vCAC 6.1 (vRA) Distributed Architecture Installation Guide Made easy –[Part –02]

Certificates for Identity Appliance

High level procedure to install and configure identity appliance

  1. Deploy Identity appliance
  2. Power ON appliance
  3. Configure Timezone
  4. Configure Time server
  5. Initialize SSO
  6. Import CA signed certificates
  7. Add Identity appliance to Active directory

After certificate steps are followed, Insert the private key which is rui.key in to RSA Private Key and insert RUI.PEM which is certificate chain.

NB: You must entire the password for Pass Phrase. This is almost forgotten if you are using a small screen.

clip_image002

Configure vCAC App as vPostgresSQL Database

Deploy vCAC Appliance and Power On the appliance.

Configure Timezone

clip_image004

Configure Timeserver

clip_image006

Open Putty Session & Paste following line

service apache2 stopchkconfig apache2 off

service rabbitmq-server stop

chkconfig rabbitmq-server off

service vcac-server stop

chkconfig vcac-server off

service vco-server stop

chkconfig vco-server off

sed -i -re ‘s/^#(listen_addresses=.*.)/1/’ /var/vmware/vpostgres/current/pgdata/postgresql.conf

sed -i -re ‘s/^(max_connections *= *)([0-9]+)(.*)/1 400 3/’ /var/vmware/vpostgres/current/pgdata/postgresql.conf

Restart vpostgres server by using following commands

service vpostgres restart

su – vcac

cd /opt/vmware/vpostgres/9.2/bin

./psql

ALTER USER vcac WITH PASSWORD ‘password here’;

q

exit

At this stage database is initialized and ready for vCAC appliance to be connected

Configuring Primary vCAC Appliance

  1. Deploy the appliance
  2. Configure Time zone
  3. Configure Time server
  4. Go to the database tab, change the database name, enter credentials for vCAC

If you want High availability configuration please refer Brian’s post here

clip_image011

vCAC service is restarted when you connected vCAC with external postgresSQL server and embedded database service is disabled.

While vCAC Service is being restarted, do not do any changes in vCAC appliance. This is a small tip which I learnt from my experiences.

After vCAC appliance is configured to talk to external database, proceed with Host Settings. In vCAC Host name put the name of load balancer as shown below

clip_image013

5. Now configure SSL certificates. Steps are similar we did for Identity appliance

clip_image015

6. Now go ahead and enter SSO details

clip_image017

vCAC service is also restarted when you register vCAC appliance to Identity or SSO server, this is denoted by the peak on CPU utilization on right hand side of the above screen

vCAC Service takes long time to restart during SSO registration. From below screen it is anywhere between 10-15 mins.

clip_image019

After you see peak has dropped drastically, you must login to to vCAC appliance and confirm all 20 services are in registered state.

If any of the services is failing something is gone wrong in previous steps

clip_image021

Now go ahead and enter license key. I have not shown the screen here.

To confirm all is okay with single node, login to portal by using https://FQDN/vCAC. If all is well, you must get a login screen. This is first good sign.

Enter the SSO (administrator@vsphere.local) credentials. If you are able to login, this is second very good sign.

clip_image023

At this moment you should disable following services in Primary vCAC Appliance

1. Vpostgres

2. vCO server

Below screen shows the commands which will stop the service and later on disable service

  1. service vpostgres stop
  2. chkconfig vpostgres off
  3. service vco-server stop
  4. chkconfig vco-server off

Adding secondary Appliance

Now let’s add the secondary vCAC appliance.

It is very simple again

  1. Deploy the appliance
  2. Configure Time zone
  3. Configure Time server

This is all you need to do in secondary nodes. Everything else is picked during HA node configuration.

4. Go to HA node and enter Primary/any other secondary node detail as shown below.

clip_image025

Post addition to cluster, below screen reflects if node is part of the cluster by denoting “in cluster mode”

clip_image027

Even in the second node , vCAC service is restarted. Please do not do anything until you see peaks dropped to near zero. Screen shown below for illustration purpose only.

clip_image029

Now go back to services screen and ensure all 20 services are started.

At this moment you should disable following services in Primary vCAC Appliance

  1. Vpostgres
  2. vCO server

Below screen shows the exact commands which stops the service and later on disable service

  1. service vpostgres stop
  2. chkconfig vpostgres off
  3. service vco-server stop
  4. chkconfig vco-server off

Preparing IaaS Component

Disable UAC

I recommend to do this only for installation. Post installation you can enable UAC. If you are IT policy doesn’t allow you can ignore this section.

But ensure using Administrator privilege

Open regedit and browse to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem

Change EnableLUA value from 1 (i.e. true) to 0 (i.e. false)

Disable loopback Adapter

Open regedit. Please disable UAC as mentioned above. Go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

Create a new key as “DWORD (32-bit) Value as shown below with name DisableLoopbackCheck

clip_image031

Change the value to 1 (i.e. True) as shown below

clip_image033

Disable Firewall

Importing certificate in IaaS

1. Start Run and type MMC

clip_image035

clip_image037

After certificates are create, we must import certificate into IaaS server. This step must be done before you start installation

clip_image039

clip_image041

clip_image043

clip_image045

clip_image047

clip_image049

clip_image051

clip_image053

Finally in Personal certificate store you will see two certificates. One root certificate and other would be vcacIaaS certificate

clip_image055

Running vCAC6.1-PreReq-Automation

Before running this script do following

  1. Set-execution policy to remotesigned
  2. Disable UAC
  3. Mount 2012 ISO on the VM
  4. Copy NTRights.exe file to some folder (download 2003 resource tool kit)
  5. Copy jre-7u72-windows-x64.exe to folder

Points 4 and 5 are must for flawless execution of script.

clip_image057

After script is successfully executed, do not forget to reboot OS as described by the msdtc shown below

clip_image059

Installing IaaS, Manager Model and Database Component

While installing distributed installation, we must select Custom Install. As component will be distributed (load balanced across two nodes)

clip_image061

clip_image063

clip_image065

clip_image067

clip_image069

clip_image071

clip_image073

clip_image075

Installing secondary IaaS, Manager Model

clip_image077

In the below screen you provide the database information, database passphrase and service account under which manager model service will run.

Database name, Passphrase are the value you must repeat which you used during primary node installation.

clip_image079

Subsequently install DEM Orchestrator and worker

If all goes well you would see 21 services. One additional service will run.

clip_image081

Post is extensive but definitive guide based on my experience in my own lab.

One thought on “vCAC 6.1 (vRA) Distributed Architecture Installation Guide Made easy –[Part –02]”

  1. First off, great guide. With that said, who are we kidding? Its still an incredibly long, cumbersome, and error prone process to install a distributed vCAC/vRA even in 6.1. VMware needs to put all the vRA components into appliance format (including the load balancing capability itself) and then make it so when you turn up each appliance you tell it what roles it needs to run and then it configures itself appropriately.

Comments are closed.