12-10-15

VMworld Europe Day One

Today saw the start of VMworld Europe in Barcelona, with today being primarily for partners and TAM customers (usually some of the bigger end users). However, that doesn’t mean that the place is quiet, far from it! There are plenty of delegates already milling around, I saw a lot of queues around the breakout sessions and also for the hands on labs.

As today was partner day, I already booked my sessions on the day they were released. I know how quickly these sessions fill, and I didn’t want the hassle of queuing up outside and hoping that I would get in. The first session was around what’s new in Virtual SAN. There have been a lot of press inches given to the hyper converged storage market in the last year, and I’ve really tried to blank them out. Now the FUD seems to have calmed down, it’s good to be able to take a dispassionate look at all the different offerings out there, as they all have something to give.

My first session was with Simon Todd and was titled VMware Virtual SAN Architecture Deep Dive for Partners. 

It was interesting to note the strong numbers of customer deploying VSAN. There was a mention of 3,000 globally, which isn’t bad for a product that you could argue has only just reached a major stage of maturity. There was the usual gratuitous customer logo slide, one of which was of interest to me. United Utilities deal with water related things in the north west, and they’re a major VSAN customer.

There were other technical notes, such as VSAN being an object based file system, not a distributed one. One customer has 14PB of storage over 64 nodes, and the limitation to further scaling out that cluster is a vSphere related one, rather than a VSAN related one.

One interesting topic of discussion was whether or not to use passthrough mode for the physical disks. What this boils down to is the amount of intelligence VSAN can gather from the disks if they are in passthrough mode. Basically, there can be a lot of ‘dialog’ between the disks and VSAN if there isn’t a controller in the way. I have set it up on IBM kit in our lab at work, and I had to set it to RAID0 as I couldn’t work out how to set it to passthrough. Looks like I’ll have to go back to that one! To be honest, I wasn’t getting the performance I expected, and that looks like it’s down to me.

VSAN under the covers seems a lot more complex than I thought, so I really need to have a good read of the docs before I go ahead and rebuild our labs.

There was also an interesting thread on troubleshooting. There are two fault types in VSAN – degraded and absent. Degraded state is when (for example) an SSD is wearing out, and while it will still work for a period of time, performance will inevitably suffer and the part will ultimately go bang. Absent state is where a temporary event has occured, with the expectation that this state will be recovered from quickly. Examples of this include a host (maintenance mode) or network connection down and this affects how the VSAN cluster behaves.

There is also now the ability to perform some proactive testing, to ensure that the environment is correctly configured and performance levels can be guaranteed. These steps include a ‘mock’ creation of virtual machines and a network multicast test. Other helpful troubleshooting items include the ability to blink the LED on a disk so you don’t swap out the wrong one!

The final note from this session was the availability of the VSAN assessment tool, which is a discovery tool run on customer site, typically for a week, that gathers existing storage metrics and provides sizoing recommendations and cost savings using VSAN. This can be requested via a partner, so in this case, Frontline!

The next session I went to was Power Play :What’s New With Virtual SAN and How To Be Successful Selling It. Bit of a mouthful I’ll agree, and as I’m not much of a sales or pre-sales guy, there wasn’t a massive amount of takeaway for me from this session, but Rory Choudhari took us through the current and projected revenues for the hyperconverged market, and they’re mind boggling.

This session delved into the value proposition of Virtual SAN, mainly in terms of costs (both capital and operational) and the fact that it’s simple to set up and get going with. He suggested it could live in harmony with the storage teams and their monolithic frames, I’m not so sure myself. Not from a tech standpoint, but from a political one. It’s going to be difficult in larger, more beauracratic environments.

One interesting note was Oregon State University saving 60% using Virtual SAN as compared to refreshing their dedicated storage platform. There are now nearly 800 VASN production customers in EMEA, and this number is growing weekly. Virtual SAN6.1 also brings with it support for Microsoft and Oracle RAC clustering. There is support for OpenStack, Docker and Photon and the product comes in two versions.

If you need an all flash VSAN and/or stretched clusters, you’ll need the Advanced version. For every other use case, Standard is just fine.

After all the VSAN content I decided to switch gears and attend an NSX session called  Disaster Recovery with NSX, SRM and vRO with Gilles Chekroun. Primarily this session seemed to concentrate on the features in the new NSX 6.2 release, namely the universal objects now available (distributed router, switch, firewall) which span datacentres and vCenters. With cross vCenter vMotion, VMware have really gone all out removing vCenter as the security or functionality boundary to using many of their products, and it’s opened a whole new path of opportunity, in my opinion.

There are currently 700 NSX customers globally, with 65 paying $1m or more in their deployments. This is not just licencing costs, but also for integration with third party products such as Palo Alto, for example. Release 6.2 has 20 new features and has the concept of primary and secondary sites. The primary site hosts an NSX Manager appliance and the controller cluster, and secondary sites host only an NSX Manager appliance (so no controller clusters). Each site is aware of things such as distributed firewall rules, so when a VM is moved from one site to another, the security settings arew preserved.

Locale IDs have also been added to provide the ability to ‘name’ a site and use the ID to direct routing traffic down specific paths, either locally on that site or via another site. This was the key takeway from the session that DRis typically slow, complex and expensive, with DR tests only being invoked annually. By providing network flexibility between sites and binding in SRM and vRO for automation, some of these issues go away.

In between times I sat the VCP-CMA exam for the second time. I sat the beta release of the exam and failed it, which was a bit of a surprise as I thought I’d done quite well. Anyway, this time I went through it, some of the questions from the beta were repeated and I answered most in the same way and this time passed easily with a 410/500. This gives me the distinction of now holding a full house of current VCPs – cloud, desktop, network and datacenter virtualisation. Once VMware Education sort out the cluster f**k that is the Advanced track, I hope to do the same at that level.

Finally I went to a quick talk called 10 Reasons Why VMware Virtual SAN Is The Best Hyperconverged Solution. Rather than go chapter and verse on each point I’ll list them below for your viewing pleasure:-

  1. VSAN is built directly into the hypervisor, giving data locality and lower latency
  2. Choice – you can pick your vendor of choice (HP, Dell, etc.) And either pick a validated, pre-built solution or ‘roll your own’ from a list of compatible controllers and hard drives from the VMware HCL
  3. Scale up or scale out, don’t pay for storage you don’t need (typically large SAN installations purchase all forecasted storage up front) and grow as you go by adding disks, SAS expanders and hosts up to 64 hosts
  4. Seamless integration with the existing VMware stack – vROps adapters already exist for management, integration with View is fully supported etc
  5. Get excellent performance using industry standard parts. No need to source specialised hardware to build a solution
  6. Do more with less – achieve excellent performance and capacity without having to buy a lot of hardware, licencing, support etc
  7. If you know vSphere, you knopw VSAN. Same management console, no new tricks or skills to learn with the default settings
  8. 2000 customers using VSAN in their production environment, 65% of whom use it for business critical applications. VSAN is also now third generation
  9. Fast moving road map – version 5.5 to 6.1 in just 18 months, much faster rate of innovation than most monolithic storage providers
  10. Future proof – engineered to work with technologies such as Docker etc

All in all a pretty productive day – four sessions and a new VCP for the collection, so I can’t complain. Also great to see and chat with friends and ex-colleagues who are also over here, which is yet another great reason to come to VMworld. It’s 10,000 people, but there’s still a strong sense of community.

Advertisements

30-07-15

VCP6-CMA Study Guide : Section 5: Allocate and Manage vRealize Automation Resources

VCP6-CMA-sm-logo_120_108

As I predicted in my last blog post, VMware have announced that starting at VMworld 2015 in August, it will be possible to schedule VCP6 exams such as VCP-DCV, VCP-DTM and VCP-CMA. Hopefully this will mean that my beta score for my CMA exam is not too far away now, it would be nice to get a full house of VCPs!

Anyway, also as per my last blog post, I’m publishing section 5 of the study guide, which is as far as I got. Unless I fail the beta and have to resit, I don’t envisage me having the time to go back and complete the remaining sections. Hopefully it will be of some use to people planning on having a go at the CMA, any feedback is welcome via Twitter as always.

Objective 5.1: Create and Manage Fabric Groups

Adding and configuring vSphere Endpoints

  • Creating an endpoint creates access to compute resources on a virtualised platform
  • The process involves creating a credential set, defining a cloud endpoint and mapping resources for consumption
  • Log in to the vRealize Automation console as an IaaS administrator.
  • Select Infrastructure > Endpoints > Credentials.
  • Click New Credentials.
  • Enter a name in the Name text box. (Optional) Enter a description in the Description text box.
  • Type the username in the User name text box.
    • Must be in domain\username format, for example mycompany\admin. The credentials must have permission to modify custom attributes
  • Type the password in the Password text boxes.
  • Click the Save icon (green tick)
  • Select Infrastructure > Endpoints > Endpoints.
  • Select New Endpoint > Virtual > vSphere.
  • Enter a name in the Name text box.
    • This must match the endpoint name provided to the vSphere proxy agent during installation or data collection fails.
  • (Optional) Enter a description in the Description text box.
  • Enter the URL for the vCenter Server instance in the Address text box.
  • Select the previously defined Credentials for the endpoint.
    • If your system administrator configured the vSphere proxy agent to use integrated credentials, you can select the Integrated credentials.
  • Only select Specify manager for network and security platform if you plan to integrate with an existing NSX or vCNS instance

Adding and configuring vRealize Automation endpoints

  • I’m assuming here that this refers to Orchestrator!
  • Same process as for vSphere endpoint, except you choose to create a vCO credential using administrator@vsphere.local (assuming using the vCO engine as part of the vRO appliance)
  • Create a new Orchestration endpoint for vCenter Orchestrator
  • Give it a meaningful, type in the address (typically https://vcoserver:8281/vco)
  • Select the appropriate vCO credential you just created
  • Add a custom property VMware.VCenterOrchestrator.Priority and set it to 1. This is mandatory.

Map compute resources to endpoints

  • A compute resource is an object that represents a host, host cluster, or pool in a virtualization platform, a virtual datacenter, or an Amazon region on which machines can be provisioned.
  • An IaaS administrator can add compute resources to or remove compute resources from a fabric group.
  • A compute resource can belong to more than one fabric group, including groups that different fabric administrators manage.
  • After a compute resource is added to a fabric group, a fabric administrator can create reservations on it for specific business groups. Users in those business groups can then be entitled to provision machines on that compute resource
  • Compute resources such as storage and networking can be assigned from endpoints to Business Groups
  • Reservations are used to carve up resource from compute resources to apply to a Business Group

Assign correct permissions to manage Fabric Groups

  • An IaaS administrator can organize virtualization compute resources and cloud endpoints into fabric groups by type and intent. One or more fabric administrators manage the resources in each fabric group.
  • Fabric administrators are responsible for creating reservations on the compute resources in their groups to allocate fabric to specific business groups. Fabric groups are created in a specific tenant, but their resources can be made available to users who belong to business groups in all tenants.
  • Fabric administrators are created and assigned when creating the Fabric Group
  • A Fabric Administrator can do the following:-
    • Manage build profiles
    • Manage compute resources
    • Manage cost profiles
    • Manage network profiles
    • Manage Amazon EBS volumes and key pairs
    • Manage machine prefixes
    • Manage property dictionary
    • Manage reservations and reservation policies

Perform compute resource data collection

  • vRealize Automation collects data from both infrastructure source endpoints and their compute resources.
  • Data collection occurs at regular intervals. Each type of data collection has a default interval that you can override or modify.
  • IaaS administrators can manually initiate data collection for infrastructure source endpoints and fabric administrators can manually initiate data collection for compute resources.
  • To perform a manual data collection, Log in to the vRealize Automation console as an IaaS administrator.
  • Select Infrastructure > Endpoints > Endpoints
  • Point to the endpoint for which you want to run data collection and click Data Collection.
  • Click Start.
  • (Optional) Click Refresh to receive an updated message about the status of the data collection you initiated.
  • Click Cancel to return to the Endpoints page
  • There are seven different types of data collection:-
    • Infrastructure Source Endpoint Data Collection (Updates information about virtualization hosts, templates, and ISO images for virtualization environments. Updates virtual datacenters and templates for vCloud Director. Updates regions and machines provisioned on them for Amazon. Updates installed memory and CPU count for physical management interfaces.)
    • Inventory Data Collection (Updates the record of the virtual machines whose resource use is tied to a specific compute resource, including detailed information about the networks, storage, and virtual machines. This record also includes information about unmanaged virtual machines, which are machines provisioned outside of vRealize Automation.)
    • State Data Collection (Updates the record of the power state of each machine discovered through inventory data collection. State data collection also records missing machines that vRealize Automation manages but cannot be detected on the virtualization compute resource or cloud endpoint.)
    • Performance Data Collection (vSphere compute resources only) (Updates the record of the average CPU, storage, memory, and network usage for each virtual machine discovered through inventory data collection)
    • vCNS inventory data collection (vSphere compute resources only) (Updates the record of network and security data related to vCloud Networking and Security and NSX, particularly information about security groups and load balancing, for each machine following inventory data collection)
    • WMI data collection (Windows compute resources only) (Updates the record of the management data for each Windows machine. A WMI agent must be installed, typically on the Manager Service host, and enabled to collect data from Windows machines.)
    • Cost data collection (compute resources managed by vRealize Business Standard Edition only) (Updates the CPU, memory, and storage costs for each compute resource managed by vRealize Business Standard Edition. The costs of catalog items that can be provisioned by using the compute resources are updated.)

Perform resource monitoring tasks

Resource Monitoring Scenario Privileges Required Location
Monitor the amount of physical storage and memory on your compute resources that is currently being consumed and determine what amount remains free. You can also monitor the number of reserved and allocated machines provisioned on each compute resource Fabric Administrator (monitor resource usage on compute resources in your fabric group) Infrastructure > Compute Resources > Compute Resources
Monitor physical machines that are reserved for use but not yet provisioned. Fabric Administrator Infrastructure > Machines > Reserved Machines
Monitor machines that are currently provisioned and under vRealize Automation management Fabric Administrator Infrastructure > Machines > Managed Machines
Monitor the amount of storage, memory, and machine quota of your reservation that is currently allocated and determine the capacity that remains available to the reservation Fabric Administrator (monitor resource usage for reservations on your compute resources and physical machines) Infrastructure > Reservations > Reservations
Monitor the amount of storage, memory, and the machine quota that your business groups are currently consuming and determine the capacity that remains on reserve for them. Tenant Administrator (monitor resource usage for all groups in your tenant)Business Group Manager (monitor resource usage for groups that you manage) Infrastructure > Groups > Business Groups

Objective 5.2: Create and Manage Reservations

Create and Manage Reservations

  • Before members of a business group can request machines, fabric administrators must allocate resources to them by creating a reservation.
  • Each business group must have at least one reservation for its members to provision machines of that type.
  • Log in to the vRealize Automation console as a fabric administrator
  • A tenant administrator must create at least one business group
  • Select Infrastructure > Reservations > Reservations
  • Select New Reservation > Virtual and select the type of reservation you are creating
  • (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu.
  • Data from the reservation you chose appears, and you can make changes as required for your new reservation
  • Select a compute resource on which to provision machines from the Compute resource drop-down menu.
  • Only templates located on the cluster you select are available for cloning with this reservation.
  • The reservation name appears in the Name text box.
  • Enter a name in the Name text box
  • Select a tenant from the Tenant drop-down menu.
  • Select a business group from the Business group drop-down menu.
    • Only users in this business group can provision machines by using this reservation
  • (Optional) Select a reservation policy from the Reservation policy drop-down menu.
    • This option requires additional configuration. You must create a reservation policy
  • (Optional) Type a number in the Machine quota text box to set the maximum number of machines that can be provisioned on this reservation.
    • Only machines that are powered on are counted towards the quota. Leave blank to make the reservation unlimited.
  • Type a number in the Priority text box to set the priority for the reservation.
    • The priority is used when a business group has more than one reservation. A reservation with priority 1 is used for provisioning over a reservation with priority 2.
  • (Optional) Deselect the Enable this reservation check box if you do not want this reservation active.
  • (Optional) Add any custom properties

Specify Reservation Information

  • A reservation is a share of provisioning resources allocated by the fabric administrator from a fabric group and reserved for use by a particular business group
  • A virtual reservation is a share of the memory, CPU, networking, and storage resources of one compute resource allocated to a particular business group.
  • Each reservation is for one business group. A business group can have multiple reservations on a single compute resource. A business group can also have multiple reservations on compute resources of different types.
  • A physical reservation is a set of physical machines reserved for and available to a particular business group for provisioning.

Create and Manage a Cloud Reservation

  • A cloud reservation provides access to the provisioning services of a cloud service account for a particular business group.
  • A group can have multiple reservations on one endpoint or reservations on multiple endpoints.
  • A reservation may also define policies, priorities, and quotas that determine machine placement.
  • The reservation must be of the same platform type as the blueprint from which the machine was requested
  • The reservation must be enabled
  • The reservation must have capacity remaining in its machine quota or have an unlimited quota.
    • The allocated machine quota includes only machines that are powered on. For example, if a reservation has a quota of 50, and 40 machines have been provisioned but only 20 of them are powered on, the reservation’s quota is 40 percent allocated, not 80 percent
  • The reservation must have the security groups specified in the machine request.
  • The reservation must be associated with a region that has the machine image specified in the blueprint.
  • For Amazon machines, the request specifies an availability zone and whether the machine is to be provisioned a subnet in a Virtual Private Cloud (VPC) or a in a non-VPC location. The reservation must match the network type (VPC or non-VPC).
  • If the cloud provider supports network selection and the blueprint has specific network settings, the reservation must have the same networks.
    • If the blueprint or reservation specifies a network profile for static IP address assignment, an IP address must be available to assign to the new machine.
  • If the blueprint specifies a reservation policy, the reservation must belong to that reservation policy.
    • Reservation policies are a way to guarantee that the selected reservation satisfies any additional requirements for provisioning machines from a specific blueprint. For example, if a blueprint uses a specific machine image, you can use reservation policies to limit provisioning to reservations associated with the regions that have the required image.
  • If no reservation is available that meets all of the selection criteria, provisioning fails.

22-07-15

VCP6-CMA Study Guide – Section 4: Configure and Administer Tenants and Business Groups

VCP6-CMA-sm-logo_120_108

I started to publish a draft study guide a while back for the VCP-CMA beta exam, and never really finished it before I sat the exam itself. I have two more sections completed (out of ten, poor!) so I’m putting them out there for folks to reference. The exam itself is still in the beta process and has not been released to schedule, but I’m guessing they’ll be trying to get it ready for VMworld next month.

I wrote a previous post about my beta exam experience, which you can read here but it may well not reflect the finished article (i.e the released exam). Anyway, on with Section 4 of the study guide.

Objective 4.1: Create and Manage Business Groups

Identify Business Group roles and their specific privilege levels

  • A business group associates a set of services and resources to a set of users, often corresponding to a line of business, department, or other organizational unit.
  • Business groups are managed on the Infrastructure tab but are used throughout the service catalog. Entitlements in the catalog are based on business groups. To request catalog items, a user must belong to at least one business group.
  • A business group can have access to catalog items specific to that group and to catalog items that are shared between business groups in the same tenant. In IaaS, each business group has one or more reservations that determine on which compute resources the machines that this group requested can be provisioned.
  • A business group must have at least one business group manager, who monitors the resource use for the group and often is an approver for catalog requests. In IaaS, group managers also create and manage machine blueprints for the groups they manage. Business groups can also contain support users, who can request and manage machines on behalf of other group members.
  • Business group managers can also submit requests on behalf of their users. A user can be a member of more than one business group, and can have different roles in different groups.

Identify and Manage Business Group Manager role

  • Manages one or more business groups.
  • Typically a line manager or project manager.
  • Business group managers manage catalog items and entitlements for their groups in the service catalog.
  • They can request and manage items on behalf of users in their groups. They are also service architects in Infrastructure as a Service.
  • Responsibilities include:-
    • Create and publish business group–specific machine blueprints from IaaS.
    • Manage business group–specific catalog items and entitlements.
    • Monitor resource usage in a business group

Identify and Manage Support User role

  • A role in a business group.
  • Support users can request and manage catalog items on behalf of other members of their groups.
  • This role is typically an executive administrator or department administrator
  • Responsibilities:-
    • Request and manage items on behalf of other users within their business groups.

Identify and Manage User role

  • Presumably this means the “Business User” role, which is an end user, or consumer of catalog items from the self service portal
  • Responsibilities:-
    • Request and manage services.

Assign Active Directory Users and Groups to Business Group Roles

  • Done in the Infrastructure -> Groups -> Business Groups tab
  • Under the User Role field, enter search string and click the search icon
  • Select AD user or group you want to add and then click OK

Create and manage Machine Prefixes

  • Machine prefixes are added to VMs provisioned from within vRA but can be overridden if need be by Business Group managers
  • Managed within the Business Group by clicking the ellipsis to the right of the field for default machine prefix
  • Either select existing machine prefix or create a new one by entering the machine prefix, number of digits and next number (eg. vm-001)
  • Machine prefixes are shared across all tenants and must be created by a fabric administrator
  • Can also be created and managed under Infrastructure -> Blueprints -> Machine Prefixes

Identify and Configure Custom Properties

  • You can add custom properties to a blueprint to specify attributes of a machine or to override default specifications.
  • You can also add build profiles to a blueprint as a convenience for specifying multiple custom properties
  • A machine owner, business group manager or fabric administrator can add, change, or delete custom properties for a provisioned machine.
  • Custom properties can be added to Business Groups by editing the Business Group, scrolling to the bottom and clicking “New Property”. Add a name, value and whether or not you want to encrypt it (usually only used for passwords) and whether or not to prompt the user for a value (machine name, for example).
  • Custom properties can be used for various tasks including for example placing all VMs from a certain Business Group into a vCenter folder for management
  • Custom properties can also be added to Blueprints
  • Custom properties can be marked as required values when creating a blueprint
  • The Windows guest agent records property values on the provisioned machine in the %SystemDrive %\VRMGuestAgent\site\workitem.xml file.
  • The Linux guest agent records property values on the provisioned machine in the /usr/share/gugent/site/workitem.xml file

Objective 4.2: Create and Manage Tenants

Configure branding for the vRealize Automation console

  • System administrators control the default branding for tenants. Tenant administrators can use the default or reconfigure branding for each tenant
  • Log in to the vRealize Automation console as a system administrator or tenant administrator
  • Select Administration > Branding.
  • Clear the Use default check box.
  • Create a banner.
  • Click Choose File to upload a logo image. Follow the prompts to finish creating the banner.
  • Click Next.
  • Type the copyright information in the Copyright notice text box and press Enter to preview your selection.
  • (Optional) Type the URL to your privacy policy in the Privacy policy link text box and press Enter to preview your selection.
  • (Optional) Type the URL to your contact page in the Contact link text box and press Enter to preview your selection.
  • Click Update. The console is updated with your changes.

Add and configure Tenant-specific inbound and outbound email notifications

  • Tenant administrators can add an outbound email server to send notifications for completing work items, such as approvals.
  • Each tenant can have only one outbound email server. If your system administrator has already configured a global outbound email server, you can override this at tenant level
  • Select Administration > Notifications > Email Servers
  • Click the Add icon
  • Select Email – Outbound. Fill out the form as needed, choose to Test Connection if required
  • Select Administration > Notifications > Email Servers
  • Click the Add icon
  • Select Email – Inbound, fill out the form as needed.
  • Click OK.

Override and Revert to system default email servers

  • To override these settings at tenant level, Select Administration > Notifications > Email Servers.
  • Select the Outbound/Inbound email server.
  • Click Override Global, fill out the form as needed
  • If the system administrator has configured a system default outbound/inbound email server, tenant administrators can override this global setting.

Identify and add Identity Stores in vRealize Automation

  • vRA uses the concept of Identity Stores to perform authentication of users and leverage existing users and groups to assign to roles.
  • If the Identity Appliance is AD joined, the default tenant can use native AD mode (i.e not LDAP lookup)
  • Any subsequent tenants must use LDAP
  • Click Administration -> Identity Stores
  • Click Add Identity Store to add a new identity store
    • Choose a Name
    • Select the type (OpenLDAP or Active Directory)
    • Enter the URL for the identity store. For example, ldap://10.141.64.166:389 (636 for LDAPS).
    • Enter the domain name of the identity store
    • Enter an optional domain alias (shortens the login from the vRA appliance page)
    • Enter the login user Distinguished Name. For example, cn=demoadmin,ou=demo,dc=dev,dc=mycompany,dc=com
    • Enter the password for the identity store login user.
    • Enter the group search base Distinguished Name. For example, ou=demo,dc=dev,dc=mycompany,dc=com.
    • Enter the user search base Distinguished Name.
  • Click Test Connection.
  • Click Add.

Create and assign user roles to an Identity Store Group

  • Log in to the vRealize Automation console as a tenant administrator
  • Select Administration > Users & Groups > Identity Store Users & Groups.
  • Enter a user or group name in the Search box and press Enter. (Do not use an at sign (@), backslash (\), or slash (/) in a name).
    • You can optimize your search by typing the entire user or group name in the form user@domain.
  • Click the name of the user or group to whom you want to assign roles.
  • Select one or more roles from the Add Roles to this User list.
    • The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
  • (Optional) Click Next to view more information about the user or group.
  • Click Update.
  • Users who are currently logged in to the vRealize Automation console must log out and log back into the vRealize Automation console before they can navigate to the pages to which they have been granted access.

12-06-15

VCP6-CMA Beta Exam Experience

VCP6-CMA-sm-logo_120_108

I just got back from sitting the beta VCP6-CMA exam so I thought I would jot down a few thoughts in case it helps others out. Firstly, it was my first VCP exam for around 2.5 years, so I’d actually forgotten what kind of level the questions were pitched at! I’m used to VCAP level now, which usually means labbing the shit out of the blueprint so you can get to the exam and be able to hit the ground running with the practical and/or design canvas questions.

Although I’ve only really had dirty hands on vRealize Automation (I’m going to pronounce it as “Vera” I think in the future!) for about 6 weeks. You’d think that not really long enough to go ahead and sit a VCP, but even though the product scope is large, I’ve found it relatively easy to get up to speed with how it works. Enough to sit the exam anyway, and as it was at a special price until the end of the beta today (£36), I thought why not? As a partner we have big plans around the cloud space, so having the VCP can only help.

As for the exam itself, as usual it’s pretty faithful to the exam blueprint. There are 110 questions to be completed in 120 minutes, I believe non-native English speakers get a bit longer. I completed all the questions within about an hour. The exam itself was form based, multiple choice and exhibit based questions, as per most VCP exams I’ve ever sat. With 110 questions, VMware are able to very broadly go across all features of the product (including vRealize Business and App Director) and test you to a reasonable degree. Obviously not as testing as VCAP, but it’s not the same level.

I found myself falling back on my old exam technique of going with my gut response and when I wasn’t sure of an answer, I’d rule out the ones I knew were incorrect and then play the odds with the ones that were left.

There were only a couple of spelling mistakes and a couple of questions I didn’t think were worded too well, but the exam room was quite noisy which didn’t help my concentration, so it may be I was a bit distracted. I didn’t flag any answers for review and I didn’t add comments to any questions. It seems a pretty fair test of product knowledge and a good exam to pass.

Apparently I won’t know if I’ve passed for about 8-10 weeks as the beta exam process runs it’s course (hopefully it may be shorter as today is the last day), so I’ll have to forget about it for now and move on to the VCP-NV which I sit on the 30th. My gut feeling was I’d done enough to pass (around 3/4 correct by my estimation), so we’ll see when the time comes.

A totally different experience to a VCAP and not as intense, but I enjoyed it none the less. Fingers crossed now and onto VCP-NV!

 

11-06-15

VCP6-CMA Study Guide – Section 3: Create and Administer Cloud Networking

VCP6-CMA-sm-logo_120_108

Objective 3.1: Explain NSX Integration with vRealize Automation

Manage network services from within vRealize Automation

  • Network profiles are used to map networks in vRA to port groups in vSphere (for example)
  • Create a network profile from the vRealize Appliance, logged in as a fabric administrator
  • Go to Infrastructure -> Reservations -> Network profiles
  • Click New Network Profile and select the appropriate type (External, NAT, private, routed – all are created at time of provisioning except External which is a pre-existing vSphere port group)
  • Give the profile a name and configure the subnet mask (and optionally, DNS details and gateway)
  • Click IP Ranges tab and add a range of IP addresses for that profile to consume by using New Network Range button
  • Fill out a name and a start and end IP address for the range, click OK
  • A CSV file may also be used to define a large range of IP addresses

Configure NSX Integration

  • Prerequisites include an existing NSX Manager instance associated to a vCenter Server and a vSphere endpoint instance
  • Also credentials for the NSX Manager (Infrastructure -> Credentials -> New Credentials) and NSX plug-in into Orchestrator
  • Login to the vRealize Appliance as an IaaS administrator
  • Edit the vSphere endpoint in Infrastructure -> Endpoints
  • Select “Specify manager for network and security platform”
  • Add the IP address or DNS name of the NSX Manager appliance
  • Select the NSX Manager credential set previously added
  • Run a data collection from the Infrastructure -> Compute Resources section in vRealize Appliance (ensuring the network discovery is enabled)
  • Before you consume NSX services, you must run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator, using the NSX Manager endpoint previously used as the input parameter for the workflow.
  • After you run this workflow, the Distributed Firewall rules defined in the security policy are applied only on the vNICs of the security group members to which this security policy is applied

Configure IaaS for Network Integration

  • Configuration requires steps in this order:-
    • Configure the Orchestrator endpoint in IaaS
    • Create a vSphere instance integrated with NSX (see above)
    • Run the Enable Security Policy Support for Overlapping Subnets Workflow (see above)
    • Create a network profile (see above)
    • Add or amend an existing reservation, click on the Network tab
    • Select an external network in the Network Paths list
    • Select the transport zone, security group and routed gateway

Objective 3.2: Configure and Manage vRealize Automation Networking

Identify the available NSX for vSphere Edge network services

    • NSX Edge Services include:-
      • Dynamic Routing (Provides the necessary forwarding information between layer 2 broadcast domains, thereby allowing you to decrease layer 2 broadcast domains and improve network efficiency and scale. NSX extends this intelligence to where the workloads reside for doing East-West routing. This allows more direct virtual machine to virtual machine communication without the costly or timely need to extend hops. At the same time, NSX also provides North-South connectivity, thereby enabling tenants to access public networks.)
      • Firewall (Supported rules include IP 5-tuple configuration with IP and port ranges for stateful inspection for all protocols)
      • Network Address Translation (Separate controls for Source and Destination IP addresses, as well as port translation)
      • DHCP (Configuration of IP pools, gateways, DNS servers, and search domains)
      • Site-to-Site Virtual Private Network (VPN) (Uses standardized IPsec protocol settings to interoperate with all major VPN vendors)
      • L2 VPN (Provides the ability to stretch your L2 network)
      • SSL VPN-Plus (SSL VPN-Plus enables remote users to connect securely to private networks behind a NSX Edge gateway)
      • Load Balancing (Simple and dynamically configurable virtual IP addresses and server groups)
      • High Availability (High availability ensures an active NSX Edge on the network in case the primary NSX Edge virtual machine is unavailable)
      • Multi-Interface Edge

Configure DHCP/NAT/VPN/Load Balancer

  • Configuration of NSX is done from the vSphere Web Client
  • Uses a plugin under the Networking & Security button
  • Go to NSX Edges and create an Edge Gateway for the services
  • Provide CLI username and password for appliance
  • Enable SSH and HA if required
  • Pick datacenter, appliance size (compact, large, X-Large, Quad-large)
  • Choose cluster and datastore for Edge appliance deployment
  • Configure NIC and which VDS you want to attach the appliance to
  • Configure IP addresses and subnet, MTU size (1600 for VXLAN, remember)
  • Services are configured by double clicking on the Edge appliance and going to the Manage tab

Sub-allocate IP Pools

  • IP Pools are created and edited under the NSX Edge Gateway object in the vSphere Web Client. Look under the Manage tab, then click Pools and the add button. Configure the pool as appropriate

Add static IP addresses

  • Static IP addresses are created under the Edge Gateway Manage tab, the DHCP and bindings. Click the add button and add VM or MAC binding as needed.
  • Interface, VM Name, VM vNIC interface, Host name and IP address are required fields.

Configure syslog

  • The syslog server is configured by logging into the NSX Manager appliance management interface, Manage Appliance Settings button and fill out the Syslog server under General settings.
  • IP address, port number and protocol (TCP/UDP) are required

05-06-15

VCP6-CMA – Section 2: Administer vRealize Automation Users, Roles and Privileges

VCP6-CMA-sm-logo_120_108

Objective 2.1: Create Roles and Apply Privileges to Roles

Configure system-wide roles and responsibilities

  • There are three system wide roles, they are:-
    • System Administrator (create tenants, configure identity stores, assign IaaS and tenant administrator roles, configure Orchestrator, configure branding, notifications and monitor system logs)
    • IaaS Administrator (configure IaaS features and global properties, manage IaaS licences, create and manage fabric groups, create and manage endpoints and associated credentials, configure proxy agents, manage AWS instance types, monitor IaaS logs)
    • Fabric Administrator (manage build profiles, manage compute resources, manage cost profiles, manage network profiles, manage AWS EBS volumes and key pairs, manage machine prefixes, manage property dictionary, manage reservations and reservation policies)
    • Login as a tenant administrator and go to Administration > Users & Groups > Identity Store Users & Groups. Search for the required group, add the required roles from the list and click Update to save.

Assign user roles within tenants

    • There are seven tenant based roles, including:-
      • Tenant administrator (manage tenant identity stores, user and group roles, custom groups, tenant branding, notification providers and scenarios, create and manage approval policies, manage catalog services, item and actions, manage entitlements, monitor tenant machines and send reclamation requests, configure Orchestrator servers, plug-ins and workflows for use in the Advanced Service Designer, create and publish shared IaaS blueprints)
  • Service Architect (Define custom resource types, create and publish service blueprints with the ASD, create and publish custom actions)
  • Business Group Manager (create and publish business group specific blueprints from IaaS, catalog items and entitlements, monitor resource usage in a business group)
  • Support User (Request and manage items on behalf of other users within their business groups)
  • Business User (Request and manage services)
  • Approval Administrator (Create and manage approval policies)
  • Approver (Approve catalog requests, including provisioning requests or any resource actions)
  • Login as a tenant administrator and go to Administration > Users & Groups > Identity Store Users & Groups. Search for the required group, add the required roles from the list and click Update to save.

Configure tenant roles and responsibilities

  • Login to the vRealize Appliance as a tenant administrator
  • Select Administration > Groups
  • Click the Add icon
  • Select Identity Store Group
  • Type a group name in the Add existing Identity Store groups to this group search box
  • Select one or more roles from the Add Roles to this Group list (The Authorities Granted by Selected Roles list indicates the specific authorities you are granting)
  • Click Update.
  • Changes to user access rights are reflected immediately

 Add identity stores

    • Login to the vRealize Appliance as a tenant administrator
    • Select Administration > Identity Stores
    • Click the Add icon
    • Type a name in the Name text box
    • Select the type of the identity store from the Type drop-down menu
      • OpenLDAP
      • Active Directory
  •  Type the URL for the identity store in the URL text box. (For example, ldap://10.141.64.166:875)
  • Type the domain for the identity store in the Domain text box
  • (Optional) Type the domain alias in the Domain Alias text box
  • Type the login user Distinguished Name in the Login User DN text box (For example, cn=demoadmin,ou=demo,dc=dev,dc=mycompany,dc=com).
  • Type the password for the identity store login user in the Password text box.
  • Type the group search base Distinguished Name in the Group Search Base DN text box (For example, ou=demo,dc=dev,dc=mycompany,dc=com)
  • Type the user search base Distinguished Name in the User Search Base DN text box (For example, ou=demo,dc=dev,dc=mycompany,dc=com)
  • Click Test Connection
  • Click Add

Appoint tenant administrators

  • IaaS administrators cannot be added until IaaS components have been installed
  • You must first configure an identity store
  • Type the name of a user or group in the Tenant Administrators or Infrastructure Administrators search box and press Enter
  • Verify that the user or group name appears in Tenant Administrators or Infrastructure Administrators list
  • Click Update

Objective 2.2: Configure AD/LDAP Integration

Configure identity stores

  • Login to the vRealize Appliance as a tenant administrator
  • Procedure is much the same as in the “Add Identity Stores” listed above.
  • Changes can be made to search DNs, LDAP bind user and LDAP URL/port if required
  • Each tenant must have at least one identity store

Link an identity store to a tenant

  • Login to the vRealize Appliance as the system administrator
  • Click Add Tenant and fill in the details
  • Procedure is much the same as in the “Add Identity Stores” listed above

Configure a Native Active Directory Identity Store

  • Native Active Directory identity store is only available on the default tenant
  • Login to the vRealize Appliance as a system administrator
  • Join your Identity Appliance to Active Directory to enable Native Mode
  • When in the tenants view, select the default tenant (vsphere.local)
  • Click the Identity Stores tab, click Add and type in the name of the joined AD domain
  • Click Add and Update

02-06-15

VCP6-CMA Study Guide – Section 1: Install, Configure and Upgrade vRealize Suite Components

 

VCP6-CMA-sm-logo_120_108

There don’t really seem to be many study guides around (if at all) for the new VCP6-CMA exam, so I thought I’d start cooking my own notes. I hope to sit this exam in the next couple of weeks, so hopefully I can complete it in that time frame. It’s a bit rough and ready in places, but it’s something worth sharing. Let me know what you think!

Section 1: Install, Configure and Upgrade vRealize Suite Components

 

Objective 1.1: Explain vRealize Suite Editions and Features

 

Identify available features and third party integrations for different vRealize Suite editions

  • Two versions of vRealize Suite – Advanced and Enterprise. Licenced by CPU or Operating System Instance (OSI)
  • Third party integrations available from VMware Solutions Exchange
  • Features include automated delivery (self service portal, IaaS, infrastructure governance (approval workflows etc.), custom IT services (Xaas). Application Services requires Enterprise Edition (Application Director)
  • Intelligent Operations includes Operations Manager, Log Insight, application awareness (Infrastructure Navigator)
  • Application aware monitoring and change management requires VMware Configuration Manager and Hyperic, which comes with Enterprise Edition
  • Business Insight – uses vRealize Business Standard for pricing, showback, running costs etc. Service Level Management requires Enterprise Edition
  • VMware Orchestrator can be leveraged to run custom workflows from within vRA. Can use either embedded Orchestrator instance or remote one (appliance etc.)
  • Contains the following:-
    • VMware vRealize™ Automation Advanced or Enterprise
    • VMware vRealize Operations Advanced or Enterprise
    • VMware vRealize™ Log Insight™
    • VMware vRealize™ Business™ Standard
    • VMware vRealize™ Business™ Advanced or Enterprise

 

Differentiate vCloud Air solutions

 

  • vCloud Air solutions reside in the cloud in VMware owned datacentres, but are fully managed by the end user from their own infrastructure
  • Can use a defined endpoint in vRA to provision services in the cloud to vCloud Air and use vRealize Business to provide reporting and billing information

 

Identify vRealize Automation/vCloud Air integration options

 

  • vCloud Air can be integrated with vRA by defining an endpoint for consumption of services
  • Some vApp limitations/non supported options include:-
    • Creating vApp templates
    • Defining vApp (vCloud) and vApp Component (vCloud) blueprints without specifying a vApp template
    • Moving vApps between virtual datacenters
    • Moving virtual machines between reservations
    • Adding or removing components from a vApp
    • Creating or using vApp snapshots
    • Using a static IP address
  • Goal navigator can be used to integrate with vCloud Air
  • You must define a separate endpoint for each organisation defined in vCloud Air if you do not have full administration rights to all VDCs
  • Obtain the organisation VDC URL by logging into vCloud Air management and click the vCloud Director API URL link, use the first part of the URL, for example https://acme.com:443 in the address box

 

Identify vRealize Business Standard key capabilities

 

  • Provides cost and usage visibility of virtual infrastructure / private cloud and public cloud with out of the box integration with VMware vCenter, vRealize Automation, and vCloud Director.
  • Performs what-if analysis of virtual infrastructure / private cloud and public cloud, based on cost and utilization.
  • Automatically prices the services available through self-service in a hybrid cloud.
  • Provides out of the box benchmarks for cloud / virtual infrastructure environments, providing insight into capacity, costs, and efficiency.
  • Covers more than 3,500 benchmark measurements across 20 industries, 18 towers or domains and four geographies.
  • Benchmarks cover items like hardware, software, infrastructure, personnel, applications, IT structure, costs and more.
  • Data is less than 18 months old.
  • Data can show relative differences (and similarities) with your peers and decile performers.

 

Identify available vRealize Suite editions

 

  • Comes in Advanced and Enterprise Editions
  • Licenced per CPU or OSI

 

Explain vRealize Application Services functionality

 

  • Application Services uses Application Director virtual appliance to provide PaaS options for vRealize Automation
  • Uses drag and drop canvas so Application Architects can design application deployments as application blueprints
  • Includes ability to install dependencies, services and custom packages as part of the blueprint
  • Portable across vCloud Director, vRealize Automation, vCloud Air and Amazon EC2
  • Works with existing vRealize Automation business groups, entitlements, approvals, catalogs and tenants to provide a unified end user experience
  • Provides standardised application deployment blueprints for end users to consume

 

Explain vRealize Orchestrator functionality

 

  • vRO is a process automation tool that provides a library of workflows.
  • Can be used to manage vSphere infrastructure as well as third party environments (Microsoft, AD, F5 etc.)
  • Uses extensible plug in architecture to provide additional functionality
  • Exposes all vCenter operations in the vCenter Server API
  • Integrates with Advanced Service Designer so Service Architects can enable Xaas catalog items in vRA (create AD user, change password etc.)

 

Determine the appropriate vRealize Suite edition based on customer requirements

 

  • Use cases for vRealize Advanced include:-
    • Rapid, self-service infrastructure provisioning
    • Infrastructure health, performance, and capacity monitoring across physical, virtual, and hybrid cloud deployments
    • Rapid creation of rate cards and automatic pricing of service catalog blueprints for use in a self-service portal
    • Out-of-the-box benchmarks, usage metering, and public cloud comparison
    • Plan, control, and recover costs expended in providing full IT Services stack, implementing cost transparency, cost optimization, and demand management
    • Visibility into application dependencies and hypervisor change and configuration management
  • Use cases for vRealize Enterprise include:-
    • All of the above, plus
    • Rapid, self-service infrastructure and application provisioning
    • Automated configuration and deployment of multi-tier cloud applications
    • Visibility into application performance
    • Regulatory compliance, OS-level change, and configuration management
    • IT service level management
    • Transparency into IT performance and value measures for all services and vendors, enabling IT to govern contractual commitments

 

Objective 1.2: Install and Upgrade vRealize Suite Components

 

Deploy and configure appliances for distributed vRealize deployment (e.g. SSO, automation, DB)

 

  • Verify pre-reqs have been met, then obtain SSL certificates
  • Deploy Identity Appliance, vRealize Appliance and vRealize appliance to use as standalone database
  • Configure the load balancer to handle vRealize appliance traffic
  • Configure the Identity Appliance, vRealize appliance, vPostgres appliance for high availability
  • Configure the load balancer for IaaS traffic, install IaaS components
  • Configure the default tenant and provide the IaaS licence
  • Identity Appliance is protected using a HA enabled cluster
  • Can deploy multiple vRealize Appliance instances, but only one Identity Appliance
  • 1 vCPU, 2 GB RAM and 2GB disk space for Identity Appliance
  • 2 vCPUs, 8GB RAM and 30GB disk space for vRealize Appliances

 

Install IaaS components

 

  • Modules that make up IaaS include:-
    • IaaS website
    • Model Manager
    • vCloud Automation Center Manager service
    • IaaS database
    • Distributed Execution Managers (DEMs)
    • vRealize Automation Agents
  • Can perform a full install on a single Windows server or instal components for a distributed architecture
  • Only one instance of the Model Manager is allowed
  • IaaS requires a SQL database, IIS installed and appropriate firewall rules configured
  • Also requires .NET 4.5, Java 1.7 64 bit only and JAVA_HOME set, MS DTC enabled on all SQL nodes in the system
  • For SQL Server Express, the Server Server Browser must be running
  • Secondary Logon service enabled and running
  • PowerShell 2.0 installed
  • 2 vCPUs, 8GB RAM and 30GB disk for IaaS components

 

Configure default tenant and any additional tenants

 

  • Default tenant is configured from vsphere.local domain
  • Active Directory native mode only supported for the default tenant only
  • Add tenant administrators and/or infrastructure administrators to the default tenant
  • Provide the IaaS licence
  • Additional tenants require the following information:-
    • Login URL (https://vcac-host/vcac/org/tenantURL – default tenant is just /vcac)
    • Identity stores (Active Directory via LDAP)
    • Branding (custom logos etc.)
    • Notification providers (e-mail notifications etc.)
    • Business policies
    • Service catalog offerings
    • Infrastructure resources
    • Tenant and infrastructure administrators

 

Appoint administrators

 

  • IaaS administrators cannot be created until IaaS has been installed and licenced
  • Type the name of a user or group in the Tenant or Infrastructure Administrators search boxes and press enter. Click Update to save changes.

 

Configure load balancer

 

  • Session affinity must be enabled, AKA “sticky sessions”
  • Timeout on the load balancer must be at least 100 seconds
  • Import an SSL certificate into your load balancer
  • Configure the load balancer for vRealize Appliance traffic
  • Configure the load balancer to forward port 5480 (management port)
  • Configure the appliances for vRealize Automation

 

Integrate vRealize with external systems

 

  • Single vRealize Orchestrator can be used for all tenants
  • Internal instance can be used from vRealize Appliance, or configure external instance such as appliance. Administration -> Advanced Services -> Server Configuration
  • For an external Orchestrator instance, you need IP/DNS details and the port number of 8281
  • Use Orchestrator to connect to external systems such as Active Directory, XenDesktop, Horizon View etc and execute workflows against these
  • External systems may access vRA functions using a REST API

 

Manage SSL certificates

 

  • Update certs in the following order – Identity Appliance, vRealize Appliance, IaaS
  • With one exception, changes to later components in this list do not affect earlier ones. For example, if you import a new certificate to a vRealize Appliance, you must register this change with the IaaS server, but not with the Identity Appliance. The exception is that an updated certificate for IaaS components must be registered with the vRealize Appliance.
  • New SSL certificates are imported via the Identity and vRealize appliance management interfaces and you use PEM format. For load balanced scenarios, used a SAN based certificate
  • On the IaaS Server, run vcac-config.exe UpdateServerCertificates -d vcac_database -s sql_database_server -v
  • Add the virtual appliance certificate to the trusted store if it is not trusted and reset IIS with the iisreset command. Must be done on all IIS servers in the IaaS infrastructure.

 

Resolve deployment and configuration issues

 

  • Windows logs can be found in the Event Viewer and also under the C:\Program Files (x86)\VMware\vCAC folders
  • The InstallLogs folder and \Server\ConfigTool\Log folders are used by the installer
  • vRealize Automation Framework Logs are stored under /var/log/vmware
  • Support bundles can be created from the virtual appliances
  • Verify DNS, connectivity and NTP is all correctly configured
  • Check IaaS service account password does not include double quotation marks
  • To reinstall IaaS components, uninstall:-
    • vRealize Automation Agents
    • vRealize Automation DEM-Worker
    • vRealize Automation DEM-Orchestrator
    • vRealize Automation Server
    • vRealize Automation WAPI
    • Clear the SQL database to pre-installation state
    • Remove IIS binding on Default Web Site from 443
    • Delete the applications repository, vCAC and WAPI and application pools RepositoryAppPool, vCACAppPool, WapiAppPool
  • Check encryption.key file on the vRealize Appliance is owned by vcac user and group and has rw permissions for the user
  • Verify all inter node SSL certificates are correct and trusted
  • Blank pages in IE9 or IE10 are caused by compatibility mode. Disable this.
  • Unable to login to a tenant – check SSO internal tenant administrator password has not expired, this is 90 days by default. This does not affect LDAP identity stores.
  • Verify load balancer timeout is set to 100 seconds minimum should install or upgrade of a distributed environment fail.

 

Perform upgrade of vCAC 6.1 to vRealize Automation

 

  • Make sure all prerequisites are met (backups, MSDTC enabled on SQL nodes, snapshots of all appliances)
  • Shut down the vco-service on each vRealize Appliance
  • Shut down services on each IaaS Windows Server

 

Download and install updates to vRealize component appliances

 

  • Check for updates to the Identity Appliance from the management interface (port 5480)
  • Install the 6.2 update to the Identity Appliance
  • Check for updates from each vRealize Appliance
  • Install updates on each vRealize Appliance

 

Upgrade IaaS components

 

  • Upgrade the IaaS database using the DBUpgrade.exe script (one time operation), can be downloaded from the vRealize Appliance installer page
  • Must run script as an administrator
  • Script sample syntax – DBUpgrade.exe -S (server name) localhost -d (database name) VCAC -E (use Windows credentials)
  • Run the IaaS installer from the vRealize Appliance installer page on each IaaS node
  • In multiple IaaS Server environments, perform the following:-
    • Upgrade all websites
    • Upgrade all Manager services
    • Upgrade DEM orchestrator and workers
    • Upgrade all agents
  • In a distributed environment, the load balancer must be configured to pass traffic on port 8444 to the vRealize Appliances to support remote console features

Objective 1.3: Configure and Administer vCloud ConnectorIdentify the components of vCloud Connector

  • vCloud Connector consists of three distinct components: the vCloud Connector user interface, the vCloud Connector server, and vCloud Connector nodes.

Explain vApp copy process

  • vCloud Connector uses a path-optimized copy mechanism that provides a relatively higher copy speed and lower storage requirements.
  • It uses a path optimization framework to export data from the source cloud, transfer it, and import it into the destination cloud in a parallel flow, instead of sequentially.
  • The data is streamed in small chunks. As data is being exported from the source cloud, it is transferred and imported into the destination cloud.
  • Files are not written to the staging area of either the source or destination vCloud Connector node during the copy process
  • Under optimal conditions, the node staging area is not used during copy. However, in some scenarios (for example, if the transfer or import part of the copy process is slower than the export), data needs to be buffered and the staging area is used to store chunks of data.
  • In such cases, the amount of storage needed might be equivalent to the size of the object being copied. Ensure that you have adequate storage on the nodes

Identify the virtual machine state

  • You can use vCloud Connector to power on, power off, suspend, resume or reset a virtual machine or vApp in a cloud that has been added to vCloud Connector.
  • Any action on a vApp applies to all its virtual machines.
  • In the Inventory panel, click the Virtual Machines or vApps tab. A list of virtual machines or vApps is displayed.
  • You can view the current state of the virtual machine or vApp in the Status column

Identify the configuration(s) necessary for Data Center Extension

  • Datacenter Extension (Stretch Deploy) lets you extend your private data center to a public vCloud
  • vSphere, vCloud Director, ESXi server, destination vCloud, vShield Manager, VDS must all be version 5.1 or higher
  • vShield Edge must be able to reach the internet
  • vShield Edge must have one external connection and an internal interface
  • VM must be connected to a port group
  • VM must be connected to a VDS, standard vSwitch is not supported
  • VM cannot be connected to multiple networks
  • If moving a vApp, VMs cannot be connected to different networks

Configure and Administer vCloud Connector

  • vCloud Connector is configured from the appliance management interface on port 5480
  • Comprises System, Network, Update, Server and Nodes tabs
  • System Tab – information and time zone
  • Network tab – IP address settings and any proxy servers required
  • Update Tab – Check and install updates, check update poll schedule
  • Server Tab – log files and SSL configuration, register Connector with vCenter Server for management
  • Nodes tab – manage nodes in the vCloud Connector configuration

Differentiate between functionality of components of vCloud Connector

  • Using vCloud Connector, you can manage virtual machines, deploy templates, and transfer virtual machines, vApps, and templates from one cloud to another
  • Content Sync lets you set up a Content Library to distribute and synchronize templates across clouds.
  • Datacenter Extension (Stretch Deploy) lets you extend your private data center to a public vCloud.
  • Offline Data Transfer enables you to transfer large amounts of data from your private data center to VMware vCloud® Air™

Implement required network and security settings

  • Ports 80 (HTTP), 443 (HTTPS), 8190 (UDT transfer) and 5480 (admin) need to be open

Determine storage requirements and add storage for vCloud Connector node

  • Default storage on vCloud Connector nodes is 40 GB. You may need to increase this in some cases.
  • If you will be copying large virtual machines, vApps, or templates. In some scenarios (for example, if the transfer or import part of the copy process is slower than the export), vCloud Connector uses the staging area during copy and might need storage equivalent to the size of the object being copied.
  • If you will be copying many items simultaneously from a cloud.
  • If you increase the maximum number of concurrent copies allowed for a node
  • You need to resize the data disk on the vCloud Connector node by expanding hard disk 2 in the vSphere Client
  • Login to the appliance console and run sudo  opt/vmware/hcagent/scripts/resize_disk.sh

Register vCloud Connector UI with vCenter Server

  • In the vCloud Connector server Admin Web Console at https://vCCserverIPaddress:5480, click the Server tab, then the vSphere Client tab
  • The vCloud Connector server URL field is automatically filled
  • Type the vCenter Server IP address or fully qualified domain name
  • If your vCenter Server is running on a port other than the default, specify the port number with the IP address. For example, 10.10.10.10:54
  • Type the user name and password for the vCenter Server
  • If the vCenter Server has a vCloud Connector server already registered with it that you want to replace, select Overwrite existing registration
  • To verify that the registration was successful, log in to the vSphere Client and check that the vCloud Connector icon appears under Solutions and Applications in the Home page.

Register vCloud Networking and Security Manager with the vCloud Connector server

  • Don’t understand what is being asked here!

Troubleshoot common vCloud Connector installation and operations issues

  • Test network connectivity between all objects by using the curl -k command
  • Log files can be downloaded from the appliance management interface on port 5480
  • Log files are /opt/vmware/hcserver/logs/hcs.log and  /opt/vmware/hcagent/logs/hca.log
  • Edit the logback.xml file to change log behaviour settings
  • Upgrades can be troubleshooted using the /opt/vmware/var/log/vami/vami.log and /opt/vmware/var/log/postinstall log files. Log file should read “Finished installing version n.”
  • Verify FQDNs can be resolved if they are being used

Create a vCloud Connector Content Library

  • The vCloud Connector Content Library is a library of published folders or catalogs of templates to which users can subscribe. These templates can be virtual machine templates from vSphere clouds or vApp templates from vCloud Director clouds or public vCloud Director-based clouds.

Publish vSphere folders and vCloud catalogs to a vCloud Connector Content Library

  • In the Browser panel, expand the Clouds tree and find the folder or catalog of templates that you want to publish.
  • Right-click the folder and select Publish to Content Library. If Publish to Content Library is disabled, check that you are right-clicking a folder or catalog. The option is disabled for other objects, such as a datacenter or an organization.
  • Click Publish in the confirmation dialog box
  • In the Browser panel, select Content Library. The Catalogs table appears in the Inventory panel. The table lists the catalog or folder that you published, along with details such as its location, publisher, and the time that it was last updated.
  • Click on the folder name to view the templates it contains. Users can now subscribe to the published folder

Subscribe/unsubscribe to a published folder or catalog

  • In the Browser panel, select Content Library. The Inventory panel displays a Catalogs table which lists all published catalogs and folders
  • To view the templates contained in a folder or catalog, select it in the Catalogs table. The Templates table that appears below the Catalogs table displays the contents of the selected folder or catalog.
  • In the Catalogs table, select the catalog or folder to which you want to subscribe
  • Click the Subscribe icon (down arrow) at the top of the Inventory panel. The Subscribe Wizard appears
  • If you want templates to be deleted from your subscription folder or catalog if they are deleted in the published catalog, select Remove entities if deleted at publisher.
  • Select the cloud to which you want to copy the templates.
  • If your destination cloud is a vSphere cloud, do the following.
    • Select the folder to which you want to copy the templates, then click Next.
    • Specify an empty folder and do not add other content to it after you subscribe. vCloud Connector assumes that the folder is under its management and might replace or delete content in it.
    • Select a cluster, host or resource pool, then click Next.
    • Select the virtual disk format and a datastore, then click Next.
    • Select the frequency at which you want the subscription folder to be synchronized with the published folder. You can specify either the interval, in hours, or a custom schedule indicating the specific days and times at which you want the folder to be synchronized.
    • In the Ready to complete page, review your selections and click Finish.
  • If your destination cloud is a vCloud Director cloud, do the following.
    • Select the catalog to which you want to copy the templates, then click Next.0
    • Specify an empty catalog and do not add other content to it after you subscribe. vCloud Connector assumes that the catalog is under its management and might replace or delete content in it.
    • Select a virtual datacenter, then click Next.
    • Select the frequency at which you want the subscription folder to be synchronized with the published folder. You can specify either the interval, in hours, or a custom schedule indicating the specific days and times at which you want the folder to be synchronized.
    • In the Ready to complete page, review your selections, then click Finish.

Stretch deploy a VM or vApp using Data Center Extension

  • Ensure the VM to be moved is powered off
  • Click Stretch Deploy icon
  • Select the destination cloud
  • Give the vApp a name (stretched_ is added)
  • Choose a catalog and VDC for storage
  • Select VDC network and supply an external IP address
  • If the VM is manual static IP address, this should be changed from DCHP once inside the public cloud
  • Power on the VM

Objective 1.4: Configure vRealize Automation Settings
Configure vRealize system settings to handle system notifications and appearance

  • Login to the vRealize Application as either a tenant or system administrator
  • Select Administration -> Branding, click Choose File
  • Set privacy policy and contact links if required
  • Click update
  • To set e-mail, login to vRealize Application as a system administrator
  • Select Administration -> Email Servers
  • Click the add button, select Email inbound or Email outbound
  • Configure the appropriate settings, click test connection and add to finish

Enable connections and set concurrency limits on IaaS server

  • To conserve resources, vRealize Automation limits the number of concurrently running instances of machine provisioning and data collection. You can change the limits.
  • The default delivery timeout intervals for the SetupOS and Clone workflow activities are 20 hours for each
  • Open the ManagerService.exe.config file in an editor. The file is located in the vRealize Automation server install directory, typically %SystemDrive%\Program Files x86\VMware\vCAC\Server
  • Locate the section called workflowTimeoutConfigurationSection
  • Update the following variables, as required (MaxOutstandingResourceIntensive WorkItems, CloneExecutionTimeout, SetupOSExecutionTimeout, CloneTimeout, SetupOSTimeout, CloudInitializeProvisioning, MaxOutstandingDataCollectionWorkItems, InventoryTimeout, PerformanceTimeout, StateTimeout)
  • Save and close the file, restart the vRealize Automation service
  • You can change the frequency of several callback procedures, including the frequency that the vRealize Automation callback procedure is run for changed machine leases
  • Open the ManagerService.exe.config file in an editor. The file is located in the vRealize Automation server install directory, typically %SystemDrive%\Program Files x86\VMware\vCAC\Server.
  • Update the following variables, as desired (RepositoryWorkflowTimerCallback MiliSeconds, ProcessLeaseWorkflowTimerCallbackIntervalMiliSeconds, BulkRequestWorkflowTimerCallbackMiliSeconds, MachineRequestTimerCallbackMiliSeconds, MachineWorkflowCreationTimerCallbackMiliSeconds)
  • Save and close the file, restart the vRealize Automation service

Configure Datacenter locations

  • Locations are stored in the file %SystemDrive%\Program Files x86\VMware\vCAC\ServerWebSite\XmlData\DataCenterLocations.xml
  • Add the string <Data Name=”Manchester” Description=”Manchester DC” /> within the <CustomDataType> section
  • Save and close the file
  • Restart the Manager service