vRealize Automation and NSX – Better Together

One of the hottest topics in the world of software-defined everything is unequivocally NSX. This rocketship of a technology is fundamentally changing datacenter design — much like vSphere so effectively did (except at a greater pace). NSX redefines how networks are built, consumed, and managed. Even more importantly, security no longer has to be compromised due to the the prohibitive cost of per-application policies. And best of all, this all done with software. That’s a good thing since we’re at the start of a software-defined revolution, quickly breaking out of our hardware-defined chains.

I can go on and on, but this post isn’t about how awesome NSX is…not entirely anyway.

Making Awesome…Awesomer

So how do we take awesome up another notch? Easy…automate it (i’m sure you figured I’d say that). And not just automate in the “I’ll run a fancy custom script or workflow as soon as the request hits my desk”. While that’s neat — and congrats on putting in all the work for building those static processes (also, good luck handing those proprietary scripts over to the next admin when LinkedIn recruiters finally land you) — that’s not what I’m referring to. Automation in that sense has been around for decades and traditionally misses two of the worst choke points in IT — People and Process.…

A Quick Lesson on vRA Entitlements

vRealize Automation provides a ton of granularity for roles and permissions, service availability, lifecycle management (e.g. day-2 operations). It essentially boils down to a set of logic that defines who can see and do any given task on any given resource. This can be as simple as a handful of configurations, or get as complex as you want it to be.

vRA’s Entitlements feature is just one of many ways to add governance and additional controls to your environment. Entitlements allow admins to create a set of policies that determine which services any given consumer can deploy and how they can [lifecycle] manage their services post-provisioning. The following entitlement options are available per Business Group User or Group.

  • IaaS Blueprints
  • PaaS / AppServices Blueprints
  • XaaS Services
  • Actions / Custom Actions (Day 2 Operations)
  • Service Catalogs
  • Approval Policies

Entitlements are created and managed under Catalog Management (Administration tab -> Catalog Management -> Entitlements) for all available services. It is important to note that entitlements are a REQUIRED function for service delivery (e.g. all services must be entitled at some level before they are available for consumption). Since this isn’t a HOW-TO post (see the vRA Live Install and Config videos and/or the vRA 6.0 POC Guide for a detailed how-to), here’s a summary of how to get from here to there…

 

 

 

 

 

 

 

 

 

 

Once an Entitlement is created, there are several options that will help you fine-tune exactly what gets entitled, who this entitlement effects, which actions are available, and whether or not component-level approval policies are in the mix.…

vCloud Automation Center 6.0 POC and Detailed Implementation Guide

In keeping up with my extracurricular doc-building activities, I am happy to release the latest iteration of my vCAC implementation guide for the deployment and configuration of vCAC 6.0. This unofficial Proof of Concept and Detailed Implementation guide is provided, with no guarantees (or support), to assist with the end-to-end implementation of vCloud Automation Center 6.0 in a pre-configured vSphere 5.x environment.

The guide walks through – in plenty of detail – vCAC 6.0’s deployment, concepts, technologies, and features as they would be used in a real-world implementation. This document can also double as an unofficial hands-on training guide which covers:

– New Features in vCAC 6.0
– Deployment Architecture
– Implementation on VMware platforms (vSphere)
– IaaS and XaaS Configuration
– Usage and Navigation
– Advanced Concepts and Use Cases…

vCAC 6.0 Implementation, Part 4 – Configuring vCAC IaaS Component

To continue the momentum, now we dive into installing the IaaS components of vCAC.  Part 4 of this series walks you through the vCAC IaaS Installation Wizard, which is a significant improvement from previous versions. A few configuration details and GO!

Again, the IaaS engine in vCAC 6 is the .NET-based component that is similar to previous versions of vCAC 5.x. For vCAC 6.0, IaaS is consumed through vCAC’s primary framework.  From VMware’s vCAC 6.0 Documentation:

Infrastructure as a Service (IaaS) enables the rapid modeling and provisioning of servers and desktops across virtual and physical, private and public, or hybrid cloud infrastructure. Modeling is accomplished by creating a machine blueprint, which is a complete specification for a virtual, cloud, or physical machine. Blueprints are published as catalog items in the common service catalog. When a user requests a machine based on one of these blueprints, IaaS handles the provisioning of the machine.
IaaS also allows you to comprehensively manage the machine life cycle from a user request and administrative approval through decommissioning and resource reclamation. Built-in configuration and extensibility features also make IaaS a highly flexible means of customizing machine configurations and integrating machine provisioning and management with other enterprise-critical systems such as load balancers, configuration management databases (CMDBs), ticketing systems, IP Address management systems, or Domain Name System (DNS) servers.

vCAC 6.0 Implementation, Part 3 – Configuring vCAC IaaS Prereqs

Moving right along (and behind schedule), Part 3 of this series will walk through the configuration of all the prerequisite requirements for the Windows-based IaaS component.

The IaaS engine is a .NET-based component that resembles (an uncanny resemblance) previous versions of vCAC 5.x. For vCAC 6.0, IaaS is consumed through vCAC’s primary framework (deployed via the vCAC Virtual Appliance) once it is installed and registered. The prerequisites for IaaS are identical to previous vCAC versions, which I’ve covered in detail in the vCAC 5.2 Detailed Installation Guide.

Review: VMware’s vCloud Automation Center 6.0 solution is made up of 3 core components:

  • vCAC VA – Delivered as a Virtual Appliance (.OVA), vCAC’s primary interface for administration and user self-service. Also includes an imbedded vCO server.
  • vCAC ID – Delivered as a Virtual Appliance (.OVA), vCAC’s stand-alone Single Sign-On engine, which provides multi-tenant LDAP and Active Directory authentication services for vCAC tenants.
  • vCAC IaaS – Windows Installable (.exe), vCAC’s IaaS engine for heterogeneous infrastructure as a service — setup is covered in Part 3 and 4 in the series

NOTE: this video guide was created using vCAC BETA builds and some of the steps will differ from the generally-available builds.  I will try to update all the videos pre-GA.…

vCAC 6.0 Implementation, Part 2 – Configuring vCAC’s VA’s

VMware’s vCloud Automation Center 6.0 solution is made up of 3 core components:

  • vCAC VA – Delivered as a Virtual Appliance (.OVA), vCAC’s primary interface for administration and user self-service. Also includes an imbedded vCO server.
  • vCAC ID – Delivered as a Virtual Appliance (.OVA), vCAC’s stand-alone Single Sign-On engine, which provides multi-tenant LDAP and Active Directory authentication services for vCAC tenants.
  • vCAC IaaS – Windows Installable (.exe), vCAC’s IaaS engine for heterogeneous infrastructure as a service (covered in detail in Parts 3 & 4).
source: vCAC 6.0 Install and Configure [beta] documentation

 

Additional components to the solution (based on licensing) include the vCAC Financial Management engine (delivered as an .OVA), and the Appication Provisioning engine (also an .OVA).  Both are covered much later.

Part 2 of this series will dive into the the configuration/integration of the vCAC VA and ID/SSO VA components.

NOTE: this video guide was created using vCAC BETA builds and some of the steps will differ from the generally-available builds.  I will try to update all the videos pre-GA.

Other videos available in this series:

 

++++
@virtualjad…

vCAC 6.0 Implementation, Part 1 – Deploying vCAC and ID (SSO) Appliances

VMware’s vCloud Automation Center (vCAC) 6.0 release is just around the corner and the anticipation for what’s next is tremendous.  vCAC 6.0 introduces a brand-new interface, new concepts, new echosystem integrations, and the quickest path to realizing the benefits of the Software-Defined Datacenter.  And then there’s XaaS — the killer technology that will allow cloud shops to deliver their entire datacenter operation as a governed, entitled, life-cycled service.

To learn more about vCAC 6.0, visit VMware’s cloud management blog.

vCAC 6.0 has been in beta for a couple of months and continues to peek the interests of several early adopters.  Being the beta code that it is, there are several caveats and gotchas with the implementation that can sneak up at you.  To help mitigate those gotchas, I have created a set of videos that will help through the implementation of an end-to-end vCAC 6.0 solution.  The 10 videos in the series will cover the following topics:

I will be rolling out these videos as they get through editing…aiming for 1/week.

To get us started, here’s Part 1 – Deploying vCAC and ID (SSO) Appliances..…

VMware vCloud Automation Center 5.2 Detailed Installation Guide

VMware announced the release of vCloud Automation Center (vCAC) 5.2 in April, a dot-release follow on to vCAC 5.1.  This release shipped with it several improvements, bug fixes, tighter vCloud Director integration, and so on.  Some of the highlights include, but not limited to:

  • Deeper integrations with vCloud Director – vCAC 5.1 added basic support for consuming vCD as an Endpoint to enable vApp deployments into VDC’s. Although functional, the options were limited, especially with “day 2” management of vApps. vCAC 5.2 adds greater functionality, deployment options, support for all three VDC allocation models (PAYG, Allocation Pool, Reservation Pool), and the ability to manage individual machine within the vApp independently…a much needed addition.
  • Added support for vCloud Networking & Security (vCNS) use cases – vCNS integration brings with it the ability to discover vCNS network entities, such as VXLAN and security groups. This enables the consumption of these networks as part of an application deployment model for greater control and security.
  • Support for KVM (RHEV) Hypervisor – Adding native support for KVM as a platform continues vCAC’s trend towards the “manage all infrastructures” model and adds to vCAC’s already extensive native (“out of the box”) support for heterogeneous infrastructure…with much more to come.