Home > Blogs > vCloud Architecture Toolkit (vCAT) Blog


vRealize Automation Configuration with CloudClient for vCloud Air Network

As a number of vCloud Air Network service providers start to enhance their existing hosting offerings, VMware are seeing some demand from service providers to offer a dedicated vRealize Automation implementation to their end-customers to enable them to offer application services, heterogeneous cloud management and provisioning in a self-managed model.

This blog post details an implementation option where the vCloud Air Network service provider can offer “vRealize Automation as a Service” hosted in a vCloud Director vApp, with some additional automated configuration. This allows the service provider to offer vRealize Automation to their customers based out of their existing multi-tenancy IaaS platforms and achieve high levels of efficiency and economies of scale.

“vRealize Automation as a Service”

During a recent Proof of Concept demonstrating such a configuration, an vCloud Director Organizational vDC was configured for tenant consumption.  Within this Org vDC a vApp containing a simple installation of vRealize Automation was deployed that consisted of a vRealize Automation Appliance and one Windows Server for IaaS components and an instance of Microsoft SQL.  With vRealize Automation successfully deployed, the vRealize Automation instance was customized leveraging vRealize CloudClient via Microsoft PowerShell scripts.  Using this method for configuration of the tenant within vRealize Automation reduced the deployment time for vRealize Automation instances while ensuring that the vRealize Automation Tenant configuration was consistent and conformed to the pre-determined naming standards and conventions required by the provider.

vRaaS vCAN Operations

vRealize Automation

To reduce the complexity of the implementation vRealize Automation was deployed within a vApp using the simple install method as this was determined to meet the anticipated user and workload requirements for actual consumers.  In this solution we leveraged the minimal installation where each instance of vRealize Automation consists of:

  • vRealize Automation Appliance – The vRealize Automation Appliance provides the vRealize Automation portal, Identity services, and vRealize Orchestrator.
  • Windows IaaS Server – The vRealize Automation server will include an instance of Microsoft SQL, the vRealize Automation Model Manager, vRealize Automation Manager Service, DEM Orchestrator and DEM Worker.

 Tenant Consumption2

vRealize Automation Deployment

Deployment of vRealize Automation can be carried out by either a manual configuration or scripted installation.  Due to the new installation wizard introduced in vRealize Automation 7, the level of effort required for a Simple Install of vRealize Automation has be reduced.  For the purposes of this discussion we will assume that the manual installation method for vRealize Automation deployment is used.

 

vRealize Automation Configuration

An important place to introduce automation in this process is the configuration of vRealize Automation for relevant creation of Fabric Groups, Business Groups as well as Blueprint and Entitlement configuration. vCloud Air Network Operation Admins can choose to script these configuration steps by leveraging vRealize CloudClient.  Leveraging the vRealize Automation API, CloudClient is a Java based command line utility which can be used for the configuration of vRealize Automation as well as the display and export of configuration details for vRealize Automation.  Let’s take a look at some of the considerations when using CloudClient and Microsoft PowerShell when carrying out post configuration tasks.

PowerShell Script and Cloud Client

When using CloudClient for scripting, one of the first steps is to create and configure the  cloudclient.properties file.  This file contains the environment variables to be used when calling CloudClient for scripting tasks.  Please refer to the CloudClient documentation for details steps on the creation and configuration of the cloudclient.properties file.

The PowerShell script will be configured to accept a set of parameters to be included in line when the script is executed.  One benefit of doing this upfront is that the script will already be configured for remote execution from an orchestration engine such as vRealize Orchestrator.

param(
$idStoreDomain,
$idStoreBaseDn,
$idStoreLoginUserDn,
$idStoreDcUrl,
$tenantName,
$customerPrefix,
$credsUserName, 
$credsPassword, 
$ComputeResourceName
)

 
CloudClient Environment Variables

While the cloudclient.properties files contains settings that can be leveraged for scripted execution of CloudClient commands, these setting are static and may need to be changed during the scripted execution of some CloudClient commands to ensure the correct credentials are used for the successful execution of commands.  For example, while most CloudClient commands require credentials with the Tenant Administrator role, other commands such as “vra identitystore add” and require the System Administrator account administrator@vsphere.local account for successful execution.

To address this in the PowerShell script, we Prefix CloudClient environment variables with “$env:” followed by the name of the CloudClient environment variable to be updated.  Here is an example of updating the required environment variables to run CloudClient with the administrator@vsphere.local user.

##---------------------------------------------------------------------------
## Set the Enviroment Variables for use with the Add Identity Source Command
##---------------------------------------------------------------------------

$env:CLOUDCLIENT_SESSION_KEY="administrator"
$env:vra_server="vra01.corp.local"
$env:vra_username="administrator@vsphere.local"
$env:vra_tenant="vsphere.local"
$env:vra_password="VMware1!"

 

After the credentials for the administrator@vsphere.local account have been set, the we can proceed to execute the CloudClient commands to add the required accounts to the Tenant Administrator role and IaaS Administrator role:

###-------------------------------------------------------------------------
### 'vra tenant identitystore add' Section - Add Identity Store to 
###  vsphere.local Tenant
###-------------------------------------------------------------------------


## Construct 'vra identitystore add' Command
$idStoreAddCommand = $CMD + " vra tenant identitystore add --tenantname " + $tenantName + " --name "+ $idStoreDomain + " --domain " + 
$idStoreDomain + " --groupbasedn " + $idStoreBaseDn + " --userdn " + $idStoreLoginUserDn + " --password " + $credsPassword + 
" --type AD --url " + $idStoreDcUrl + " --userbasedn " + $idStoreBaseDn

## Print 'vra identitystore add' Command to screen and then execute
Write-Host $idStoreAddCommand
Invoke-Expression $idStoreAddCommand


###-------------------------------------------------------------------------
### 'vra tenant admin update' Section - Update Infrastructure Admin role for 
###  vsphere.local Tenant
###-------------------------------------------------------------------------

## Declare IaaS Admin Group
$iaasGroup = $customerPrefix + "-iaasadmin@" + $idStoreDomain

## Construct 'vra tenant admin update' Command
$tenantUpdateCommand = $CMD + " vra tenant admin update --tenantname " + 
$tenantName + " --role IAAS_ADMIN --action ADD --users " + $iaasGroup

## Print 'vra tenant admin update' Command to screen and then execute
Write-Host $tenantUpdateCommand
Invoke-Expression $tenantUpdateCommand 

 

In the above example, we declare variables to construct the CloudClient commands “vra tenant identity store add” and “vra tenant admin update” with the desired parameters, of which the former requires the administrator@vsphere.local credentials.  We then use the “Invoke-Expression” PowerShell commandlet to run the resulting CloudClient commands.

Once we have completed the necessary commands to update the Tenant and IaaS Administrator roles, we can update the environment credential variables for proper execution of vRealize Automation Tenant constructs:

##------------------------------------------------------------------
## Set Environment Variables for use with the rest of the commands
##------------------------------------------------------------------

$env:CLOUDCLIENT_SESSION_KEY="configurationadmin"
$env:vra_server="vra01.corp.local"
$env:vra_username="configurationadmin@vsphere.local"
$env:vra_tenant="vsphere.local"
$env:vra_password="VMware1!" 

 

At this point, additional scripting can be created to continue the customer configuration of the tenant such as:

  • Creation of the customer’s vCloud Director Organization vDC as an Endpoint
  • Fabric Group creation
  • Machine prefix
  • Business Group creation

Additionally, Services, Entitlements and the required Actions can be created for the consumption of pre created Converged Blueprints backed by standard templates offered by the vCloud Air Network Service Provider.  Once the necessary scripted tasks have been completed, reservations are created manually and the vRealize Automation instance can be turned over to the customer.

Conclusion

In this post we have explored some basic examples of using CloudClient and PowerShell to script the configuration of vRealize Automation.  This powerful tool can also be used by vCloud Air Network partners to automate the configuration of vRealize Automation instances on a per customer basis, creating a “vRealize Automation as a Service” (vRAaaS) offering that is managed by the service provider, combining the multi-tenancy of vCloud Director with the unique self-service portal experience of vRealize Automation.