In part 10 we configured the vRealize Automation default tenant for our lab. We decided against using multiple tenants as the lab is only hosting one organization, and business groups utilizing it will be defined using other means.
In this part, we configure the blueprints which will make up our service catalog.
Other posts in this series
- Physical infrastructure – storage
- Physical infrastructure – networking
- Physical infrastructure – compute
- Authentication services
- Deploy and configure the vCenter Server Appliance
- Configure vCenter Server Appliance SSL certificates
- Deploy and configure the vRA Appliance
- Deploy and configure the IaaS platform
- Configure tenants
- Configure endpoint & fabric/business groups
- Configure blueprints (coming soon)
- Configure entitlements (coming soon)
- Configure policies (coming soon)
- Integration with vCloud Air (coming soon)
- Tidy up (coming soon)
Before we continue, let’s remind ourselves on the installation procedure and the order:
Before we can proceed, we must licence the vRA installation.
Using a web browser, navigate to the vRA configuration page at https://vra.lab.mdb-lab.com/shell-ui-app (substitute accordingly) and login using an account that belongs to the Infrastructure Administrators group you created in part 10:
Click on the Infrastructure tab, followed by Administration and then Licensing:
Click Add license:
Enter the licence key and then click OK.
Important – if you get a Page cannot be Found (404) error when trying to enter the licence key, then you need to re-register the endpoint. Logon to the IaaS server and use:
cd "C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe" Vcac-Config.exe RegisterEndpoint --EndpointAddress https://iaas.lab.mdb-lab.com/vcac/ --Endpoint ui -v
This is due to a change VMware made starting from 6.1.x. More information can be found at http://kb.vmware.com/kb/2090236.
I have updated the relevant step in part 9 to reflect this.
In vRealize Automation, an endpoint is a target resource for our virtual machines. An example of this is a vCenter Server, vCloud Air or Amazon Web Services (AWS).
On the lab domain controller, create a service account:
dsadd user cn=sa_vra_endpoint,cn=users,dc=lab,dc=mdb-lab,dc=com -disabled no -pwd * -acctexpires never
Use the following PowerCLI code to grant the above user Admin privileges on the vCenter server:
# Variables $vc = "vcsa.lab.mdb-lab.com" $credential = Get-Credential $acc = "LAB\sa_vra_endpoint" Connect-VIServer $vc -credential $credential New-VIPermission -Role Admin -Principal $acc -Entity Datacenters Disconnect-VIServer $vc -confirm:$false
Click on the Infrastructure tab, followed by Endpoints and then Credentials:
Click on New Credentials and enter in the account we created above:
Click the green tick button to save the details.
Click New Endpoint, Virtual, vSphere (vCenter):
Enter in the details of the vCSA using the following format (substitute accordingly):
Select the credentials entered in the previous step and click OK.
If you have subscribed to VMware’s cloud solution, vCloud Air, then you can also specify that as a vRealize Automation endpoint. The following is a list of steps for those who have access to the OnDemand Private Cloud.
Using your web browser, navigate to the vCloud Air site at http://vca.vmware.com:
Login using your credentials:
Click Virtual Private Cloud OnDemand. When the portal loads, make a note of the URL:
You need the address plus /api/compute/. In our case, as our vDC is based in Germany, the URL is:
Right-click the vDC and click Manage Catalogs in vCloud Director:
Click Org Settings in the top right-hand corner:
Make a note of the Organization Name (I have blanked the last section of ours out).
Switch back to the vRA administration page. Click Endpoints, then New Endpoint, Cloud, vApp (vCloud). Complete the Name and Address fields, using the URL from above.
Click Credentials, followed by New Credentials in the top-right. Enter in your vCloud Air credentials:
Click OK. In the Organization field, enter in Organization Name you copied from before:
Using your mouse, hover over the vCloud Air endpoint and click Data Collection.
Click Start. In a few minutes it will be complete.
Fabric Groups control reservations on endpoints. The provide resources to Business Groups. One way to view this is:
On the domain controller in your production domain, create a group:
for %i in ("Fabric Admins - vCenter","Fabric Admins - vCloud Air") do dsadd group cn=%i,cn=users,dc=mdb-lab,dc=com -scope l
On the vRA appliance, click on the Infrastructure tab, then Groups, then finally Fabric Groups:
Click New Fabric Group. Type a name for the group, and in the Fabric Administrators box type the name of the group previously created. Click in the Compute Resources box, and then check the box that represents the vCenter cluster. Finally click OK.
Virtual machines provisioned by vRealize Automation can be prefixed to identify which business group they belong to.
Logon to the vRA appliance as a fabric administrator. Click on the Infrastructure tab, then Blueprints, then finally Machine Prefixes. Click New Machine Prefix:
Create three prefixes, each with three digits, with the next number being 1 for the following:
This should produce:
Business Groups are logical groups which we can map to line of business functions, like Finance, Marketing, IT etc. For our lab, we will create groups for the following functions that exist within the IT Department:
- Technical Specialists
Luckily these security groups already exist in our production domain. However if they don’t, use the following to create them:
for %i in ("Development","Operations","Technical Specialists") do dsadd group cn=%i,cn=users,dc=mdb-lab,dc=com -secgrp yes
Create the following Organizational Units (substitute accordingly):
dsadd ou ou=Managed,dc=lab,dc=mdb-lab,dc=com dsadd ou ou=Computers,ou=Managed,dc=lab,dc=mdb-lab,dc=com for %i in ("Development","Operations","Technical Specialists") do dsadd ou ou=%i,ou=Computers,ou=Managed,dc=lab,dc=mdb-lab,dc=com
Create the following management users:
for %i in ("dv_mgr","op_mgr","ts_mgr") do dsadd user cn=%i,cn=users,dc=mdb-lab,dc=com -upn %email@example.com
On the vRA appliance, click the Infrastructure tab, then Groups, then finally Business Groups:
In this part we configured two endpoints for vRealize Automation that point to the local vCenter and to vCloud Air. We also created fabric groups, machine prefixes, and business groups aligned to our business functions.
In part 12 we configure blueprints which will make up our service catalog.