vRA 7.2 DIG – 03, Deploy vRA Virtual Appliances

The vRA virtual appliance (OVA) is downloaded from vmware.com and deployed to a vSphere environment. In a distributed deployment, you will deploy both primary and secondary nodes ahead of kicking off the deployment wizard.

The VA also includes the latest IaaS installers, including the required management agent (that will be covered in the next section).

Checklist:

  • Download and Deploy vRA OVA (x2) to vSphere
  • Configure VA properties
  • Confirm Time settings
  • Confirm accessibility post deployment
  • Confirm DNS Resolution

Video

vRA 7.2 DIG – 02, Deploy and Configure VMware NSX

We will be leveraging VMware NSX in this implementation to provide the load balancing services for the vRA deployment as well as integrating into vRA for application-centric network and security. Before any of this is possible, we must deploy NSX to the vSphere cluster, prepare the hosts, and configure logical network services. The guide assumes the use of NSX for these services, but this is NOT a requirement. A distributed installation of vRA can be accomplished with most load balancers. VMware certifies NSX, F5, and NetScaler.

(You can skip this section if you do not plan on using NSX in your environment)

Checklist:

  • Deploy (3) NSX Controller Nodes
  • Prep vSphere Hosts
  • Complete Logical Network Preparation
  • Configure VXLAN Network
  • Configure Transport Zone

Video

vRA 7.2 DIG – 01, Introduction

vRA 7.x focuses a lot on the user experience (UX), starting with one of the most critical — deploying the solution — then the second most critical, configuring it.  Following through with the promise of a more streamlined deployment experience, vRA 7’s release made a significant UX leap with the debut of the wizard-driven and completely automated installation of the entire platform and automated initial configuration.  And all of this in a significantly reduced deployment architecture.

The overall footprint of vRA has been drastically reduced. For a typical highly-available 6,x implementation, you would need at least 8 VA’s to cover just the core services (not including IaaS/windows components and the external App Services VA). In contrast, vRA 7’s deployment architecture brings that all down to a single pair of VA’s for core services. Once deployed, just 2 load-balanced VA’s will deliver vRA’s framework services, Identity Manager (SSO/vIDM), vPostgres DB, vRO, and RabbitMQ — all clustered and configurable behind a single load balance VIP and a single SSL cert. All that goodness, now down to 2 VA’s and all done automatically (!) during deployment.

While the IaaS (.net) components remain external, several services have moved to the VA(s). This will continue to be the case over time as more and more services make it over — eventually eliminating the Windows dependencies all together.…

vRA 7.2 Detailed Implementation Guide

Welcome to the vRealize Automation 7.2 Detailed Implementation Guide (DIG). This series of posts — made up of detailed how-to, end-to-end videos, plenty of commentary, and other related content — was put together to help you deploy and configure a highly-available, production-worthy vRealize Automation 7.2 distributed environment, complete with SDDC integration (e.g. VSAN, NSX), extensibility examples and ecosystem integrations. The design assumes VMware NSX will provide the load balancing capabilities and includes details on deploying and configuring NSX from from scratch to deliver these capabilities.

This little project has been in the works for quite some time and will continue to expand as I include additional how-to’s for a variety of use cases (e.g. IPAM and ITSM integration).

Target Audience

This guide was created for anyone looking to install and/or configure vRealize Automation 7.2 in any environment. And, as were my intentions in previous POC guides, the content here can be used as a form of training and education or simply a reference document for existing or new vRA environments.

As for skill level, this guide assumes you have a general idea of vRealize Automation and VMware’s broader Cloud Management products. However there is no expectation that you’ve previously deployed and configured vRA.…

The Scoop – vRealize Automation 7.2

Today VMware announced vRealize Automation 7.2, the third incremental release since the revamped 7.0 platform was first introduced. With each release comes new features and functionality with an almost obsessive focus on driving time-to-value and improving the overall user experience. vRA 7.2 is no exception to that rule.

vRealize Automation 7.2

vra7-585

Accelerating Time to Value:

  • New API’s for programmatically Installing, Configuring, and Upgrading vRA 7.2+
  • Leverage the API’s to validate installation, deploy monolithic or distributed environments, generate certs and install licensing
  • Enhanced Upgrade API’s enable programatic system-wide upgrade functionality

VMware SDDC Technical Whiteboard

One of my favorite things to do is whiteboard. In my line of work, the whiteboard allows me to tell a story…one that can be broad in coverage, yet tuned on-the-fly to best align with the needs of the audience. It started as a “cloud” whiteboard back when vCloud Director (vCD) was released and the first vCloud Suite offering was announced. The first storylines were all about VMware’s cloud and management framework and leveraging vCD to align with a set of industry-accepted characteristics that defined “cloud”. There have been several iterations over time as new technologies (and acquisitions) came to fruition, with an evolving storyline to highlight modern challenges and the transformative nature of the Software-Defined Datacenter.

The whiteboard has been delivered on your standard everyday office whiteboard, table-tops, glass walls, flip charts, notepads, napkins, and electronically via powerpoint, iPad, and digital sketch pads. Regardless of delivery medium, I have found the whiteboard to be the most effective means of articulating the often-confusing details and associated benefits of the Software-Defined Datacenter at any level of depth…and without yawn-generating, ADD-invoking death by powerpoint.

My most recent iteration of the SDDC whiteboard doubles as field and partner enablement, so I had to put a little more thought into the storyline to ensure it closely resembles how customers have typically leveraged vSphere, NSX, VSAN, and the vRealize Suite evolve their existing datacenters to quickly build and gain the benefits of SDDC.…

The Scoop: vRealize Automation 7.1

vRealize Automation 7.1 in now Generally Available for download. This release brings several features and enhancements, but primarily sticks to the themes of Time to Value, Quality and Stability. Another focus point for this release is to provide customers currently on vRA 6.x an upgrade path to all the benefits of the 7.x platform.

vRealize Automation 7.1

I’ll be posting some details around a few of the new capabilities in the next several weeks, but for now here’s a summary list of what vRA 7.1 delivers…

Time To Value

  • Streamlined deployment and prereq installation process
  • Silent installer leveraging new vra-command CLI tool
  • Install management agents, prereqs, and core for VA and IaaS nodes
  • Use wizard-generated unattended properties file for subsequent silent installations
  • Leverages new VA public API (https://<vrava_ip>:5480/config/):

    vra7-176

  • UI-based (VAMI) Migration wizard
  • Migrate from vRealize Automation 6.2.x environment to a new vRealize Automation 7.1 instance
  • Complete DB migration (vPostgres and SQL)
  • Migrate IDVA/SSO Directories to vIDM
  • Preserves the source 6.2.x environment
  • Supports migrating from 6.2.x Simple to 7.1 HA/Distributed (as well as HA to HA):

    vra7-226

  • vSphere Endpoint Improvements
  • Data collection performance increased by ~60%
  • Support for vSphere infrastructure changes (e.g.

vRA and NSX – Part 3, Security Groups and Policies

Introduction

Recapping Part 2 of this series: We staged a number of NSX Logical Switches to be consumed by vRA machines as External Networks. vRA collects and identifies these networks as traditional [vSphere] Network Paths and allows them to be wired for consumption in the Converged Blueprint (CBP) designer as needed (or using custom properties, but that’s beyond this post). Logical Switches can be created for a consumption-only model, automatically created per Deployment when using On-Demand services, or some combination of these.

Moving on…

Similar to it’s relationship with NSX Logical Switches, vRA provides both consumption-based and dynamic security services to deliver a number of use cases leveraging NSX Security Groups and Security Policies.

A Security Group defines — and logically groups — the objects you want to protect (e.g. virtual machines) and the policies that protect them (via a security policy). Group membership can be static or dynamic (e.g. based on logical naming, containers, tags, or as members of other security groups). Pre-created security groups are collected by vRA endpoint inventory and consumed as Existing Security Groups (SG) within the Converged Blueprint designer. These security groups may ultimately contain a combination of unmanaged vSphere VMs and vRA-managed machines.

vra7-327vRA also supports On-Demand Security Groups (ODSG) within CBP, which requires the use of an existing Security Policy.…