vRealize Automation (vRA) 8.2 introduces many awesome new features including enhanced governance through shared infrastructure multi-tenancy, custom role based access control, and new approval options. Support for Terraform is provided directly on the design canvas and full support for the NSX-T Policy APIs is available. This blog post will walk through the new features in 8.2 at a high level with blog links to deeper information on most of the new features.
Terraform Service
Terraform OSS is now a first-class citizen on the Cloud Template (formerly Blueprint) canvas. Administrators can take advantage of vRA’s capabilities, including governance, user self-service catalogs, day-2 configuration and management, extensibility, life-cycle management, and continuous delivery pipelines in conjunction with Terraform’s broad set of integrations across public and private clouds. Any provider that is available in the Terraform Registry can be called by vRA. Now a user can call a single cloud template, that includes an unparalleled array of integrations, with vRA governing and orchestrating the entire process.
Multitenancy – Support for Centralized Management of Shared Infrastructure Using Virtual Private Zones
We provided support for multitenancy in vRA 8.1 with Provider and Tenant Organizations. With the 8.2 release, we’re introducing support for Virtual Private Zones (VPZs). VPZs allow a Provider admin to bundle infrastructure and services in a VPZ then allocate them to a Tenant Organization. Tenant admins then take the VPZ and assign it to a Project in their Tenant Organization. The VPZ is primarily controlled by a Provider admin and behaves like a Cloud Zone within the Tenant.
Custom Role Based Access Control
Custom roles allow admins to give users additional ability to view and manage configurations in an Organization within vRA. Types of roles that can be assigned include discrete infrastructure management for Cloud Accounts, images, and flavors. Also the ability to manage XaaS like Custom Resources, Resource Actions or Approvals in Service Broker with many more options. Custom roles dramatically expand the granularity of permissions assignment throughout vRA and improve the overall security and governance within an Organization.
Network Automation Enhancements:
Support for NSX-T 3.0 Policy Mode and
Support for Multiple vCenters Per NSX-T Cloud Account
The NSX-T Cloud Account now support the ability to choose between using the NSX Policy API and older Management API. If the Policy API is chosen, Policy objects will be created and placed under management by vRA. NSX-T 3.0 or later is required to enable Policy support in vRA. Multiple vCenters are also supported per NSX-T Cloud Account. This allows provisioning and management scenarios where a single NSX-T manager is configured with multiple vCenter compute managers.
Destination NAT and Port Forwarding
Port Forwarding and DNAT rules are supported for NSX outbound networks. A new Gateway resource type allows DNAT and Port Forwarding rules to be specified for the gateway/router connected to an outbound network. Also day-2 actions support adding new DNAT and Port Forwarding rules, reordering rules, editing existing rules, and deleting rules.
Day-2 Security Group Membership Update
We can now update security group membership and firewall rules as a day-2 action for Virtual Machines. Users can control their security group membership directly from the deployment topology. As security needs change, firewall rules can be adjusted in real time.
Expanded NSX Load Balancer Configurations
You can now set the load balancer size, logging level, and algorithm that’s used for a deployment. These settings can be defined in the Cloud Template YAML code and changed as a day-2 action. The new options make it even easier to build exactly what you need and make changes as business needs dictate. Also if there’s an outage, users can easily set logging levels to establish root cause.
vSphere with Kubernetes – Supervisor Namespace as a Catalog Item
Create Supervisor Namespaces using easy to consume self-service catalog items and assign them directly to Projects. This new capability allows you to manage traditional vSphere environments alongside Tanzu Kubernetes with governance controls, access policies, lease times, and approvals. This capability improves upon VMware’s unsurpassed ability to provision and manage both VMs and Containers from a single solution.
Migration Assistant
Migration Assistant allows you to perform a migration assessment against your source environment and any embedded vRealize Orchestrator instances. The assessment is used to determine the migration readiness of your vRealize Automation 7 source environment. The migration assessment also alerts you to any system object and its dependencies that are not ready for migration and potentially impact your migration process. After performing a migration assessment you can then migrate to import content and configuration data from your current vRealize Automation 7 source environment to vRealize Automation 8.2.
For more information on the assessment and migration process, check out our vRA transition guide on docs.vmware.com.
Enhanced Approvals
Apply approvals to all items in the catalog and all items deployed directly from Cloud Assembly, including Cloud Formation Templates, vRO workflows, ABX actions, and OVAs. Also provide approvals for day-2 actions from Cloud Assembly-based deployments. Additionally, approvers can view all input parameters submitted by users as part of the approval.
First Class Disk Support
Support for Disk as a Service capabilities with the ability to create a First Class Disk (FCD) object independently without a Virtual Machine. Also provides the ability to Create, Edit, Delete, and List FCD objects through the APIs. We’ve included day-2 actions that allow adding disk, attach/detach, and resize. Disk snapshots lifecycle management is included with create, delete, restore operations.
Share ABX Actions Across Projects
ABX actions can now be shared among projects. You can create extensibility actions and share them instead of needing to export and import the action. Sharing can also be controlled based on the needs of your team.
XaaS Updates
Custom Resources Schema Dynamic data support. vRealize Automation Cloud now includes automatic validation for the workflows added as lifecycle actions to your custom action. This feature also includes improvements to the external type property and custom resource property schema. We’re also offering custom day-2 actions bindings. vRA currently supports three types of action bindings: in request, with binding action, and direct binding. The new support will allow automatic binding between a cloud machine resource and vRO workflows inputs of type VC:VirtualMachine.
Summary
Our vRA product team delivered outstanding new features with the 8.2 release. Each of these features expands upon vRA’s leadership in the Cloud Automation and Governance marketplace. With our recent acquisitions, including our intent to acquire SaltStack, Terraform support in this release, and other integrations and solutions, VMware offers a comprehensive automation solution for build, configuration, security, extensibility, and governance across private and public clouds, whether your needs focus on legacy technologies, applications, VMs, or Containers. Stay tuned as we continue to innovate in this space!