iThinkVirtual™

vRealize Suite 2019 – Part 3: Installing vRealize Automation

Intro

In my previous post, I covered the configuration of VMware Identity Manager in preparation for what I will cover in this post, the installation of vRealize Automation 8.0!  This new release is a complete redesign of the product and now uses a similar codebase to vRealize Automation Cloud (formerly known as Cloud Automation Services), bringing those capabilities to the on-premises form factor and making it easier to transform IT delivery.  I look forward to tinkering with this more after the deployment!  Let’s jump right in!

 

Procedure

  • Begin by logging into vRealize Lifecycle Manager and from the home page, click Create Environment.
  • Fill out the details and click Next.
    • **Note** There is a known bug in vRA 8.0 which will fail the deployment if CEIP is enabled, so I unchecked the option to disable it during deployment.  It can be re-enabled via CLI post-deployment.  This bug has also been resolved in v8.0.1.

  • Select the vRealize Automation product and the preferred Deployment Type, then click Next.
    • I am doing a Standard single-node deployment. 

  • Accept the EULA and click Next.

  • Add a vRA License by clicking Add or Select.
    • Add will guide through entering and saving a license into LCM’s Locker.
    • Select will let you choose from your list of saved licenses.
  • After adding the license click Validate Association then click Next.

  • Select your generated Certificate and click Next.
    • Certificates are also stored in LCM’s Locker.  If you need to create a certificate, click the + sign on the far right to walk through the process of generating and saving a new cert.
    • **Note** There is another known bug that will cause the deployment to fail.  vRA supports using a wildcard domain name in place of FQDNs when configuring the Subject Alternative Names during certificate generation.  The caveat is that it must be on the registered Public Domain Suffix list(ex: .com, .org, .edu, etc.).  If your lab environment is not using a public domain suffix, be sure to enter in the FQDNs for each product you plan on deploying with this certificate.

  • Configure the appropriate information and click Next.

  • Enter in the required network information and click Next.

  • Enter in the VM Name, Hostname, and IP Address for the vRealize Automation appliance and click Next.

  • Click Run Precheck and if everything comes back successful, click Next.

  • When ready, click Submit.
    • This is a good time to export the configuration to save as a backup or to use again for another deployment of vRA.

If all goes well, in about an hour’s time you’ll have a successful installation of the new vRealize Automation 8.0

  • **Note** There’s another known bug, that will cause the deployment to fail and will throw the same error message as the other two previously mentioned bugs. 
    • This is due to the root account password used to install the RPMs during the in the vRealize Orchestrator pod installation (since both vRA and vRO run in K8s pods!) being expired, causing a timeout and an eventual failure.
      • To work around this you must SSH into the vRA appliance and navigate to `/opt/charts/vco/templates` directory and editing the deployment.yaml file.
      • Look for the following lines of code around line 210.

        command:
        - "/bin/bash"
        - "-c"
        - "/init_run.sh"
      • Edit the lines to look like the following:
        command:
        - "/bin/bash"
        - "-c"
        - "sed -i 's/root:.*/root:x:18135:0:99999:7:::/g' /etc/shadow && sed -i 's/vco:.*/vco:x:18135:0:99999:7:::/g'
          /etc/shadow && /init_run.sh"

    • After editing the file, return to the failed request in the vRealize Lifecycle Manager GUI and click Retry, and the installation should complete successfully.

  • Navigate to the vRealize Automation URL and click Go To Login Page.
    • Log in with the configadmin account from VMware Identity Manager. 
      • We can then grant access to different users so they can access and work with vRealize Automation.

  • Click on Identity & Access Management. 
    • You may already see the users configured previously in vIDM.
    • Configadmin has all the roles so feel free to mirror the roles to your users, which I did here, or select the appropriate roles for your production users.

Now, we can log out of vRealize Automation and head over to the Admin Console of VMware Identity Manager so we can configure a new Web Application for our users.  This way, once they log into Workspace One Access, they can launch the application and authenticate automatically!

  • From the vIDM Administrator Console, click Catalog > New.

  • Provide a Name for the application and select an Icon file if you have one, then click Next.

  • Select Web Application Link for the Authentication Type and enter the Target URL, then click Next.

  • Click Save & Assign

  • Add the desired users and set the Deployment Type to Automatic, then click Save.
    • When the application is launched, it will automatically attempt to authenticate the user.

  • Navigate back to the User Portal and the application should now be available in the Catalog.

Well, that about wraps up this installation and I can’t wait to start getting my feet wet with this new version.  I’m familiar with the previous versions, but as mentioned earlier, this is a complete redesign of the product so time for me to learn it…can’t wait!

I hope that you’ve found this information useful, and I thank you all for stopping by and reading!

 

 

vRealize Suite 2019 – Part 2: Configuring VMware Identity Manager

Intro

In my previous post, I covered how to install vRealize Suite Lifecycle Manager 8.0 and in the process it also deployed an instance of VMware Identity Manager aka Workspace One Access, which is a requirement for installing vRealize Automation 8.0.  I opted to skip the deployment of the latter as to keep focus on the deployment of LCM only. 

In this post, I’ll cover how to configure VMware Identity Manager to support Active Directory Authentication for the vRealize Suite solutions

Procedure

  • Log in to VMware Identity Manager and then access the Administration Console.  

  • Click Identity & Access Management, then click Setup > User Attributes.
    • I elected to only require the AD account to have a Username and a First Name, so I unchecked all other options.  This is optional and shouldn’t be done in Production environments.  The more security the better!

  • Click Manage, then click Add Directory > Add Active Directory over LDAP/IWA

  • Provide a Directory Name, Base DN, Bind DN, and Bind User Password then click Test Connection.  If it is Successful, click Save & Next.

  • Select any domains that you’d like to add then click Next > Next.
    • This was already selected and is unable to be unchecked.  

  • Add the group DNs and either check Select All box or click the Select button to add any Groups that are to be synchronized with VMware Identity Manager, then click Next.

  • Add any user DNs that are to be synced as well and click Next.

  • Review and make any changes if necessary then click Sync Directory.
    • The sync will begin, after a bit click the Refresh button to see the the sync has finished

  • To confirm that the users and groups synced, click Users & Groups > Users/Groups.

Now that the users I want are synced, I’d like to also give these users Super Admin rights to VMware Identity Manager. 

  • Click Roles, then select the checkbox next to Super Admin and click Assign.  Search for the users to add and when finished, click Save.

Now, I can successfully log in to VMware Identity Manager using the newly synced Active Directory accounts.  But, before I can actually use these r accounts for other products, the users need to be given access to login to the respective solution.  In my case, I’ve only deployed vRealize Suite Lifecycle Manager so far.

  • Log in to vRealize Lifecycle Manager with the local admin account then select User Management > User Management > Add User / Group.

  • Search for the users to add and click Next

  • Select the LCM Cloud Admin role and click Next.

  • Review the Summary and click Submit.

One final step to go! Now that I’ve granted rights in vRealize Suite Lifecycle Manager, I’m able to entitle users in VMware Idenetity Manager to allow access to vRealize Suite Lifecycle Manager using VMware Identity Manger authentication.  How sweet it that, right?!

  • Log in to VMware Identity Manager and access the Administration Console then Catalog.  Select the checkbox next to the Application that is to be Entitled and click Assign.

  • Search for the Users and/or Groups to be Entitled then ( Optional: also Change the Deployment Type to Automatic ) click Save

  • Navigate to vRealize Suite Lifecycle Manager and select Identity Manager User from the drop-down selection, then click Login with Identity Manager.  Success!!

Additionally, a user can also automatically authenticate into an Application from their Workspace One Access (VMware Identity Manager) User Portal. 

  • Click the Open link on the Application watch it launch the URL and authenticate the user Automagically!

 

Well, that about wraps up this post.  In the next post, I’ll go over the deployment of vRealize Automation 8.0.

I hope that you’ve found this useful and I thank each and every one of you for reading.

vRealize Suite 2019 – Part 1: Installing vRealize Lifecycle Manager

Intro

Welcome to Part 1 of my vRealize Suite 2019 Series.  In my previous post, I went over the gist of what I plan to deploy in my nested Home Lab.  In this post, I will cover the installation of vRealize Suite Lifecycle Manager using the new vRealize Easy Installer released with the v8.0 of the solution.

With vRealize Easy Installer, you can:

  • Install vRealize Suite Lifecycle Manager
  • Install a new instance of vRealize Automation
  • Register vRealize Automation with Workspace ONE Access

Please note that as of the time of this writing, the latest version of vRealize Suite Lifecycle Manager is v8.0.1. I will focus on deploying v8.0.0 and eventually cover the upgrade to v8.0.1. Let’s get right to it, shall we?

Obtain and Access the Easy Installer

The vRealize Easy installer can be downloaded from My VMware download page. The media comes in the form of a .iso file. Once the .iso has been downloaded, either mount the ISO or extract its contents and launch the Installer.exe file located in the \vrlcm-ui-installer\win32 directory.

Install vRealize Suite Lifecycle Manager

You are required to first define the vCenter Server details, resource location to deploy your appliance, specify resources and then access vRealize Suite Lifecycle Manager. The following steps are outlined in the official documentation.

Procedure

  • Click Install on the vRealize Easy Installer window.
  • Click Next after reading the introduction.
  • Accept the License Agreement and click Next.
  • Read the Customer Experience Improvement Program and select the checkbox to join the program.
  • To specify vCenter Server details.
    • Enter the vCenter Server Hostname.
    • Enter the HTTPs Port number.
    • Enter the vCenter Server Username, and Password.

  • Click Next and you are prompted with a Certificate Warning, click Yes to proceed.
  • You must specify a location to deploy virtual appliances.
    • Expand the vCenter Server tree.
    • Expand to any data center and map your deployment to a specific VM folder.

  • Specify a resource cluster
    • Expand the data center tree to an appropriate resource location and click Next.

  • Store your deployment, allocate a datastore and click Next.

  • Set up Network and Password configuration, enter the required fields, and click Next.
    • Enter the NTP Server for the appliance and click Next.  The network configurations provided for all products are a one time entry for your configuration settings. The password provided is also common for all products and you need not enter the password again while you are installing the products.

  • Set up vRealize Suite Lifecycle Manager configuration settings.
    • Enter a Virtual Machine NameIP Address, and Hostname.
    • Click Next.  With easy installer, you either import an existing VMware Identity Manager into vRealize Suite Lifecycle Manager or a new instance of VMware Identity Manager can be deployed.  For new VMware Identity Manager installation through easy installer only VMware Identity Manager 3.3.1 is allowed.  This is a mandatory step for a vRealize Suite Lifecycle Manager deployment.  vRealize Automation installation is optional and I am choosing to Skip this installation at this time.

  • Review the summary page that contains the vRealize Suite Lifecycle Manager, VMware Identity Manager, and vRealize Automation installation details and click Submit.

The installation will now begin to deploy vRealize Suite Lifecycle Manager followed by Workspace One Access, formerly known as VMware Identity Manager.  This will take some time to complete but once it’s done, you can now login to both applications using the credentials specified in the Easy Installer.

Entending Storage Volume

Now, before installing any additional solutions, we first need to increase the storage where vRealize Lifecycle Manager stores the binaries and then import the binaries for each of the solutions we’re going to deploy with vRSLCM.  When first logging into vRealize Suite Lifecycle Manager, you’ll see the following dashboard. 

Procedure

  • Click Lifecycle Operations, then click the gear icon on the left side to enter the Settings menu.

  • Click System Details, and you can see that by default, the storage is set to 20GB. 
    • I’m going to add 40GB to it so I have enough storage space to house the other product binaries. 
  • Click Extend Volume.
    • Enter the vCenter Server Host Name, select the correct Credential, and enter the amount in GB that you’d like to add and click Extend.  Allow some time for the request to complete and refresh the page if necessary.  Once it completed, we can see that the volume has been increased.

Add Product Binaries

Before I can deploy any product other than VMware Identity Manager and vRealize Automation, I need to configure the binary mapping for those additional products.  The two products I mentioned before are already mapped as they come with the Easy Installer.

Procedure

  • From the Settings menu, click Binary Mappings, then click Add Binaries.

  • Select your Location Type, and provide the Base Location path to the shared folder and click Discover.
    •  There are a few options you can choose from here and I’m going to select NFS since I’ve already placed the binaries in an NFS shared folder.
  • Once it’s discovered the binaries, select the ones that you want to map and click Add.  Allow some time for this to complete and if you’d like, monitor the Request Status until you see it has completed.
    • At this time, I’m not selecting any of the v8.0.1 upgrade binaries.  I’ll add them at a later time.

Conclusion

In the next one, I’ll quickly cover accessing the Workspace One Access (VMware Identity Manager) deployment and configure it so that we can use an Identity Manager account to login to vRealize Suite Lifecycle Manager and the other solutions I’ll be deploying in this series.

Well, I hope that you’ve enjoyed this post and hopefully you’ll be back for more.  Thanks for reading!

vRealize Suite 2019 Series

Intro

Hello, and thank you for visiting my blog! I’d decided to take some time away from writing in order to focus on my role as a Solutions Engineer at VMware, and enhance my skillset by getting more acclimated and accustomed to some of the most utilized solutions by VMware customers.  Almost one full year has passed since I last wrote anything, and with the new year underway, what better time to get back into writing some material for myself and the vCommunity.

In this series, I’m going to cover how to easily deploy, and eventually update, each of the solutions that make up the vRealize Suite 2019 set of products. The products that will be covered are as follows:

If anyone has followed my NSX-T Home Lab Series from last year, I again will be leveraging a nested lab environment to deploy each of these solutions since I already have these solutions installed and running in my physical lab infrastructure. I did, however, rebuild this nested lab environment since that series was written and only installed Site Recovery Manager which was used to demonstrate to a customer.

For the purposes of this series, my nested lab consists of the following VMs:

  • Sophos XG (serves as my virtual router)
  • Synology DS918+ (NFS Storage for the nested lab)
  • 4 ESXi VMs
    • 2 for Management
    • 1 for Site A
    • 1 for Site B

Once this series is finished up, I plan on revisiting my NSX-T series with a bunch of updated content since the entire deployment has changed since NSX-T 2.3.x (which is the version used in that series).

Enjoy!!

vRealize Suite 2019 Series:

I’ll continually add links in the series below as they’re published.