VMware vRLCM 8.1 – Part3 Identity Manager & AD integration

We did the deployment of vROPS & vRB in my last post, vRA 8.1 & Identity Manager was already installed as part of vRLCM deployment. All products have been already integrated into VMware Identity Manger (vIDM). For now, only local users can log into these products because we have not integrated Active Directory into vIDM. In this post, I will walk you though the procedure to integrate AD into vIDM.

VMware Identity Manager is the identity and access management component of Workspace ONE. Workspace ONE is a new VMware offering designed to directly address challenges faced by organizations in the consumerization of IT. Workspace ONE is the simple and secure enterprise platform that delivers and manages any app on any device by integrating identity, application, and enterprise mobility management.

Let’s log in to vIDM using idm (local) account. We provided this account information while deploying vIDM.

Notice that the header of the page has Workspace ONE logo and I see vRLCM application listed in the catalog.

After my last post on vROPS and vRB, I saw these two applications listed here. I deleted them to free up my compute resources.

Next, Click on the user account > Administration Console

You will land up on the Dashboard of the vIDM. Click ‘Identity & Access Management’

We only see ‘System Directory’ here. Let’s integrate our Active Directory, so that the users from AD can access the applications integrated into vIDM.

Click on ‘Add Directory’
Directory Name: dtaglab.local

Click the radio button to select ‘AD (Integrated Windows Authentication)’

Scroll down and provide Join Domain details.

Bind User details > Save & Next

Select your domain and Next.

Next

If you want to sync groups from AD, Click on + sign on this page.
For now, I will only sync users from AD. Click Next without any action on this page.

Click on + sign and provide user DN’s (Distinguished Name)
On this page, we provide a location from where you want to sync users from your AD.

DN can be obtained from AD users and groups here.

On the Review screen, you get a summary of the users that are going to sync with vIDM.

Scroll down to check for errors.

This error is for ‘Guest’ & ‘krbtgt’ users, which does not matter to us for now.

Note: You have to configure ‘First Name’, ‘Last Name’ & ‘Email address’ of the users to be sync with vIDM. Users does not show up if you do not have these properties defined.

Click ‘Sync Directory’ on the review page.

Sync has started. It takes little time and depends on how many users to sync. Click ‘Refresh Page’ and check the status. You see a green check box and number synced users show up.

And we are done. We have integrated Active Directory into vIDM and all synced users can be given access to the application that are integrated with vIDM.

Remember, you still have to manually give permissions to the users for a specific application. We will see that in my next post when we start configuring vRA.

I hope that the information was helpful. Keep learning. 😊

Are you looking out for a lab to practice VMware products..? If yes, then click here to know more about our Lab-as-a-Service (LaaS).

Subscribe here to receive emails for new posts on this website.

VMware vRLCM 8.1 – Part2: vRLI, vRNI, vROPS & vRB deployment

In my last post, we did the deployment of vRLCM 8.1 successfully and checked some troubleshooting steps too. Initial deployment installed vRLCM, vRA & vIDM. Check my previous blog for more details here. https://virtualrove.com/2020/06/22/vrlcm-8-1-part1-deployment-configuration/

This post will focus on adding binaries to vRLCM and deploying remaining vRealize Suite products. Before we move forward, lets navigate through vRLCM to check more options.

You get this page as soon as you login to vRLCM.

Lifecycle Operations: As an administrator, you will mostly spend your time in lifecycle operations. This application will let you manage the Day 0 to Day 2 operations of all your vRealize Suite products.

Locker: This place is mostly for certificate management. You can Generate, Import & Generate CSR here. Also, you can also manage passwords and licenses on this screen.

User Management (Identity and Tenant Management): All tasks related to authentication can be performed on this screen. You can add directories (Identity Source) here and manager users and permissions.

Content Management: You use the content management APIs to manage software-defined data center (SDDC) content. To manage SDDC content, you first need to add them as an endpoint on this screen. There are several other options on this screen. You will have to check VMware detailed documentation if you want to take an advantage of content management.

Marketplace: Use this option to add and manage content from Marketplace.

‘Lifecycle Operations’ is the area of interest for us. All important tasks will be performed from this screen.

Click on ‘Environments’

We already have a globalenv (vIDM) & vRA-8. Check more details on ‘View Details’

Let’s create a new environment.

A message appears, Before you create an environment to deploy a product, you must download or discover the Product Binaries.

Settings> Binary Mapping >Add Binaries

Before you move on, make sure that you have uploaded all ova files of the vRealize Suite products to /data/ova location in the vRLCM appliance using winscp. I have following ova files downloaded, however I was not able to upload them all to vRLCM due to space issue. Remember, in previous post I mentioned that the storage requirement is 48 GB for vRLCM and it used all of that after uploading 3 files from below list. I will check on it to increase the storage allocation for vRLCM VM. For now, lets proceed with 3 products.

Uploaded vRLI, vRB & vROPS to /data/ova/vRLCM directory and discovered it in vRLCM.

Check the request for the status.

Request shows in progress for couple of minutes.

Let’s create an environment now.

Provide Name, admin email, password from the list & DC.

Click Next to select products that we want to install. I got an error at this stage which also answered my question regarding storage allocation.

‘Disk usage of the system is very high at 100%’

Settings> System Details >Click on ‘Extend Storage’

Provide the required information and click ‘Extend’

Check the request status.

Request will take a min to complete. At the same time, we see that the vRLCM VM disk2 size has been increased in vCenter. I also uploaded VRNI ova file to /data/ova/vrlcm folder. Go to ‘Requests’ and click on pending request to return to ‘Create Environment’ task.

Select the product that you want to install. I have selected vROPS & vRB. Deployment type as ‘Standard’ for all of them.

Check the EULA and click next.

Add appropriate licenses, Next.

Next is Certificate. Upload one or create one on the same page.

Select Infrastructure details. This is where your products will get installed.

Scroll down to select ‘Integrate with idm’. We want our domain users to access this product.

Provide common network parameters on this screen.

Select each product & fill out parameters as shows in the pic below.

Run the pre-check before you start the installation.

Resolve any issues that you see in the ‘Results’ section.

Check the summary and click ‘Submit’

You will a ‘Request’ in-progress.

At the same time, we see a vros VM getting created in vCenter.

Both, vROPS & vRB got installed.

Request shows completed in vRLCM.

We also a SDDC environment in ‘Environments’ section.

Click on View Details under SDDC to check more details.

Let’s log into vROPS.

And vRB is also in place. And both of them registered with vIDM.

I could not deploy rest of the products through vRLCM due to compute resource issue. Will try to cleanup and deploy remaining products as and when time permits. However, entire procedure remains as it is. Select vRNI & vRLI while creating new environment.

That’s it for this post. I hope that the information was helpful.

Are you looking out for a lab to practice VMware products..? If yes, then click here to know more about our Lab-as-a-Service (LaaS).

Subscribe here to receive emails for new posts on this website.

vRLCM 8.1– Part1: Deployment & Configuration

Introduction: vRealize Suite Lifecycle Manager provides a single installation and management platform for following vRealize Suite products.

We will install all of them using vRLCM. VMware has really made life easy by introducing vRLCM. It automates the installation, configuration, management & patching from single pane of glass.

With that, lets begin with the installation. Obtain ‘vra-lcm-installer 8.1.0’ ISO from VMware downloads. I am installing this on 4 host cluster with just a vCenter in it. Minimum hardware requirement for for vRLCM is, 6 GB of memory and 48 GB storage (Thick Provision).

Create DNS record for vRLCM VM.

Mount vRLCM ISO file on one of the windows machine in the environment.

Navigate to ‘vrlcm ui installer\win32’ and open ‘Installer’ application.

Install

Next

We will provide target vCenter, where we want our vRLCM to get installed.

Fill the information and Next.

Accept the certificate.

Next, Select location, Compute Resource & Storage location.

Next, Network Configuration. Here we specify network information for all 3 products. i.e. vRA, vRLCM & vIDM. We don’t provide an IP address of the application on this screen. Fill the info and next.

Password Configuration: This password will be applied to all root and admin accounts for all products.

Provide vRLCM hostname and ip address here. Rest to be left on default.

Next is VMware Identity Manager. You have an option to skip the deployment of vIDM and can be triggered later from vRLCM. Review the information given on this page.

Note: Without installing or importing a VMware Identity Manager, you cannot access any other environment from Lifecycle Manager.

If you decide to deploy it now, then you get 2 options. Either to install fresh instance or to import an existing vIDM.

 We will go with fresh install. Let’s create the DNS record for vIDM first.

Provide FQDN and IP address for vIDM VM.

Scroll down to enable ‘Sync Group’. If this is not done, then it only sync’s group names and users does not get permissions until the group is specifically entitled to an application.

Next is vRA deployment. You also have an option to skip this too.

We will disable this to install Standard deployment of vRA.

Create DNS record for vRA.

Enter the license key and ip address information.

Review the Summary and click Submit.

Installation starts and you see all your VM’s (vRLCM, vIDM & vRA) in your target vCenter.

It takes a while to install all components. Take a good long break here. 😊

Mine showed up an error at the end.

“vRealize Automation deployment has failed.  Check vRSLCM UI for more details.”

Checked the log file at mentioned location in the error.

Error ‘Failed to create vRA Environment’

By looking at the error in ‘Installation Process’, we could see that it has installed vRLCM, Binaries moved to vRLCM, Installed vIDM and failed vRA creation. I could also see a vRA VM in vCenter up and running.

Lets login to vRLCM to find out what went wrong while creating vRA Environment.

Browse to vRLCM FQDN and login with ‘admin@local’

Click ‘Lifecycle Operations’

I could see on the Dashboard that the vRA Env has failed.

Go to ‘Requests’ to check the status.

Click on ‘Failed’ and it will take you to the sub task.

We see that it has failed at ‘Stage2’. Click on the task ID to view more details.

‘Failed to set vRA license key’ – License key was incorrect.

Click ‘Retry’, enter the correct key and Submit.

Request shows in progress again.

And Done.

That’s it for this post. We have deployed vRLCM along with vRA and vIDM. Did little troubleshooting too. Next post will cover vRLCM navigation, binaries and few other configuration options.

Have a great day. I hope that the blog was helpful.

Are you looking out for a lab to practice VMware products..? If yes, then click here to know more about our Lab-as-a-Service (LaaS).


Subscribe here to receive emails for new posts on this website.