NSX-T 3.0 – Load Balancer Concept & Configuration

It’s been a while since I wrote my last blog on NSX-T. Recently, I had several discussions with one of the customer to setup a NSX-T Logical Load Balancer. Hence, wanted to write a small blog with generic example. This will give you basic understanding of the NSX-T load balancer and how it is setup.

Let’s check on some theory part.

The NSX-T Data Center logical load balancer offers high-availability service for applications and distributes the network traffic load among multiple servers. The load balancer distributes incoming service requests evenly among multiple servers. You can map a virtual IP address to a set of pool servers for load balancing. The load balancer accepts TCP, UDP, HTTP, or HTTPS requests on the virtual IP address and decides which pool server to use.

Some key points to keep in mind before we proceed.

  • Logical load balancer is supported only on the tier-1 gateway.
  • One load balancer can be attached only to a tier-1 gateway.
  • Load balancer includes virtual servers, server pools, and health checks monitors. It can host single or multiple virtual servers.
  • NSX-T LB supports Layer 4 (TCP,UDP) as well as Layer 7 (HTTP,HTTPS).
  • Using a small NSX Edge node to run a small load balancer is not recommended in a production environment.
  • The VIP (Virtual IP) for the server pool can be placed in any subnet.

Load balancers can be deployed in either inline or one-arm mode.

Inline Topology

In the inline mode, the load balancer is in the traffic path between the client and the server. Clients and servers must not be connected to the same tier-1 logical router. LB-SNAT is not required in this case.

One-Arm Topology

In one-arm mode, the load balancer is not in the traffic path between the client and the server. In this mode, the client and the server can be anywhere. LB-SNAT is always required in this case.

Health check monitors is another area of discussion, which is used to test whether each server is correctly running the application, you can add health check monitors that checks the health status of a server.

Let’s get started with setting up the simple example of NSX-T Logical Load Balancer.

Here is the background of the lab. I have an NSX-T environment already running in the LAB. For demo purpose, I have already done following configuration.

New NSX-T logical segment called ‘LB_1680’ (Subnet: 172.16.80.253/24)
Installed and configured 2 test Web servers. (OS: Centos7 with web server role and added sample html file)
Connected 2 new web severs to LB_1680 segment.

Verify that you can access the web severs and web page is displayed.

1st Web Server. (172.16.80.10)

2nd Web Server. (172.16.80.11)

That was all background work. Lets start configuring the Logical NSX-T Load Balancer.

We have to configure the Server Pool first and then move on to next configuration.

Login to NSX-T and navigate to Networking> Load Balancing> Server Pools> Add Server Pool

Name: WevServerPool
Algorithm: Round Robin (To distribute the load in pool members)
SNAT Translation Mode: Automap (leave it to default)

Next, Click on Select Members> Add members & enter the information for the 1st web server.

Follow the same procedure again for the 2nd web server.

Click on Apply and Save.

Make sure that the status is Success.

Next, Click on Virtual Server and ADD L7 HTTP

Name: WebVirtualServer

IP: 192.168.10.15 (This IP can be in any subnet & We will use this IP add to access the Web Server)
Port: 80
Server Pool: WebServerPool (Select the pool that you created in earlier step)

Save & Make sure that the status is Success.

Let’s move to Load Balancer tab and click on Add Load Balancer.

Name: Web-LB
Size: Small (note the sizing information at the point)
Attachment: Select your existing Tier-1 gateway.

Click on Save and then click on NO to complete the configuration.

Now, we have to attach this Load Balancer to Virtual Server that we created in earlier step.

Go back to ‘Virtual Servers’ and click on Edit.

Under the LB, select the LB that we just created and Save.

Make sure that the status is Success for LB, Virtual Server & Server Pools.

That’s It. We are done with the configuration of NSX-T Load Balancer. Its time to test it.

Try to access the VIP (192.168.10.15), This ip should load the web page either from Web-1 server or Web-2.

The VIP is hitting to my 2nd Web Server. Try to refresh the page.

Couple of refresh will route the traffic to 2nd Web Server. You might have to try in different browser or try Ctrl+F5 to refresh the page.

Hurray…!! We have just configured NSX-T LB.

This is how my network topology looks. Web-LB is configured at tier-1 gateway.

Remember, there is much more than this when it comes to customer production environment. We must take several other things into consideration (health monitors, SNAT, LB rules etc…), and it is not that easy as it sounds. This blog was written to give you basic understanding of NSX-T LB.

I hope that the blog has valuable information. See you all in next post.

Leave your email address in below box below to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part7 User Permissions, Roles & Branding

vRealize Automation uses VMware Workspace ONE Access, the VMware supplied identity management application to import and manage users and groups. After users and groups are imported or created, you can manage the role assignments for single tenant deployments using the Identity & Access Management page. This blog will focus on user permissions and the role that has to be assigned for a user to request an item from the catalog.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

We have already integrated our Active Directory in vIDM. And a user name ‘Broker’ was created. Refer to my earlier blog here.

https://virtualrove.com/2020/07/11/vmware-vrlcm-8-1-part3-identity-manager-ad-integration/

We will use ‘Broker’ user account to give permissions. So that ‘Broker’ can request catalog items from vRA.

Log into vRA> Identity & Access Management> Check the box for ‘Broker’ user under Active Users.

You will see all users here from our active directory, since we have integrated vIDM into vRA.

Edit Roles
Assign Org Role: Org Member
Assign Service Role: Service Broker
With Role: Service Broker User

Save.

This configuration will give ‘Broker’ user to access only ‘Service Broker’ page and request item from the catalog.

Logout and Log into vRA using Broker user.

Notice that the only service available is ‘Service Broker’

Click on it and request for a catalog item.

Notice that the ‘Requestor’ name is ‘Broker’.

‘Broker’ user will have access to request for an item

That was simple example of assigning user permissions, likewise you can define who can do what and what services should be available for a particular user.

Please check detailed documentation on user roles in vRA here on VMware Official Site.

https://docs.vmware.com/en/vRealize-Automation/8.1/Administering/GUID-F94CB09A-DD93-4571-9D39-7FC1E6FA68CF.html

We now move to ‘Branding’ part to give nice look to your vRA portal.

vRA allows you to do custom branding for each tenant. You can define logo and colors of your web page. By default, I see following default branding before I apply my own.

After custom branding, I see it like this.

I added a company logo, text color, background color & product name.

Log into vRA with IDM user. Click on ‘Branding’ tab and define parameters.

Apply.

It was that simple to do the branding of vRA portal. 😊

With that we have come to an end of this series. It’s always fun working on vRA. I have seen it since version 6.X. The end results are always satisfactory, and it simplifies your daily tasks. See you in next post.

Leave your email address in below box below to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part6: Content & Catalog

I hope, by now you have clear understanding of Blueprints in vRA. Likewise, you can create a blueprints for any OS which supports virtualization. Let’s continue to next blog.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

This post will focus on post tasks that has to be performed to get the Blueprint into the catalog. You have to use ‘Service Broker’ section from ‘My Services’ for further configuration. It used to be ‘Entitlements’ section in earlier version of vRA.

Service Broker: It provides a single to point to request and manage catalog items.

Log into vRA & Click on ‘Service Broker’

Service Broker> Content & Policies> Content Sources> New

We want to import a Blueprint that we created in cloud assembly. Click on ‘Cloud Assembly’

Also note the various sources from where you can import blueprints from.

Provide a Name, Select Source Project and click on Validate. The Validation returns with ‘1 item found’

Create & Import.

Verify that the source has been added and you Number of items listed.

Move to ‘Content Sharing’. Search and select ‘Gov’ project.> ‘Add Items’

Check the box for ‘Windows Server 2019’ item and click on Save.

Your template should appear in ‘Content’ section.

Content section will show you all your imported blueprints and templates. And all items from this page will appear under ‘Catalog’

Click on ‘Catalog’ & you should see a catalog item to ready for users to request.

Any user who has been granted with appropriate access can now request for a Windows Server from this page.

Click on ‘Request’ and click on Submit.

Once the request has been submitted, it will deploy a windows server without user intervention. Its all because, we have configured backed infrastructure and a system admin no longer needs to perform any tasks manually. This is ‘Automation’ and similar configuration can be done for all supported server versions in vRA.

That was all for this post. Will check on user permissions in my next post.

Leave your email address in below box below to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part5: Blueprints

Let’s get into an interesting part of the series. This post will focus on ‘Blueprints’ in vRA.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

Blueprint: Any type of Deployment begins with Blueprint. You define machine, applications or services that you want to deploy in your env. As an architect, you build software components, machine blueprints or custom (XAAS- Anything as a service) blueprint and assemble all these components in a blueprint. Later, it gets published to the catalog for a user to start the deployment as and when needed. Blueprint can be a single machine or multi machine. When you create a Blueprint, you get an option to choose multiple resource types such as vSphere, Azure, Amazon S3 buckets, NSX network and much more.

In my example, I will be showing a single machine blueprint for demo purpose. We will create a vSphere based blueprint, which will deploy a windows server 2019 with few clicks once the configuration is complete.

A lot can be discussed on creating a Blueprint, however I want to keep it simple for now to understand the flow of the deployment.

Let’s get started,

Log into vRA> Cloud Assembly> Design> Blueprints> New

Provide name and select the project that this blueprint belongs to & Create.

The center portion with dots is called as ‘Canvas’.

We see resource types on the left hand side and additional properties for the selected resource on the right side.

Under Resource Type, vSphere> Machine

Select it and drag it on to the canvas.

We also need a network for the vsphere machine.

vSphere> Network & Drag it to the canvas.

You will also notice change in the ‘Code’ on right side. This code can be edited directly to provide values.

Now, we must connect these two dragged resources on the canvas. Click and drag small circle on the machine resources to network resource, as highlighted in the screen below.

You should see a connector between the resources.

Next, we select machine resource and click on Properties> Rename the resource.

Select the image that we have mapped in our image mapping section.

Next, Select the network and click the edit sign.

While configuring networks, we had selected ‘Default for this zone’, so VDS 1631 network will be used for this blueprint.

Select ‘Static’ for Assignment> Apply

This method will use an ip address from the ‘IP Ranges’ that we have defined for that network. Dynamic assignment uses DHCP scope from the DHCP server for that specific network.

Rest parameters are optional on this page.

To set additional properties for the resource, Tun ON ‘Show all properties’

Scroll down to ‘Customization Spec’ and enter the name of custom spec that is pre-created in vCenter.

I have created customer spec, which joins the window machine to the domain.

VM fodler: vRA_Provisioned_VM (This is too precreated in vCenter)

Also, you have to make sure that the ‘Existing’ network is selected for Netwrok Resouce. You get an option under properties after selectign network resource.

Click on ‘Test’ to check if all blueprint components are in place and it is ready for deployment.

If the ‘Test’ does not show successful, you will see an error on the resource type. Resolve the error and create a version.

Its time to test the deployment, Click on Deploy.

Give a name and blueprint version> Deploy.

Monitor the deployment for any error.

At the same time, you will a server gettign deployed in vCenter.

Deployment is successful. I see a machine created in vCenter, which is joined to the domain and has an ip address from our defined pool. Lets test it.

I was not able to ping it initially due to firewall on the deployed machine. Turned it off and all good.

That was simple and generic example of creating and deploying a blueprint from vRA. We still have to do some work to get this blueprint to catalog item. Once available in catalog, permitted users will be able to request for these servers as many times as they want. Likewise, blueprints can be created for Linux, app, db & web servers. We have just automated a ‘Windows Server Creation’ tasks. 😊

I hope that the information is fruitful.

Leave your email address in below box below to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part4: Network Profiles

Time to configure Network Profiles in this post. Refer to my previous posts on vRA8.1 here.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

Network Profile: A network profile defines a group of networks and network settings that are available for a cloud account. Basically, you define a network properties for target deployment. You can define an existing network to use IP address values that are obtained from, and managed by, an external IPAM provider rather than internally from vRealize Automation.

Log into vRA portal> Infrastructure> Network Profiles> New Network Profile.

In the summary tab, Select Cloud Account, Name & Description.

Click on Networks Tab> Add Network

You see all your networks that are discovered by vRA from the added Cloud Account.

Select the network that you want your VM’s get after the deployment.

Create

Now, we have to define IP ranges from the selected network. To do that, certain parameters for the discovered networks should be in place (i.e. CIDR, gateway etc).

Note: You will not be able to create IP ranges until you enter these properties for selected network.

Infrastructure> Resources> Networks> Select the Network that we added earlier.

Fill the Domain, CIDR & Gateway Information.

Scroll down to enter DNS information.

Make sure to check the box for ‘Default for zone’. So that this network will be used when we deploy the blueprint.

Save.

Time to create IP Ranges.

Infrastructure> Resources> Networks> IP Ranges> New IP Range

Select your network from the dropdown. You will only see the network, that have CIDR and other mandatory parameters set.

Enter Name, Start & End IP > ADD.

IP Range for 1631 network has been created. These IP’s will be used by deployment.

If you click on the IP Range again, you see the utilization of the pool.

We have created network profile and all other required network components needed by the blueprint. Its time to create Blueprint. My next post will focus on the deployment of the blueprint.

Thank you for reading. Good Day.

Leave your email address in below box below to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

This part focuses on Flavor mapping and Image mapping.

Flavor Mapping: This mapping defines target deployment sizing. I can define the way I want and assign it to the deployment while creating a Blueprint.

For Example,

Name# of CPUMemory (GB)
Small22 GB
Medium48 GB
Large828 GB

I will provide the name of the flavor while creating a blueprint. So that the target VM gets defined compute resources in the flavor.

Log into vRA> Infrastructure> Click ‘New Flavor Mapping’ under Configure> Flavor Mappings.

Flavor name: Medium
Select your Cloud Account and provide values for CPU and Memory.
Create.

Flavor Mapping has been created.

Image Mappings: In this section, you map an image of operating system. Basically, a pre-created OS template from your cloud account.

To map an image, I have created a Windows Server 2019 VM and converted it into a template. This template will be mapped into image mapping and thereafter into a blueprint. You can add all your applications in the template, so that the user gets all required application once the server has been deployed.

Click on ‘Infrastructure’ tab> Image Mapping> New Image

I do not see my Windows image in the Image section. This is because my newly created image is not synced with vRA infra.

Go back Cloud Accounts> And click on ‘Sync Images’

Image is now visible. Select the template> Add> Create.

An image has been created and ready to be used in our blueprint deployment.
That’s it for this post. Will discuss and configure Network Profiles in my next post. Thank You.

Leave your email address in below box below to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part2: Cloud Accounts, Projects & Cloud Zones

In this post, we will start configuring vRA 8.1. We have already discussed Cloud Assembly and Service Broker in first part of the series.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts,Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

So, what does vRA 8.1 do and what is the advantage of it. Let’s discuss in layman language.

User / Developer / Customer Point of view…

As a user/customer,
I get a web-based portal to request as many as application servers, db servers or web servers, applications or vRO workflows and even on demand networks for applications.
I as a user do not know what happens in the background.
Once the request is completed, I get my server with the IP address, which is accessible from my desktop. And it is ready to use for me without any issues.

Not only this, but there many other examples. That’s the beaty of this product. Now, Imagine that you as a System Administrator gets new server requests daily and every time you manually deploy everything and the server requests can be for vCenter VM, Amazon EC2 instance, Azure Machine or on Google cloud.

Architect / vRA Administrators Job…

I as an architect or vRA administrator, will be responsible to configure entire backend infrastructure. So that a User / Customer doesn’t have to worry about deployments and can requests as many as servers with just few clicks.

Cloud Accounts (Formally known as ‘Endpoints’ in old versions of vRA)
Cloud accounts are the configured permissions that vRealize Automation Cloud Assembly uses to collect data from the regions or data centers, and to deploy blueprints to those regions. Basically, vRA collects all information from the cloud accounts and define a place where your blueprint deployment will happen.

Log into vRA using IDM user and Click on Cloud Assembly.

Click on ‘Infrastructure’ tab > Click on ‘Cloud Accounts’ under ‘Connections’

‘Add Cloud Accounts’

Types can be AWS, Azure, Google Cloud, NSX-t, NSX-V or vCenter. You need to have subscriptions to public cloud platforms in order to add them into vRA. We will use vCenter for demo purpose.

Select ‘vCenter’

Provide Name and vCenter Server Credentials information.

Click on ‘Validate’ and make sure its Green.

Check the box for your datacenter under Configuration and click Add.

Make sure that the status shows OK.

Cloud Account has been added. We now move to creating ‘Project’.

Projects controls who has access to vRA Cloud Assembly blueprints and where the blueprints are deployed. You use projects to organize and govern what your users can do and to what cloud zones they can deploy blueprints in your cloud infrastructure. Anyone who creates and deploys blueprints must be a member of at least one project.

Infrastructure> Projects> New Project

Provide Name & Description under Summary.

Click on ‘Users’ tab to add users from AD to access this project.

Add Users

Type the name of the user, User Account should appear automatically in the dropdown.

Note: User Account will not be populated until you integrate your Active Directory in the vIDM. The procedure was explained in my one of the vRLCM blog here.

https://virtualrove.com/2020/07/11/vmware-vrlcm-8-1-part3-identity-manager-ad-integration/

In ‘Assign Role’ Select ‘Member’ and click on ADD.

Selected User will be listed along with him role. You can also add groups here.

Move to ‘Provisioning’ tab to add ‘Cloud Zone’

Cloud Zone: Cloud Zones are sections of compute resources that are specific to your cloud account type. Cloud zones are specific to a region and you must assign them to a project. Basically, you assign compute resources for your blueprints and at the same time, you limit the amount of resources that can be used from this Cloud Zone.

Click on ‘Add Cloud Zone’
Cloud Zone: Select appropriate one from the dropdown.

Fill all parameters. All of them are self-explanatory.

Click on ADD.

Scroll down to ‘Template’ Section.

This place is to define Naming Patter/Convention for the VM that gets deployed via vRA. You can create naming template for all deployments from vRA. And you have to make sure that each VM gets a unique name.

For Example: You might want to keep the name of the VM starting with the Project name and then incremental two digit number.

Let’s configure it same way in our deployment too. To do that, you have to enter following value in template section. All values auto-populate as soon as you type $ in the section.

${project.name}${##}

Note: Deployment will fail if you do no follow the pattern.

Rest to keep on default. Click ‘Create’. Project has been created successfully.

You should also see a ‘Cloud Zone’ created.

We have created ‘Cloud Account’, ‘Cloud Zone’ & ‘Project’ in this post. Next post will focus on remaining configuration of vRA. Thank you for reading. I hope that the blog contains valuable information. Thank you. 😊

Leave your email address in below box to receive notification on my new blogs.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker

Welcome back techies. I have picked up this topic for my series of blogs because it has a huge demand in market and slowly all customers are moving to private cloud using this product. VMware vRealize Automation is a modern infrastructure automation platform that enables self-service multicloud environments. With vRealize Automation, customers can increase agility, productivity and efficiency through self-service automation, by reducing the complexity of their IT environment, streamlining IT processes and delivering a DevOps-ready automation platform.

This post focuses on configuration of the vRA 8.1 environment. At the end of this series, you will have clear understanding on configuration of vRA 8.1 environment, and how a user gets a portal to request server’s from the catalog.

I have already explained the deployment procedure of vRA 8.1 in my previous post here.

https://virtualrove.com/2020/06/22/vrlcm-8-1-part1-deployment-configuration/

This vRA 8.1 series is divided into following parts.

VMware vRealize Automation 8.1 – Part1: Cloud Assembly & Service Broker
VMware vRealize Automation 8.1 – Part2: Cloud Accounts,Projects & Cloud Zones
VMware vRealize Automation 8.1 – Part3: Flavor Mapping & Image Mapping
VMware vRealize Automation 8.1 – Part4: Network Profiles
VMware vRealize Automation 8.1 – Part5: Blueprints
VMware vRealize Automation 8.1 – Part6: Content & Catalog
VMware vRealize Automation 8.1 – Part7: User Permissions, Roles & Branding

At this stage, I have 4 ESXi host cluster, a vCenter, vRA & vIDM deployed though vRLCM.

VMware Identity Manager is already integrated with vRA as part of vRLCM deployment procedure. Our Active Directory has already been integrated with vIDM. Check the procedure here.

https://virtualrove.com/2020/07/11/vmware-vrlcm-8-1-part3-identity-manager-ad-integration/

Lets begin the show.

Log into vRA URL with local account.

You get a ‘Cloud Services Console’ upon login.

‘Launch Quickstart’ – To use inbuilt guided setup to configure your vRA env. However, we will use manual setup to understand all components.

Cloud Assembly: vRealize Automation Cloud Assembly is a cloud-based service that you use to create and deploy machines, applications, and services to your cloud infrastructure. The primary purpose of vRealize Automation Cloud Assembly is to create blueprints, and then deploy the blueprints.

Click on ‘Cloud Assembly’.

We will see Deployments, Design & Infrastructure tabs in detail in my upcoming posts.

Service Broker:  You provide the blueprints and other templates to your consumers in a catalog. Your consumers can manage their deployments. You can also create and apply policies on this page. Its simplified user interface that cloud administrators make available to users when the administrator’s teams do not need full access to developing and building and the blueprints or templates.

Code Stream: vRealize Automation Code Stream models the tasks in your software release process, and automates the development and test of developer code to release it to production.

vRealize Orchestrator: Anything as a service. You create custom workflows here as per your need and publish them into the catalog. This one is really a big topic and I will try to cover at least one workflow to you an example.

Multitenancy: vRA 8.1 environment can also be configured for multitenancy. In this setup, you assign dedicated infrastructure to a particular tenant.  Organizations can choose whether or not to enable tenancy based on their need for the logical isolation provided by multitenancy. I will try my level best to setup the multitenancy and show you an example.  

That’s it. This is a small introduction and navigation of vRA 8.1. Its been a while since I worked on vRA. I remember doing implementation of 6.X version long back and little work on 7.X last year. Hence I would explain replaced naming conventions in 8.x version. I have not used any specific documentation to configure the explained environment in my upcoming blogs. I just used my experience on earlier versions and started configuring it. So, please suggest if you want me add anything that is missing and should have been there in the post. Thank you. 😊

We will begin the configuration of the vRA 8.1 environment in my next post.

Subscribe here to receive emails for new posts on this website.

VMware vRLCM 8.1 – Part3 Identity Manager & AD integration

We did the deployment of vROPS & vRB in my last post, vRA 8.1 & Identity Manager was already installed as part of vRLCM deployment. All products have been already integrated into VMware Identity Manger (vIDM). For now, only local users can log into these products because we have not integrated Active Directory into vIDM. In this post, I will walk you though the procedure to integrate AD into vIDM.

VMware Identity Manager is the identity and access management component of Workspace ONE. Workspace ONE is a new VMware offering designed to directly address challenges faced by organizations in the consumerization of IT. Workspace ONE is the simple and secure enterprise platform that delivers and manages any app on any device by integrating identity, application, and enterprise mobility management.

Let’s log in to vIDM using idm (local) account. We provided this account information while deploying vIDM.

Notice that the header of the page has Workspace ONE logo and I see vRLCM application listed in the catalog.

After my last post on vROPS and vRB, I saw these two applications listed here. I deleted them to free up my compute resources.

Next, Click on the user account > Administration Console

You will land up on the Dashboard of the vIDM. Click ‘Identity & Access Management’

We only see ‘System Directory’ here. Let’s integrate our Active Directory, so that the users from AD can access the applications integrated into vIDM.

Click on ‘Add Directory’
Directory Name: dtaglab.local

Click the radio button to select ‘AD (Integrated Windows Authentication)’

Scroll down and provide Join Domain details.

Bind User details > Save & Next

Select your domain and Next.

Next

If you want to sync groups from AD, Click on + sign on this page.
For now, I will only sync users from AD. Click Next without any action on this page.

Click on + sign and provide user DN’s (Distinguished Name)
On this page, we provide a location from where you want to sync users from your AD.

DN can be obtained from AD users and groups here.

On the Review screen, you get a summary of the users that are going to sync with vIDM.

Scroll down to check for errors.

This error is for ‘Guest’ & ‘krbtgt’ users, which does not matter to us for now.

Note: You have to configure ‘First Name’, ‘Last Name’ & ‘Email address’ of the users to be sync with vIDM. Users does not show up if you do not have these properties defined.

Click ‘Sync Directory’ on the review page.

Sync has started. It takes little time and depends on how many users to sync. Click ‘Refresh Page’ and check the status. You see a green check box and number synced users show up.

And we are done. We have integrated Active Directory into vIDM and all synced users can be given access to the application that are integrated with vIDM.

Remember, you still have to manually give permissions to the users for a specific application. We will see that in my next post when we start configuring vRA.

I hope that the information was helpful. Keep learning. 😊

Subscribe here to receive emails for new posts on this website.

VMware vRLCM 8.1 – Part2: vRLI, vRNI, vROPS & vRB deployment

In my last post, we did the deployment of vRLCM 8.1 successfully and checked some troubleshooting steps too. Initial deployment installed vRLCM, vRA & vIDM. Check my previous blog for more details here. https://virtualrove.com/2020/06/22/vrlcm-8-1-part1-deployment-configuration/

This post will focus on adding binaries to vRLCM and deploying remaining vRealize Suite products. Before we move forward, lets navigate through vRLCM to check more options.

You get this page as soon as you login to vRLCM.

Lifecycle Operations: As an administrator, you will mostly spend your time in lifecycle operations. This application will let you manage the Day 0 to Day 2 operations of all your vRealize Suite products.

Locker: This place is mostly for certificate management. You can Generate, Import & Generate CSR here. Also, you can also manage passwords and licenses on this screen.

User Management (Identity and Tenant Management): All tasks related to authentication can be performed on this screen. You can add directories (Identity Source) here and manager users and permissions.

Content Management: You use the content management APIs to manage software-defined data center (SDDC) content. To manage SDDC content, you first need to add them as an endpoint on this screen. There are several other options on this screen. You will have to check VMware detailed documentation if you want to take an advantage of content management.

Marketplace: Use this option to add and manage content from Marketplace.

‘Lifecycle Operations’ is the area of interest for us. All important tasks will be performed from this screen.

Click on ‘Environments’

We already have a globalenv (vIDM) & vRA-8. Check more details on ‘View Details’

Let’s create a new environment.

A message appears, Before you create an environment to deploy a product, you must download or discover the Product Binaries.

Settings> Binary Mapping >Add Binaries

Before you move on, make sure that you have uploaded all ova files of the vRealize Suite products to /data/ova location in the vRLCM appliance using winscp. I have following ova files downloaded, however I was not able to upload them all to vRLCM due to space issue. Remember, in previous post I mentioned that the storage requirement is 48 GB for vRLCM and it used all of that after uploading 3 files from below list. I will check on it to increase the storage allocation for vRLCM VM. For now, lets proceed with 3 products.

Uploaded vRLI, vRB & vROPS to /data/ova/vRLCM directory and discovered it in vRLCM.

Check the request for the status.

Request shows in progress for couple of minutes.

Let’s create an environment now.

Provide Name, admin email, password from the list & DC.

Click Next to select products that we want to install. I got an error at this stage which also answered my question regarding storage allocation.

‘Disk usage of the system is very high at 100%’

Settings> System Details >Click on ‘Extend Storage’

Provide the required information and click ‘Extend’

Check the request status.

Request will take a min to complete. At the same time, we see that the vRLCM VM disk2 size has been increased in vCenter. I also uploaded VRNI ova file to /data/ova/vrlcm folder. Go to ‘Requests’ and click on pending request to return to ‘Create Environment’ task.

Select the product that you want to install. I have selected vROPS & vRB. Deployment type as ‘Standard’ for all of them.

Check the EULA and click next.

Add appropriate licenses, Next.

Next is Certificate. Upload one or create one on the same page.

Select Infrastructure details. This is where your products will get installed.

Scroll down to select ‘Integrate with idm’. We want our domain users to access this product.

Provide common network parameters on this screen.

Select each product & fill out parameters as shows in the pic below.

Run the pre-check before you start the installation.

Resolve any issues that you see in the ‘Results’ section.

Check the summary and click ‘Submit’

You will a ‘Request’ in-progress.

At the same time, we see a vros VM getting created in vCenter.

Both, vROPS & vRB got installed.

Request shows completed in vRLCM.

We also a SDDC environment in ‘Environments’ section.

Click on View Details under SDDC to check more details.

Let’s log into vROPS.

And vRB is also in place. And both of them registered with vIDM.

I could not deploy rest of the products through vRLCM due to compute resource issue. Will try to cleanup and deploy remaining products as and when time permits. However, entire procedure remains as it is. Select vRNI & vRLI while creating new environment.

That’s it for this post. I hope that the information was helpful.

Subscribe here to receive emails for new posts on this website.