Home > Blogs > VMware Consulting Blog > Tag Archives: vCAC

Tag Archives: vCAC

vCAC 6 Custom Properties, Build Profiles and Property Dictionary Simplified

By Eiad Al-Aqqad

Eiad Al-AqqadThis post originally appeared on Eiad’s Virtualization Team blog.

vCloud Automation Center offers a lot of built-in extensibility features to help you achieve your desired result while minimizing the amount of coding required. Using vCAC custom properties, build profiles, property dictionary is just one example of how you can customize the product, minimize coding, and customize the input form. As property dictionary seems to be the most missed or misunderstood feature of vCAC, followed by build profiles and custom properties, I will try to simplify the explanation of these great features as much as possible. At the end of the article, I will point out more resources for in-depth information on each of these features.

vCAC Custom Properties
Custom properties is the building block for build profiles and property dictionary. VMware documentation defines custom properties as:

“VMware vCloud Automation Center™ custom properties allow you to add attributes of the machines your site provisions, or to override their standard attributes.”

What that means is that vCloud Automation Center utilizes particular variables (custom properties) that contain values that vCAC uses during machine provisioning (such as machine name, machine IP address, port group to use, and so on). vCAC exposes this information as custom properties that you can query or edit to overwrite the default values by a specific value or by a user input. This is a very powerful tool, as you can shape out the request form to ask the user for input (not required by the default request form) and execute upon it without requiring you to do any coding. You can also create your own custom properties to use with your own custom workflows.

Let’s look at a quick example of using vCAC custom properties. The image below shows the default blueprint/VM request form in vCAC:

Default Blueprint Request Form

As you can see, the default VM request form does not ask for a machine hostname or IP address. What if you wanted to allow the user to choose the VM hostname or IP address? You can do that using custom properties, and your request form will look like the screen below:

VCAC Custom Properties

In the above screenshot, I have used the Hostname and VirtualMachine.NetworkN.Address custom properties to allow the user to provide the desired VM hostname and IP address that vCAC will use when creating the VM. I did this by going to Infrastructure ==> Blueprint ==> Properties, then adding the two custom properties as shown in the image below.

VCAC Custom Hostname Property

While the above is using existing vCAC custom properties that vCAC uses when deploying a VM, you can always create your own custom properties to pass to your own workflow or just to track information within the request. For a list of custom properties available in vCAC 6, see: vCloud Automation Center 6 Custom Property Reference.

vCAC Build Profiles
Build profiles is simply a collection of the custom properties under a single title. Imagine if you have 20 different custom properties that you need to include with every Windows blueprint. It would be nice to bundle them all in a build profile then go to these blueprints and assign a single build profile instead of assigning 20 different custom properties to every Windows blueprint. This will save work and provide better consistency. You can create a build profile by going to Infrastructure => Blueprints => Build Profiles => New Build Profile, then add the desired custom properties to that build profile as shown in the image below.

Creating a Build Profile

The next step is to add that build profile to your blueprint as per the image below.

Add Build Profile to Blueprint

vCAC Property Dictionary
I am not sure why property dictionary seems to be the most misunderstood or missed feature of vCAC. It’s quite simple to use and can unleash a lot of power. Allowing users to provide values to custom properties as shown in previous examples is quite useful, but most of the time you want to limit the user choices using drop down menus or check boxes. Property dictionary is all about enabling you to do just that.

vCAC property dictionary lets you define characteristics of custom properties to tailor their display in the user interface. You can customize the property display in the user interface, as in the following examples:

  • Associate a property name with a user control, such as a check box or drop-down menu.
  • Specify constraints such as minimum and maximum values or validation against a regular expression.
  • Provide descriptive display names for properties or add label text.
  • Group sets of property controls together and specify the order in which they appear.
  • Create a relationship between different controls, where for example a location drop down menu can update the storage and network drop down menus to show only values that is valid for that location.

To see how useful property dictionaries can be, let’s take an example where we want to create the drop down menus as illustrated in the below diagram:

Drop Down Menu Sample

The goal of this exercise is to create three drop down menus that will ask the user for location, storage path, and network path to use. Let’s ignore the relationship between the different drop down menus for now and try to focus on just creating these drop down menus. To create the property dictionary required to create these drop down menus, go to: Infrastructure => Blueprints => Property Dictionary.

For each drop down menu you want to create, repeat the steps below. In this example I will create the location drop down menu:

  1. Click New Property Definition, then fill the information as shown in the below screenshot. Please note the name must match the custom property name you want to use.

Location Property Definition

  1. Click the green check mark to save your property definition.
  2. Under Property Attributes, click Edit.
  3. Click New Property Attributes, and then fill in the Property Attributes as shown in the image below.

Property Attribute Drop Down

  1. Repeat the above steps for storage and network as shown in the images below.

Property Definitions

Network Property

Storage Property Attribute

  1. Now that you have all the required property definitions and property attributes created, let’s create a property layout, which is a way of organizing how these drop-down boxes will be ordered when shown to the user. I wanted the drop boxes to be ordered as follows: Location, Storage, Network. To do this, I had to click New Property Layout and fill the information as shown in the below screenshot:

New Property Dictionary Layout

  1. Under Property Layout > Property Instances, click Edit, and organize your property instances as shown in the image below.

Organize Property Instances

  1. Let’s create a build profile that includes all the custom properties involved in our property dictionary example as shown in the image below.

Build Profile Property Dictionary Sample

  1. Now all you are left with is adding this build profile to your blueprint as shown below.

15vcac-adding-property-dictionary-build-profile-to-blueprint-470x232

  1. Now let’s check how the input of our blueprint looks:

16 vCAC-Property-Dictionary-in-action-470x324

Notice in the above example, the three drop-down menus that were created for location, storage, and network are operating independently. There is no relationship between them. In other words, choosing a particular location does not filter which options you have for storage or network. The capability of doing such filtering is part of the property dictionary relationship, which I cover in the following two posts:


Eiad Al-Aqqad is a consulting architect within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is a VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.

vCAC 5.2 to 6.x Construct Mappings

By Eiad Al-Aqqad

Eiad Al-AqqadThis post originally appeared on Eiad’s Virtualization Team blog.

vCloud Automation Center (vCAC) 5.x admins and architects might get surprised by vCAC 6.x construct naming, thinking VMware has abandoned the constructs vCAC used in the past. After a closer look, you will notice the construct functionalities are still the same as they used to be in 5.x. They were just renamed to fit the wider audience vCAC is currently addressing, and to be better aligned with broader functionality. The main difference is that a new Tenant Construct that did not exist in 5.2 was introduced in vCAC 6.x, as vCAC 5.2 did not support multi-tenancy.

I get asked quite often about the construct mapping between vCAC 5.2 and 6.x. The longer I deliver just vCAC 6.x engagements, the more I forget the construct mapping between vCloud Automation Center 5.2 and 6.x, so I decided to document it as a reference for myself and anyone else who needs it. Below is the best diagram I was able to find that highlights the construct mapping between vCAC 5.2 and vCAC 6.x:

vCAC Construct Mapping

 

Hope this help those of you familiar with vCAC 5.2 jump on 6.x with confidence.


Eiad Al-Aqqad is a Senior Consultant within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.

Cloud Automation Requirements from the Field

By Jung Hwang, Enterprise Solutions Architect, VMware

Jung HwangIT organizations adopt private cloud solutions for two main reasons: to gain agility and to improve efficiency of the services they offer. VMware’s vCloud Automation Center (vCAC) solution offers workload lifecycle capabilities that help IT organizations automate and centrally manage IT tasks that were traditionally done manually. Although vCAC has robust out-of-the-box (OOTB) capabilities that address many of these manual processes, enabling business and IT logic on top of the OOTB capabilities has helped many of our customers to reach their goals and realize the true value of automation. Below we’ll explore three requirements we have seen enabled on top of the vCAC OOTB capabilities.

Generate Custom Host Names
Although this seems to be a straightforward process, maintaining consistent host names can be challenging, especially in the private cloud environment where the virtual machine provisioning is automated without any IT staff’s involvement.

Within vCAC, administrators have some ability to add a prefix and a suffix to host names, but many customers need more custom fields, such as the environment (Prod/Dev/QA), type (Application/Web/DB), location (NA/EMEA), and incremental numbers (00X). (For example, a host name could be PROD-SQL-NA-001.) Every customer has a unique naming standard – because of this, VM host name assignment should be automated in vCAC to further minimize the manual intervention.

Active Directory Organization Unit (OU) Placement
Related to the host names issue, vCAC can integrate with Active Directory and will place VMs in a default computer object container within Active Directory. Our customers often have complex Active Directory Organizational Unit (OU) structures. Based on the host name assigned by vCAC, customers want to place the VM in the specific Active Directory OU. This will minimize unnecessary steps required to associate automatically provisioned VMs by vCAC. Moving VMs from the default computer object container to other containers can be as easy as a drag and drop operation, but when 10s or even 100s of VMs are provisioned via a self-service portal, placing a VM to the right OU based on the host name becomes an important task.

Configuration Management Database (CMDB) Integration and Configuration Item (CI) Management
Another common requirement is integrating vCAC with CMDB. Traditionally, updating and maintaining CIs were manual tasks, but they would be extremely difficult to do manually in a private cloud environment when VMs are provisioned and decommissioned based on the policy. The consumer of the vCAC solution will also be able to make changes with VM specifications so the integration with CMDB is another important area. Since the VMs will be requested via vCAC, vCAC can capture the VM specifications to create and update CIs in CMDB. The integration and automation can be enabled during the provisioning (when VMs are initially deployed), management (when VM specifications are changed by the owner), and decommissioning (when VMs are deleted).

The key to success and further identifying automation opportunities is understanding the customer’s end-to-end processes and translating them to new, private cloud processes. As we listen to our customers we can bring them more of what they need.


Jung I. Hwang is an Enterprise Solutions Architect and a member of VMware’s Services organization. Jung is responsible for creating solution roadmaps and execution plans with VMware’s products and services portfolio to solve customers’ business and technology challenges and initiatives.

vCloud Automation Center 6 Certificates A to Z

By Eiad Al-Aqqad, Senior Consultant, VMware Professional Services

Eiad Al-AqqadWhile working on delivering vCAC 6 engagements, I have noticed that getting all the required certificates in place has always involved jumping across different information sources, from VMware documentation and blogs to other consultants’ work. I have created the following guide to make the process easier. This is the first of three posts that cover the certificates process for a new vCAC 6.x installation from A-Z, beginning with how to install your own CA and continuing through assigning the certificates to each component.

First, I have to give credit where it is due. This document includes information from the following sources:

While I have used a lot of material from the above sources, I have also applied these steps at various customer sites, and carried out the full process in my lab. I hope you will find it useful.

Before You Begin
There are some important recommendations and requirements before you get started.

  1. VMware recommends a domain certificate or a wildcard domain certificate for a distributed installation.
  2. The certificate must be in PFX (for Windows) and PEM (for Appliances and Load Balancer) formats. (See table below.)

Certificates needed

While this post focuses on generating and using certificates for a new vCAC 6 installation, if you have an existing installation and vCAC 6 setup and you want to replace your self-signed certificates with signed certificates, you need to consider the following:

  1. Update components certificates in the following order:
    1. Identity Appliance
    2. vCloud Automation vCenter Appliance
    3. IaaS components

Note: With one exception, changes to later components do not affect earlier ones. For example, if you import a new certificate to a vCloud Automation Center Appliance, you must register this change with the IaaS server, but not with the Identity Appliance. The exception is that an updated certificate for IaaS components must be registered with vCloud Automation Center Appliance.

The table below shows registration requirements when you update a certificate.

Registration requirements

Step 1: Installing Domain CA
This section documents how to create the Domain Certificate Authority that you will later use to generate your certificates.

      1. In the Select Server Roles screen, click to select Install Active Directory Certificate Services.Select Server Roles screen
      2. In the Select Role Services screen, click to select both Certification Authority and Certifications Authority Web Enrollment.
        Select Role Services screen
      3. In the Specify Setup Type screen, click to select Enterprise.
        Specify Setup Type screen
      4. If this is your first CA, in the Specify CA Type screen, click to select Root CA.
        Specify CA Type screen
      5. In the Set Up Private Key screen, click to select Create a new private key.
        Set Up Private Key screen
      6. In the Configure Cryptography for CA screen, make the selections as shown in the below screenshot.
        Configure Cryptography for CA screen
      7. In the Configure CA Name screen, type in the name of your CA.
        Configure CA Name screen
      8. In the Set Validity Period screen, use the drop-down menu to select the appropriate period for the certificate generated by this CA.
        Set Validity Period screen

Step 2: Creating vCAC Certificate Templates
To allow for export of the certificate key, you need to create a non-standard certificate template, which is a modified copy of the standard web server template. In addition, the Microsoft CA will be updated to allow for Subject Alternative Names (SANs) as specified in the attributes.

To create a new, non-standard default template:

      1. Connect to the Root CA server or Subordinate CA server via RDP.
      2. Click Start > Run, type certtmpl.msc, and click OK. The Certificate Template Console opens.
      3. In the middle pane, under Template Display Name, locate Web Server.
      4. Right-click Web Server and click Duplicate Template.
      5. In the Duplicate Template window, select Windows Server 2003 Enterprise for backward compatibility.
      6. Click the General tab.
      7. In the Template Display Name field, enter vCAC Certificate as the name of the new template.
      8. Click the Extensions tab.
      9. Select Key Usage and click Edit.
      10. Select the Signature is proof of origin (nonrepudiation) option.
      11. Select the Allow encryption of user data option.
      12. Click OK.
      13. Select Application Policies and click Edit.
      14. Click Add.
      15. Select Client Authentication.
      16. Click OK.
      17. Click OK again.
      18. Click the Subject Name tab.
      19. Ensure that the Supply in the request option is selected.
      20. Click the Request Handling tab
      21. Ensure that the Allow private key to be exported option is selected
      22. Click OK to save the template.

 

To add a new template to certificate templates:

      1. Connect to the Root CA server or Subordinate CA server via RDP.
        Note: Connect to the CA server in which you intend to perform your certificate generation.
      2. Click Start > Run, type certsrv.msc, and click OK. The Certificate Server console opens.
      3. In the left pane, if collapsed, expand the node by clicking the [+] icon.
      4. Right-click Certificate Templates and click New > Certificate Template to Issue.
      5. Locate vCAC Certificate under the Name column.
      6. Click OK.

A new template option is now created in your Active Directory Certificate Services node. This new template can be used in the place of Web Server for the vSphere 5.x CA certificate.

Step 3: Installing OpenSSL version 0.9.8.
Use the following steps to install OpenSSL, which will be used to request the required certificates.

Important: Ensure that you are using OpenSSL version 0.9.8. If you do not use this version, the SSL implementation will fail.

To set up OpenSSL:

      1. Ensure that the Microsoft Visual C++ 2008 Redistributable Package (x86) is installed on the system on which you want to generate the requests. To download the package, see the Microsoft Download Center.
      2. Download the Shining Light Productions installer for OpenSSL x86 version 0.98r or later at http://www.slproweb.com/products/Win32OpenSSL.html. This software was developed by the OpenSSL Project.
      3. Launch the installer, proceed through the installation, and note the appropriate directory for later use. By default, it is located at c:\OpenSSL-Win32.

This tutorial includes two additional posts, which you can find on my blog at the following links:

Post 2: Generating Certificates for the identity Appliance/vCAC Appliance
Post 3: Generating Certificates for vCAC 6 IaaS Web Server & Manager Service


Eiad Al-Aqqad is a Senior Consultant within the SDDC Professional Services practice. He has been an active consultant using VMware technologies since 2006. He is VMware Certified Design Expert (VCDX#89), as well as an expert in VMware vCloud, vSphere, and SRM. Read more from Eiad at his blog, Virtualization Team, and follow him on Twitter @VirtualizationT.

New Technology Implementation Plan: Start by Stepping Back

Jeremy Carter headshotBy Jeremy Carter, VMware Senior Consultant

I’ve been working on a customer engagement recently that takes advantage of vCloud Automation Center (vCAC), which is designed to centralize and automate key IT activities, freeing the organization to focus on the needs of internal and external customers.

In our deployment of vCAC, I’ve been reminded of a key principal of IT and business transformation: The technology is only part of the process. Often a shift in technology requires a period of assessment and realignment that is as valuable as the technology itself.

When the VMware Professional Services team is brought in for an engagement, the company wants to get the best return on its investment, so the IT team is receptive to our schedule of meetings and stock-taking. But every IT organization will benefit by starting their new technology implementation plan by stepping back to survey the systems in place before integrating a new one.

We put a lot of emphasis on investigating how things are currently done, often starting by asking the teams to draw their processes, for creating a virtual machine, for instance. Frequently we find they have two or three different processes in place, depending on who’s making request. This is especially common in government and higher education, where each department is likely to have it’s own IT team and strategy.

The unfortunate fact is that automation still scares people, thinking they’re going to be out of a job. On the contrary, if you look at any IT organization out there, you’ll see that it’s overwhelmed with tasks, many of which are never getting done. Automation can give them time back to focus on what’s important to their customers.

A new implementation is a perfect opportunity to look at which processes are working the best and align all the teams to them. When a team sees that they’ll be able to provide a better experience and quicker turnaround, their resistance to automation often fades.

And luckily vCAC provides enough flexibility that users don’t have to adopt exactly the same systems across the organization. With a college I worked with recently, we were able to build on what teams are already doing. Next we focused on handoff systems to cut down on the number of emails flying around: one for DNS, another to install the OS, etc.

This process—of assessing current processes, building in automation and consistency, and then refocusing on customer needs—is undeniably valuable. But it does take time. It’s worth putting these reassessments on the calendar every 6 or 12 months; if that doesn’t work, I recommend taking the opportunity presented by the implementation of a new technology to keep moving toward the best your organization can be.


Jeremy Carter is a Senior Consultant with VMware and is focused on the Software Defined Data Center (SDDC). He has special expertise in cloud infrastructure and automation, and BCDR. Over his 14 years in IT he has gained a variety of experience as an architect, DBA, and developer. Prior to joining VMware, Jeremy was a Principal Architect at one of the largest VMware service providers.