Home > Blogs > VMware Operations Transformation Services > Tag Archives: Choong Keng Leong

Tag Archives: Choong Keng Leong

Key People, Process and Policy Considerations for vRealize Automation Success

Keng-Leong-Choong-cropBy Choong Keng Leong

Organizations implement VMware vRealize Automation (vRA) with the aim of shortening the provisioning of infrastructure services and the release of applications through self-service and automation. To achieve this, there is a need for balance between governance and business agility. Projects are more likely to fail or face significant obstacles if they do not plan adequately and ensure the necessary policies, processes and workflows are in place.

In this blog, we’ll explore some of these key planning and design activities that are often overlooked on the journey to cloud automation.

Key Players

vRealize Automation - Key PlayersThe very first thing we need to do is identify key players. The roles are mapped to actual team members in the organization. Minimally, we need to identify:

  • Service consumers – Authorized users of the self-service portal who can request and manage their cloud services, and which business groups they belong to
  • Approvers – Approves all possible requests
  • Cloud administrators Administers and manages the cloud infrastructure, cloud resources, and the configuration and maintenance of vRA
  • System administrators – Administers, configures and maintains the guest operating systems in the virtual machine
  • Application administrators – Installs, administers, configures and maintains the application software hosted on the virtual machine
  • Cloud security and compliance analyst –Monitors, analyzes and tests the security and compliance of application, guest OS and infrastructure

A common mistake is not identifying all the necessary key players and involving them in the planning and design early, which could have drastic impact to the vRA workflow designs.

Service Models

vRealize Automation - Service ModelsThe next step is to determine what cloud services will be offered through vRA. Many organizations start by offering Infrastructure-as-a-Service (IaaS), provisioning virtual machines leveraging existing vSphere virtual machine templates. For organizations that are heavily virtualized, this is not transformational and has very little incremental impact visible to the business.

To realize the full values of vRA, organizations should look beyond provisioning up to the OS level. The steps that follow after the server with OS is ready usually involve manual or scripted steps and multiple parties (app, middleware, db, security, etc.). Being able to automate these steps, package them and offer the package as a cloud service will result in significant efficiency gains. For example, instead of offering Windows 2012 as a catalog item, why not offer a SQL Server 2012 or a Tier 2 Application consisting of a pair of load-balanced Apache Tomcat Servers and a SQL Server?

Developing service models requires engaging the business to understand their requirements. For example, what is the point in offering a Windows Server 2003 R2 catalog item when no new business applications will be running on it. We also need to understand the service levels and performance requirements so that we can provision the machines in the correct pool of resources that provide these capabilities. We also need to identify which business groups will be entitled to these services.

Request Models

vRealize Automation - Request ModelsOnce the service models are defined, we can identify all the use cases for vRA and the types of requests within the scope of vRA. Request models (i.e. workflows) for the services are mapped out and documented. These may include:

  •  Request for a virtual machine
  • Request for a database server
  • Request to increase the resources of a virtual machine (e.g., add CPU, Memory)
  • Request to extend the lease of a virtual machine
  • Request to reboot a virtual machine
  • Request to decommission virtual machine
  • Request to snapshot a virtual machine
  • Request to back up a virtual machine

It is common to start by mapping out the current workflows and automating some of the steps using vRA and/or vRealize Orchestrator. While this approach may be quick, it has proven inadequate in many customer use cases I have encountered. Requirements to interface with a business system, process and function appear in late stages of the vRA implementation project, jeopardizing the project’s schedule and budget. In order for an organization to automate as much of the process as possible and make significant impact to service provisioning and delivery times, the whole service fulfillment cycle needs to be studied, optimized and transformed. It’s imperative to understand the whole business process through initiation of an IT/business project, budgeting, approval, procurement, installation, building, integration, testing, release, operation, management, support and retirement. Then, you must identify how the vRA will fit and interface with the various stakeholders, functions, processes and systems. Sometimes, it is necessary to have the vRA interface with external workflows already existing in other systems such as an IT service management (ITSM) system.

In addition, each request model needs to be correctly categorized and aligned with the organization’s governance policy and processes. For example, a request for a virtual machine in production vs. a machine for development will require different change management process, approval levels and approvers. These considerations should be incorporated into the design of the workflows and vRA approval policies. The request models can also be re-categorized to reduce governance overhead due to risk reduction with process automation and standardization of blueprints.

Access and Entitlement Management

vRealize Automation - Access & Entitlement ManagementAfter the key players, service models and request models are finalized, the different security access roles for vRA can be defined and mapped to the key players, so that they have adequate permissions and privileges to perform their tasks defined in the request models. Entitlements to the services are also configured and granted to the respective business groups and/or users.

Communication and Awareness

vRealize Automation - Communication & Transition SupportBefore the launch of the vRA, don’t forget to brief all key players on the processes and how to use the vRA based on their roles. Print and distribute reference cards and stickers to remind them of the process steps and how to get support when needed. It is important to cater for more hand-holding and support during the initial transition phase. The project will fail if users start to revert to old ways and stop using vRA.

========
Choong Keng Leong is an operations architect with VMware Professional Services and is based in Singapore. You can connect with him on LinkedIn

VMware vCenter Operations Manager Users: Raise Your Hands!

Keng-Leong-Choong-cropBy Choong Keng Leong

I innocently asked attendees in a workshop I was delivering at one of my clients, “Who uses VMware vCenter Operations Management Suite in your company?“ I got two simple answers: “Cloud administrator” or “VM administrator.”  This triggered me to write this blog and hopefully will change your thinking if you have the same answer.

The vCenter Operations Management Suite consists of four components:

  • vCenter Operations Manager : Allows you to monitor and manage the performance, capacity and health of your SDDC infrastructure, operating systems and applications
  • vCenter Configuration Manager : Enables you to automate configuration management across virtual and physical servers, and continuously assess them for compliance with IT policies, regulatory, and security compliance
  • vCenter Hyperic : Helps to monitor operating systems, databases, and applications
  • vCenter Infrastructure Navigator : Automatically discovers and visualizes application components and infrastructure dependencies

If I were to map the vCenter Operations Management Suite to the IT processes it can support, it would look like the matrix shown in Table 1:

Table 1: A Possible vCenter Operations Management Suite to Process Mapping

What Table 1 also implies is that multiple roles will be using and accessing vCenter Operations Manager, or be a recipient of its outputs, i.e., reports. For example, the IT Director can access the vCenter Operations Manager Dashboard to view the overall health of the infrastructure. The Application Support team accesses it via a Custom Dashboard to understand applications status and performance. The IT Compliance Manager reviews the compliance status of IT systems on the vCenter Operations Manager Dashboard and gets more details from the vCenter Configuration Manager to initiate remediation of the systems.

Table 2 below shows a possible list of roles accessing the vCenter Operations Management Suite.

Table 2: Possible List of Roles Using vCenter Operations Management Suite

Tables 1 and 2 illustrate clearly that vCenter Operations Management Suite is not just another lightweight app for the cloud or VM administrator — it supports multiple IT operational processes and roles.

Taking a step further, you need to embed vCenter Operations Management Suite into operational procedures to take maximum advantage of the tools’ full potential and integrated approach to performance, capacity, and configuration management. To draw an analogy –  if you deploy a new SAP system without defining the triggers or use cases for a user to access the SAP system; establishing the procedural steps on which modules to access and how to navigate in the system; what to input; how to query and report and so on; it is unlikely the system will be rolled out successfully.

Although vCenter Operations Management Suite is not as complex, the concept is the same. You need to define procedures with tight linkage to the tools to ensure they are used consistently and in the way it is designed or configured for.

I hope that my blog motivates you to start thinking about transforming your IT operations to make full use of the capabilities of your VMware technology investment.

========
Choong Keng Leong is an operations architect with VMware Professional Services and is based in Singapore. You can connect with him on LinkedIn

Service Catalog Is The New Face of IT

By Choong Keng Leong

Keng-Leong-Choong-cropMany organizations on their journey to delivering IT as a service have chosen to adopt and implement VMware vCloud® Automation Center™ to automate the delivery and management of IT infrastructure and services through a unified service catalog and self-service portal.  As this transformation requires a new IT operating model and change in mindset, a common challenge that IT organizations encounter is:

  • How do I define and package IT services to offer and publish on the service catalog?

This is analogous to a mobile operator putting together a new mobile voice and data plan that the market wants and pricing it attractively.

Here’s a possible approach to designing a service catalog for vCloud Automation Center implementation.

Service Model
Service catalog is the new face of IT. It is a communication platform and central source of information about the services offered by IT to the business. It is also empowering users through an intuitive self-service portal that allows them to choose, request, track, and manage their consumption and subscription to IT services.

The first step to developing the service catalog and identifying the services within it is to understand the business requirements as to how these demands are going to be fulfilled — that is to develop a service model. For example, you could start with a business function — Sales — and then pick a business process — client relationship management (CRM). CRM can be further broken down into three domains: operational CRM, collaborative CRM, and analytical CRM. Each of the CRM systems can be instantiated in different environments (product, test, and development). Each instance is technically implemented and delivered via a three-tier system architecture. What you would get is shown below in Figure 1, which is a service model for CRM.

ServiceCatalog

Figure 1. Service Model for CRM

Repeat the above steps for the other business functions. At the end of the exercise, you have defined service categories, catalog items, and service blueprints for implementation of a service catalog and self-service portal in vCloud Automation Center.

Service Catalog
Using the above business centric approach allows you to define a customer-friendly service catalog of business services. The service categories and catalog items are in business-familiar terms, and only relevant information is presented to the business user so as not overwhelm him/her with the complexities of the underlying technologies and technicalities.

The business services are provisioned using service blueprints, which are templates containing the complete service specifications, technical service levels (e.g., RTO, RPO, and IOPS), and infrastructure (e.g., ESXi cluster, block or file storage, and network).  The service blueprints allow IT to automate provisioning through vCloud Automation Center. To maximize business benefits and optimization of infrastructure resources, it is also important to establish a technical service catalog of technical capabilities and to pool infrastructure resources with similar capabilities. Then, vCloud Automation Center can provision a service via the service blueprint to the most cost-effective resource pool and providing optimal performance.

In summary, using a business-centric approach to designing your service catalog elevates IT to speaking in business terms and provides a whole new IT experience to your users.

——-
Choong Keng Leong is an operations architect with VMware Professional Services and is based in Singapore. You can connect with him on LinkedIn.