources, Fabric group

You have to associate Cost profiles with compute resources. Compute resources is pool of clusters available in your endpoint. This is the single most thing I would like you to take as a learning from this post. Compute resource is in turn associated with fabric. There is direct relationship between compute resource and fabric. So when you create a fabric, you also carry along cost profile defined at the compute resource. Fabric admin creates reservation i.e. carves the chunk out of the fabric. Cost profiles get carried to this chunk. So cost profile applies to all the VMs created out of the fabric. Since it is fabric based operation, you need Fabric admin credentials to do this job. Continue reading “Cost Profiles in vRealize Automation”


Nov 23 2014

vCAC 6.1 (vRA) Distributed Architecture Installation Guide Made easy –[Part –02]

Certificates for Identity Appliance

High level procedure to install and configure identity appliance

  1. Deploy Identity appliance
  2. Power ON appliance
  3. Configure Timezone
  4. Configure Time server
  5. Initialize SSO
  6. Import CA signed certificates
  7. Add Identity appliance to Active directory

After certificate steps are followed, Insert the private key which is rui.key in to RSA Private Key and insert RUI.PEM which is certificate chain.

NB: You must entire the password for Pass Phrase. This is almost forgotten if you are using a small screen.

clip_image002

Configure vCAC App as vPostgresSQL Database

Deploy vCAC Appliance and Power On the appliance.

Configure Timezone

clip_image004

Configure Timeserver

clip_image006

Continue reading “vCAC 6.1 (vRA) Distributed Architecture Installation Guide Made easy –[Part –02]”


Nov 22 2014

vCAC 6.1 (vRA) Distributed Architecture Installation Guide Made easy –[Part –01]

I should start using official rename now. It is vRealize Automation (vRA). This blog post is an attempt to make distributed architecture of vRA 6.1 simpler to install and configure. Please note this tested in lab. Recommendation is purely for lab testing before you try out in production

Below slide explains the high level procedure you must follow for successful installation of distributed architecture

SNAGHTML7557bca

I’m not including vCenter SSO and Postgres SQL database installation and configuration procedure, as they have been very well document.

References

  1. Postgres SQL database in distributed model is very well explained by Brian here
  2. vCenter SSO is explained in detailed in this white paper here

Primary intention I’m posting this blog is

  1. Help me remember and refer in future
  2. Detailed documentation is missing on this and available at many places. This is an attempt to collate all information in this blog post

Continue reading “vCAC 6.1 (vRA) Distributed Architecture Installation Guide Made easy –[Part –01]”


Oct 28 2014

How to use Reservation Policy to place VMDKs across different datastores

Reservation policy is often unused feature and to some extend not fully understood. Primary reason could be that reservation policy creation process very simple and during policy creation we don’t glue pieces together. That being said there are very valid use cases for using reservation policy and comes very handy in VM Placement. One of the core principles of Software Defined Datacenter (SDDC) suggests we need to have policy based automation and common management platform across the entire infrastructure.

With reservation policy we address this requirement. It is my personal belief that features in any products are aimed to solve some or other business problems. All we should attempt is to find those relevant business case or help someone find them. In this blog I aim for later.

Continue here

Tags: , , , , , , ,


Aug 01 2014

Start to end tenant configuration in vCAC

After going through the FAQ post, I thought it is easier to construct a flow chart based on my understanding. I’m happy I can cover most of the tenant configurations using below flow chart.

image

First : You create tenant (right hand side by name HR Tenant). While creating tenant you must create Tenant and Infrastructure Administrator

Second: Infrastructure Administrator creates fabric. In simple words he maps ESXi cluster/s inside vCAC. On left hand side, I have a cluster dedicated for HR Business Unit (HRBU) by name HR Cluster.  While creating fabric you must create fabric administrator.

Third:  HR Fabric Admin creates reservation and assigns that to HR Business group. He also creates Machine Prefix. Machine prefix is pre-requisite to create business group. He also can optionally create network profiles and reservation policies. These can be mapped to blueprints

Fourth: Tenant Administrator creates business group but unless machine prefix is created business group cannot be created. NB: There is option for Tenant administrator to create machine prefix. Tenant administrator then creates Blueprints. He publishes blueprints. Published blueprint is referred as catalog item. He creates service and assign catalog item to service. Assign entitlements to service, catalog items and Entitled actions to catalog items.

Briefly it looks like below

image

Lets do the above exercise using example as it would be more relevant to us. In below flowchart blueprints, catalog item, services and Entitlements are shown

image

Left hand side –Blueprints will be published and they become catalog items (the middle light blue). You then create service. Add catalog to the service. Finally you put the entitlements around Catalog items, Services and entitlements needed.

Next post I will talk about naming conventions in vCAC.


Jul 30 2014

Roles FAQ of vCAC –For Myself

Before I start on main topic of I would like to highlight vCAC as product has three main components which needs to be explore, blogged or documented very well

image

Reason we don’t see much on this yet, as it is evolving field. Not one person knows or have these skill sets. These components makes perfect orchestration layer but expects broad skill sets which are difficult to find. I’m mostly blogging on vCAC core stuff. But people expect a lot from vCAC Extensibility. It is skill which needs attention, understanding and has huge scope.

Below are frequently asked questions about various roles available in vCAC or I asked myself. This question helps me define Role Based Access control model for vCAC. Hope it also helps you too.

Who has rights to create blueprint?

It is Tenant Administrator role and Business group manager has rights to create blueprint

Who has rights to create reservations?

Fabric Administrator has rights to create reservation. Reservation can be shared between the tenant BUT only if the fabric is shared.

Below is the example of shared fabric. I created a single fabric (i.e. mapped three different cluster to it) which will allow fabric administrator to choose from the cluster (i.e. compute resources) and assign them to tenants.

image

In such model, reservations are visible across the tenants. It means Fabric administrator plays shared role in managing fabric.

Who has rights to create prefix?

Machine prefix are created by Fabric Administrator, can be created by tenant administrator.

Who has rights to create network profile?

Network profiles are created by Fabric Administrator

Who has rights to create business groups?

Business groups are created by Tenant Administrator

Who has rights to create fabric group?

Only Infrastructure administrator can create fabric group

Who has rights to create reservation policies?

Fabric administrator creates reservation policies

Who has rights to create & Published blueprints (a.k.a Catalog items)?

Tenant Administrator can create and publish blueprints.

Business group manager can only create blueprints

Who has rights to create services?

Only Tenant Administrator can create services

Who can creates approval policies?

Only tenant administrator can create approval policies

Who can create entitlements?

Tenant Administrator and Business group manager can create entitlements

Disclaimer: This above post based on my observation in my lab. I might be wrong. More than happy to be correct, from mistakes we learn


Jul 28 2014

Case of Multiple tenants in vCAC

Before I start on the topic I wish to thank my readers. I’m blogging after more than four months, however I see my post is hitting consistently around 6000 hits per month. I’m surprised and pleased.

Disclaimer: This blog and any blog posts do not represent my current organization in any form.

 

image

Hope these are all genuine readers and getting most out of my blog.

When I thought about this post, I asked myself why we need multiple tenants. What are the use cases for the multiple tenants. Before we dive into use case, let’s first understand few roles and what they can do (a.k.a privileges).

  1. Tenant Administrator
  2. Infrastructure Administrator
  3. Fabric Administrator

When you first create tenant, you have to create two roles. Tenant Administrator and Infrastructure Administrator. At first thought I felt both these roles are unique to the tenant and responsible for managing tenants under which they are created. However it is not completely true. Tenant administrator controls tenant for which he is assigned but Infrastructure Administrator can control every other tenant’s infrastructure tab irrespective if he is infrastructure administrator for the tenant, all Infrastructure Administrators (of all tenants) can control infrastructure. In simple words, infrastructure administrator of any tenant can modify anything inside infrastructure tab.

However it is different discussing as to whether Infrastructure should do cross tenant administration. My first thoughts on this – Please do not mess with this one, however totally understand human errors behind this exposure. We make mistakes.

Another role we create is fabric Administrator, Fabric administrator again see infrastructure Tab and same principle applies as for infrastructure administrator.

Infrastructure Administrator role and Fabric Administrator role see common elements across the tenants

 

It is worth to note, Infrastructure tab is coming from IIS Web server of vCAC infrastructure.

Lets see what are these common elements are

For Infrastructure Administrators

  1. Under Endpoints –All endpoints you create/configure are visible to all infrastructure Administrator irrespective of tenants
  2. Under Endpoints -Endpoints Credentials – All endpoint credentials are visible all Infrastructure Administrator irrespective of tenants
  3. Monitoring (logs, Audit, Workflows) –Monitoring tab is visible across tenants to all infrastructure administrators
  4. Under Groups – Fabric is visible across tenants to all infrastructure administrators

Below is sample view of Infrastructure tab a Infrastructure administrator sees

image

Below flow chart I’m trying to explain where Infrastructure administrator spends most of the time

 image

 

For Fabric Administrators

1. Reservations are visible across the tenants to all infrastructure administrators but you can do a little trick. Do no share fabric and it will give isolation at reservation level as well.

2. Machine Prefix – Machine prefix is visible across all the tenants to all infrastructure administrators. In below figure company-A fabric administrator can see company-B’s machine prefix and vice versa.

image

3. Manual Data collection requests option. This option is needed when you wish to update inventory of your vCenter into vCAC.

4. Network Profiles. These policies are visible across the tenants to all infrastructure administrators. It also means network policy created for company-A can be edited/deleted by fabric administrator of company-B

image

  5. Reservation Policies. I will explain the actual use of reservation policy in future posts

image

Below is sample view of Infrastructure tab a fabric administrator sees

image

 

Below flow chart I’m trying to explain where Fabric Administrator spends time

 

image

Everything after this is very specific to tenants. Following things are controlled by Tenant Administrators

  1. Tenant Administrator creates Blueprints
  2. Tenant Administrator creates Business groups
  3. Tenant Administrator creates services
  4. Tenant Administrator creates entitlement
  5. Tenant Administrator creates catalog
  6. Tenant Administrator creates Approval Policy
  7. Tenant Administrator creates & configure email servers (SMTP)

In below flow chart I’m trying to explain where tenant administrator spends most of this time

image

In below screen show Tenant A and Tenant B is controlled by Fabric, Tenant  and Infrastructure Administrators

image

Fabric Administrator and Infrastructure Administrator at both the ends can configure & control Tenants A & B and have full privileges across the tenants. Tenant A and Tenant B Administrator controls individual tenant configurations.

                                                                                                                                             HandyTips                                                                                                                              When you publish blueprint it become catalog. When you create service you add this catalog (published blueprint) to the service. Service can contain multiple catalog (published blueprints). Use firefox browser for better results with vCAC.

 

So you get true isolation/Multi-tenancy only at Blueprints, Services and catalog level. So answer to our main question is when we go for multiple tenants.

When we do NOT want Catalogs , blueprints and services to be shared.


Mar 18 2014

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part03

Part1, Part2 are simple in some ways & parts. Next part is bit difficult to understand. At least it was for me. I will explain what I’m going to do at high level. I’ll get Machine Name. Then I will get Machine Property –> Machine Property will give me custom property ( VM Size which  user be selecting from drop down menu as referred here and Backup Selection referred here ) finally I will Invoke VCO workflow.  In this workflow which needs VM Name input and VM Size, Backup Choice as input – I will put VM Name which I get from Get Machine Name property and VM Size, Backup choice which I got from Get Machine Property

image_thumb1

Now lets find where to do this and how to do this. Once you understand the basic concept it is way too simple. First open vCAC designer. In that first select load and then select “WFStubMachineProvisioned”. Why “WFStubMachineProvisioned”. Well, this workflow is called immediately when the status of VM is provisioned. More information is available in http://pubs.vmware.com/vCAC-60/topic/com.vmware.ICbase/PDF/vcloud-automation-center-60-extensibility.pdf guide

image_thumb8

 

image_thumb12

In below screen double click on “Machine Provisioned

image_thumb14

Scroll down till you find custom code and double click on the custom code

image_thumb16

From left hand side “DynamicOps.Cdk.Activities” Drag “GetMachineName

SNAGHTML10b7be85_thumb3

 

I have defined two variable for this custom code

  1. vmname (to capture VM Name)
  2. VMSize (to capture VM size e.g. Large, Medium and Small in string format)
  3. VarBackupOption (To capture user selection Yes/No in string format)

SNAGHTML10b93f29_thumb3

Double click on GetMachineName

image_thumb31

In Machine Id field put a pre-defined variable “VirtualMachineId”. This is standard value. Please do not change it. Under machine name put the variable vmname. This variable we have defined above.

Machine Name will pickup name from virtualmachineid and pass it to vmname. Finally variable vmname will hold the name of the vm. We are done with GetMachineName.

Click on the custom code as shown in above figure, it will take you back to custom code screen. Now from left hand side ”DynamicOps.Cdk.Activities” Drag “GetMachineProperty

image_thumb35

GetMachineProperty reads the custom property you have defined and the value associated with that property in vCAC. In our case I have defined custom property with name VMSize and it’s value will come from value select from drop down menu. This value (e.g. Large, Medium or Small) will be taken by variable VMSize

image_thumb42

You will notice VMSize property name is in Quotes however Property Value is without quotes. It is because VMSize in property value is variable which will be captured from user interaction in vCAC and VMSize in property name is coming from custom property defined in vCAC.

Conceptually this is how it is related

image_thumb45

 

I repeated the same procedure for Backup choice and here is how it looks below

image

VarBackupOption will hold the user selection string value which would be either Yes or No and pass it to vCO workflow

Now we have Virtual machine name captured in VMName variable, VMSize captured in VMSize variable and BackupOption capture in VarBackupOption we are ready for next drag and drop Smile . Drag vCO workflow by name InvokeVcoWorkflow

Simply put VMName and VMSize as input to VCO workflow.

image

 

Now below is how entire workflow looks like

image_thumb52

Now you are done with, simple Send and that updates the WFStubMachineProvisioned

image_thumb56

This is all you need to do. Request Virtual Machine and you will get what you have configured.

Complete log of VM provisioning via vCAC and VCO is presented below with sequence of action.

image

Tags: , , , , , , ,


Mar 18 2014

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part02

If you have reached this post from Google, check this post first. That is where problem is discussed and this the second part of the solution. First thing you need is to pass three information from vCAC i.e. VM Name, Size of the VM and whether you need any backup. VM Name is parameter you will get from vCAC but for Backup Selection and VM Size selection I have created a custom property in build profile. Here is how I have created below

First go to infrastructure tab

In Infrastructure tab go to –> Blueprint –> Property Dictionary

image

Create a New Property Definition

Provide Name –VMSize

Display Name –Virtual Machine Size

Control Type – DropDownList

Please ensure Required check box is selected

Once done please click on green arrow.

Then click on Edit to edit Property Attributes

image

In the property attribute, select ValueList, Put same name “VM Sizes” and provide value as Large, Medium and Small which reflect the size of VM.

image

Similar exercise you follow for backup option

Here is how it looks when user selects the VM Size

image

For backup service selection this is how it looks below

image

Just ensure blueprint is updated as follows

image

This completes vCenter Automation Part at basic Level. Now comes the 3rd and final part. Follow third part here

Tags: , , , , , , ,


Mar 18 2014

vCloud Automation Center 6.0 and vCenter Orchestrator Advance Automation -Part01

This post is about extending vCAC in-built workflows. In last two post (Post1, Post2) I used vCenter Orchestrator (vCO) workflows and executed them using vCloud Automation Center’s (vCAC) advance service designer. It was like taking vCAC as front end to execute those workflows without taking any benefits of vCloud Automation Center’s product. vCAC was purely acting as front end.

Advance service designer doesn’t follow any reservation, policies configured for a particular tenant. It is purely taking inputs from whatever is configured in vCenter Orchestrator workflow and executing it. As I think of it is of help but then I miss all configuration, tracking ownership, multi-tenancy and metering in built in vCAC. In order to cover this I need to do additional scripting which is referred as day-2 operation. To cater this problem, vCAC provides you a way where you can modify in-built workflows. Basic details are provided into this document. I won’t repeat it here. But in order to understand this post you must read it.

To extend workflow you need vCAC designer. It is part of vCAC and can be downloaded from https://vCACAppliance.hostname.com:5480/installer/. Install it. (it is next-next-next-Finish thing).

Problem Statement

User should be able to provision VM by selecting VM size within vCAC interface. Users should be able to understand what compute, storage details are provisioned when they select VM Size.

Here I’m going to modify my existing workflow which I created in post here. If you see the workflow there are three inputs needed

1. VM name

2. VM size

3. IP Address for the VM

If you review this post, 3rd point is automatically taken care. So I have to just focus on how to take two input (VM Name and VM Size) from vCAC and put in the vCO workflow. It was bit simple, just two inputs.

Cloning part will be taken care by vCAC but post provisioning task will be taken care by vCO workflow. So we need to only focus on creating a vCO workflow which will do the following

  1. Changing CPU count
  2. Change RAM
  3. Add Disk
  4. Add Backup Network if selected

If you execute this workflow from vCO or vCenter  VC:VirtualMachine as input is needed. But vCAC do not understand VC:VirtualMachine, it can only understand string input or can provide string output.  VC:VirtualMachine input is referred as complex object type. In order to deal with this input we need to put a wrapper around the workflow. How to put a wrapper around a workflow is explained by VCOTEAM.INFO. Thanks to this post. It is key post.

That post is a where you can start but that isn’t sufficient. You need more. If you refer below return type is array.

image

We need a VC:VirtualMachine as return type. I added script section and then I have created a new parameter with VC:VirtualMachine type with name as vm01 (referred in below screen)

image

In the first line of the script I converted array type i.e. Array/VC:VirtualMachine into VC:VirtualMachine and sent that as output. This is the core piece. If you understood this, you don’t need worry further. Everything else is straight forward. I thought so Winking smile

When I executed the VCO workflow from vCAC, it failed twice. First it failed with VMware tools not working and second time it failed with error “Hot add functionality” is disabled in VM.

First problem was when the provisioning activity was completed, my next workflow which was to shutdown the VM graceful was looking for VMware tools, it didn’t found vmware tools and abruptly failed. In order to shutdown VM gracefully VMware tools must be ready. So to address first problem I have to find a workflow which will check if VMware tools are ready. This can be easily checked by using “vim3WaitToolsStarted” action element. This workflow waits for VMware tools to be ready, as it is need to graceful shutdown VM.

Second problem was workflow didn’t wait for another workflow to be completed. After I shutdown VMs I have workflow which will change CPU count, then change RAM, Add Disk and finally powered ON the VM. So powered ON workflow didn’t wait to execute CPU count, Add Disk and RAM change workflow.  Therefore I use to get error about Hotplug not supported. It was like VM was started before even CPU and RAM change could be executed. So to solve this problem I added “vim3WaitTaskEnd” in-built workflow. This workflow checks previous tasks before executing next task.

With this additional work my final workflow was ready and shown below

image

NB: Except for the script section, everything in vCenter Orchestrator is in-built

Now next part is how to make vCAC to pick this VCO. I have discussed in next post here

Tags: , , , , , , ,


Next Page »