VCP6-CMA Study Guide – Section 1: Install, Configure and Upgrade vRealize Suite Components

 

There don’t really seem to be many study guides around (if at all) for the new VCP6-CMA exam, so I thought I’d start cooking my own notes. I hope to sit this exam in the next couple of weeks, so hopefully I can complete it in that time frame. It’s a bit rough and ready in places, but it’s something worth sharing. Let me know what you think!

Section 1: Install, Configure and Upgrade vRealize Suite Components

 

Objective 1.1: Explain vRealize Suite Editions and Features

 

Identify available features and third party integrations for different vRealize Suite editions

• Two versions of vRealize Suite – Advanced and Enterprise. Licenced by CPU or Operating System Instance (OSI)
• Third party integrations available from VMware Solutions Exchange
• Features include automated delivery (self service portal, IaaS, infrastructure governance (approval workflows etc.), custom IT services (Xaas). Application Services requires Enterprise Edition (Application Director)
• Intelligent Operations includes Operations Manager, Log Insight, application awareness (Infrastructure Navigator)
• Application aware monitoring and change management requires VMware Configuration Manager and Hyperic, which comes with Enterprise Edition
• Business Insight – uses vRealize Business Standard for pricing, showback, running costs etc. Service Level Management requires Enterprise Edition
• VMware Orchestrator can be leveraged to run custom workflows from within vRA. Can use either embedded Orchestrator instance or remote one (appliance etc.)
• Contains the following:-
  • VMware vRealize™ Automation Advanced or Enterprise
  • VMware vRealize Operations Advanced or Enterprise
  • VMware vRealize™ Log Insight™
  • VMware vRealize™ Business™ Standard
  • VMware vRealize™ Business™ Advanced or Enterprise

 

Differentiate vCloud Air solutions

 

• vCloud Air solutions reside in the cloud in VMware owned datacentres, but are fully managed by the end user from their own infrastructure
• Can use a defined endpoint in vRA to provision services in the cloud to vCloud Air and use vRealize Business to provide reporting and billing information

 

Identify vRealize Automation/vCloud Air integration options

 

• vCloud Air can be integrated with vRA by defining an endpoint for consumption of services
• Some vApp limitations/non supported options include:-
  • Creating vApp templates
  • Defining vApp (vCloud) and vApp Component (vCloud) blueprints without specifying a vApp template
  • Moving vApps between virtual datacenters
  • Moving virtual machines between reservations
  • Adding or removing components from a vApp
  • Creating or using vApp snapshots
  • Using a static IP address
• Goal navigator can be used to integrate with vCloud Air
• You must define a separate endpoint for each organisation defined in vCloud Air if you do not have full administration rights to all VDCs
• Obtain the organisation VDC URL by logging into vCloud Air management and click the vCloud Director API URL link, use the first part of the URL, for example https://acme.com:443 in the address box

 

Identify vRealize Business Standard key capabilities

 

• Provides cost and usage visibility of virtual infrastructure / private cloud and public cloud with out of the box integration with VMware vCenter, vRealize Automation, and vCloud Director.
• Performs what-if analysis of virtual infrastructure / private cloud and public cloud, based on cost and utilization.
• Automatically prices the services available through self-service in a hybrid cloud.
• Provides out of the box benchmarks for cloud / virtual infrastructure environments, providing insight into capacity, costs, and efficiency.
• Covers more than 3,500 benchmark measurements across 20 industries, 18 towers or domains and four geographies.
• Benchmarks cover items like hardware, software, infrastructure, personnel, applications, IT structure, costs and more.
• Data is less than 18 months old.
• Data can show relative differences (and similarities) with your peers and decile performers.

 

Identify available vRealize Suite editions

 

• Comes in Advanced and Enterprise Editions
• Licenced per CPU or OSI

 

Explain vRealize Application Services functionality

 

• Application Services uses Application Director virtual appliance to provide PaaS options for vRealize Automation
• Uses drag and drop canvas so Application Architects can design application deployments as application blueprints
• Includes ability to install dependencies, services and custom packages as part of the blueprint
• Portable across vCloud Director, vRealize Automation, vCloud Air and Amazon EC2
• Works with existing vRealize Automation business groups, entitlements, approvals, catalogs and tenants to provide a unified end user experience
• Provides standardised application deployment blueprints for end users to consume

 

Explain vRealize Orchestrator functionality

 

• vRO is a process automation tool that provides a library of workflows.
• Can be used to manage vSphere infrastructure as well as third party environments (Microsoft, AD, F5 etc.)
• Uses extensible plug in architecture to provide additional functionality
• Exposes all vCenter operations in the vCenter Server API
• Integrates with Advanced Service Designer so Service Architects can enable Xaas catalog items in vRA (create AD user, change password etc.)

 

Determine the appropriate vRealize Suite edition based on customer requirements

 

• Use cases for vRealize Advanced include:-
  • Rapid, self-service infrastructure provisioning
  • Infrastructure health, performance, and capacity monitoring across physical, virtual, and hybrid cloud deployments
  • Rapid creation of rate cards and automatic pricing of service catalog blueprints for use in a self-service portal
  • Out-of-the-box benchmarks, usage metering, and public cloud comparison
  • Plan, control, and recover costs expended in providing full IT Services stack, implementing cost transparency, cost optimization, and demand management
  • Visibility into application dependencies and hypervisor change and configuration management
• Use cases for vRealize Enterprise include:-
  • All of the above, plus
  • Rapid, self-service infrastructure and application provisioning
  • Automated configuration and deployment of multi-tier cloud applications
  • Visibility into application performance
  • Regulatory compliance, OS-level change, and configuration management
  • IT service level management
  • Transparency into IT performance and value measures for all services and vendors, enabling IT to govern contractual commitments

 

Objective 1.2: Install and Upgrade vRealize Suite Components

 

Deploy and configure appliances for distributed vRealize deployment (e.g. SSO, automation, DB)

 

• Verify pre-reqs have been met, then obtain SSL certificates
• Deploy Identity Appliance, vRealize Appliance and vRealize appliance to use as standalone database
• Configure the load balancer to handle vRealize appliance traffic
• Configure the Identity Appliance, vRealize appliance, vPostgres appliance for high availability
• Configure the load balancer for IaaS traffic, install IaaS components
• Configure the default tenant and provide the IaaS licence
• Identity Appliance is protected using a HA enabled cluster
• Can deploy multiple vRealize Appliance instances, but only one Identity Appliance
• 1 vCPU, 2 GB RAM and 2GB disk space for Identity Appliance
• 2 vCPUs, 8GB RAM and 30GB disk space for vRealize Appliances

 

Install IaaS components

 

• Modules that make up IaaS include:-
  • IaaS website
  • Model Manager
  • vCloud Automation Center Manager service
  • IaaS database
  • Distributed Execution Managers (DEMs)
  • vRealize Automation Agents
• Can perform a full install on a single Windows server or instal components for a distributed architecture
• Only one instance of the Model Manager is allowed
• IaaS requires a SQL database, IIS installed and appropriate firewall rules configured
• Also requires .NET 4.5, Java 1.7 64 bit only and JAVA_HOME set, MS DTC enabled on all SQL nodes in the system
• For SQL Server Express, the Server Server Browser must be running
• Secondary Logon service enabled and running
• PowerShell 2.0 installed
• 2 vCPUs, 8GB RAM and 30GB disk for IaaS components

 

Configure default tenant and any additional tenants

 

• Default tenant is configured from vsphere.local domain
• Active Directory native mode only supported for the default tenant only
• Add tenant administrators and/or infrastructure administrators to the default tenant
• Provide the IaaS licence
• Additional tenants require the following information:-
  • Login URL (https://vcac-host/vcac/org/tenantURL – default tenant is just /vcac)
  • Identity stores (Active Directory via LDAP)
  • Branding (custom logos etc.)
  • Notification providers (e-mail notifications etc.)
  • Business policies
  • Service catalog offerings
  • Infrastructure resources
  • Tenant and infrastructure administrators

 

Appoint administrators

 

• IaaS administrators cannot be created until IaaS has been installed and licenced
• Type the name of a user or group in the Tenant or Infrastructure Administrators search boxes and press enter. Click Update to save changes.

 

Configure load balancer

 

• Session affinity must be enabled, AKA “sticky sessions”
• Timeout on the load balancer must be at least 100 seconds
• Import an SSL certificate into your load balancer
• Configure the load balancer for vRealize Appliance traffic
• Configure the load balancer to forward port 5480 (management port)
• Configure the appliances for vRealize Automation

 

Integrate vRealize with external systems

 

• Single vRealize Orchestrator can be used for all tenants
• Internal instance can be used from vRealize Appliance, or configure external instance such as appliance. Administration -> Advanced Services -> Server Configuration
• For an external Orchestrator instance, you need IP/DNS details and the port number of 8281
• Use Orchestrator to connect to external systems such as Active Directory, XenDesktop, Horizon View etc and execute workflows against these
• External systems may access vRA functions using a REST API

 

Manage SSL certificates

 

• Update certs in the following order – Identity Appliance, vRealize Appliance, IaaS
• With one exception, changes to later components in this list do not affect earlier ones. For example, if you import a new certificate to a vRealize Appliance, you must register this change with the IaaS server, but not with the Identity Appliance. The exception is that an updated certificate for IaaS components must be registered with the vRealize Appliance.
• New SSL certificates are imported via the Identity and vRealize appliance management interfaces and you use PEM format. For load balanced scenarios, used a SAN based certificate
• On the IaaS Server, run vcac-config.exe UpdateServerCertificates -d vcac_database -s sql_database_server -v
• Add the virtual appliance certificate to the trusted store if it is not trusted and reset IIS with the iisreset command. Must be done on all IIS servers in the IaaS infrastructure.

 

Resolve deployment and configuration issues

 

• Windows logs can be found in the Event Viewer and also under the C:\Program Files (x86)\VMware\vCAC folders
• The InstallLogs folder and \Server\ConfigTool\Log folders are used by the installer
• vRealize Automation Framework Logs are stored under /var/log/vmware
• Support bundles can be created from the virtual appliances
• Verify DNS, connectivity and NTP is all correctly configured
• Check IaaS service account password does not include double quotation marks
• To reinstall IaaS components, uninstall:-
  • vRealize Automation Agents
  • vRealize Automation DEM-Worker
  • vRealize Automation DEM-Orchestrator
  • vRealize Automation Server
  • vRealize Automation WAPI
  • Clear the SQL database to pre-installation state
  • Remove IIS binding on Default Web Site from 443
  • Delete the applications repository, vCAC and WAPI and application pools RepositoryAppPool, vCACAppPool, WapiAppPool
• Check encryption.key file on the vRealize Appliance is owned by vcac user and group and has rw permissions for the user
• Verify all inter node SSL certificates are correct and trusted
• Blank pages in IE9 or IE10 are caused by compatibility mode. Disable this.
• Unable to login to a tenant – check SSO internal tenant administrator password has not expired, this is 90 days by default. This does not affect LDAP identity stores.
• Verify load balancer timeout is set to 100 seconds minimum should install or upgrade of a distributed environment fail.

 

Perform upgrade of vCAC 6.1 to vRealize Automation

 

• Make sure all prerequisites are met (backups, MSDTC enabled on SQL nodes, snapshots of all appliances)
• Shut down the vco-service on each vRealize Appliance
• Shut down services on each IaaS Windows Server

 

Download and install updates to vRealize component appliances

 

• Check for updates to the Identity Appliance from the management interface (port 5480)
• Install the 6.2 update to the Identity Appliance
• Check for updates from each vRealize Appliance
• Install updates on each vRealize Appliance

 

Upgrade IaaS components

 

• Upgrade the IaaS database using the DBUpgrade.exe script (one time operation), can be downloaded from the vRealize Appliance installer page
• Must run script as an administrator
• Script sample syntax – DBUpgrade.exe -S (server name) localhost -d (database name) VCAC -E (use Windows credentials)
• Run the IaaS installer from the vRealize Appliance installer page on each IaaS node
• In multiple IaaS Server environments, perform the following:-
  • Upgrade all websites
  • Upgrade all Manager services
  • Upgrade DEM orchestrator and workers
  • Upgrade all agents
• In a distributed environment, the load balancer must be configured to pass traffic on port 8444 to the vRealize Appliances to support remote console features

Objective 1.3: Configure and Administer vCloud ConnectorIdentify the components of vCloud Connector

• vCloud Connector consists of three distinct components: the vCloud Connector user interface, the vCloud Connector server, and vCloud Connector nodes.

Explain vApp copy process

• vCloud Connector uses a path-optimized copy mechanism that provides a relatively higher copy speed and lower storage requirements.
• It uses a path optimization framework to export data from the source cloud, transfer it, and import it into the destination cloud in a parallel flow, instead of sequentially.
• The data is streamed in small chunks. As data is being exported from the source cloud, it is transferred and imported into the destination cloud.
• Files are not written to the staging area of either the source or destination vCloud Connector node during the copy process
• Under optimal conditions, the node staging area is not used during copy. However, in some scenarios (for example, if the transfer or import part of the copy process is slower than the export), data needs to be buffered and the staging area is used to store chunks of data.
• In such cases, the amount of storage needed might be equivalent to the size of the object being copied. Ensure that you have adequate storage on the nodes

Identify the virtual machine state

• You can use vCloud Connector to power on, power off, suspend, resume or reset a virtual machine or vApp in a cloud that has been added to vCloud Connector.
• Any action on a vApp applies to all its virtual machines.
• In the Inventory panel, click the Virtual Machines or vApps tab. A list of virtual machines or vApps is displayed.
• You can view the current state of the virtual machine or vApp in the Status column

Identify the configuration(s) necessary for Data Center Extension

• Datacenter Extension (Stretch Deploy) lets you extend your private data center to a public vCloud
• vSphere, vCloud Director, ESXi server, destination vCloud, vShield Manager, VDS must all be version 5.1 or higher
• vShield Edge must be able to reach the internet
• vShield Edge must have one external connection and an internal interface
• VM must be connected to a port group
• VM must be connected to a VDS, standard vSwitch is not supported
• VM cannot be connected to multiple networks
• If moving a vApp, VMs cannot be connected to different networks

Configure and Administer vCloud Connector

• vCloud Connector is configured from the appliance management interface on port 5480
• Comprises System, Network, Update, Server and Nodes tabs
• System Tab – information and time zone
• Network tab – IP address settings and any proxy servers required
• Update Tab – Check and install updates, check update poll schedule
• Server Tab – log files and SSL configuration, register Connector with vCenter Server for management
• Nodes tab – manage nodes in the vCloud Connector configuration

Differentiate between functionality of components of vCloud Connector

• Using vCloud Connector, you can manage virtual machines, deploy templates, and transfer virtual machines, vApps, and templates from one cloud to another
• Content Sync lets you set up a Content Library to distribute and synchronize templates across clouds.
• Datacenter Extension (Stretch Deploy) lets you extend your private data center to a public vCloud.
• Offline Data Transfer enables you to transfer large amounts of data from your private data center to VMware vCloud® Air™

Implement required network and security settings

• Ports 80 (HTTP), 443 (HTTPS), 8190 (UDT transfer) and 5480 (admin) need to be open

Determine storage requirements and add storage for vCloud Connector node

• Default storage on vCloud Connector nodes is 40 GB. You may need to increase this in some cases.
• If you will be copying large virtual machines, vApps, or templates. In some scenarios (for example, if the transfer or import part of the copy process is slower than the export), vCloud Connector uses the staging area during copy and might need storage equivalent to the size of the object being copied.
• If you will be copying many items simultaneously from a cloud.
• If you increase the maximum number of concurrent copies allowed for a node
• You need to resize the data disk on the vCloud Connector node by expanding hard disk 2 in the vSphere Client
• Login to the appliance console and run sudo  opt/vmware/hcagent/scripts/resize_disk.sh

Register vCloud Connector UI with vCenter Server

• In the vCloud Connector server Admin Web Console at https://vCCserverIPaddress:5480, click the Server tab, then the vSphere Client tab
• The vCloud Connector server URL field is automatically filled
• Type the vCenter Server IP address or fully qualified domain name
• If your vCenter Server is running on a port other than the default, specify the port number with the IP address. For example, 10.10.10.10:54
• Type the user name and password for the vCenter Server
• If the vCenter Server has a vCloud Connector server already registered with it that you want to replace, select Overwrite existing registration
• To verify that the registration was successful, log in to the vSphere Client and check that the vCloud Connector icon appears under Solutions and Applications in the Home page.

Register vCloud Networking and Security Manager with the vCloud Connector server

• Don’t understand what is being asked here!

Troubleshoot common vCloud Connector installation and operations issues

• Test network connectivity between all objects by using the curl -k command
• Log files can be downloaded from the appliance management interface on port 5480
• Log files are /opt/vmware/hcserver/logs/hcs.log and  /opt/vmware/hcagent/logs/hca.log
• Edit the logback.xml file to change log behaviour settings
• Upgrades can be troubleshooted using the /opt/vmware/var/log/vami/vami.log and /opt/vmware/var/log/postinstall log files. Log file should read “Finished installing version n.”
• Verify FQDNs can be resolved if they are being used

Create a vCloud Connector Content Library

• The vCloud Connector Content Library is a library of published folders or catalogs of templates to which users can subscribe. These templates can be virtual machine templates from vSphere clouds or vApp templates from vCloud Director clouds or public vCloud Director-based clouds.

Publish vSphere folders and vCloud catalogs to a vCloud Connector Content Library

• In the Browser panel, expand the Clouds tree and find the folder or catalog of templates that you want to publish.
• Right-click the folder and select Publish to Content Library. If Publish to Content Library is disabled, check that you are right-clicking a folder or catalog. The option is disabled for other objects, such as a datacenter or an organization.
• Click Publish in the confirmation dialog box
• In the Browser panel, select Content Library. The Catalogs table appears in the Inventory panel. The table lists the catalog or folder that you published, along with details such as its location, publisher, and the time that it was last updated.
• Click on the folder name to view the templates it contains. Users can now subscribe to the published folder

Subscribe/unsubscribe to a published folder or catalog

• In the Browser panel, select Content Library. The Inventory panel displays a Catalogs table which lists all published catalogs and folders
• To view the templates contained in a folder or catalog, select it in the Catalogs table. The Templates table that appears below the Catalogs table displays the contents of the selected folder or catalog.
• In the Catalogs table, select the catalog or folder to which you want to subscribe
• Click the Subscribe icon (down arrow) at the top of the Inventory panel. The Subscribe Wizard appears
• If you want templates to be deleted from your subscription folder or catalog if they are deleted in the published catalog, select Remove entities if deleted at publisher.
• Select the cloud to which you want to copy the templates.
• If your destination cloud is a vSphere cloud, do the following.
  • Select the folder to which you want to copy the templates, then click Next.
  • Specify an empty folder and do not add other content to it after you subscribe. vCloud Connector assumes that the folder is under its management and might replace or delete content in it.
  • Select a cluster, host or resource pool, then click Next.
  • Select the virtual disk format and a datastore, then click Next.
  • Select the frequency at which you want the subscription folder to be synchronized with the published folder. You can specify either the interval, in hours, or a custom schedule indicating the specific days and times at which you want the folder to be synchronized.
  • In the Ready to complete page, review your selections and click Finish.
• If your destination cloud is a vCloud Director cloud, do the following.
  • Select the catalog to which you want to copy the templates, then click Next.0
  • Specify an empty catalog and do not add other content to it after you subscribe. vCloud Connector assumes that the catalog is under its management and might replace or delete content in it.
  • Select a virtual datacenter, then click Next.
  • Select the frequency at which you want the subscription folder to be synchronized with the published folder. You can specify either the interval, in hours, or a custom schedule indicating the specific days and times at which you want the folder to be synchronized.
  • In the Ready to complete page, review your selections, then click Finish.

Stretch deploy a VM or vApp using Data Center Extension

• Ensure the VM to be moved is powered off
• Click Stretch Deploy icon
• Select the destination cloud
• Give the vApp a name (stretched_ is added)
• Choose a catalog and VDC for storage
• Select VDC network and supply an external IP address
• If the VM is manual static IP address, this should be changed from DCHP once inside the public cloud
• Power on the VM

Objective 1.4: Configure vRealize Automation Settings
Configure vRealize system settings to handle system notifications and appearance

• Login to the vRealize Application as either a tenant or system administrator
• Select Administration -> Branding, click Choose File
• Set privacy policy and contact links if required
• Click update
• To set e-mail, login to vRealize Application as a system administrator
• Select Administration -> Email Servers
• Click the add button, select Email inbound or Email outbound
• Configure the appropriate settings, click test connection and add to finish

Enable connections and set concurrency limits on IaaS server

• To conserve resources, vRealize Automation limits the number of concurrently running instances of machine provisioning and data collection. You can change the limits.
• The default delivery timeout intervals for the SetupOS and Clone workflow activities are 20 hours for each
• Open the ManagerService.exe.config file in an editor. The file is located in the vRealize Automation server install directory, typically %SystemDrive%\Program Files x86\VMware\vCAC\Server
• Locate the section called workflowTimeoutConfigurationSection
• Update the following variables, as required (MaxOutstandingResourceIntensive WorkItems, CloneExecutionTimeout, SetupOSExecutionTimeout, CloneTimeout, SetupOSTimeout, CloudInitializeProvisioning, MaxOutstandingDataCollectionWorkItems, InventoryTimeout, PerformanceTimeout, StateTimeout)
• Save and close the file, restart the vRealize Automation service
• You can change the frequency of several callback procedures, including the frequency that the vRealize Automation callback procedure is run for changed machine leases
• Open the ManagerService.exe.config file in an editor. The file is located in the vRealize Automation server install directory, typically %SystemDrive%\Program Files x86\VMware\vCAC\Server.
• Update the following variables, as desired (RepositoryWorkflowTimerCallback MiliSeconds, ProcessLeaseWorkflowTimerCallbackIntervalMiliSeconds, BulkRequestWorkflowTimerCallbackMiliSeconds, MachineRequestTimerCallbackMiliSeconds, MachineWorkflowCreationTimerCallbackMiliSeconds)
• Save and close the file, restart the vRealize Automation service

Configure Datacenter locations

• Locations are stored in the file %SystemDrive%\Program Files x86\VMware\vCAC\ServerWebSite\XmlData\DataCenterLocations.xml
• Add the string <Data Name=”Manchester” Description=”Manchester DC” /> within the <CustomDataType> section
• Save and close the file
• Restart the Manager service