Oh my how time flies. It was just about 6 months ago that I was blogging about the release of vRA 7.2 and all the awesomeness within. Since then, VMware’s Cloud Management Business Unit has been hard at work developing, testing, tweaking and innovating towards the next big release. Today, I’m happy to announce the general availability of vRealize Automation 7.3. It’s an incremental release (i.e. a “dot” release), but don’t be fooled. Here you’ll learn just how much “umph” a .1 can have.
This release continues the trend of delivering awesome innovations, improved user experience, and greater / deeper integration into the ecosystem its managing. Below is a summary of the “spotlight” features and capabilities that are packed into vRA 7.3……
The guide (and these videos) was put together to help you deploy and configure a highly-available, production-worthy vRealize Automation 7.2 distributed environment, complete with SDDC integration (e.g. VSAN, NSX), extensibility examples and ecosystem integrations. The design assumes VMware NSX will provide the load balancing capabilities and includes details on deploying and configuring NSX from from scratch to deliver these capabilities.
Be sure to refer back to the full guide for detailed configuration steps or more info on any given topic.
Next we’ll be configuring load balancing and high availability policies for the distributed components. An NSX Edge Service Gateway (ESG) will be providing the load balancing and availability services to vRA as an infrastructure service. vRA supports In-Line and One-Arm load balancing policies. This implementation will be based on an In-Line configuration, where the vRA nodes and the load balancer VIPs are on the same subnet.
(If you do not plan on using NSX for HA services, you can skip this configuration)
NSX Load Balancing configuration consists of creating a Application Profile, Health Monitoring policy, Server Pool(s), and a Virtual Server (VIP) per load-balanced pair. These services can be configured after the initial deployment (preferred) to avoid any potential deployment issues related to load balancing config.
Welcome to the vRealize Automation 7.2 Detailed Implementation Guide (DIG). This series of posts — made up of detailed how-to, end-to-end videos, plenty of commentary, and other related content — was put together to help you deploy and configure a highly-available, production-worthy vRealize Automation 7.2 distributed environment, complete with SDDC integration (e.g. VSAN, NSX), extensibility examples and ecosystem integrations. The design assumes VMware NSX will provide the load balancing capabilities and includes details on deploying and configuring NSX from from scratch to deliver these capabilities.
This little project has been in the works for quite some time and will continue to expand as I include additional how-to’s for a variety of use cases (e.g. IPAM and ITSM integration).
This guide was created for anyone looking to install and/or configure vRealize Automation 7.2 in any environment. And, as were my intentions in previous POC guides, the content here can be used as a form of training and education or simply a reference document for existing or new vRA environments.
As for skill level, this guide assumes you have a general idea of vRealize Automation and VMware’s broader Cloud Management products. However there is no expectation that you’ve previously deployed and configured vRA.…
One of my favorite things to do is whiteboard. In my line of work, the whiteboard allows me to tell a story…one that can be broad in coverage, yet tuned on-the-fly to best align with the needs of the audience. It started as a “cloud” whiteboard back when vCloud Director (vCD) was released and the first vCloud Suite offering was announced. The first storylines were all about VMware’s cloud and management framework and leveraging vCD to align with a set of industry-accepted characteristics that defined “cloud”. There have been several iterations over time as new technologies (and acquisitions) came to fruition, with an evolving storyline to highlight modern challenges and the transformative nature of the Software-Defined Datacenter.
The whiteboard has been delivered on your standard everyday office whiteboard, table-tops, glass walls, flip charts, notepads, napkins, and electronically via powerpoint, iPad, and digital sketch pads. Regardless of delivery medium, I have found the whiteboard to be the most effective means of articulating the often-confusing details and associated benefits of the Software-Defined Datacenter at any level of depth…and without yawn-generating, ADD-invoking death by powerpoint.
My most recent iteration of the SDDC whiteboard doubles as field and partner enablement, so I had to put a little more thought into the storyline to ensure it closely resembles how customers have typically leveraged vSphere, NSX, VSAN, and the vRealize Suite evolve their existing datacenters to quickly build and gain the benefits of SDDC.…
Recapping Part 2 of this series: We staged a number of NSX Logical Switches to be consumed by vRA machines as External Networks. vRA collects and identifies these networks as traditional [vSphere] Network Paths and allows them to be wired for consumption in the Converged Blueprint (CBP) designer as needed (or using custom properties, but that’s beyond this post). Logical Switches can be created for a consumption-only model, automatically created per Deployment when using On-Demand services, or some combination of these.
Similar to it’s relationship with NSX Logical Switches, vRA provides both consumption-based and dynamic security services to deliver a number of use cases leveraging NSX Security Groups and Security Policies.
A Security Group defines — and logically groups — the objects you want to protect (e.g. virtual machines) and the policies that protect them (via a security policy). Group membership can be static or dynamic (e.g. based on logical naming, containers, tags, or as members of other security groups). Pre-created security groups are collected by vRA endpoint inventory and consumed as Existing Security Groups (SG) within the Converged Blueprint designer. These security groups may ultimately contain a combination of unmanaged vSphere VMs and vRA-managed machines.
vRA also supports On-Demand Security Groups (ODSG) within CBP, which requires the use of an existing Security Policy.…
A logical switch emulates a traditional network switch by creating logical networks that can be used to connected one or more vnics of a virtual machine to the corresponding logical network. In an NSX environment, logical switches are directly mapped to an available Transport Zone (VXLAN) and is stretched across all hosts and clustered configured with that VXLAN. Similarly, a Universal Logical Switch is deployed when used with Universal Transport Zones and can be stretched across hosts, clusters, and even vCenters. Logical switches are typically created and managed using the vSphere Web Client. Once created, machines can be logically wired to them for connectivity to other machines and/or upstream services (e.g. NSX Edge Services Gateway or Distributed Logical Router…or anything else wired to the resulting logical network). Thanks to the power of NSX, these networks can be spun up rapidly (albeit statically) and exist exclusively in the virtualization layer, saving countless management cycles and associated overhead (+ cost).
As you are well versed by now, NSX delivers the critical services needed for a modern network infrastructure while lifecycle automation of network and security services — from provisioning to decommissions (and everything in between) — are defined by the automation layer.…
Network and security automation — and specifically the use of on-demand services — will continue to play a more significant role as NSX (and network virtualization in general) continues to become more and more prominent. Customers are still trying to understand the impacts of app-centric networking and whether or not they’re ready to hand these critical services to automation tools. There’s a perception that automation reduces control and/or visibility into networking and security services that traditionally involve a ton of ownership, red tape, and several siloed personalities that love to hear their own voice (I used to be one!). Plus, there are personal domains and certifications to protect!
Once these folks realize vRA + NSX will provide greater control, more governance, and better visibility than they’ve ever had before, heads tend to deflate a bit. NSX adoption is on a rocketship and its benefits are resonating with traditional network silos and modern shops alike. As adoption (and resulting trust) continues to grow within an enterprise, the second part of the equation — automation — become the obvious next step for streamlining network and security services, often getting kicked off with two wonderful words: now what? Enter vRealize Automation.
For its part, vRA is designed to bridge the gap between a pure consumption model and on-demand everything.…