vRealize Automation simplifies the management of cloud workloads deployed for Amazon AWS, virtual workloads for KVM, vSphere and Hyper-v, yet this is nothing new! This gives vRealize Automation broad reach to manage workloads for heterogeneous clouds. Until now IBM’s Power Systems PowerVM hypervisor part of this space has been unmanageable by vRealize Automation. vRealize Automation can now manage these heterogeneous platforms and clouds to give users the right solution, in the right cloud, though a single experience.
Fast forward to vRealize Automation 7.1 and realize that IBM PowerVC 1.2.3 and later comes with a fully compliant OpenStack implementation starting at Juno. Using the OpenStack endpoint type vRealize Automation can manage Power Systems the same way that it manages other x86 hypervisors. This unifies x86 and IBM PowerVM based workloads under a single management plane and gives users a single experience.
vRealize Automation Configuration
Configure the DEM workers for TLS 1.2:
- Every DEM-worker node must be configured to support proper TLS 1.2 communication between DEM-worker service and IBM PowerVC instance.
- Disable RC4 in Microsoft .NET Framework
- On DEM-worker node, follow Microsoft Security Advisory 2960358. Install the necessary security update for Microsoft .NET Framework 4.5.2. This update disables RC4 in TLS protocol. It also changes the SSL/TLS default protocol from TLS 1.0 | SSL 3.0 to TLS 1.2 | TLS 1.1 | TLS 1.0 if the node runs a .NET application on the .NET 4.5 runtime or higher.
Check the IBM PowerVC SSL Certificate
PowerVC will only work properly when accessed by IP address, if DNS is not configured on the PowerVC system. Check this by examining the X.509 certificate presented by PowerVC to see if the hostname is included in the certificate. Correct the name resolution issues on the system, if that’s an issue. Then run the following command to reconfigure PowerVC instance with the hostname:
powervc-config general ifconfig --set
Install IBM PowerVC SSL Certificate
- If the PowerVC instance issues a self-signed or untrusted certificate, it must be installed into Trusted Root
- Certification Authorities store for Computer account on DEM-worker node. Obtain the certificate and use the certificates snap-in from Microsoft Management Console to install it.
Configuring the PowerVC endpoint happens just like any other OpenStack endpoint.
- Input your endoint address, for PowerVC, typically:
- Choose a credential or create a new one using the credential dialog
- Set the OpenStack tenant name as the OpenStack Project (note: if you add multiple tenants make sure to tie your blueprints and reservations together using reservation policies)
- To use Openstack Keystone v3 identity provider when connecting to IBM PowerVC. Add «VMware.Endpoint.Openstack.IdentityProvider.Version » custom property to vRA Openstack endpoint and set the property value to «3 ».
Now you can build blueprints for x86 and Power Systems from the same portal. Stay tuned for a follow up on using vRealize Orchestrator to customize AIX, Linux and IBM i LPARs deployed from vRealize Automation
2 comments have been added so far
Note that with vRealize Automation 7.3, you will also need to add a «VMware.Endpoint.Openstack.IdentityProvider.Domain.Name» custom property on the endpoint with the value «Default». And I think the TLS 1.2 and RC4 stuff is old information at this point.