vRealize Automation (vRA) 8.3 is the first 8.x version in our move to quarterly releases for on premises installations. vRA Cloud still offers monthly updates, which roll into the on premises versions, now on a quarterly basis. For this release our team added quite a few great features including our first integration with VMware’s recent Salt Stack acquisition. The team didn’t stop there though, we’re also introducing secrets and secure properties, the ability to work with Property Groups, migrate your workload’s networking and security to NSX-T, custom resources and forms updates, and much more. As usual, I’ve linked blogs for the bigger features that you can click to learn more.
Salt Stack Config Integration
SaltStack Config is now integrated into the UI of vRA 8.3. vRealize Lifecycle Manager (vRSLCM) can deploy SaltStack Config and register with the vRA instance of choice to provide UI integration. Property Groups are also created for Cloud Templates that reference the SaltStack Config master IP and fingerprint.
Secrets and Secure Properties
You can manage encrypted secrets variables AKA Secure Properties within the project scope and use in cloud templates. ABX actions can use now encrypted input values called “Secrets” for protecting sensitive data, such as passwords or certificates.
Property Groups enhance Cloud Templates allowing users to save time by reusing pre-defined properties. Property Groups can be both inputs and custom properties with pre-defined data.
NSXv to NSX-T Migration
vRA Migration Assistant has been updated to work with the NSX-T Migration Coordinator. As you move from NSXv to NSX-T, the tools will work together to update vRA deployments with the new networking and security configurations. You need to have migrated any workload and associated networking and security resources to vRA 8.3 and running NSX-T 3.1.1 to migrate. In this release, we support the following topologies for migration:
- On-demand Routed Networks (Static or DHCP)
- On-demand Private Networks (Static or DHCP)
- On-demand and existing Security Groups
- On-demand One-armed LBs on Existing Networks
Check out the NSX v2T Migration Guide for additional information.
Network Automation Enhancements
This release adds support for shared T-1 Gateways and ESGs at the deployment level. The Cloud Template canvas also includes a new NSX NAT resource. In the previous release we defined DNAT and PAT rules as part of the Gateway resource. If you have Cloud Templates where those rules are still set on the Gateway, they’ll still work. As you iterate on Cloud Template versions, we recommend shifting your rules to the new NAT resource.
Security Group membership can now be modified on the Cloud Template and changed using a deployment update. Also firewall rule reconfiguration is provided as a day-2 action for deployments. There are now options to set Active and Passive Health Monitors for NSX-T Load Balancers from the Cloud Template and as a day-2 action.
Global and Tenant-based Image Mappings and Flavors
In vRA 8.2 we introduced Virtual Private Zones, which included the ability to define Images and Flavors within that zone. With 8.3, Image Mappings and Flavor Mappings are no longer part of VPZs and can be allocated to individual Tenants or all Tenants under Tenant Management. Your existing VPZ mapped Images and Flavors will still work until you’re ready to shift to the new model.
Our vRealize Operations integration has expanded to include support for new alerts, optimization, capacity, and utilization views. vRA has an Alerts view on the top menu bar, which rolls-up alerts for all deployments in a single view. Alerts have clickable links to deployments where you can optimize resources, including rightsizing, powering off, or deleting VMs based on vROps performance and utilization metrics. You can also view optimization opportunities by navigating to a Cloud Zone and selecting Insights. The new Insights feature in a Cloud Zone is still in beta and presents information on compute resources, including time remaining before CPU and Memory resource are exhausted, available capacity, demand, and allocation of resources. These details can be used to make decision on how to allocate resources to Projects and set limits over resource use.
Deployments can now have their ownership changed as a day-2 action. The new owner needs to be a member of the same Project as the deployment. Also you can set ownership when onboarding a workload. If you are migrating from vRA 7.x, 8.3 Migration Assistant will set the original owner as part of the migration process as well.
This release includes a number of important new improvements for Onboarding plans.
- Onboard Disks attached to a VM. Besides just the boot disk, you can now onboard additional disks that are attached to a VM
- Custom Properties can be added to both VM and Onboard Plan. The Custom Properties added to a VM can be seen when deployments are complete
- Change owner when a deployment is created. In the onboarding plan, you can now change who the owner will be once you do a deployment from the onboard plan
Use Custom Resource types and Day 2 actions forms to create field bindings for custom reference types. This allows for customization such as concatenating names with various fields that exist within a deployment.
Terraform Provider Enhancements
The version 0.3.4 Terraform Provider for vRealize Automation is available, which includes Support First Class Disk Resource Types and support to set up VMC Infrastructure in vRA. The Provider is available on the Terraform Registry as well.
Custom Forms Updates
Value and Multi-value picker enhancements
- Ability to browse full details while searching via “show all” option.
- Support for reference object types in Multi Value Picker
- Limit the number of results returned for searches based on Object Types, you can create a filter action and bind the filter results to the search term.
New Active Directory Cloud Template Properties
You now have the ability to override the relativeDN settings for a Project and place machine accounts in a different relativeDN based on the YAML properties of the machine resource. Additionally, you can instruct vRA to ignore the Project’s relativeDN, in which case no machine account is created in Active Directory for that deployment. Overrides and ignores are enabled on a per Project basis, as shown in the screenshot; the specific relativeDN and Ignores are set in the Cloud Template.
Project-based Placement Policy
Placement behavior can now be changed at the Project level. The new feature allows you to distribute a deployment across multiple equivalent Cloud Zones when you select the SPREAD placement policy. All cloud types are supported. The Zone with the smallest number of VMs per host will be selected. For vSphere workloads, you can then use DRS for further placement. The Project level placement policy does not replace the Cloud Zone level placement policy. Once a Cloud Zone is selected, the Zone placement policy is then used.
New Easy Installer Options
- Set appliance sizing for vRA and vIDM – as a side note, vRA also has a scale-up option within vRSLCM now
- Enable FIPS mode for vRA and vRSLCM – FIPS mode is only able to be enabled during a new installation. You cannot enable or disable FIPS following installation
- Set IP ranges for vRA’s internal K8s Cluster and Services
- Add additional storage space for vRSLCM – Recommended before you update or patch vRealize Suite products.
We are starting 2021 off on a high note with the release of vRA 8.3. The team has been busy delivering the features you have been asking for. If you haven’t installed vRA 8.x yet, there’s never been a better time to get started!