VMware vRealize Automation - 6.2 User Manual

IaaS Configuration for Cloud Platforms
vRealize Automation 6.2
IaaS Configuration for Cloud Platforms
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
VMware, Inc.
3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
Copyright © 2008–2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc. 2

Contents

IaaS Configuration for Cloud Platforms 6
Updated Information 6
Using the Goal Navigator 7
Configuring IaaS 8
1
Configuring IaaS for Cloud Checklist 8
Custom Properties in Machine Provisioning, Blueprints, and Build Profiles 9
Order of Precedence for Custom Properties 10
Bringing Resources Under vRealize Automation Management 11
Store User Credentials for Cloud Endpoints 12
Choosing an Endpoint Scenario 12
Create an Amazon AWS Endpoint 13
Create an OpenStack or PowerVC Endpoint 14
Preparing an Endpoint CSV File for Import 15
Import a List of Endpoints 16
Create a Fabric Group 17
Configure Machine Prefixes 18
Create a Business Group 19
Managing Key Pairs 20
Create a Key Pair 20
Upload the Private Key for a Key Pair 21
Export the Private Key from a Key Pair 21
Cloud Reservations 22
Cloud Reservation Selection 22
Choosing a Reservation Scenario 23
Create an Amazon AWS Reservation (non-VPC) 23
Create an Amazon AWS Reservation (VPC) 26
Create a Red Hat OpenStack Reservation 29
VMware, Inc.
Optional Configurations 33
2
Build Profiles and Property Sets 33
Create a Property Set 34
Create a Build Profile 35
Configuring Reservation Policies 37
Configure a Reservation Policy 37
Static IP Address Assignment 39
Create a Network Profile for Static IP Address Assignment 39
Assign a Network Profile to a Reservation 41
3
IaaS Configuration for Cloud Platforms
Cost Information for Cloud Machines 42
Using Optional Amazon Features 43
Using Security Groups for Amazon Web Services 43
Understanding Amazon Web Service Regions 43
Using Virtual Private Cloud 44
Using Elastic Load Balancers 44
Using Elastic IP Addresses 44
Using Elastic Block Storage 45
Using Optional Red Hat OpenStack Features 46
Using Security Groups 46
Using Floating IP Addresses 46
Preparing for Provisioning 47
3
Choosing a Cloud Provisioning Scenario 47
Preparing for Amazon Provisioning 47
Understanding Amazon Machine Images 48
Understanding Amazon Instance Types 49
Add an Amazon Instance Type 49
Preparing for OpenStack Provisioning 50
Preparing for Virtual Machine Image Provisioning 50
Preparing for Linux Kickstart Provisioning 51
Preparing for WIM Provisioning 53
Creating a Cloud Blueprint 63
4
Choosing a Blueprint Scenario 63
Create an Amazon AWS Blueprint 64
Specify Amazon AWS Blueprint Information 65
Specify Amazon AWS Blueprint Build Information 66
Configure Amazon Machine Resources 66
Add Amazon AWS Blueprint Custom Properties 67
Configure Amazon AWS Blueprint Actions 68
Create a Basic Red Hat OpenStack Blueprint 69
Specify Basic Red Hat OpenStack Blueprint Information 69
Specify Basic Red Hat OpenStack Blueprint Build Information 70
Add Basic Red Hat OpenStack Blueprint Custom Properties 71
Configure Basic Red Hat OpenStack Blueprint Actions 72
Create a Red Hat OpenStack Blueprint for Linux Kickstart Provisioning 73
Specify Linux Kickstart Blueprint Information 73
Specify Linux Kickstart Blueprint Build Information 75
Add Required Properties to a Linux Kickstart Blueprint 76
Configure Linux Kickstart Blueprint Actions 79
VMware, Inc. 4
IaaS Configuration for Cloud Platforms
Create an OpenStack Blueprint for WIM Provisioning 80
Specify WIM Blueprint Information 81
Specify WIM Blueprint Build Information 82
Add Required Properties to a WIM Blueprint 83
Configure WIM Blueprint Actions 88
Publish a Blueprint 88
Configuring Advanced Blueprint Settings 90
5
Reservation Policies 90
Add a Reservation Policy to a Blueprint 91
Configuring Network Settings 91
Add a Network Profile for Static IP Assignment to a Blueprint 92
Custom Properties for Networking 93
Enabling Visual Basic Scripts in Provisioning 96
Call a Visual Basic Script from a Blueprint 97
Add Active Directory Cleanup to a Blueprint 98
Enabling Remote Desktop Connections 100
Configure Connections Using RDP 100
Enable Connections Using RDP 101
Enable Connections Using SSH 102
Managing Cloud Infrastructure 104
6
Managing Resource Usage 104
Resource Usage Terminology 104
Choosing a Resource Monitoring Scenario 105
Data Collection 106
Start Endpoint Data Collection Manually 107
Configure Compute Resource Data Collection 107
Manage Amazon EBS Volumes 109
Connecting to a Cloud Machine 109
Collect User Credentials for an Amazon Machine 110
Monitoring Workflows and Viewing Logs 112
7
Machine Life Cycle and Workflow States for Cloud Platforms 113
8
VMware, Inc. 5
IaaS Configuration for Cloud Platforms

IaaS Configuration for Cloud Platforms provides information about integrating cloud platforms such as

Amazon Web Services and Red Hat Enterprise Linux OpenStack Platform with
VMware vRealize ™ Automation.
This documentation guides you through the following processes:
n
Bringing resources under vCloud Automation Center management
n
Configuring IaaS features and policies
n
Preparing for provisioning
n
Creating machine blueprints
All of the IaaS configuration steps that you must complete before machine provisioning are included in this document. For information about how to manage provisioned machines, see Tenant Administration.
Note Not all features and capabilities of vRealize Automation are available in all editions. For a
comparison of feature sets in each edition, see https://www.vmware.com/products/vrealize-automation/.
Intended Audience
This information is intended for IaaS administrators, fabric administrators, and business group managers
of vRealize Automation. This content is written for experienced Windows or Linux system administrators who are familiar with virtualization technology and the basic concepts described in Foundations and Concepts.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For
definitions of terms as they are used in VMware technical documentation, go to
http://www.vmware.com/support/pubs.

Updated Information

This IaaS Configuration for Cloud Platforms is updated with each release of the product or when
necessary.
This table provides the update history of the IaaS Configuration for Cloud Platforms.
VMware, Inc.
6
IaaS Configuration for Cloud Platforms
Revision Description
001644-04
001644-03 Updated the following topics:
001644-02 Updated Add Amazon AWS Blueprint Custom Properties.
001644-01 Updated the following topics regarding Amazon instance types:
001644-00 Initial 6.2 release.
n
Updates to Create an OpenStack or PowerVC Endpoint.
n
Update to clarify static IP for SCVMM is only supported for cloning Linux machines, and only if the guest agent is
installed on your templates. See Add a Network Profile for Static IP Assignment to a Blueprint.
n
Add Required Properties to a WIM Blueprint
n
Custom Properties for WIM Blueprints
n
Preparing for Amazon Provisioning
n
Understanding Amazon Instance Types
n
Configure Amazon Machine Resources

Using the Goal Navigator

The goal navigator guides you through high-level goals that you might want to accomplish in
vRealize Automation.
The goals you can achieve depend on your role. To complete each goal, you must complete a sequence
of steps that are presented on separate pages in the vRealize Automation console.
The goal navigator can answer the following questions:
n
Where do I start?
n
What are all the steps I need to complete to achieve a goal?
n
What are the prerequisites for completing a particular task?
n
Why do I need to do this step and how does this step help me achieve my goal?
The goal navigator is hidden by default. You can expand the goal navigator by clicking the icon on the left
side of the screen.
After you select a goal, you navigate between the pages needed to accomplish the goal by clicking each
step. The goal navigator does not validate that you completed a step, or force you to complete steps in a
particular order. The steps are listed in the recommended sequence. You can return to each goal as many
times as needed.
For each step, the goal navigator provides a description of the task you need to perform on the
corresponding page. The goal navigator does not provide detailed information such as how to complete
the forms on a page. You can hide the page information or move it to a more convenient position on the
page. If you hide the page information, you can display it again by clicking the information icon on the
goal navigator panel.
VMware, Inc. 7
Configuring IaaS 1
Preparation is required by IaaS administrators, tenant administrators, and fabric administrators to bring
resources under vRealize Automation management, allocate resources to users, prepare for provisioning
machines, and create machine blueprints.
This chapter includes the following topics:
n

Configuring IaaS for Cloud Checklist

n
Custom Properties in Machine Provisioning, Blueprints, and Build Profiles
n
Bringing Resources Under vRealize Automation Management
n
Configure Machine Prefixes
n
Create a Business Group
n
Managing Key Pairs
n
Cloud Reservations
Configuring IaaS for Cloud Checklist
IaaS administrators, fabric administrators, tenant administrators, and business group managers perform
required and optional configurations to fully implement and customize vRealize Automation.
The Configuring IaaS Checklist provides a high-level overview of the sequence of steps required to have
a fully functioning IaaS instance.
Table 11. Configuring IaaS checklist
Task Required Role
Store credentials and create endpoints to bring resources under vRealize Automation
management.
See Bringing Resources Under vRealize Automation Management.
Configure the machine prefixes used to create names for machines provisioned through
vRealize Automation.
See Configure Machine Prefixes.
Create at least one business group of users who need to request machines.
See Create a Business Group.
VMware, Inc. 8
IaaS administrator
Fabric administrator
Tenant administrator
IaaS Configuration for Cloud Platforms
Table 11. Configuring IaaS checklist (Continued)
Task Required Role
Create at least one reservation to allocate resources to a business group.
See Choosing a Reservation Scenario.
Configure optional policies and settings.
See Chapter 2 Optional Configurations.
Depending on your intended method of provisioning, preparation outside of
vRealize Automation might be required before you can start creating machine blueprints. For
example, you might need to create the machine images required for your blueprints.
See Choosing a Cloud Provisioning Scenario.
Create and publish machine blueprints.
See Choosing a Blueprint Scenario.
Fabric administrator
Fabric administrator
Outside of vRealize Automation
n
Tenant administrator
n
Business group manager
Before users can request machines, a tenant administrator must configure the service catalog. See Tenant Administration.
Custom Properties in Machine Provisioning, Blueprints, and Build Profiles
Custom properties are name-value pairs used to specify attributes of a machine or to override default
specifications.
Different custom properties are used for different provisioning methods, types of machines, and machine
options. Custom properties can be used as described in the following examples:
n
Specify a particular type of guest OS
n
Enable WIM-based provisioning, in which a Windows Imaging File Format (WIM) image of a
reference machine is used to provision new machines
n
Customize the behavior of Remote Desktop Protocol when connecting to a machine
n
Register a virtual machine with a XenDesktop Desktop Delivery Controller (DDC) server
n
Customize a virtual machine’s system specifications, such as adding multiple hard disk drives
n
Customize the guest OS for a machine, for instance, by including specified users in selected local
groups
n
Enable cleanup of a the Active Directory account of a machine after it is destroyed
Specifying the characteristics of the machines to be provisioned is generally done by adding properties to
blueprints and build profiles. You can make custom properties available to multiple blueprints and all
business groups by placing them in build profiles.
Any property specified in a blueprint overrides the same property specified in the incorporated build
profile. This enables a blueprint to use most of the properties in a profile while differing from the profile in
some limited way. For more information, see Order of Precedence for Custom Properties..
VMware, Inc. 9
IaaS Configuration for Cloud Platforms
For example, a blueprint that incorporates a standard developer workstation profile might override the US
English settings in the profile with UK English settings. On the other hand, if no appropriate profile is
available all the needed properties can be specified in the blueprint itself. This arrangement ensures that
the number and complexity of blueprints remain manageable.
At new machine request time, vRealize Automation has not yet allocated a reservation and the compute
resource and endpoint are unknown as well. Therefore, only custom properties from a build profile,
blueprint and business group are reconciled and presented when the machine is requested.

Order of Precedence for Custom Properties

When the same property exists in more than one source, a specific order is followed when applying
properties to the machine.
You can add custom properties that apply to provisioned machines to the following elements:
n
A reservation, to apply the custom properties to all machines provisioned from that reservation
n
A business group, to apply the custom properties to all machines provisioned by business group
members
n
A global or local blueprint, to apply the custom properties to all machines provisioned from the
blueprint
n
Build profiles, which can be incorporated into any global or local blueprint, to apply the custom
properties to all machines provisioned from the blueprint
n
A machine request, if you are a business group manager, to apply the custom properties to the
machine being provisioned
n
The applicable approval policy, if any exist and if advanced approval support is enabled, to require
approvers to provide the values to be applied to the machine being approved
The full order of precedence for custom properties is that any property value specified in a source later in
the list overrides values for the same property specified in sources earlier in the list. The order is shown in
the following list:
1 Build profile
2 Blueprint
3 Business group
4 Compute resource
5 Reservations
6 Endpoint
7 Runtime
For vApps, the order is similar, as shown in the following list:
1 Build profile, specified on a vApp component blueprint
2 vApp component blueprint
VMware, Inc. 10
IaaS Configuration for Cloud Platforms
3 Build profile, specified on a vApp blueprint
4 vApp blueprint
5 Business group
6 Compute resources
7 Reservations
8 Endpoint
9 Runtime specified on a vApp
10 Runtime specified on a component machine
Any runtime property takes higher precedence and overrides a property from any source. A custom
property is marked as runtime if the following conditions exist:
n
The property is marked as Prompt User, which specifies that the user must supply a value for it when
requesting a machine. This requires that the machine requestor customize individual characteristics
of each machine, or gives them the option of doing so when a default value is provided for the
required property.
n
A business group manager is requesting a machine and the property appears in the custom
properties list on the Properties tab of the Confirm Machine Request page.
Custom properties in reservations and business groups may be applied to many machines so they should
be used carefully. Their use is typically limited to purposes related to their sources, such as resource
management, line of business accounting, and so on. Specifying the characteristics of the machine to be
provisioned is generally done by adding properties to blueprints and build profiles.
Each blueprint of any type can optionally incorporate one or more build profiles and thereby inherit the
custom properties in those profiles. Build profiles are especially useful for applying common sets of
properties for specific purposes to a wide range of blueprints. For example, your site might want to add a
second disk to, customize Microsoft Remote Desktop Protocol behavior for, and enable Active Directory
cleanup for a wide variety of machines. If a build profile with the necessary properties is created, it can be
incorporated into all of your blueprints, local or global.
When creating and managing build profiles, a fabric administrator can load a number of predefined
property sets to add several related properties all at once, instead of one by one.

Bringing Resources Under vRealize Automation Management

For vRealize Automation to manage your infrastructure, IaaS administrators must create endpoints, store
administrator-level user credentials for those endpoints, and add compute resources to a fabric group.
Depending on your environment, the procedure for creating endpoints and storing credentials differs
slightly.
VMware, Inc. 11
IaaS Configuration for Cloud Platforms
For cloud platforms, compute resources represent regions rather than specific virtualization hosts.
vRealize Automation collects information about the regions available on each cloud endpoint and an IaaS
administrator can add the regions to a fabric group.

Store User Credentials for Cloud Endpoints

An IaaS administrator stores administrator-level credentials so that vRealize Automation can
communicate with your cloud endpoints. Because the same credentials can be used for multiple
endpoints, credentials are managed separately from endpoints and associated when endpoints are
created or edited.
Prerequisites
Log in to the vRealize Automation console as an IaaS administrator.
Procedure
1 Select Infrastructure > Endpoints > Credentials.
2 Click New Credentials.
3 Enter a name and, optionally, a description.
4 Type the credentials in the User name and Password text boxes.
Cloud Platform Description
Amazon AWS Type the access key ID into the User name text box and the Secret access key
into the Password text boxes.
For example:
n
User name: AKIAIOSFODNN7EXAMPLE
n
Password: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
For information about obtaining your access key ID and secret access key, see
the Amazon documentation.
Red Hat OpenStack Type the user name and password for Red Hat OpenStack user account.
The credentials you provide must be a user in the Red Hat OpenStack tenant
associated with the endpoint. If you have multiple Red Hat OpenStack endpoints
associated with different Red Hat OpenStack tenants, you can store the
credentials for a single user who is an administrator in all the tenants, or separate
administrator users for each Red Hat OpenStack tenant.
5
Click the Save icon (
What to do next
).
Now that your credentials are stored, you are ready to create an endpoint.

Choosing an Endpoint Scenario

IaaS administrators are responsible for creating the endpoints that allow vRealize Automation to
communicate with your infrastructure. Depending on your environment, the procedure to create the
endpoints differs slightly.
VMware, Inc. 12
IaaS Configuration for Cloud Platforms
Table 12. Choosing an Endpoint Scenario
Scenario Procedure
Connect to an Amazon AWS cloud service account. Create an Amazon AWS Endpoint
Connect to a Red Hat OpenStack tenant. Create an OpenStack or PowerVC Endpoint
Connect to a PowerVC tenant. Create an OpenStack or PowerVC Endpoint
Import a list of endpoints.
n
Preparing an Endpoint CSV File for Import
n
Import a List of Endpoints

Create an Amazon AWS Endpoint

An IaaS administrator creates an endpoint to connect to an Amazon Web Services instance.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Store User Credentials for Cloud Endpoints.
Procedure
1 Select Infrastructure > Endpoints > Endpoints.
2 Select New Endpoint > Cloud > Amazon EC2.
3 Enter a name and, optionally, a description.
Typically this name indicates the Amazon Web Services account that corresponds to this endpoint.
4 Select the Credentials for the endpoint.
Only one endpoint can be associated with an Amazon access key ID.
5 (Optional) Click the Use proxy server check mark box to configure additional security and force
connections to Amazon Web Services to pass through a proxy server.
a Type the host name of your proxy server in the Hostname text box.
b Type the port number to use for connecting to the proxy server in the Port text box.
c (Optional) Click the Browse icon next to the Credentials text box.
Select or create credentials that represent the user name and password for the proxy server, if
required by the proxy configuration.
6 (Optional) Add any custom properties.
7 Click OK.
After the endpoint is created, vRealize Automation begins collecting data from the Amazon Web Services
regions.
What to do next
Add the compute resources from your endpoint to a fabric group.
VMware, Inc. 13
IaaS Configuration for Cloud Platforms
See Create a Fabric Group.

Create an OpenStack or PowerVC Endpoint

An IaaS administrator creates an endpoint to allow vRealize Automation to communicate with your
OpenStack or PowerVC instance.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Store User Credentials for Cloud Endpoints.
n
Verify that your vRealize Automation DEMs are installed on a machine that meets the Openstack or PowerVC requirements. See Installation and Configuration.
Procedure
1 Select Infrastructure > Endpoints > Endpoints.
2 Select New Endpoint > Cloud > OpenStack.
3 Enter a name and, optionally, a description.
4 Type the URL for the endpoint in the Address text box.
Option Description
PowerVC The URL must be of the format https://FQDN/powervc/openstack/service.
For example:
https://openstack.mycompany.com/powervc/openstack/admin.
Openstack The URL must be of the format FQDN:5000 or IP_address:5000. Do not include
the /v2.0 suffix in the endpoint address. For example:
https://openstack.mycompany.com:5000.
5 Select the Credentials for the endpoint.
The credentials you provide must have the administrator role in the Red Hat OpenStack tenant
associated with the endpoint.
6 Type a Red Hat OpenStack tenant name in the OpenStack project text box.
If you set up multiple endpoints with different Red Hat OpenStack tenants, create reservation policies
for each tenant. This ensures that machines are provisioned to the appropriate tenant resources.
7 (Optional) Add any custom properties.
8 Click OK.
What to do next
Add the compute resources from your endpoint to a fabric group.
See Create a Fabric Group.
VMware, Inc. 14
IaaS Configuration for Cloud Platforms
Custom Properties for Openstack Endpoints
vRealize Automation includes custom properties you might want to use when you configure your
Openstack endpoints in vRealize Automation.
Table 13. Custom Properties for Openstack Endpoints
Custom Property Description
VirtualMachine.Admin.ConnectAddress.Regex
VirtualMachine.NetworkN.AddressM Defines additional M IP address allocated for an Openstack
VMware.Endpoint.Openstack.IdentityProvider.Version
Used by a vRealize Automation administrator to define a regular
expression to match an IP address for terminal connections,
such as an RDP connection. If matched, the IP address is saved
under the VirtualMachine.Admin.ConnectAddress custom
property. Otherwise, the first available IP address is designated.
For example, setting the property value to 10.10.0. allows
selection of an IP address from a 10.10.0.* subnet that is
assigned to the virtual machine. If the subnet has not been
assigned, the property is ignored.
This property is available for use with Openstack.
instance for network N, excluding the IP address set specified by the VirtualMachine.NetworkN.Address. property.
Additional addresses are displayed on the Network tab in the
Additional Addresses column.
This property is used by Openstack machine state data
collection.
While this property is only data-collected by the OpenStack
endpoint, it is not specific to OpenStack and can be used for
lifecycle extensibility by other endpoint types.
For 6.2.4 and 6.2.5, specifies the version of Openstack Identity
provider (Keystone) to use when authenticating an Openstack
endpoint. Configure a value of 3 to authenticate with Keystone
version 3 OpenStack Identity Provider. If you use any other
value, or do not use this custom property, authentication defaults
to Keystone version 2.
VMware.Endpoint.Openstack.Release
Specifies the OpenStack release, for example Havana or
Icehouse, when creating an OpenStack endpoint. Required for
6.2.1, 6.2.2, and 6.2.3 OpenStack provisioning. Deprecated as
of 6.2.4.

Preparing an Endpoint CSV File for Import

Instead of adding endpoints one at a time by using the vRealize Automation console, you can import a list
of endpoints of various types by uploading a CSV file.
The CSV file must contain a header row with the expected fields. Fields are case sensitive and must be in
a specific order. You can upload multiple endpoints of varying types with the same CSV file. For
vCloud Director, system administrator accounts are imported, rather than organization administrator
endpoints.
VMware, Inc. 15
IaaS Configuration for Cloud Platforms
Table 14. CSV File Fields and Their Order for Importing Endpoints
Field Description
InterfaceType
Address
Credentials
Name
Description
(Required)
You can upload multiple types of endpoints in a single file.
n
AmazonEC2
n
Openstack
n
vCloud
n
vCO
n
CiscoUCS
n
DellIdrac
n
HPIlo
n
NetAppOnTap
n
SCVMM
n
KVM
n
vSphere
(Required for all interface types except Amazon AWS) URL for the endpoint. For information
about the required format for your platform type, see the appropriate procedure to create an
endpoint for your platform.
(Required) Name you gave the user credentials when you stored them in vRealize Automation.
(Required) Provide a name for the endpoint. For RedHat Openstack, the address is used as the
default name.
(Optional) Provide a description for the endpoint.
DataCenter
Row
Rack
OpenstackProject
(Optional) For physical machines, you can provide the datacenter where the machine is located.
(Optional) For physical machines, you can provide the row where the machine is located.
(Optional) For physical machines, you can provide the rack where the machine is located.
(Required for RedHat Openstack only) Provide the tenant name for the endpoint.

Import a List of Endpoints

Importing a CSV file of endpoints can be more efficient than adding endpoints one at a time by using the
vRealize Automation console.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Store the credentials for your endpoints.
n
Prepare an Endpoint CSV file for import.
Procedure
1 Select Infrastructure > Endpoints > Endpoints.
2 Click Import Endpoints.
3 Click Browse.
VMware, Inc. 16
IaaS Configuration for Cloud Platforms
4 Locate the CSV file that contains your endpoints.
5 Click Open.
A CSV file opens that contains a list of endpoints in the following format:
InterfaceType,Address,Credentials,Name,Description
vCloud,https://abxpoint2vco,svc-admin,abxpoint2vco,abxpoint
6 Click Import.
You can edit and manage your endpoints through the vRealize Automation console.

Create a Fabric Group

An IaaS administrator can organize virtualization compute resources and cloud endpoints into fabric
groups by type and intent. An IaaS administrator also assigns one or more fabric administrators to
manage the resources in the fabric group.
You can grant the Fabric Administrator role to multiple users by either adding multiple users one at a time
or by choosing an identity store group or custom group as your fabric administrator.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Create at least one endpoint.
Procedure
1 Select Infrastructure > Groups > Fabric Groups.
2 Click New Fabric Group.
3 Enter a name in the Name text box.
4 (Optional) Enter a description in the Description text box.
5 Type a user name or group name in the Fabric administrators text box and press Enter.
Repeat this step to add multiple users or groups to the role.
6 Click one or more Compute resources to include in your fabric group.
Only templates that exist on the clusters you select for your fabric group are discovered during data
collection and available for cloning on reservations you create for business groups.
7 Click OK.
Fabric administrators can now configure machine prefixes.
Users who are currently logged in to the vRealize Automation console must log out and log back in to the
vRealize Automation console before they can navigate to the pages to which they have been granted
access.
VMware, Inc. 17
IaaS Configuration for Cloud Platforms
Configure Machine Prefixes
Fabric administrators create machine prefixes that are used to create names for machines provisioned
through vRealize Automation. Tenant administrators and business group managers select these machine
prefixes and assign them to provisioned machines through blueprints and business group defaults.
A prefix is a base name to be followed by a counter of a specified number of digits. When the digits are all
used, vRealize Automation rolls back to the first number.
Machine prefixes must conform to the following limitations:
n
Contain only the case-insensitive ASCII letters a through z, the digits 0 through 9, and the hyphen (-).
n
Not begin with a hyphen.
n
No other symbols, punctuation characters, or blank spaces can be used.
n
No longer than 15 characters, including the digits, to conform to the Windows limit of 15 characters in
host names.
Longer host names are truncated when a machine is provisioned, and updated the next time data
collection is run. However, for WIM provisioning names are not truncated and provisioning fails when
the specified name is longer than 15 characters.
n
vRealize Automation does not support multiple virtual machines of the same name in a single
instance. If you choose a naming convention that causes an overlap in machine names,
vRealize Automation does not provision a machine with the redundant name. If possible,
vRealize Automation skips the name that is already in use and generates a new machine name using
the specified machine prefix. If a unique name cannot be generated, provisioning fails.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Blueprints > Machine Prefixes.
2
Click the Add icon ( ).
3 Enter the machine prefix in the Machine Prefix text box.
4 Enter the number of counter digits in the Number of Digits text box.
5 Enter the counter start number in the Next Number text box.
6
Click the Save icon (
).
Tenant administrators can create business groups so that users can access vRealize Automation to
request machines.
VMware, Inc. 18
IaaS Configuration for Cloud Platforms

Create a Business Group

Tenant administrators create business groups to associate a set of services and resources to a set of
users, often corresponding to a line of business, department, or other organizational unit. Users must
belong to a business group to request machines.
To add multiple users to a business group role, you can add multiple individual users, or you can add
multiple users at the same time by adding an identity store group or a custom group to a role. For
example, you can create a custom group Sales Support Team and add that group to the support role. For information about creating custom groups, see Tenant Administration. You can also use existing identity
store user groups. The users and groups you choose must be valid in the identity store.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator.
n
Request a machine prefix from a fabric administrator. See Configure Machine Prefixes.
Procedure
1 Select Infrastructure > Groups > Business Groups.
2
Click the Add icon ( ).
3 (Optional) Select an existing business group from the Copy from existing group drop-down box.
Data from the group you chose appears.
4 Enter a name in the Name text box.
5 (Optional) Enter a description in the Description text box.
6 Select a Default machine prefix.
7 (Optional) Type a default Active directory container for machines provisioned in this group and
press Enter.
The Active Directory container is used only for WIM provisioning. Other provisioning methods require
additional configuration to join provisioned machines to an AD container.
8 Type a user name or group name in the Group manager role search box and press Enter.
Repeat this step to add more than one user or group to the role. You do not have to specify users at
this time. You can create empty business groups to populate later.
9 Type one or more user names or group names in the Send manager emails to text box and press
Enter.
Multiple entries must be separated with commas. For example,
JoeAdmin@mycompany.com,WeiMgr@mycompany.com.
VMware, Inc. 19
IaaS Configuration for Cloud Platforms
10 Add users to your business group.
Multiple entries must be separated by line breaks. You do not have to specify users at this time. You
can create empty business groups to populate later.
a Type a user name or group name in the Support role search box and press Enter.
Repeat this step to add more than one user or group to the role.
b Type a user name or group name in the User role search box and press Enter.
Repeat this step to add more than one user or group to the role.
11 (Optional) Add any custom properties.
12 Click OK.
Fabric administrators can now allocate resources to your business group by creating a reservation.

Managing Key Pairs

Key pairs are used to provision and connect to a cloud instance. A key pair is used to decrypt Windows
passwords or to log in to a Linux machine.
Key pairs are required for provisioning with Amazon AWS. For Red Hat OpenStack, key pairs are
optional.
Existing key pairs are imported as part of data collection when you add a cloud endpoint. A fabric
administrator can also create and manage key pairs by using the vRealize Automation console. If you
delete a key pair from the vRealize Automation console, it is also deleted from the cloud service account.
In addition to managing key pairs manually, you can configure vRealize Automation to generate key pairs
automatically per machine or per business group.
n
A fabric administrator can configure the automatic generation of key pairs at a reservation level.
n
If the key pair is going to be controlled at the blueprint level, the fabric administrator must select Not
Specified on the reservation.
n
A tenant administrator or business group manager can configure the automatic generation of key
pairs at a blueprint level.
n
If key pair generation is configured at both the reservation and blueprint level, the reservation setting
overrides the blueprint setting.

Create a Key Pair

A fabric administrator can create key pairs for use with cloud endpoints by using the vRealize Automation
console.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
An IaaS administrator must have created a cloud endpoint and added cloud compute resources to a
fabric group.
VMware, Inc. 20
IaaS Configuration for Cloud Platforms
Procedure
1 Select Infrastructure > Reservations > Key Pairs.
2 Click New Key Pair.
3 Enter a name in the Name text box.
4 Select a cloud region from the Compute resource drop-down menu.
5
Click the Save icon ( ).
The key pair is ready to use when the Secret Key column has the value ************.

Upload the Private Key for a Key Pair

A fabric administrator can upload the private key for a key pair in PEM format.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
You must already have a key pair. See Create a Key Pair.
Procedure
1 Select Infrastructure > Reservations > Key Pairs.
2 Locate the key pair for which you want to upload a private key.
3
Click the Edit icon (
).
4 Use one of the following methods to upload the key.
n
Browse for a PEM-encoded file and click Upload.
n
Paste the text of the private key, beginning with -----BEGIN RSA PRIVATE KEY----- and
ending with -----END RSA PRIVATE KEY-----.
5
Click the Save icon (
).

Export the Private Key from a Key Pair

A fabric administrator can export the private key from a key pair to a PEM-encoded file.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A key pair with a private key must exist. See Upload the Private Key for a Key Pair.
Procedure
1 Select Infrastructure > Reservations > Key Pairs.
2 Locate the key pair from which you want to export the private key.
VMware, Inc. 21
IaaS Configuration for Cloud Platforms
3
Click the Export icon ( ).
4 Browse to the location where you want to save the file and click Save.

Cloud Reservations

A cloud reservation provides access to the provisioning services of a cloud service account for a
particular business group.
A group can have multiple reservations on one endpoint or reservations on multiple endpoints.
A reservation may also define policies, priorities, and quotas that determine machine placement.

Cloud Reservation Selection

When a member of a business group requests a cloud machine, a reservation must be selected from the
reservations that belong to the business group.
The reservation on which a machine is provisioned must satisfy the following criteria:
n
The reservation must be of the same platform type as the blueprint from which the machine was
requested.
n
The reservation must be enabled.
n
The reservation must have capacity remaining in its machine quota or have an unlimited quota.
The allocated machine quota includes only machines that are powered on. For example, if a
reservation has a quota of 50, and 40 machines have been provisioned but only 20 of them are
powered on, the reservation’s quota is 40 percent allocated, not 80 percent.
n
The reservation must have the security groups specified in the machine request.
n
The reservation must be associated with a region that has the machine image specified in the
blueprint.
n
For Amazon machines, the request specifies an availability zone and whether the machine is to be
provisioned a subnet in a Virtual Private Cloud (VPC) or a in a non-VPC location. The reservation
must match the network type (VPC or non-VPC).
n
If the cloud provider supports network selection and the blueprint has specific network settings, the
reservation must have the same networks.
If the blueprint or reservation specifies a network profile for static IP address assignment, an IP
address must be available to assign to the new machine.
n
If the blueprint specifies a reservation policy, the reservation must belong to that reservation policy.
Reservation policies are a way to guarantee that the selected reservation satisfies any additional
requirements for provisioning machines from a specific blueprint. For example, if a blueprint uses a
specific machine image, you can use reservation policies to limit provisioning to reservations
associated with the regions that have the required image.
If no reservation is available that meets all of the selection criteria, provisioning fails.
VMware, Inc. 22
IaaS Configuration for Cloud Platforms
If multiple reservations meet all of the criteria, the reservation from which to provision a requested
machine is determined by the following logic:
n
Reservations with higher priority are selected over reservations with lower priority.
n
If multiple reservations have the same priority, the reservation with the lowest percentage of its
machine quota allocated is selected.
n
If multiple reservations have the same priority and quota usage, machines are distributed among
reservations in round-robin fashion.

Choosing a Reservation Scenario

A fabric administrator creates reservations to allocate resources to business groups. Depending on your
scenario, the procedure to create an endpoint differs.
Each business group must have at least one reservation for its members to provision machines of that
type. For example, a business group with a Red Hat OpenStack reservation, but not an Amazon AWS
reservation, cannot request a machine from Amazon AWS. The group must be allocated a reservation
specifically for Amazon AWS resources.
Table 15. Choosing a Reservation Scenario
Scenario Procedure
Create a reservation to allocate resources on Amazon AWS
(without using Virtual Private Cloud)
Create a reservation to allocate resources on Amazon AWS
using Virtual Private Cloud
Create a reservation to allocate resources on
Red Hat OpenStack

Create an Amazon AWS Reservation (non-VPC)

Create an Amazon AWS Reservation (VPC)
Create a Red Hat OpenStack Reservation
Create an Amazon AWS Reservation (non-VPC)
Fabric administrators must allocate resources to machines by creating a reservation before members of a
business group can request machines.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A tenant administrator must create at least one business group. See Create a Business Group.
Procedure
1 Specify Amazon AWS Reservation Information (non-VPC)
Each reservation is configured for a specific business group to grant them access to request
machines on a specified compute resource.
2 Specify Amazon AWS Key Pairs and Network Settings (non-VPC)
Configure the resources and network paths available to machines that are provisioned by using this
reservation.
VMware, Inc. 23
IaaS Configuration for Cloud Platforms
3 Configure Amazon AWS Alerts (non-VPC)
You can configure alerts to send email notifications whenever reservation resources are low.
Specify Amazon AWS Reservation Information (non-VPC)
Each reservation is configured for a specific business group to grant them access to request machines on
a specified compute resource.
Note After you create a reservation, you cannot change the business group or the compute resource.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Select New Reservation > Cloud and select the type of reservation you are creating.
Select Amazon EC2.
3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu.
Data from the reservation you chose appears, and you can make changes as required for your new
reservation.
4 Select a compute resource on which to provision machines from the Compute resource drop-down
menu.
When you select an available compute resource, the Name field automatically populates.
5 Select a tenant from the Tenant drop-down menu.
6 Select a business group from the Business group drop-down menu.
Only users in this business group can provision machines by using this reservation.
7 Select a reservation policy from the Reservation policy drop-down menu.
8 (Optional) Type a number in the Machine quota text box to set the maximum number of machines
that can be provisioned on this reservation.
Only machines that are powered on are counted towards the quota. Leave blank to make the
reservation unlimited.
9 Type a number in the Priority text box to set the priority for the reservation.
The priority is used when a business group has more than one reservation. A reservation with priority
1 is used for provisioning over a reservation with priority 2.
10 (Optional) Deselect the Enable this reservation check box if you do not want this reservation active.
11 (Optional) Add any custom properties.
Do not navigate away from this page. Your reservation is not complete.
VMware, Inc. 24
IaaS Configuration for Cloud Platforms
Specify Amazon AWS Key Pairs and Network Settings (non-VPC)
Configure the resources and network paths available to machines that are provisioned by using this
reservation.
Prerequisites
Specify Amazon AWS Reservation Information (non-VPC).
Procedure
1 Click the Resources tab.
2 Select a method of assigning key pairs to compute instances from the Key pair drop-down menu.
Option Description
Not Specified Controls key pair behavior at the blueprint level rather than the reservation level.
Auto-Generated per Business Group Every machine provisioned in the same business group has the same key pair,
including machines provisioned on other reservations when the machine has the
same compute resource and business group. Because key pairs generated this
way are associated with a business group, the key pairs are deleted when the
business group is deleted.
Auto-Generated per Machine Each machine has a unique key pair. This is the most secure method because no
key pairs are shared among machines.
Specific Key Pair Every machine provisioned on this reservation has the same key pair. Browse for
a key pair to use for this reservation.
3 Select one or more available zones in the Locations list to make them available for this reservation.
Because Amazon machine images are region-specific, the Amazon machine images specified in a
blueprint require that the requesting user select a location in the corresponding region. This allows
vRealize Automation to select an appropriate reservation during provisioning.
4 Select one or more security groups that can be assigned to a machine during provisioning from the
security groups list.
5 If Amazon elastic load balancing is enabled, select from the Load balancers list to apply to the
selected locations.
Do not navigate away from this page. Your reservation is not complete.
Configure Amazon AWS Alerts (non-VPC)
You can configure alerts to send email notifications whenever reservation resources are low.
Alerts are an optional step in the reservation configuration. If you do not want to set alerts, click OK to
save your reservation.
VMware, Inc. 25
IaaS Configuration for Cloud Platforms
If configured, alerts are generated daily, rather than when the specified thresholds are reached.
Important Notifications are only sent if emails are configured and notifications are enabled. See Tenant
Administration.
Prerequisites
Specify Amazon AWS Key Pairs and Network Settings (non-VPC).
Procedure
1 Click the Alerts tab.
2 Set capacity alerts to On.
3 Use the sliders to set thresholds for resource allocation.
4 Type one or more user email addresses or group names to receive alert notifications in the
Recipients text box.
Press Enter to separate multiple entries.
5 Select Send alerts to group manager to include group managers in the email alerts.
6 Choose a reminder frequency (days).
7 Click OK.
Tenant administrators and business group managers can now create blueprints. You can configure
optional policies such as reservation policies.

Create an Amazon AWS Reservation (VPC)

Fabric administrators must allocate resources to machines by creating a reservation before members of a
business group can request machines them .
Amazon Web Services users can create a Amazon Virtual Private Cloud to design a virtual network
topology according to your specifications. If you plan to use Amazon VPC, you must assign an
Amazon VPC to a vRealize Automation reservation.
Note After you create a reservation, you cannot change the business group or the compute resource.
For information about creating an Amazon VPC by using the AWS Management Console, see
Amazon Web Services documentation.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A tenant administrator must create at least one business group. See Create a Business Group.
n
Create an Amazon Virtual Private Cloud environment for use with vRealize Automation. See Using
Virtual Private Cloud.
VMware, Inc. 26
IaaS Configuration for Cloud Platforms
Procedure
1 Specify Amazon AWS with Amazon VPC Reservation Information
Fabric administrators configure each reservation for a specific business group to grant them access
to request machines on a specified compute resource.
2 Specify Amazon AWS with Amazon VPC Key Pairs and Network Settings
Configure the resources and network paths that are available to machines provisioned by using this
reservation.
3 Configure Amazon AWS with Amazon VPC Alerts
Optionally, you can configure alerts to send email notifications whenever reservation resources are
low.
Specify Amazon AWS with Amazon VPC Reservation Information
Fabric administrators configure each reservation for a specific business group to grant them access to
request machines on a specified compute resource.
Note After you create a reservation, you cannot change the business group or the compute resource.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Select New Reservation > Cloud and select the type of reservation you are creating.
Select Amazon EC2.
3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu.
Data from the reservation you chose appears, and you can make changes as required for your new
reservation.
4 Select a compute resource on which to provision machines from the Compute resource drop-down
menu.
When you select an available compute resource, the Name field automatically populates.
5 Select a tenant from the Tenant drop-down menu.
6 Select a business group from the Business group drop-down menu.
Only users in this business group can provision machines by using this reservation.
7 (Optional) Select a reservation policy from the Reservation policy drop-down menu.
This option requires additional configuration. You must create a reservation policy.
VMware, Inc. 27
IaaS Configuration for Cloud Platforms
8 (Optional) Type a number in the Machine quota text box to set the maximum number of machines
that can be provisioned on this reservation.
Only machines that are powered on are counted towards the quota. Leave blank to make the
reservation unlimited.
9 Type a number in the Priority text box to set the priority for the reservation.
The priority is used when a business group has more than one reservation. A reservation with priority
1 is used for provisioning over a reservation with priority 2.
10 (Optional) Deselect the Enable this reservation check box if you do not want this reservation active.
11 (Optional) Add any custom properties.
Do not navigate away from this page. Your reservation is not complete.
Specify Amazon AWS with Amazon VPC Key Pairs and Network Settings
Configure the resources and network paths that are available to machines provisioned by using this
reservation.
Prerequisites
Specify Amazon AWS with Amazon VPC Reservation Information.
Procedure
1 Click the Resources tab.
2 Select a method of assigning key pairs to compute instances from the Key pair drop-down menu.
Option Description
Not Specified Controls key pair behavior at the blueprint level rather than the reservation level.
Auto-Generated per Business Group Every machine provisioned in the same business group has the same key pair,
including machines provisioned on other reservations when the machine has the
same compute resource and business group. Because key pairs generated this
way are associated with a business group, the key pairs are deleted when the
business group is deleted.
Auto-Generated per Machine Each machine has a unique key pair. This is the most secure method because no
key pairs are shared among machines.
Specific Key Pair Every machine provisioned on this reservation has the same key pair. Browse for
a key pair to use for this reservation.
3 Select the Assign to a subnet in a VPC check box to open the Amazon VPC list.
4
Locate the Amazon VPC to assign and click the Edit icon (
) to open the Edit VPC page.
a In the Subnets list, select each subnet in the Amazon VPC that you want to be available for
provisioning.
b In the Security Groups list, select each group that can be assigned to a machine during
provisioning.
VMware, Inc. 28
IaaS Configuration for Cloud Platforms
c If you are using the elastic load balancer feature, select from the list of Load Balancers that
apply to the selected subnets to use in the Amazon VPC.
d Click the Save icon.
Do not navigate away from this page. Your reservation is not complete.
For related information about security groups, see Using Security Groups for Amazon Web Services.
For related information about load balancers, see Using Elastic Load Balancers.
Configure Amazon AWS with Amazon VPC Alerts
Optionally, you can configure alerts to send email notifications whenever reservation resources are low.
Alerts are an optional step in the reservation configuration. If you do not want to set alerts, click OK to
save your reservation.
If configured, alerts are generated daily, rather than when the specified thresholds are reached.
Important Notifications are only sent if emails are configured and notifications are enabled. See Tenant
Administration.
Prerequisites
Specify Amazon AWS with Amazon VPC Key Pairs and Network Settings.
Procedure
1 Click the Alerts tab.
2 Set capacity alerts to On.
3 Use the sliders to set thresholds for resource allocation.
4 Type one or more user email addresses or group names to receive alert notifications in the
Recipients text box.
Press Enter to separate multiple entries.
5 Select Send alerts to group manager to include group managers in the email alerts.
6 Choose a reminder frequency (days).
7 Click OK.
Tenant administrators and business group managers can create blueprints. You can configure optional
policies such as reservation policies.

Create a Red Hat OpenStack Reservation

Before members of a business group can request machines, fabric administrators must allocate
resources to them by creating a reservation.
VMware, Inc. 29
IaaS Configuration for Cloud Platforms
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A tenant administrator must create at least one business group. See Create a Business Group.
Procedure
1 Specify Reservation Information
Each reservation is configured for a specific business group to grant them access to request
machines on a specified compute resource.
2 Specify Key Pairs and Network Settings
Configure the key pairs, security groups, and networks available to machines provisioned through
this reservation.
3 Configure Alerts
Optionally, you can configure alerts to send notifications whenever reservation resources are low.
Specify Reservation Information
Each reservation is configured for a specific business group to grant them access to request machines on
a specified compute resource.
Note Once you create a reservation, you cannot change the business group or the compute resource.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Select New Reservation > Cloud > OpenStack.
3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu.
Data from the reservation you chose appears, and you can make changes as required for your new
reservation.
4 Select a compute resource on which to provision machines from the Compute resource drop-down
menu.
The reservation name appears in the Name text box.
5 Enter a name in the Name text box.
6 Select a tenant from the Tenant drop-down menu.
7 Select a business group from the Business group drop-down menu.
Only users in this business group can provision machines by using this reservation.
VMware, Inc. 30
IaaS Configuration for Cloud Platforms
8 (Optional) Select a reservation policy from the Reservation policy drop-down menu.
This option requires additional configuration. You must create a reservation policy.
9 (Optional) Type a number in the Machine quota text box to set the maximum number of machines
that can be provisioned on this reservation.
Only machines that are powered on are counted towards the quota. Leave blank to make the
reservation unlimited.
10 Type a number in the Priority text box to set the priority for the reservation.
The priority is used when a business group has more than one reservation. A reservation with priority
1 is used for provisioning over a reservation with priority 2.
11 (Optional) Deselect the Enable this reservation check box if you do not want this reservation active.
12 (Optional) Add any custom properties.
Do not navigate away from this page. Your reservation is not complete.
Specify Key Pairs and Network Settings
Configure the key pairs, security groups, and networks available to machines provisioned through this
reservation.
Prerequisites
Specify Reservation Information.
Procedure
1 Click the Resources tab.
2 Select a method of assigning key pairs to compute instances from the Key pair drop-down menu.
Option Description
Not Specified Controls key pair behavior at the blueprint level rather than the reservation level.
Auto-Generated per Business Group Every machine provisioned in the same business group has the same key pair,
including machines provisioned on other reservations when the machine has the
same compute resource and business group. Because key pairs generated this
way are associated with a business group, the key pairs are deleted when the
business group is deleted.
Auto-Generated per Machine Each machine has a unique key pair. This is the most secure method because no
key pairs are shared among machines.
Specific Key Pair Every machine provisioned on this reservation has the same key pair. Browse for
a key pair to use for this reservation.
3 Select one or more security groups that can be assigned to a machine during provisioning from the
security groups list.
4 Click the Network tab.
VMware, Inc. 31
IaaS Configuration for Cloud Platforms
5 Configure a network path for machines provisioned by using this reservation.
a Select a network path for machines provisioned on this reservation from the Network table.
b (Optional) Select a network profile from the Network Profile drop-down menu.
This option requires additional configuration to configure network profiles.
You can select more than one network path on a reservation, but only one network is selected when
provisioning a machine.
At this point, you can save the reservation by clicking OK. Optionally, you can configure email
notifications to send alerts out when resources allocated to this reservation become low.
Configure Alerts
Optionally, you can configure alerts to send notifications whenever reservation resources are low.
Alerts are an optional step in the reservation configuration. If you do not want to set alerts, click OK to
save your reservation.
If configured, alerts are generated daily, rather than when the specified thresholds are reached.
Important Notifications are only sent if emails are configured and notifications are enabled. See Tenant
Administration.
Prerequisites
Specify Key Pairs and Network Settings.
Procedure
1 Click the Alerts tab.
2 Set capacity alerts to On.
3 Use the sliders to set thresholds for resource allocation.
4 Type one or more user email addresses or group names to receive alert notifications in the
Recipients text box.
Press Enter to separate multiple entries.
5 Select Send alerts to group manager to include group managers in the email alerts.
6 Choose a reminder frequency (days).
7 Click OK.
Tenant administrators and business group managers can create blueprints. You can configure optional
policies such as reservation policies.
VMware, Inc. 32
Optional Configurations 2
You can configure optional policies and settings to give you more control over the resource usage of
provisioned machines.
This chapter includes the following topics:
n

Build Profiles and Property Sets

n
Configuring Reservation Policies
n
Static IP Address Assignment
n
Cost Information for Cloud Machines
n
Using Optional Amazon Features
n
Using Optional Red Hat OpenStack Features
Build Profiles and Property Sets
vRealize Automation contains property sets that fabric administrators can use when they create build
profiles.
Property sets are groups of related properties that are commonly used together in build profiles and
machine blueprints. Instead of adding custom properties to a build profile or a machine blueprint
individually, you can add an entire set to a build profile and provide the values.
Many commonly used property sets are included in vRealize Automation.
For example, the WimImagingProperties property set contains custom properties commonly used for
WIM-based provisioning:
n
Image.ISO.Location
n
Image.ISO.Name
n
Image.Network.Password
n
Image.Network.User
n
Image.WIM.Index
n
Image.WIM.Name
n
Image.WIM.Path
VMware, Inc.
33
IaaS Configuration for Cloud Platforms
As another example, the vApp property set contains the following custom properties that can be used for
vApp provisioning:
n
VirtualMachine.NetworkN.Name
n
VCloud.Template.MakeIdenticalCopy
n
VMware.SCSI.Type
n
Sysprep.Identification.DomainAdmin
n
Sysprep.Identification.DomainAdminPassword
n
Sysprep.Identification.JoinDomain
Fabric administrators can create their own property sets and add them to vRealize Automation.

Create a Property Set

Fabric administrators can create their own groupings of related custom properties and add them to
vRealize Automation for use in build profiles.
Property sets are available to fabric administrators of all tenants.
Procedure
1 Create a Property Set XML File
A fabric administrator defines property sets in an XML file and uploads them to vRealize Automation.
2 Add a Property Set to vRealize Automation
After you create a property set XML file, a fabric administrator can upload the property set to
vRealize Automation.
Create a Property Set XML File
A fabric administrator defines property sets in an XML file and uploads them to vRealize Automation.
If you edit a property set that is already in use in a build profile, vRealize Automation does not
automatically update the build profile. A fabric administrator must reload the property set to the build
profile.
Procedure
1 Create an XML file.
2 Insert the following version and encoding values into the schema declaration.
version="1.0" encoding="UTF-16".
3 Insert a <Doc> element.
<Doc>
</Doc>
VMware, Inc. 34
IaaS Configuration for Cloud Platforms
4 Insert a <CustomProperties> element in the <Doc> element.
<Doc>
<CustomProperties>
</CustomProperties>
</Doc>
5 Define the attributes of the custom property to include in the property set.
<Doc>
<CustomProperties>
<Property Name=”property_name" DefaultValue=”property_value" Encrypted=”true_or_false"
PromptUser="true_or_false"/>
</CustomProperties>
</Doc>
If you do not include the DefaultValue attribute, no default value is stored. If you do not include the
Encrypted or PromptUser attributes, they default to false.
6 Repeat Step 5 step for each property to include in the property set.
7 Save and close the file.
A fabric administrator can now upload your property set XML file to vRealize Automation.
Add a Property Set to vRealize Automation
After you create a property set XML file, a fabric administrator can upload the property set to
vRealize Automation.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
Create a property set XML file.
Procedure
1 Select Infrastructure > Blueprints > Build Profiles.
2 Click Manage Property Sets.
3 Click Browse to select the Property set XML file name.
4 Enter a name and, optionally, a description.
5 Click OK.
You can now include your property set in build profiles.
Create a Build Profile
Fabric administrators can organize commonly used custom properties into build profiles so that tenant
administrators and business group managers can include these custom property sets in blueprints.
VMware, Inc. 35
IaaS Configuration for Cloud Platforms
Build profiles are available to tenant administrators and business group managers of all tenants. You can
create your build profile by adding custom properties individually, by loading property sets that contain
multiple custom properties, or by using a combination of the two methods.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Blueprints > Build Profiles.
2
Click the Add icon ( ).
3 Enter a name and, optionally, a description.
4 (Optional) Add custom properties individually to your build profile.
a Click New Property.
b Enter the custom property in the Name text box.
c Enter the value of the custom property in the Value text box.
d (Optional) Select the Encrypted check box to encrypt the custom property in the database.
e (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
f
Click the Save icon (
).
5 (Optional) Select a property set to load into your build profile.
a Select a property set from the Add from property set drop-down menu.
b Click Load.
6
(Optional) Click the Edit icon ( ) to configure a custom property loaded from a property set.
a Enter the value of the custom property in the Value text box.
b Select the Encrypted check box to encrypt the custom property in the database.
c Select the Prompt user check box to require the user to provide a value when they request a
machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
d
Click the Save icon (
).
7 Click OK.
VMware, Inc. 36
IaaS Configuration for Cloud Platforms
Tenant administrators and business group managers can now select your build profile and include it in
their blueprints.
Configuring Reservation Policies
When a user requests a machine, it can be provisioned on any reservation of the appropriate type that
has sufficient capacity for the machine. You can apply a reservation policy to a blueprint to restrict the
machines provisioned from that blueprint to a subset of available reservations.
Reservation policies provide an optional and helpful means of controlling how reservation requests are
processed. A reservation policy is often used to collect resources into groups for different service levels,
or to make a specific type of resource easily available for a particular purpose. The following scenarios
provide a few examples of possible uses for reservation policies:
n
To ensure that machines provisioned from a virtual blueprint are placed on reservations with storage
devices that support NetApp FlexClone
n
To restrict provisioning of cloud machines to a specific region containing a machine image that is
required for a specific blueprint
n
To restrict provisioning of Cisco UCS physical machines to reservations on endpoints on which the
selected service profile template and boot policy are available
n
As an additional means of using a Pay As You Go allocation model for vApps
You can add multiple reservations to a reservation policy, but a reservation can belong to only one policy.
You can assign a single reservation policy to more than one blueprint. A blueprint can have only one
reservation policy.
A reservation policy can include reservations of different types, but only reservations that match the
blueprint type are considered when selecting a reservation for a particular request. For more information about how reservations are selected for provisioning a machine, see IaaS Configuration for Cloud Platforms, IaaS Configuration for Physical Machines, or IaaS Configuration for Virtual Platforms.
Configure a Reservation Policy
Fabric administrators create reservation policies to collect resources into groups for different service
levels, or to make a specific type of resource easily available for a particular purpose. After you create the
reservation policy, you then must populate it with reservations before tenant administrators and business
group managers can use the policy effectively in a blueprint.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
Create at least one reservation.
VMware, Inc. 37
IaaS Configuration for Cloud Platforms
Procedure
1 Create a Reservation Policy
Fabric administrators use reservation policies to group similar reservations together. Create the
reservation policy tag first, then add the policy to reservations to allow a tenant administrator or
business group manager to use the reservation policy in a blueprint.
2 Assign a Reservation Policy to a Reservation
When fabric administrators create a reservation, the option to assign that reservation to a
reservation policy appears. To assign an existing reservation to a reservation policy, you edit the
reservation.
Create a Reservation Policy
Fabric administrators use reservation policies to group similar reservations together. Create the
reservation policy tag first, then add the policy to reservations to allow a tenant administrator or business
group manager to use the reservation policy in a blueprint.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
Create at least one reservation.
Procedure
1 Select Infrastructure > Reservations > Reservation Policies.
2 Click New Reservation Policy.
3 Enter a name and, optionally, a description.
4
Click the Save icon (
).
Assign a Reservation Policy to a Reservation
When fabric administrators create a reservation, the option to assign that reservation to a reservation
policy appears. To assign an existing reservation to a reservation policy, you edit the reservation.
Prerequisites
Create a Reservation Policy.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Point to a reservation and click Edit.
3 Select your reservation policy from the Reservation Policy drop-down menu.
4 Click OK.
Tenant administrators and business group managers can now use your reservation policy in blueprints.
See Add a Reservation Policy to a Blueprint.
VMware, Inc. 38
IaaS Configuration for Cloud Platforms
.

Static IP Address Assignment

For virtual machines provisioned by using cloning or Linux kickstart/autoYaST provisioning and cloud
machines provisioned in Red Hat OpenStack by using kickstart, it is possible to assign static IP
addresses from a predefined range.
By default, vRealize Automation uses Dynamic Host Configuration Protocol (DHCP) to assign IP
addresses to provisioned machines.
Fabric administrators can create network profiles to define a range of static IP addresses that can be
assigned to machines. Network profiles can be assigned to specific network paths on a reservation. Any
cloud machine or virtual machine provisioned by cloning or kickstart/autoYaST that is attached to a
network path that has an associated network profile is provisioned using static IP address assignment.
Tenant administrators or business group managers can also assign network profiles to blueprints by using the custom property VirtualMachine.NetworkN.ProfileName. If a network profile is specified in both the
blueprint and the reservation, the profile specified in the blueprint takes precedence.
When a machine that has a static IP address is destroyed, its IP address is made available for use by
other machines. The process to reclaim static IP addresses runs every 30 minutes, so unused addresses
may not be available immediately after the machines using them are destroyed. If there are not available
IP addresses in the network profile, machines cannot be provisioned with static IP assignment on the
associated network path.
Create a Network Profile for Static IP Address Assignment
Fabric administrators can create network profiles to define a range of static IP addresses that can be
assigned to machines.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Specify Network Profile Information
The network profile information identifies the external network profile and specifies settings for an
existing network.
2 Configure IP Ranges
A fabric administrator can define one or more ranges of static IP addresses for use in provisioning a
machine.
What to do next
You can assign a network profile to a network path in a reservation, or a tenant admin or business group
manager can specify the network profile in a blueprint.
VMware, Inc. 39
IaaS Configuration for Cloud Platforms
Specify Network Profile Information
The network profile information identifies the external network profile and specifies settings for an existing
network.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Reservations > Network Profiles.
2 Select New Network Profile > External.
3 Enter a name and, optionally, a description.
4 Type a mask address in the Subnet mask text box.
For example, 255.255.0.0.
5 (Optional) Type an IP address in the Gateway text box.
The gateway address is required for a one-to-one NAT network profile.
6 (Optional) In the DNS/WINS group, type values as needed.
The external network profile provides these values, which you can edit.
What to do next
The network profile is not finished. Do not navigate away from this page.
Configure IP Ranges
A fabric administrator can define one or more ranges of static IP addresses for use in provisioning a
machine.
Prerequisites
Specify Network Profile Information.
Procedure
1 Click the IP Ranges tab.
2 Click New Network Range.
The New Network Range dialog box appears.
3 Enter a name and, optionally, a description.
4 Enter an IP address in the Starting IP address text box.
5 Enter an IP address in the Ending IP address text box.
VMware, Inc. 40
IaaS Configuration for Cloud Platforms
6 Click OK.
The newly defined IP address range appears in the Defined Ranges list. The IP addresses in the
range appear in the Defined IP Addresses list.
7 (Optional) Upload one or more IP addresses from a CSV file.
A row in the CSV file has the format ip_address,mname,status.
CSV Field Description
ip_address
mname
status
An IP address
Name of a managed machine in vRealize Automation. If the field is empty, defaults to no name.
Allocated or Unallocated, case-sensitive. If the field is empty, defaults to Unallocated.
a Click Browse next to the Upload CSV text box.
b Navigate to the CSV file and click Open.
c Click Process CSV File.
The uploaded IP addresses appear in the Defined IP Addresses list. If the upload fails, diagnostic
messages appear that identify the problems.
8 (Optional) Filter IP address entries to only those that match.
a Click in the Defined IP Addresses text boxes.
b Type a partial IP address or machine name, or select a date from the Last Modified drop-down
calendar.
The IP addresses that match the filter criteria appear.
9 Click OK.
What to do next
You can assign a network profile to a network path in a reservation, or a tenant admin or business group
manager can specify the network profile in a blueprint.
Assign a Network Profile to a Reservation
Fabric administrators can assign a network profile to a reservation to enable static IP assignment to
machines provisioned on that reservation.
Network profiles can also be assigned to blueprints by using the custom property VirtualMachine.NetworkN.ProfileName. If a network profile is specified in both the blueprint and the
reservation, the profile specified in the blueprint takes precedence.
Note This information does not apply to Amazon Web Services.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
VMware, Inc. 41
IaaS Configuration for Cloud Platforms
n
Create a Network Profile for Static IP Address Assignment.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Point to a reservation and click Edit.
3 Click the Network tab.
4 Assign a network profile to a network path.
a Locate a network path on which you want to enable static IP addresses.
b Select a network profile from the Network Profile drop-down menu.
c (Optional) Repeat this step to assign network profiles to additional network paths on this
reservation.
5 Click OK.
What to do next
Repeat this procedure for all reservations for which you want to enable static IP addresses.

Cost Information for Cloud Machines

Cost profiles do not apply to cloud machines. The only factor in calculating cost for cloud machines is the
blueprint cost; this figure should reflect all cloud service charges.
Blueprints with more than one instance type or flavors allow provisioning of instances with different costs
from the same blueprint. When there is more than one instance type or flavor available, ensure that the
daily blueprint cost reflects charges for the most expensive instance.
Lease cost is calculated as daily cost multiplied by the total number of days in the lease period (if
applicable).
Cost-to-date is calculated as daily cost multiplied by the number of days a machine has been provisioned.
Machine cost is displayed at various stages of the request and provisioning life cycle and is updated
according to the current information in the request or on the provisioned item.
Table 21. Cost Displayed During the Request and Provisioning Life Cycle
Life Cycle Stage Value Displayed for Cost
Viewing the catalog item details prior to
request
Daily cost based on the blueprint cost and projected lease cost based on the lease
duration specified in the blueprint. The lease cost may vary if the blueprint specifies a
range for the lease duration.
Completing the request form, viewing
details of a submitted request, or
approving a request
Viewing the details of a provisioned
machine
VMware, Inc. 42
Daily cost based on the blueprint cost and projected lease cost based on the lease
duration specified in the request.
Daily cost based on the blueprint cost, lease cost based on the lease duration, and
cost-to-date based on the number of days since the machine was provisioned.
IaaS Configuration for Cloud Platforms

Using Optional Amazon Features

vRealize Automation supports several Amazon features, including Amazon Virtual Private Cloud, elastic
load balancers, elastic IP addresses, and elastic block storage.

Using Security Groups for Amazon Web Services

A security group acts as a firewall to control access to a cloud machine.
A fabric administrator specifies at least one security group when creating an Amazon EC2 reservation.
Each available region requires at least one specified security group. The reservation form displays the
security groups that are available to an Amazon Web Services account region. Every region includes at
least the default security group.
Administrators can use the Amazon Web Services Management Console to create additional security
groups, configure ports for Microsoft Remote Desktop Protocol or SSH, and set up a virtual private
network for an Amazon VPN.
For information about creating and using security groups in Amazon Web Services, see Amazon
documentation.

Understanding Amazon Web Service Regions

Each Amazon Web Services account is represented by a cloud endpoint. When you create an
Amazon Elastic Cloud Computing endpoint in vRealize Automation, regions are collected as compute
resources. After the IaaS administrator selects compute resources for a business group, inventory and
state data collections occur automatically.
Inventory data collection, which occurs automatically once a day, collects data about what is on a
compute resource, such as the following data:
n
Elastic IP addresses
n
Elastic load balancers
n
Elastic block storage volumes
State data collection occurs automatically every 15 minutes by default. It gathers information about the
state of managed instances, which are instances that vRealize Automation creates. The following are
examples of state data:
n
Windows passwords
n
State of machines in load balancers
n
Elastic IP addresses
A fabric administrator can initiate inventory and state data collection and disable or change the frequency
of inventory and state data collection.
VMware, Inc. 43
IaaS Configuration for Cloud Platforms

Using Virtual Private Cloud

Amazon Virtual Private Cloud allows you to provision Amazon machine instances in a private section of
the Amazon Web Services cloud.
Amazon AWS users can create a Amazon VPC to design a virtual network topology according to your
specifications. You can assign a Amazon VPC in vRealize Automation. However, vRealize Automation
does not track the cost of using the Amazon VPC.
Use the AWS Management Console to create the following elements:
n
An Amazon VPC, which includes Internet gateways, routing table, security groups and subnets, and
available IP addresses.
n
An Amazon Virtual Private Network if users will need to log in to Amazon machines instances outside
of the AWS Management Console.
vRealize Automation users can perform the following tasks when working with an Amazon VPC:
n
A fabric administrator can assign an Amazon VPC to a cloud reservation. See Create an Amazon
AWS Reservation (VPC).
n
A machine owner can assign an Amazon machine instance to an Amazon VPC.
For more information about creating an Amazon VPC, see Amazon Web Services documentation.

Using Elastic Load Balancers

Elastic load balancers distribute incoming application traffic across Amazon Web Services instances.
Amazon load balancing enables improved fault tolerance and performance.
Amazon makes elastic load balancing available for machines provisioned using Amazon EC2 blueprints.
The elastic load balancer must be available in the Amazon Web Services,
Amazon Virtual Private Network and at the provisioning location. For example, if a load balancer is
available in us-east1c and a machine location is us-east1b, the machine cannot use the available load
balancer.
vRealize Automation does not create, manage, or monitor the elastic load balancers.
For information about creating Amazon elastic load balancers by using the
Amazon Web Services Management Console, see Amazon Web Services documentation.

Using Elastic IP Addresses

An elastic IP address is designed for quick fail-over in a dynamic Amazon Web Services cloud
environment.
Using an elastic IP address allows you to rapidly fail over to another machine. In vRealize Automation,
the elastic IP address is available to all business groups that have rights to the region.
VMware, Inc. 44
IaaS Configuration for Cloud Platforms
The elastic IP address is associated with your Amazon Web Services account, not a particular machine.
The address remains associated with your Amazon Web Services account until you choose to release it.
You can release it to map it to a specific machine instance.
An administrator can allocate elastic IP addresses to your Amazon Web Services account by using the
AWS Management Console. One range of addresses is allocated to a non-Amazon VPC region and
another range to a Amazon VPC region.
A tenant administrator or business group manager can use a custom property to assign an elastic IP
address to a machine during provisioning. A machine owner or an administrator with rights to edit the
machine can assign an elastic IP addresses to a machines after it is provisioned. However, if the address
is already associated to a machine instance, and the instance is part of the Amazon Virtual Private Cloud
deployment, Amazon does not assign the address.
A machine owner can view the elastic IP address assigned to that machine. Only one Amazon machine
at a time can use the elastic IP address.
vRealize Automation does not track the cost of using the elastic IP address.
There are two groups of elastic IP addresses in any given a region, one group for non-Amazon VPC
instances and another group for Amazon VPCs. If you allocate addresses in a non-Amazon VPC region
only, the addresses will not be available in an Amazon VPC. The reverse is also true. If you allocate
addresses in an Amazon VPC only, the addresses will not be available in a non-Amazon VPC region.
For more information about creating and using Amazon elastic IP addresses, see Amazon Web Services
documentation.

Using Elastic Block Storage

Amazon elastic block storage provides block level storage volumes to use with an Amazon AWS machine
instance and Amazon Virtual Private Cloud. The storage volume can persist past the life of its associated
Amazon machine instance in the Amazon Web Services cloud environment.
When you use an Amazon elastic block storage volume in conjunction with vRealize Automation, the
following caveats apply:
n
You cannot attach an existing elastic block storage volume when you provision a machine instance.
However, if you create a new volume and request more than one machine at a time, the volume will
be created and attached to each instance. For example, if you create one volume named volume_1
and request three machines, a volume will be created for each machine. Three volumes named
volume_1 will be created and attached to each machine. Each volume will have a unique volume ID.
Each volume will be the same size and in the same location.
n
The volume must be of the same operating system and in the same location as the machine to which
you attach it.
n
vRealize Automation does not track the cost of using an existing elastic block storage volume.
VMware, Inc. 45
IaaS Configuration for Cloud Platforms
n
vRealize Automation does not manage the primary volume of an elastic block storage-backed
instance.
For more information about Amazon elastic block storage, and details on how to enable it by using
Amazon Web Services Management Console, see Amazon Web Services documentation.

Using Optional Red Hat OpenStack Features

vRealize Automation supports several features in Red Hat OpenStack including security groups and
floating IP addresses.

Using Security Groups

Security groups allow you to specify rules to control network traffic over specific ports.
A fabric administrator specifies security groups when creating a Red Hat OpenStack reservation. A
business group manager can specify security groups when requesting a machine.
Each region includes at least the default security group. Additional security groups must be managed in
Red Hat OpenStack. Security groups for each region are imported during data collection. For more
information about managing security groups, see the Red Hat OpenStack documentation.

Using Floating IP Addresses

Floating IP addresses can be assigned to a running virtual instance in Red Hat OpenStack.
To enable assignment of floating IP addresses, you must configure IP forwarding and create a floating IP
pool in Red Hat OpenStack. For more information, see the Red Hat OpenStack documentation.
A tenant administrator or business group manager must entitle the Associate Floating IP and
Disassociate Floating IP actions to machine owners. The entitled users can then associate a floating IP
address to a provisioned machine from the external networks attached to the machine by selecting an
available address from the floating IP address pool. After a floating IP address has been associated with
a machine, the user can select Disassociate Floating IP to view the currently assigned floating IP
addresses and disassociate an address from a machine.
VMware, Inc. 46

Preparing for Provisioning 3

There is some configuration required outside of vRealize Automation to prepare for machine provisioning.
This chapter includes the following topics:
n

Choosing a Cloud Provisioning Scenario

n

Preparing for Amazon Provisioning

n
Preparing for OpenStack Provisioning
Choosing a Cloud Provisioning Scenario
There are several methods you can use with vRealize Automation to provision cloud machines.
Most of these options require some additional configuration outside of vRealize Automation.
Table 31. Choosing a Cloud Provisioning Method
Scenario Supported Platforms Provisioning Method
Launch an instance from an Amazon Machine Image. Amazon AWS Amazon Machine Image
See Preparing for Amazon
Provisioning.
Launch an instance from a virtual machine image. Red Hat OpenStack virtual machine image
See Preparing for Virtual Machine
Image Provisioning.
Provision a machine by booting from an ISO image,
using a kickstart or autoYaSt configuration file and a
Linux distribution image to install the operating system
on the machine.
Provision a machine by booting into a WinPE
environment and installing an operating system using a
Windows Imaging File Format (WIM) image of an
existing Windows reference machine.
Red Hat OpenStack Linux Kickstart
See Preparing for Linux Kickstart
Provisioning.
Red Hat OpenStack WIM Image
See Preparing for WIM
Provisioning.
Preparing for Amazon Provisioning
Before you provision instances with Amazon AWS, you must have Amazon machine images and instance
types associated with your Amazon AWS account.
VMware, Inc.
47
IaaS Configuration for Cloud Platforms
The vRealize Automation access rights that you need to perform tasks such as creating endpoints,
reservations, and blueprints, and requesting machine provisioning are described for the applicable
vRealize Automation tasks in this guide. However, you must also be configured in Amazon Web Services
(AWS) to perform related endpoint tasks.
n
Role and Permission Authorization in Amazon Web Services
The Power User role in AWS provides an AWS Directory Service user or group with full access to
AWS services and resources.
You do not need any AWS credentials to create an AWS endpoint in vRealize Automation. However,
the AWS user who creates an Amazon machine image is expected by vRealize Automation to have
the Power User role.
n
Authentication Credentials in Amazon Web Services
The AWS Power User role does not allow management of AWS Identity and Access Management
(IAM) users and groups. For management of IAM users and groups, you must be configured with
AWS Full Access Administrator credentials.
vRealize Automation requires access keys for endpoint credentials and does not support user names
and passwords. To obtain the access key needed to create the Amazon endpoint, the Power User
must either request a key from a user who has AWS Full Access Administrator credentials or be
additionally configured with the AWS Full Access Administrator policy.
For information about enabling policies and roles, see the AWS Identity and Access Management (IAM)
section of Amazon Web Services product documentation.

Understanding Amazon Machine Images

A tenant administrator or business group manager selects an Amazon machine image from a list of
available images when creating Amazon EC2 blueprints.
An Amazon machine image is a template that contains a software configuration, including an operating
system. They are managed by Amazon Web Services accounts. vRealize Automation manages the
instance types that are available for provisioning.
The Amazon machine image and instance type must be available in an Amazon region. Not all instance
types are available in all regions.
You can select an Amazon machine image provided by Amazon Web Services, a user community, or the
AWS Marketplace site. You can also create and optionally share your own Amazon machine images. A
single Amazon machine image can be used to launch one or many instances.
The following considerations apply to Amazon machine images in the Amazon Web Services accounts
from which you will provision cloud machines:
n
Each cloud blueprint must specify an Amazon machine image.
An Amazon machine image can be enabled for some locations in region. A private Amazon machine
image is available to a specific account and all its regions. A public Amazon machine image is
available to all accounts, but only to a specific region in each account.
VMware, Inc. 48
IaaS Configuration for Cloud Platforms
n
When a cloud blueprint is created, the specified Amazon machine image is selected from regions that
have been data-collected. If multiple Amazon Web Services accounts are available, the business
group manager must have rights to any private Amazon machine images. The Amazon machine
image region and the specified user location restrict provisioning request to reservations that match
the corresponding region and location.
n
Use reservations and policies to distribute Amazon machine images in your Amazon Web Services
accounts. Use policies to restrict provisioning from a blueprint to a particular set of reservations.
n
vRealize Automation cannot create user accounts on a cloud machine. The first time a machine
owner connects to a cloud machine, she must log in as an administrator and add her
vRealize Automation user credentials or an administrator must do that for her. She can then log in
using her vRealize Automation user credentials.
If the Amazon machine image generates the administrator password on every boot, the Edit Machine
Record page displays the password. If it does not, you can find the password in the
Amazon Web Services account. You can configure all Amazon machine images to generate the
administrator password on every boot. You can also provide administrator password information to
support users who provision machines for other users.
n
To allow remote Microsoft Windows Management Instrumentation ( WMI) requests on cloud machines
provisioned in Amazon Web Services accounts, enable a Microsoft Windows Remote Management
(WinRM) agent to collect data from Windows machines managed by vRealize Automation. See Installation and Configuration.
n
A private Amazon machine image can be seen across tenants.
For related information, see Amazon Machine Images (AMI) topics in Amazon documentation.

Understanding Amazon Instance Types

A tenant administrator or business group manager selects one or more Amazon instance types when
creating Amazon EC2 blueprints. An IaaS administrator can add or remove them.
An Amazon EC2 instance is a virtual server that can run applications in Amazon Web Services. Instances
are created from an Amazon machine image and by choosing an appropriate instance type.
To provision a machine in an Amazon Web Services account, an instance type is applied to the specified
Amazon machine image. The available instance types are listed on the Amazon EC2 blueprint.
When creating an Amazon EC2 blueprint, you identify one or more instance types to be available for
selection by the user when they provision a machine. The instance types must be supported in the
designated region.
For related information, see Selecting Instance Types and Amazon EC2 Instance Details topics in
Amazon documentation.

Add an Amazon Instance Type

Several instance types are supplied with vRealize Automation for use with Amazon EC2 blueprints. An
IaaS administrator can add and remove instance types.
VMware, Inc. 49
IaaS Configuration for Cloud Platforms
The machine instance types managed by IaaS administrators on the Instance Types page are available to
tenant administrators and business group manager when they create or edit an Amazon EC2 blueprint.
Amazon machine images and instance types are made available through the Amazon Web Services
product.
Prerequisites
Log in to the vRealize Automation console as an IaaS administrator.
Procedure
1 Click Infrastructure > Blueprints > Instance Types.
2 Click New Instance Type.
3 Add a new instance type, specifying the following parameters and referencing Selecting Instance
Types and Amazon EC2 Instance Details topics in Amazon documentation.
n
Name
n
API name
n
Type Name
n
IO Performance Name
n
# CPUs
n
Memory (GB)
n
Storage (GB)
n
Compute Units
4
Click the Save icon ( ).

Preparing for OpenStack Provisioning

Before you provision instances with Red Hat OpenStack using virtual machine images, Linux kickstart, or
WIM provisioning you must prepare the appropriate machine images and flavors.

Preparing for Virtual Machine Image Provisioning

Before you provision instances with Red Hat OpenStack, you must have virtual machine images and
flavors configured in the Red Hat OpenStack provider.
Virtual Machine Images
A tenant administrator or business group manager selects an virtual machine image from a list of
available images when creating Red Hat OpenStack blueprints.
VMware, Inc. 50
IaaS Configuration for Cloud Platforms
A virtual machine image is a template that contains a software configuration, including an operating
system. Virtual machine images are managed within the Red Hat OpenStack provider and are imported
during data collection.
If an image that is used in a blueprint is later deleted from the Red Hat OpenStack provider, it is also
removed from the blueprint. If all the images have been removed from a blueprint, the blueprint is
disabled and cannot be used for machine requests until it is edited to add at least one image.
OpenStack Flavors
A tenant administrator or business group manager selects one or more flavors when creating
Red Hat OpenStack blueprints.
Flavors are virtual hardware templates that define the machine resource specifications for instances
provisioned in Red Hat OpenStack. Flavors are managed within the Red Hat OpenStack provider and are
imported during data collection.
If a flavor that is used in a blueprint is later deleted from the Red Hat OpenStack provider, it is also
removed from the blueprint. If all the flavors have been removed from a blueprint, the blueprint is disabled
and cannot be used for machine requests until it is edited to add at least one flavor.

Preparing for Linux Kickstart Provisioning

Linux Kickstart provisioning uses a configuration file to automate a Linux installation on a newly
provisioned machine. To prepare for provisioning you must create a bootable ISO image and a kickstart
or autoYaST configuration file.
The following is a high-level overview of the steps required to prepare for Linux Kickstart provisioning:
1 Ensure that a DHCP server is available on the network. vRealize Automation cannot provision
machines by using Linux Kickstart provisioning unless DHCP is available.
2 Prepare the configuration file. In the configuration file, you must specify the locations of the
vRealize Automation server and the Linux agent installation package. See Prepare the Linux Kickstart
Configuration Sample File.
3 Edit the isolinux/isolinux.cfg or loader/isolinux.cfg to specify the name and location of the
configuration file and the appropriate Linux distribution source.
4 Create the boot ISO image and save it to the location required by your virtualization platform. Please
see the documentation provided by your hypervisor if you do not know the required location.
5 (Optional) Add customization scripts.
a To specify post-installation customization scripts in the configuration file, see Specify Custom
Scripts in a kickstart/autoYaST Configuration File.
b To call Visual Basic scripts in blueprint, see Enabling Visual Basic Scripts in Provisioning.
6 Gather the following information so that tenant administrators and business group managers can
include it in their blueprints:
a The name and location of the ISO image.
VMware, Inc. 51
IaaS Configuration for Cloud Platforms
b For vCenter Server integrations, the vCenter Server guest operating system version with which
vCenter Server is to create the machine.
Note You can create a build profile with the property set BootIsoProperties to include the required
ISO information. This makes it easier for tenant administrators and business group managers to
include this information correctly in their blueprints.
Prepare the Linux Kickstart Configuration Sample File
vRealize Automation provides sample configuration files that you can modify and edit to suit your needs.
There are several changes required to make the files usable.
Procedure
1 Navigate to the vCloud Automation Center Appliance management console installation page.
For example: https://vcac-hostname.domain.name:5480/installer/.
2 Download and save the Linux Guest Agent Packages.
3 Unpack the LinuxGuestAgentPkgs file.
4 Navigate to the LinuxGuestAgentPkgs file and locate the subdirectory that corresponds to the guest
operating system that you are deploying during provisioning.
5 Open the sample-https.cfg file.
6 Replace all instances of the string host=dcac.example.net with the IP address or fully qualified
domain name and port number for the vRealize Automation server host.
Platform Required Format
vSphere ESXi IP Address, for example: --host=172.20.9.59
vSphere ESX IP Address, for example: --host=172.20.9.58
SUSE 10 IP Address, for example: --host=172.20.9.57
All others FQDN, for example: --host=mycompany-host1.mycompany.local:443
7 Locate each instance of gugent.rpm or gugent.tar.gz and replace the URL rpm.example.net
with the location of the guest agent package.
For example:
rpm -i nfs:172.20.9.59/suseagent/gugent.rpm
8 Save the file to a location accessible to newly provisioned machines.
Specify Custom Scripts in a kickstart/autoYaST Configuration File
You can modify the configuration file to copy or install custom scripts onto newly provisioned machines.
The Linux agent runs the scripts at the specified point in the workflow.
VMware, Inc. 52
IaaS Configuration for Cloud Platforms
Your script can reference any of the ./properties.xml files in
the /usr/share/gugent/site/workitem directories.
Prerequisites
n
Prepare a kickstart or autoYaST configuration file. See Prepare the Linux Kickstart Configuration
Sample File.
n
Your script must return a non-zero value on failure to prevent machine provisioning failure.
Procedure
1 Create or identify the script you want to use.
2 Save the script as NN_scriptname.
NN is a two digit number. Scripts are executed in order from lowest to highest. If two scripts have the same number, the order is alphabetical based on scriptname.
3 Make your script executable.
4 Locate the post-installation section of your kickstart or autoYaST configuration file.
In kickstart, this is indicated by %post. In autoYaST, this is indicated by post-scripts.
5 Modify the post-installation section of the configuration file to copy or install your script into
the /usr/share/gugent/site/workitem directory of your choice.
Custom scripts are most commonly run for virtual kickstart/autoYaST with the work items SetupOS
(for create provisioning) and CustomizeOS (for clone provisioning), but you can run scripts at any
point in the workflow.
For example, you can modify the configuration file to copy the script 11_addusers.sh to
the /usr/share/gugent/site/SetupOS directory on a newly provisioned machine by using the
following command:
cp nfs:172.20.9.59/linuxscripts/11_addusers.sh /usr/share/gugent/site/SetupOS
The Linux agent runs the script in the order specified by the work item directory and the script file name.

Preparing for WIM Provisioning

Provision a machine by booting into a WinPE environment and then install an operating system using a
Windows Imaging File Format (WIM) image of an existing Windows reference machine.
The following is a high-level overview of the steps required to prepare for WIM provisioning:
1 Identify or create the staging area. This should be a network directory that can be specified as a UNC
path or mounted as a network drive by the reference machine, the system on which you build the
WinPE image, and the virtualization host on which machines are provisioned.
2 Ensure that a DHCP server is available on the network. vRealize Automation cannot provision
machines by using a WIM image unless DHCP is available.
VMware, Inc. 53
IaaS Configuration for Cloud Platforms
3 Identify or create the reference machine within the virtualization platform you intend to use for
provisioning. For vRealize Automation requirements, see Reference Machine Requirements for WIM
Provisioning. For information about creating a reference machine, please see the documentation
provided by your hypervisor.
4 Using the System Preparation Utility for Windows, prepare the reference machine's operating system
for deployment. See SysPrep Requirements for the Reference Machine.
5 Create the WIM image of the reference machine. Do not include any spaces in the WIM image file
name or provisioning fails.
6 (Optional) Create any custom scripts you want to use to customize provisioned machines and place
them in the appropriate work item directory of your PEBuilder installation. See Specify Custom Scripts
in a PEBuilder WinPE.
7 Create a WinPE image that contains the vRealize Automation guest agent. You can use the
vRealize Automation PEBuilder to create the WinPE image. See Create a WinPE Image by Using
PEBuilder. You can create the WinPE image by using another method, but you must manually insert
the vRealize Automation guest agent. See Manually Insert the Guest Agent into a WinPE Image.
8 Place the WinPE image in the location required by your virtualization platform. If you do not know the
location, please see the documentation provided by your hypervisor.
9 Gather the following information so that tenant administrators and business group managers can
include it in their blueprints:
a The name and location of the WinPE ISO image.
b The name of the WIM file, the UNC path to the WIM file, and the index used to extract the desired
image from the WIM file.
c The user name and password under which to map the WIM image path to a network drive on the
provisioned machine.
d (Optional) If you do not want to accept the default, K, the drive letter to which the WIM image path
is mapped on the provisioned machine.
e For vCenter Server integrations, the vCenter Server guest operating system version with which
vCenter Server is to create the machine.
f (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to
provisioned machines.
Note You can create a build profile with the property set WimImagingProperties to include all of this
required information. This makes it easier for tenant administrators and business group managers to
include this information correctly in their blueprints. Optionally, you can also add the property set
SysprepProperties and prompt tenant administrators and business group managers to specify or
overwrite settings in the SysPrep answer file.
VMware, Inc. 54
IaaS Configuration for Cloud Platforms
Reference Machine Requirements for WIM Provisioning
WIM provisioning involves creating a WIM image from a reference machine. The reference machine must
meet basic requirements for the WIM image to work for provisioning in vRealize Automation.
The following is a high-level overview of the steps to prepare a reference machine:
1 If the operating system on your reference machine is Windows Server 2008 R2, Windows Server
2012, Windows 7, or Windows 8, the default installation creates a small partition on the system's hard
disk in addition to the main partition. vRealize Automation does not support the use of WIM images
created on such multi-partitioned reference machines. You must delete this partition during the
installation process.
2 Install NET 4.5 and Windows Automated Installation Kit (AIK) for Windows 7 (including WinPE 3.0) on
the reference machine.
3 If the reference machine operating system is Windows Server 2003 or Windows XP, reset the
administrator password to be blank. (There is no password.)
4 (Optional) If you want to enable XenDesktop integration, install and configure a
Citrix Virtual Desktop Agent.
5 (Optional) A Windows Management Instrumentation (WMI) agent is required to collect certain data
from a Windows machine managed by vRealize Automation, for example the Active Directory status
of a machine’s owner. To ensure successful management of Windows machines, you must install a
WMI agent (typically on the Manager Service host) and enable the agent to collect data from Windows machines. See Installation and Configuration.
SysPrep Requirements for the Reference Machine
A SysPrep answer file is required for WIM provisioning and there are a number of required settings.
Table 32. Windows Server 2003 or Windows XP reference machine SysPrep required settings:
GuiUnattended Settings
AutoLogon Yes
AutoLogonCount 1
AutoLogonUsername
AutoLogonPassword
Value
username
(username and password are the credentials used for auto
logon when the newly provisioned machine boots into the guest
operating system. Administrator is typically used.)
password corresponding to the AutoLogonUsername.
Table 33. Required SysPrep Settings for reference machine that are not using Windows Server 2003 or Windows XP:
AutoLogon Settings
Enabled Yes
LogonCount 1
VMware, Inc. 55
Value
IaaS Configuration for Cloud Platforms
Table 33. Required SysPrep Settings for reference machine that are not using Windows Server 2003 or Windows XP: (Continued)
AutoLogon Settings
Username
Password
Value
username
(username and password are the credentials used for auto
logon when the newly provisioned machine boots into the guest
operating system. Administrator is typically used.)
password
(username andpassword are the credentials used for auto logon
when the newly provisioned machine boots into the guest
operating system. Administrator is typically used.)
Note For reference machines that use a Windows platform
newer than Windows Server 2003/Windows XP, you must set
the autologon password by using the custom property
Sysprep.GuiUnattended.AdminPassword. A convenient way
to ensure this is done is to create a build profile that includes
this custom property so that tenant administrators and business
group managers can include this information correctly in their
blueprints.
Install PEBuilder
The PEBuilder tool provided by vRealize Automation provides a simple way to include the
vRealize Automation guest agent in your WinPE images.
PEBuilder has a 32 bit guest agent. If you need to run commands specific to 64 bit, install PEBuilder and
then get the 64 bit files from the GugentZipx64.zip file.
Install PEBuilder in a location where you can access your staging environment.
Prerequisites
n
Install NET Framework 4.5.
n
Windows Automated Installation Kit (AIK) for Windows 7 (including WinPE 3.0) is installed.
Procedure
1 Navigate to the vCloud Automation Center Appliance management console installation page.
For example: https://vcac-hostname.domain.name:5480/installer/.
2 Download the PEBuilder.
3 (Optional) Download the Windows 64-bit guest agent package if you want to include the Windows 64-
bit guest agent in your WinPE instead of the Windows 32-bit guest agent.
4 Run vCAC-WinPEBuilder-Setup.exe.
5 Follow the prompts to install PEBuilder.
6 (Optional) Replace the Windows 32-bit guest agent files located in \PE Builder\Plugins\VRM
Agent\VRMGuestAgent with the 64-bit files to include the 64-bit agent in your WinPE.
VMware, Inc. 56
IaaS Configuration for Cloud Platforms
You can use PEBuilder to create a WinPE for use in WIM provisioning.
Specify Custom Scripts in a PEBuilder WinPE
You can use PEBuilder to customize machines by running custom bat scripts at specified points in the
provisioning workflow.
Prerequisites
Install PEBuilder.
Procedure
1 Create or identify the bat script you want to use.
Your script must return a non-zero value on failure to prevent machine provisioning failure.
2 Save the script as NN_scriptname.
NN is a two digit number. Scripts are executed in order from lowest to highest. If two scripts have the same number, the order is alphabetical based on scriptname.
3 Make your script executable.
4 Place the scripts in the work item subdirectory that corresponds to the point in the provisioning
workflow you want the script to run.
For example, C:\Program Files (x86)\VMware\vRA\PE Builder\Plugins\VRM
Agent\VRMGuestAgent\site\SetupOS.
The agent runs the script in the order specified by the work item directory and the script file name.
Create a WinPE Image by Using PEBuilder
Use the PEBuilder tool provided by vRealize Automation to create a WinPE ISO file that includes the
vRealize Automation guest agent.
Prerequisites
n
Install PEBuilder.
n
(Optional) Configure PEBuilder to include the Windows 64-bit guest agent in your WinPE instead of
the Windows 32-bit guest agent. See Install PEBuilder.
n
(Optional) Add any third party plugins you want to add to the WinPE image to the PlugIns
subdirectory of the PEBuilder installation directory.
n
(Optional) Specify Custom Scripts in a PEBuilder WinPE.
Procedure
1 Run PEBuilder.
VMware, Inc. 57
IaaS Configuration for Cloud Platforms
2 Enter the IaaS Manager Service host information.
Option Description
If you are using a load balancer a Enter the fully qualified domain name of the load balancer for the IaaS
Manager Service in the vCAC Hostname text box. For example,
manager_service_LB.mycompany.com.
b Enter the port number for the IaaS Manager Service load balancer in the
vCAC Port text box. For example, 443.
With no load balancer a Enter the fully qualified domain name of the IaaS Manager Service machine
in the vCAC Hostname text box. For example,
manager_service.mycompany.com.
b Enter the port number for the IaaS Manager Service machine in the vCAC
Port text box. For example, 443.
3 Enter the path to the PEBuilder plugins directory.
This depends on the installation directory specified during installation. The default is C:\Program
Files (x86)\VMware\vCAC\PE Builder\PlugIns.
4 Enter the output path for the ISO file you are creating in the ISO Output Path text box.
This location should be on the staging area you prepared.
5 Click File > Advanced.
Note Do not change the WinPE Architecture or Protocol settings.
6 Select the Include vCAC Guest Agent in WinPE ISO check box.
7 Click OK.
8 Click Build.
What to do next
Place the WinPE image in the location required by your integration platform. If you do not know the
location, please see the documentation provided by your platform.
Manually Insert the Guest Agent into a WinPE Image
You do not have to use the vRealize Automation PEBuilder to create your WinPE. However, if you do not
use the PEBuilder you must manually insert the vRealize Automation guest agent into your WinPE image.
Prerequisites
n
Select a Windows system from which the staging area you prepared is accessible and on which .NET
4.5 and Windows Automated Installation Kit (AIK) for Windows 7 (including WinPE 3.0) are installed.
n
Create a WinPE.
VMware, Inc. 58
IaaS Configuration for Cloud Platforms
Procedure
1 Install the Guest Agent in a WinPE
If you choose not to use the vRealize Automation PEBuilder to create you WinPE, you must install
PEBuilder to manually copy the guest agent files to your WinPE image.
2 Configure the doagent.bat File
If you choose not to use the vRealize Automation PEBuilder, you must manually configure the
doagent.bat file.
3 Configure the doagentc.bat File
If you choose not to use the vRealize Automation PEBuilder, you must manually configure the
doagentc.bat file.
4 Configure the Guest Agent Properties Files
If you choose not to use the vRealize Automation PEBuilder, you must manually configure the guest
agent properties files.
Install the Guest Agent in a WinPE
If you choose not to use the vRealize Automation PEBuilder to create you WinPE, you must install
PEBuilder to manually copy the guest agent files to your WinPE image.
PEBuilder has a 32 bit guest agent. If you need to run commands specific to 64 bit, install PEBuilder and
then get the 64 bit files from the GugentZipx64.zip file.
Prerequisites
n
Select a Windows system from which the staging area you prepared is accessible and on which .NET
4.5 and Windows Automated Installation Kit (AIK) for Windows 7 (including WinPE 3.0) are installed.
n
Create a WinPE.
Procedure
1 Navigate to the vCloud Automation Center Appliance management console installation page.
For example: https://vcac-hostname.domain.name:5480/installer/.
2 Download the PEBuilder.
3 (Optional) Download the Windows 64-bit guest agent package if you want to include the Windows 64-
bit guest agent in your WinPE instead of the Windows 32-bit guest agent.
4 Execute vCAC-WinPEBuilder-Setup.exe.
5 Deselect both Plugins and PEBuilder.
6 Expand Plugins and select VRMAgent.
7 Follow the prompts to complete the installation.
8 (Optional) After installation is complete, replace the Windows 32-bit guest agent files located in \PE
Builder\Plugins\VRM Agent\VRMGuestAgent with the 64-bit files to include the 64-bit agent in
your WinPE.
VMware, Inc. 59
IaaS Configuration for Cloud Platforms
9 Copy the contents of %SystemDrive%\Program Files (x86)\VMware\PE Builder\Plugins\VRM
Agent\VRMGuestAgent to a new location within your WinPE Image.
For example: C:\Program Files (x86)\VMware\PE Builder\Plugins\VRM
Agent\VRMGuestAgent.
Configure the doagent.bat File
If you choose not to use the vRealize Automation PEBuilder, you must manually configure the
doagent.bat file.
Prerequisites
Install the Guest Agent in a WinPE.
Procedure
1 Navigate to the VRMGuestAgent directory within your WinPE Image.
For example: C:\Program Files (x86)\VMware\PE Builder\Plugins\VRM
Agent\VRMGuestAgent.
2 Make a copy of the file doagent-template.bat and name it doagent.bat.
3 Open doagent.bat in a text editor.
4 Replace all instances of the string #Dcac Hostname# with the fully qualified domain name and port
number of the IaaS Manager Service host.
Option Description
If you are using a load balancer Enter the fully qualified domain name and port of the load balancer for the IaaS
Manager Service. For example,
manager_service_LB.mycompany.com:443
With no load balancer Enter the fully qualified domain name and port of the machine on which the IaaS
Manager Service is installed. For example,
manager_service.mycompany.com:443
5 Replace all instances of the string #Protocol# with the string /ssl.
6 Replace all instances of the string #Comment# with REM (REM must be followed by a trailing space).
7 (Optional) If you are using self-signed certificates, uncomment the openSSL command.
echo QUIT | c:\VRMGuestAgent\bin\openssl s_client –connect
8 Save and close the file.
9 Edit the Startnet.cmd script for your WinPE to include the doagent.bat as a custom script.
VMware, Inc. 60
IaaS Configuration for Cloud Platforms
Configure the doagentc.bat File
If you choose not to use the vRealize Automation PEBuilder, you must manually configure the
doagentc.bat file.
Prerequisites
Configure the doagent.bat File.
Procedure
1 Navigate to the VRMGuestAgent directory within your WinPE Image.
For example: C:\Program Files (x86)\VMware\PE Builder\Plugins\VRM
Agent\VRMGuestAgent.
2 Make a copy of the file doagentsvc-template.bat and name it doagentc.bat.
3 Open doagentc.bat in a text editor.
4 Remove all instance of the string #Comment#.
5 Replace all instances of the string #Dcac Hostname# with the fully qualified domain name and port
number of the Manager Service host.
The default port for the Manager Service is 443.
Option Description
If you are using a load balancer Enter the fully qualified domain name and port of the load balancer for the
Manager Service. For example,
load_balancer_manager_service.mycompany.com:443
With no load balancer Enter the fully qualified domain name and port of the Manager Service. For
example,
manager_service.mycompany.com:443
6 Replace all instances of the string #errorlevel# with the character 1.
7 Replace all instances of the string #Protocol# with the string /ssl.
8 Save and close the file.
Configure the Guest Agent Properties Files
If you choose not to use the vRealize Automation PEBuilder, you must manually configure the guest
agent properties files.
Prerequisites
Configure the doagentc.bat File.
VMware, Inc. 61
IaaS Configuration for Cloud Platforms
Procedure
1 Navigate to the VRMGuestAgent directory within your WinPE Image.
For example: C:\Program Files (x86)\VMware\PE Builder\Plugins\VRM
Agent\VRMGuestAgent.
2 Make a copy of the file gugent.properties and name it gugent.properties.template.
3 Make a copy of the file gugent.properties.template and name it gugentc.properties.
4 Open gugent.properties in a text editor.
5 Replace all instances of the string GuestAgent.log the string
X:/VRMGuestAgent/GuestAgent.log.
6 Save and close the file.
7 Open gugentc.properties in a text editor.
8 Replace all instances of the string GuestAgent.log the string
C:/VRMGuestAgent/GuestAgent.log.
9 Save and close the file.
VMware, Inc. 62

Creating a Cloud Blueprint 4

Machine blueprints determine the attributes of the machine, the manner in which it is provisioned, and its
policy and management settings. A tenant administrator or business group manager creates blueprints for
provisioning machines.
This chapter includes the following topics:
n

Choosing a Blueprint Scenario

n
Create an Amazon AWS Blueprint
n
Create a Basic Red Hat OpenStack Blueprint
n
Create a Red Hat OpenStack Blueprint for Linux Kickstart Provisioning
n
Create an OpenStack Blueprint for WIM Provisioning
n
Publish a Blueprint
Choosing a Blueprint Scenario
Depending on your environment and the methods of provisioning your fabric administrators have
prepared, there are several procedures available to create the blueprint for your needs.
Unless otherwise noted in the Choosing a Blueprint Scenario table, all of these provisioning methods
require preparation by your fabric administrators before you can create a blueprint and provision
machines. Please contact your fabric administrators to determine which provisioning methods they have
prepared for you.
Table 41. Choosing a Blueprint Scenario
Supported
Scenario
Launch an instance from an Amazon
Machine Image.
Launch an instance from a virtual machine
image.
VMware, Inc. 63
Platforms Procedure Custom Properties
Amazon AWS Create an Amazon AWS
Blueprint
Red Hat
OpenStack
Create a Basic Red Hat
OpenStack Blueprint
No custom properties are
required. A load balancer can be
configured before or after install.
No custom properties are
required.
IaaS Configuration for Cloud Platforms
Table 41. Choosing a Blueprint Scenario (Continued)
Supported
Scenario
Platforms Procedure Custom Properties
Provision a machine by booting from an
ISO image, using a kickstart or autoYaSt
configuration file and a Linux distribution
image to install the operating system on
the machine.
Provision a machine by booting into a
WinPE environment and installing an
operating system using a Windows
Imaging File Format (WIM) image of an
existing Windows reference machine.
Red Hat
OpenStack
Red Hat
OpenStack
Create a Red Hat OpenStack
Blueprint for Linux Kickstart
Provisioning
Create an OpenStack Blueprint
for WIM Provisioning
Custom Properties for Linux
Kickstart Blueprints
Custom Properties for WIM
Blueprints

Create an Amazon AWS Blueprint

Machine blueprints determine the attributes of the machine, the manner in which it is provisioned, and its
policy and management settings. A tenant administrator or business group manager creates a blueprint
for provisioning machines.
Prerequisites
Log in to the vRealize Automation console as a tenant administrator or business group manager.
Procedure
1 Specify Amazon AWS Blueprint Information
Tenant administrators or business group managers use blueprint information settings to control who
can access a blueprint, how many machines they can provision with it, and daily costs.
2 Specify Amazon AWS Blueprint Build Information
Tenant administrators or business group managers use build information settings to determine how
a machine is provisioned.
3 Configure Amazon Machine Resources
Machine resource settings control the resources consumed by a machine provisioned by using your
blueprint.
4 Add Amazon AWS Blueprint Custom Properties
Adding custom properties to a blueprint gives you detailed control over provisioned machines.
5 Configure Amazon AWS Blueprint Actions
Tenant administrators or business group managers use blueprint actions and entitlements to
maintain detailed control over provisioned machines.
What to do next
The blueprint is not available as a catalog item until you publish it. See Publish a Blueprint.
VMware, Inc. 64
IaaS Configuration for Cloud Platforms

Specify Amazon AWS Blueprint Information

Tenant administrators or business group managers use blueprint information settings to control who can
access a blueprint, how many machines they can provision with it, and daily costs.
Prerequisites
Log in to the vRealize Automation console as a tenant administrator or business group manager.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Select New Blueprint > Cloud > Amazon EC2.
3 Enter a name and, optionally, a description.
4 (Optional) Select the Master check box to allow users to copy your blueprint.
5 Select the Display location on request check box to prompt users to select a location when they
submit a machine request.
This option enables users to select a region into which to provision the requested machine.
6 Select who can provision machines with this blueprint.
Roles Who Can Provision
If you are both a business group
manager and a tenant administrator
Business group manager Select a business group from the Business group drop-down menu.
Tenant administrator Your blueprints are always shared. You cannot choose who can use them to
n
Select the Shared blueprint check box to allow the blueprint to be entitled to
users in any business group.
n
Deselect the Shared blueprint check box to create a local blueprint, and
select a business group from the Business group drop-down menu.
provision machines.
7 (Optional) Select a reservation policy from the Reservation policy drop-down menu.
This option requires additional configuration by a fabric administrator to create a reservation policy.
8 Select a machine prefix from the Machine prefix drop-down menu.
You can select Use group default to accept the default machine prefix business group for the user.
9 (Optional) Enter a number in the Maximum per user text box to limit the number of machines that a
single user can provision with this blueprint.
10 Set the daily cost of the machine by typing the amount in the Cost (daily) text box.
Your blueprint is not finished. Do not navigate away from this page.
VMware, Inc. 65
IaaS Configuration for Cloud Platforms

Specify Amazon AWS Blueprint Build Information

Tenant administrators or business group managers use build information settings to determine how a
machine is provisioned.
Prerequisites
Specify Amazon AWS Blueprint Information.
Procedure
1 Click the Build Information tab.
2 Select whether machines provisioned from this blueprint are classified as Desktop or Server from the
Blueprint type drop-down menu.
This information is for record-keeping and licensing purposes only.
3 Select CloudProvisioningWorkflow from the Provisioning workflow drop-down menu.
4 Click the Browse icon next to the Amazon machine image text box.
5 Select an Amazon machine image from the list.
6 Click OK.
7 Select a key pair generation method from the Key pair drop-down menu.
Option Description
Not Specified Select to control key pair behavior at the reservation level rather than the
blueprint level.
Auto Generated per Business Group Each machine provisioned in the same business group has the same key pair. If
you delete the business group, its key pair is also deleted.
Auto Generated per Machine Each machine has a unique key pair.
8 (Optional) Select the Enable Amazon network options on machine check box to allow users to
choose whether to provision a machine in a virtual private cloud (VPC) or non-VPC location when
they submit the request.
Your blueprint is not finished. Do not navigate away from this page.
Configure Amazon Machine Resources
Machine resource settings control the resources consumed by a machine provisioned by using your
blueprint.
You cannot add or edit Amazon instance types after you create the blueprint.
Prerequisites
Specify Amazon AWS Blueprint Build Information.
VMware, Inc. 66
IaaS Configuration for Cloud Platforms
Procedure
1 Select one or more Instance types check boxes to select one or more Amazon instance types that
users can select from when they submit a machine request.
Selecting one or more instance types updates values in the # CPUs, Memory, and Storage (GB) text
boxes. Review the minimum and maximum machine resource values and adjust your instance type
selections as desired.
2 (Optional) Specify the EBS storage settings for provisioned machines.
a Enter the minimum amount of storage in the Minimum text box.
If you only provide a minimum, this number becomes the value for all machines provisioned from
this blueprint.
b (Optional) Enter the maximum amount of storage in the Maximum text box to allow users to
select their own settings within the range that you provide.
3 (Optional) Specify the lease settings for provisioned machines, or leave blank for no expiration date.
a Enter the minimum number of lease days in the Minimum text box.
If you only provide a minimum, this number becomes the value for all machines provisioned from
this blueprint.
b (Optional) Enter the maximum number of lease days in the Maximum text box to allow users to
select their own settings within the range that you provide.
Your blueprint is not finished. Do not navigate away from this page.

Add Amazon AWS Blueprint Custom Properties

Adding custom properties to a blueprint gives you detailed control over provisioned machines.
For information about custom properties for Amazon, see Custom Properties Reference.
Prerequisites
Configure Amazon Machine Resources.
Procedure
1 Click the Properties tab.
2 (Optional) Select one or more build profiles from the Build profiles menu.
Build profiles contain groups of custom properties. Fabric administrators can create build profiles.
3 (Optional) Add any custom properties to your blueprint.
a Click New Property.
b Enter the custom property in the Name text box.
c Enter the value of the custom property in the Value text box.
VMware, Inc. 67
IaaS Configuration for Cloud Platforms
d (Optional) Select the Encrypted check box to encrypt the custom property in the database.
e (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
f
Click the Save icon ( ).
Your blueprint is not finished. Do not navigate away from this page.
Configure Amazon AWS Blueprint Actions
Tenant administrators or business group managers use blueprint actions and entitlements to maintain
detailed control over provisioned machines.
Entitlements control which machine operations specific users can access. Blueprint actions control which
machine operations can be performed on machines provisioned from a blueprint. For example, if you
disable the option to reprovision machines created from a blueprint, then the option to reprovision a
machine created from the blueprint does not appear for any users. If you enable the reprovision machine
operation, then users who are entitled to reprovision machines can reprovision machines created from
this blueprint.
Note The options that appear on the Actions tab depend on your platform and any customizations
made to your vRealize Automation instance.
Prerequisites
Add Amazon AWS Blueprint Custom Properties.
Procedure
1 Click the Actions tab.
2 (Optional) Select the check boxes for each machine option to enable for machines provisioned from
this blueprint.
3 Click OK.
Your blueprint is saved in draft state.
What to do next
Publish your blueprint to make it available as a catalog item. See Publish a Blueprint.
VMware, Inc. 68
IaaS Configuration for Cloud Platforms

Create a Basic Red Hat OpenStack Blueprint

Machine blueprints determine the attributes of the machine, the manner in which it is provisioned, and its
policy and management settings. A tenant administrator or business group manager creates a blueprint
for provisioning machines.
Prerequisites
Log in to the vRealize Automation console as a tenant administrator or business group manager.
Procedure
1 Specify Basic Red Hat OpenStack Blueprint Information
Blueprint information settings control who can access a blueprint, how many machines they can
provision with it, and the daily cost.
2 Specify Basic Red Hat OpenStack Blueprint Build Information
Build information settings determine how a machine is provisioned and control the resources
consumed by a machine provisioned from your blueprint.
3 Add Basic Red Hat OpenStack Blueprint Custom Properties
Adding custom properties to a blueprint gives you detailed control over provisioned machines.
4 Configure Basic Red Hat OpenStack Blueprint Actions
Use blueprint actions and entitlements together to maintain detailed control over provisioned
machines.
What to do next
The blueprint is not available as a catalog item until you publish it. See Publish a Blueprint.

Specify Basic Red Hat OpenStack Blueprint Information

Blueprint information settings control who can access a blueprint, how many machines they can provision
with it, and the daily cost.
Prerequisites
Log in to the vRealize Automation console as a tenant administrator or business group manager.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Select New Blueprint > Cloud > OpenStack.
3 Enter a name and, optionally, a description.
4 (Optional) Select the Master check box to allow users to copy your blueprint.
VMware, Inc. 69
IaaS Configuration for Cloud Platforms
5 Select the Display location on request check box to prompt users to select a location when they
submit a machine request.
This option enables users to select a region into which to provision the requested machine.
6 Select who can provision machines with this blueprint.
Roles Who Can Provision
If you are both a business group
manager and a tenant administrator
Business group manager Select a business group from the Business group drop-down menu.
Tenant administrator Your blueprints are always shared. You cannot choose who can use them to
n
Select the Shared blueprint check box to allow the blueprint to be entitled to
users in any business group.
n
Deselect the Shared blueprint check box to create a local blueprint, and
select a business group from the Business group drop-down menu.
provision machines.
7 (Optional) Select a reservation policy from the Reservation policy drop-down menu.
This option requires additional configuration by a fabric administrator to create a reservation policy.
8 Select a machine prefix from the Machine prefix drop-down menu.
You can select Use group default to accept the default machine prefix business group for the user.
9 (Optional) Enter a number in the Maximum per user text box to limit the number of machines that a
single user can provision with this blueprint.
10 Set the daily cost of the machine by typing the amount in the Cost (daily) text box.
Your blueprint is not finished. Do not navigate away from this page.

Specify Basic Red Hat OpenStack Blueprint Build Information

Build information settings determine how a machine is provisioned and control the resources consumed
by a machine provisioned from your blueprint.
Prerequisites
Specify Basic Red Hat OpenStack Blueprint Information.
Procedure
1 Click the Build Information tab.
2 Select whether machines provisioned from this blueprint are classified as Desktop or Server from the
Blueprint type drop-down menu.
This information is for record-keeping and licensing purposes only.
3 Select CloudProvisioningWorkflow from the Provisioning workflow drop-down menu.
4 Click the Browse icon next to the OpenStack image text box.
VMware, Inc. 70
IaaS Configuration for Cloud Platforms
5 Select a virtual machine image from the list.
Important Ensure that you select an image that is appropriate for the workflow that you selected.
For example, only select kickstart images when you use the CloudLinuxKickstartWorkflow, and only
select WIM images when you use the CloudWIMImageWorkflow. Using an image with the wrong
workflow can result in a machine that appears to be successfully provisioned and ready to use when
it is actually waiting for input in the Red Hat OpenStack provider.
6 Click OK.
7 Select a key pair generation method from the Key pair drop-down menu.
Option Description
Not Specified Select to control key pair behavior at the reservation level rather than the
blueprint level.
Auto Generated per Business Group Each machine provisioned in the same business group has the same key pair. If
you delete the business group, its key pair is also deleted.
Auto Generated per Machine Each machine has a unique key pair.
If you select Not Specified in both the reservation and the blueprint, machines provisioned from this
blueprint have no key pair.
8 Select one or more Flavors check boxes to select one or more flavors that users can select from
when they submit a machine request.
Selecting one or more flavors updates values in the # CPUs, Memory, and Storage (GB) text boxes.
Review the minimum and maximum machine resource values and adjust your instance type
selections as desired.
9 (Optional) Specify the lease settings for provisioned machines, or leave blank for no expiration date.
a Enter the minimum number of lease days in the Minimum text box.
If you only provide a minimum, this number becomes the value for all machines provisioned from
this blueprint.
b (Optional) Enter the maximum number of lease days in the Maximum text box to allow users to
select their own settings within the range that you provide.
Your blueprint is not finished. Do not navigate away from this page.

Add Basic Red Hat OpenStack Blueprint Custom Properties

Adding custom properties to a blueprint gives you detailed control over provisioned machines.
Prerequisites
Specify Basic Red Hat OpenStack Blueprint Build Information.
Procedure
1 Click the Properties tab.
VMware, Inc. 71
IaaS Configuration for Cloud Platforms
2 (Optional) Select one or more build profiles from the Build profiles menu.
Build profiles contain groups of custom properties. Fabric administrators can create build profiles.
3 (Optional) Add any custom properties to your blueprint.
a Click New Property.
b Enter the custom property in the Name text box.
c Enter the value of the custom property in the Value text box.
d (Optional) Select the Encrypted check box to encrypt the custom property in the database.
e (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
f
Click the Save icon ( ).
Your blueprint is not finished. Do not navigate away from this page.
Configure Basic Red Hat OpenStack Blueprint Actions
Use blueprint actions and entitlements together to maintain detailed control over provisioned machines.
Entitlements control which machine operations specific users can access. Blueprint actions control which
machine operations can be performed on machines provisioned from a blueprint. For example, if you
disable the option to reprovision machines created from a blueprint, then the option to reprovision a
machine created from the blueprint does not appear for any users. If you enable the reprovision machine
operation, then users who are entitled to reprovision machines can reprovision machines created from
this blueprint.
Note The options that appear on the Actions tab depend on your platform and any customizations
made to your vRealize Automation instance.
Prerequisites
Add Basic Red Hat OpenStack Blueprint Custom Properties.
Procedure
1 Click the Actions tab.
2 (Optional) Select the check boxes for each machine option to enable for machines provisioned from
this blueprint.
3 Click OK.
Your blueprint is saved in draft state.
VMware, Inc. 72
IaaS Configuration for Cloud Platforms
What to do next
Publish your blueprint to make it available as a catalog item. See Publish a Blueprint.

Create a Red Hat OpenStack Blueprint for Linux Kickstart Provisioning

You can provision a machine by booting from an ISO image, then using a kickstart or autoYaSt
configuration file and a Linux distribution image to install the operating system on the machine.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Gather the following information from your fabric administrator:
a The name and location of the ISO image.
b For vCenter Server integrations, the vCenter Server guest operating system version with which
vCenter Server is to create the machine.
c (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to
provisioned machines.
Note Your fabric administrator might have provided this information in a build profile.
Procedure
1 Specify Linux Kickstart Blueprint Information
Blueprint information settings control who can access a blueprint, how many machines they can
provision with it, and how long to archive a machine after the lease period is over.
2 Specify Linux Kickstart Blueprint Build Information
The build information settings determine how a machine is provisioned.
3 Add Required Properties to a Linux Kickstart Blueprint
There are a number of custom properties that are required for Linux Kickstart provisioning.
4 Configure Linux Kickstart Blueprint Actions
Use blueprint actions and entitlements together to maintain detailed control over provisioned
machines.
What to do next
The blueprint is not available as a catalog item until you publish it. See Publish a Blueprint.

Specify Linux Kickstart Blueprint Information

Blueprint information settings control who can access a blueprint, how many machines they can provision
with it, and how long to archive a machine after the lease period is over.
VMware, Inc. 73
IaaS Configuration for Cloud Platforms
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Gather the following information from your fabric administrator:
a The name and location of the ISO image.
b For vCenter Server integrations, the vCenter Server guest operating system version with which
vCenter Server is to create the machine.
c (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to
provisioned machines.
Note Your fabric administrator might have provided this information in a build profile.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Select New Blueprint > Cloud > OpenStack.
3 Enter a name and, optionally, a description.
4 (Optional) Select the Master check box to allow users to copy your blueprint.
5 Select the Display location on request check box to prompt users to select a location when they
submit a machine request.
This option enables users to select a region into which to provision the requested machine.
6 Select who can provision machines with this blueprint.
Roles Who Can Provision
If you are both a business group
manager and a tenant administrator
Business group manager Select a business group from the Business group drop-down menu.
Tenant administrator Your blueprints are always shared. You cannot choose who can use them to
n
Select the Shared blueprint check box to allow the blueprint to be entitled to
users in any business group.
n
Deselect the Shared blueprint check box to create a local blueprint, and
select a business group from the Business group drop-down menu.
provision machines.
7 (Optional) Select a reservation policy from the Reservation policy drop-down menu.
This option requires additional configuration by a fabric administrator to create a reservation policy.
8 Select a machine prefix from the Machine prefix drop-down menu.
You can select Use group default to accept the default machine prefix business group for the user.
9 (Optional) Enter a number in the Maximum per user text box to limit the number of machines that a
single user can provision with this blueprint.
10 Set the daily cost of the machine by typing the amount in the Cost (daily) text box.
Your blueprint is not finished. Do not navigate away from this page.
VMware, Inc. 74
IaaS Configuration for Cloud Platforms

Specify Linux Kickstart Blueprint Build Information

The build information settings determine how a machine is provisioned.
Prerequisites
Specify Linux Kickstart Blueprint Information.
Procedure
1 Click the Build Information tab.
2 Select whether machines provisioned from this blueprint are classified as Desktop or Server from the
Blueprint type drop-down menu.
This information is for record-keeping and licensing purposes only.
3 Select CloudLinuxKickstartWorkflow from the Provisioning workflow drop-down menu.
4 Click the Browse icon next to the OpenStack image text box.
5 Select a virtual machine image from the list.
Important Ensure that you select an image that is appropriate for the workflow that you selected.
For example, only select kickstart images when you use the CloudLinuxKickstartWorkflow, and only
select WIM images when you use the CloudWIMImageWorkflow. Using an image with the wrong
workflow can result in a machine that appears to be successfully provisioned and ready to use when
it is actually waiting for input in the Red Hat OpenStack provider.
6 Click OK.
7 Select a key pair generation method from the Key pair drop-down menu.
Option Description
Not Specified Select to control key pair behavior at the reservation level rather than the
blueprint level.
Auto Generated per Business Group Each machine provisioned in the same business group has the same key pair. If
you delete the business group, its key pair is also deleted.
Auto Generated per Machine Each machine has a unique key pair.
If you select Not Specified in both the reservation and the blueprint, machines provisioned from this
blueprint have no key pair.
8 Select one or more Flavors check boxes to select one or more flavors that users can select from
when they submit a machine request.
Selecting one or more flavors updates values in the # CPUs, Memory, and Storage (GB) text boxes.
Review the minimum and maximum machine resource values and adjust your instance type
selections as desired.
VMware, Inc. 75
IaaS Configuration for Cloud Platforms
9 (Optional) Specify the lease settings for provisioned machines, or leave blank for no expiration date.
a Enter the minimum number of lease days in the Minimum text box.
If you only provide a minimum, this number becomes the value for all machines provisioned from
this blueprint.
b (Optional) Enter the maximum number of lease days in the Maximum text box to allow users to
select their own settings within the range that you provide.
Your blueprint is not finished. Do not navigate away from this page.

Add Required Properties to a Linux Kickstart Blueprint

There are a number of custom properties that are required for Linux Kickstart provisioning.
Note If your fabric administrator creates a build profile that contains the required custom properties and
you include it in your blueprint, you do not need to individually add the required custom properties to the
blueprint.
For a list of commonly used custom properties for Linux Kickstart provisioning, see Custom Properties for
Linux Kickstart Blueprints.
Prerequisites
Specify Linux Kickstart Blueprint Build Information.
Procedure
1 Click the Properties tab.
2 (Optional) Select one or more build profiles from the Build profiles menu.
Build profiles contain groups of custom properties. Fabric administrators can create build profiles.
3 Add the ISO name custom property.
a Click New Property.
b Type Image.ISO.Name in the Name text box.
c Type the name or location of the ISO image that your fabric administrator provided for you in the
Value text box.
Option Description
vCenter Server The path to the ISO, including the name. The value must use forward slashes.
Hyper-V The full local path to the ISO file, including the file name.
XenServer The name of the ISO file.
d (Optional) Select the Encrypted check box to encrypt the custom property in the database.
VMware, Inc. 76
IaaS Configuration for Cloud Platforms
e (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
f
Click the Save icon ( ).
4 Add the ISO location custom property.
This custom property is not required for Hyper-V integrations. The name and location are both
specified in the ISO name custom property.
a Click New Property.
b Type Image.ISO.Location in the Name text box.
c Type the location of the ISO image that your fabric administrator provided for you in the Value
text box.
d
Click the Save icon ( ).
Your blueprint is not finished. Do not navigate away from this page.
Custom Properties for Linux Kickstart Blueprints
vRealize Automation includes custom properties that you can use to provide additional controls for Linux
Kickstart blueprints.
Certain vRealize Automation custom properties are required to use with Linux Kickstart blueprints.
VMware, Inc. 77
IaaS Configuration for Cloud Platforms
Table 42. Required Custom Properties for Linux Kickstart Blueprints
Custom Property Description
VMware.VirtualCenter.OperatingSystem
Image.ISO.Location
Image.ISO.Name
Specifies the vCenter Server guest operating system version
(VirtualMachineGuestOsIdentifier) with which
vCenter Server creates the machine. This operating system
version must match the operating system version to be installed
on the provisioned machine. Administrators can create property
groups using one of several property sets, for example,
VMware[OS_Version]Properties, that are predefined to
include the correct VMware.VirtualCenter.OperatingSystem
values. This property is for virtual provisioning.
For related information, see the enumeration type
VirtualMachineGuestOsIdentifier in vSphere API/SDK
Documentation. For a list of currently accepted values, see the
VMware vCenter Server™ documentation.
Values for this property are case sensitive. Specifies the location
of the ISO image from which to boot, for example
http://192.168.2.100/site2/winpe.iso. The format of this value
depends on your platform. For details, see documentation
provided for your platform. This property is required for WIM-
based provisioning, Linux Kickstart and autoYaST provisioning,
and SCCM-based provisioning.
Values for this property are case sensitive. Specifies the name
of the ISO image from which to boot, for
example /ISO/Microsoft/WinPE.iso. The format of this value
depends on your platform. For details, see documentation
provided for your platform. This property is required for WIM-
based provisioning, Linux Kickstart and autoYaST provisioning,
and SCCM-based provisioning.
Image.ISO.UserName
Image.ISO.Password
Optional custom properties are available.
Specifies the user name to access the CIFS share in the format username@domain. For Dell iDRAC integrations where the
image is located on a CIFS share that requires authentication to
access.
Specifies the password associated with the
Image.ISO.UserName property. For Dell iDRAC integrations
where the image is located on a CIFS share that requires
authentication to access.
VMware, Inc. 78
IaaS Configuration for Cloud Platforms
Table 43. Optional Custom Properties for Linux Kickstart Blueprints
Custom Property Description
VirtualMachine.Admin.ThinProvision
Machine.SSH
Determines whether thin provisioning is used on ESX compute
resources using local or iSCSI storage. Set to True to use thin
provisioning. Set to False to use standard provisioning. This
property is for virtual provisioning.
Set to True to enable the Connect Using SSH option, on the
vRealize Automation Items page, for Linux machines
provisioned from this blueprint. If set to True and the Connect
using RDP or SSH machine operation is enabled in the
blueprint, all Linux machines that are provisioned from the
blueprint display the Connect Using SSH option to entitled
users.
Configure Linux Kickstart Blueprint Actions
Use blueprint actions and entitlements together to maintain detailed control over provisioned machines.
Entitlements control which machine operations specific users can access. Blueprint actions control which
machine operations can be performed on machines provisioned from a blueprint. For example, if you
disable the option to reprovision machines created from a blueprint, then the option to reprovision a
machine created from the blueprint does not appear for any users. If you enable the reprovision machine
operation, then users who are entitled to reprovision machines can reprovision machines created from
this blueprint.
Note The options that appear on the Actions tab depend on your platform and any customizations
made to your vRealize Automation instance.
Prerequisites
Add Required Properties to a Linux Kickstart Blueprint.
Procedure
1 Click the Actions tab.
2 (Optional) Select the check boxes for each machine option to enable for machines provisioned from
this blueprint.
3 Click OK.
Your blueprint is saved in draft state.
What to do next
Publish your blueprint to make it available as a catalog item. See Publish a Blueprint.
VMware, Inc. 79
IaaS Configuration for Cloud Platforms

Create an OpenStack Blueprint for WIM Provisioning

You can provision a machine by booting into a WinPE environment and then installing an operating
system using a Windows Imaging File Format (WIM) image of an existing Windows reference machine.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Gather the following information from your fabric administrator:
a The name and location of the WinPE ISO image.
b The name of the WIM file, the UNC path to the WIM file, and the index used to extract the desired
image from the WIM file.
c The user name and password under which to map the WIM image path to a network drive on the
provisioned machine.
d (Optional) If you do not want to accept the default, K, the drive letter to which the WIM image path
is mapped on the provisioned machine.
e For vCenter Server integrations, the vCenter Server guest operating system version with which
vCenter Server is to create the machine.
f (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to
provisioned machines.
Note Your fabric administrator might have provided this information in a build profile.
Procedure
1 Specify WIM Blueprint Information
Blueprint information settings control who can access a blueprint, how many machines they can
provision with it, and how long to archive a machine after the lease period is over.
2 Specify WIM Blueprint Build Information
The build information settings determine how a machine is provisioned.
3 Add Required Properties to a WIM Blueprint
There are a number of custom properties that are required for WIM provisioning.
4 Configure WIM Blueprint Actions
Use blueprint actions and entitlements together to maintain detailed control over provisioned
machines.
What to do next
The blueprint is not available as a catalog item until you publish it. See Publish a Blueprint.
VMware, Inc. 80
IaaS Configuration for Cloud Platforms

Specify WIM Blueprint Information

Blueprint information settings control who can access a blueprint, how many machines they can provision
with it, and how long to archive a machine after the lease period is over.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Gather the following information from your fabric administrator:
a The name and location of the WinPE ISO image.
b The name of the WIM file, the UNC path to the WIM file, and the index used to extract the desired
image from the WIM file.
c The user name and password under which to map the WIM image path to a network drive on the
provisioned machine.
d (Optional) If you do not want to accept the default, K, the drive letter to which the WIM image path
is mapped on the provisioned machine.
e For vCenter Server integrations, the vCenter Server guest operating system version with which
vCenter Server is to create the machine.
f (Optional) For SCVMM integrations, the ISO, virtual hard disk, or hardware profile to attach to
provisioned machines.
Note Your fabric administrator might have provided this information in a build profile.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Select New Blueprint > Cloud > OpenStack.
3 Enter a name and, optionally, a description.
4 (Optional) Select the Master check box to allow users to copy your blueprint.
5 (Optional) Select the Display location on request check box to prompt users to choose a datacenter
location when they submit a machine request.
This option requires additional configuration to add datacenter locations and associate compute
resources with those locations.
VMware, Inc. 81
IaaS Configuration for Cloud Platforms
6 Select who can provision machines with this blueprint.
Roles Who Can Provision
If you are both a business group
manager and a tenant administrator
Business group manager Select a business group from the Business group drop-down menu.
Tenant administrator Your blueprints are always shared. You cannot choose who can use them to
n
Select the Shared blueprint check box to allow the blueprint to be entitled to
users in any business group.
n
Deselect the Shared blueprint check box to create a local blueprint, and
select a business group from the Business group drop-down menu.
provision machines.
7 (Optional) Select a reservation policy from the Reservation policy drop-down menu.
This option requires additional configuration by a fabric administrator to create a reservation policy.
8 Select a machine prefix from the Machine prefix drop-down menu.
You can select Use group default to accept the default machine prefix business group for the user.
9 (Optional) Enter a number in the Maximum per user text box to limit the number of machines that a
single user can provision with this blueprint.
10 Set the daily cost of the machine by typing the amount in the Cost (daily) text box.
Your blueprint is not finished. Do not navigate away from this page.

Specify WIM Blueprint Build Information

The build information settings determine how a machine is provisioned.
Prerequisites
Specify WIM Blueprint Information.
Procedure
1 Click the Build Information tab.
2 Select whether machines provisioned from this blueprint are classified as Desktop or Server from the
Blueprint type drop-down menu.
This information is for record-keeping and licensing purposes only.
3 Select CloudWIMImageWorkflow from the Provisioning workflow drop-down menu.
4 Click the Browse icon next to the OpenStack image text box.
VMware, Inc. 82
IaaS Configuration for Cloud Platforms
5 Select a virtual machine image from the list.
Important Ensure that you select an image that is appropriate for the workflow that you selected.
For example, only select kickstart images when you use the CloudLinuxKickstartWorkflow, and only
select WIM images when you use the CloudWIMImageWorkflow. Using an image with the wrong
workflow can result in a machine that appears to be successfully provisioned and ready to use when
it is actually waiting for input in the Red Hat OpenStack provider.
6 Click OK.
7 Select a key pair generation method from the Key pair drop-down menu.
Option Description
Not Specified Select to control key pair behavior at the reservation level rather than the
blueprint level.
Auto Generated per Business Group Each machine provisioned in the same business group has the same key pair. If
you delete the business group, its key pair is also deleted.
Auto Generated per Machine Each machine has a unique key pair.
If you select Not Specified in both the reservation and the blueprint, machines provisioned from this
blueprint have no key pair.
8 Select one or more Flavors check boxes to select one or more flavors that users can select from
when they submit a machine request.
Selecting one or more flavors updates values in the # CPUs, Memory, and Storage (GB) text boxes.
Review the minimum and maximum machine resource values and adjust your instance type
selections as desired.
9 (Optional) Specify the lease settings for provisioned machines, or leave blank for no expiration date.
a Enter the minimum number of lease days in the Minimum text box.
If you only provide a minimum, this number becomes the value for all machines provisioned from
this blueprint.
b (Optional) Enter the maximum number of lease days in the Maximum text box to allow users to
select their own settings within the range that you provide.
Your blueprint is not finished. Do not navigate away from this page.

Add Required Properties to a WIM Blueprint

There are a number of custom properties that are required for WIM provisioning.
Note If your fabric administrator creates a build profile that contains the required custom properties and
you include it in your blueprint, you do not need to individually add the required custom properties to the
blueprint.
For a list of custom properties commonly used with WIM provisioning, see Custom Properties for WIM
Blueprints.
VMware, Inc. 83
IaaS Configuration for Cloud Platforms
Prerequisites
Specify WIM Blueprint Build Information.
Procedure
1 Click the Properties tab.
2 (Optional) Select one or more build profiles from the Build profiles menu.
Build profiles contain groups of custom properties. Fabric administrators can create build profiles.
3 Add the ISO name custom property.
a Click New Property.
b Enter Image.ISO.Name in the Name text box.
c Enter the location of the ISO image that your fabric administrator provided for you in the Value
text box.
The value of Image.ISO.Name is case sensitive.
Option Description
vCenter Server The path to the WinPE ISO, including the name. The value must use forward
slashes, for example: /MyISOs/Microsoft/MSDN/win2003.iso.
Hyper-V The full local path to the WinPE ISO file, including the file name.
XenServer The name of the WinPE ISO file.
d (Optional) Select the Encrypted check box to encrypt the custom property in the database.
e (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
f
Click the Save icon (
).
4 Add the remaining required custom properties for WIM provisioning.
Option Description
Image.ISO.Location
Image.WIM.Path
Image.WIM.Name
Image.WIM.Index
Enter the location of the ISO image that your fabric administrator provided for you
in the Value text box. This custom property is case sensitive. For Hyper-V
integrations, this custom property is not required because the name and location
are both specified in the ISO name custom property.
Enter the UNC path to the WIM file that your fabric administrator provided for you
in the Value text box.
Enter the name of the WIM file that your fabric administrator provided for you in
the Value text box.
Enter the index to be used to extract the desired image from the WIM file that
your fabric administrator provided for you in the Value text box.
VMware, Inc. 84
IaaS Configuration for Cloud Platforms
Option Description
Image.Network.User
Image.Network.Password
VirtualMachine.Admin.Password
Enter the user name under which to map the WIM image path (Image.WIM.Path)
to a network drive on the machine in the Value text box.
Enter the associated password for the network user (Image.Network.User) in
the Value text box.
Enter the password to use for the administrator account on the provisioned
machine.
Your blueprint is not finished. Do not navigate away from this page.
Custom Properties for WIM Blueprints
vRealize Automation includes custom properties that provide additional controls for WIM blueprints.
Certain vRealize Automation custom properties are required for WIM blueprints.
Table 44. Required Custom Properties for WIM Blueprints
Custom Property Description
Image.ISO.Location
Image.ISO.Name
Image.ISO.UserName
Image.ISO.Password
Image.Network.Letter
Values for this property are case sensitive. Specifies the location
of the ISO image from which to boot, for example
http://192.168.2.100/site2/winpe.iso. The format of this value
depends on your platform. For details, see documentation
provided for your platform. This property is required for WIM-
based provisioning, Linux Kickstart and autoYaST provisioning,
and SCCM-based provisioning.
Values for this property are case sensitive. Specifies the name
of the ISO image from which to boot, for
example /ISO/Microsoft/WinPE.iso. The format of this value
depends on your platform. For details, see documentation
provided for your platform. This property is required for WIM-
based provisioning, Linux Kickstart and autoYaST provisioning,
and SCCM-based provisioning.
Specifies the user name to access the CIFS share in the format username@domain. For Dell iDRAC integrations where the
image is located on a CIFS share that requires authentication to
access.
Specifies the password associated with the
Image.ISO.UserName property. For Dell iDRAC integrations
where the image is located on a CIFS share that requires
authentication to access.
Specifies the drive letter to which the WIM image path is
mapped on the provisioned machine. The default value is K.
Image.WIM.Path
Image.WIM.Name
Image.WIM.Index
VMware, Inc. 85
Specifies the UNC path to the WIM file from which an image is
extracted during WIM-based provisioning. The path format is \\server\share$ format, for example \\lab-ad\dfs$.
Specifies the name of the WIM file, for example win2k8.wim, as
located by the Image.WIM.Path property.
Specifies the index used to extract the correct image from the
WIM file.
IaaS Configuration for Cloud Platforms
Table 44. Required Custom Properties for WIM Blueprints (Continued)
Custom Property Description
Image.Network.User
Image.Network.Password
VMware.VirtualCenter.OperatingSystem
Specifies the user name with which to map the WIM image path
(Image.WIM.Path) to a network drive on the provisioned
machine. This is typically a domain account with access to the
network share.
Specifies the password associated with the
Image.Network.User property.
Specifies the vCenter Server guest operating system version
(VirtualMachineGuestOsIdentifier) with which
vCenter Server creates the machine. This operating system
version must match the operating system version to be installed
on the provisioned machine. Administrators can create property
groups using one of several property sets, for example,
VMware[OS_Version]Properties, that are predefined to
include the correct VMware.VirtualCenter.OperatingSystem
values. This property is for virtual provisioning.
For related information, see the enumeration type
VirtualMachineGuestOsIdentifier in vSphere API/SDK
Documentation. For a list of currently accepted values, see the
VMware vCenter Server™ documentation.
Optional custom properties are also available for WIM blueprints.
VMware, Inc. 86
IaaS Configuration for Cloud Platforms
Table 45. Common Custom Properties for WIM Blueprints
Custom Property Description
SysPrep.Section.Key
n
SysPrep.GuiUnattended.AdminPassword
n
SysPrep.GuiUnattended.EncryptedAdminPassword
n
SysPrep.GuiUnattended.TimeZone
Specifies information to be added to the SysPrep answer file on
machines during the WinPE stage of provisioning. Information
that already exists in the SysPrep answer file is overwritten by these custom properties. Section represents the name of the
section of the SysPrep answer file, for example GuiUnattended or UserData. Key represents a key name in the section. For
example, to set the time zone of a provisioned machine to West
Pacific Standard Time, define the custom property
GuiUnattended.UserData.TimeZone and set the value to 275.
For a full list of sections, keys, and accepted values, see the
System Preparation Utility for Windows documentation.
The following Section.Key combinations can be specified for
WIM-based provisioning:
n
GuiUnattended
n
AdminPassword
n
EncryptedAdminPassword
n
TimeZone
n
UserData
n
ProductKey
n
FullName
n
ComputerName
n
OrgName
n
Identification
n
DomainAdmin
n
DomainAdminPassword
n
JoinDomain
n
JoinWorkgroup
Sysprep.Identification.DomainAdmin
Sysprep.Identification.DomainAdminPassword
Sysprep.Identification.JoinDomain
Sysprep.Identification.JoinWorkgroup
SysPrep.UserData.ComputerName
SysPrep.UserData.FullName
SysPrep.UserData.OrgName
SysPrep.UserData.ProductKey
VirtualMachine.Admin.ThinProvision
Specifies a user name with administrator-level access to the
target domain in Active Directory. Do not include the user
domain in the credentials that you send to vCloud Director.
Specifies the password to associate with the
Sysprep.Identification.DomainAdmin property.
Specifies the name of the domain to join in Active Directory.
Specifies the name of the workgroup to join if not using a
domain.
Specifies a machine name, for example lab-client005.
Specifies the full name of a user.
Specifies the organization name of the user.
Specifies the Windows product key.
Determines whether thin provisioning is used on ESX compute
resources using local or iSCSI storage. Set to True to use thin
provisioning. Set to False to use standard provisioning. This
property is for virtual provisioning.
VMware, Inc. 87
IaaS Configuration for Cloud Platforms
Configure WIM Blueprint Actions
Use blueprint actions and entitlements together to maintain detailed control over provisioned machines.
Entitlements control which machine operations specific users can access. Blueprint actions control which
machine operations can be performed on machines provisioned from a blueprint. For example, if you
disable the option to reprovision machines created from a blueprint, then the option to reprovision a
machine created from the blueprint does not appear for any users. If you enable the reprovision machine
operation, then users who are entitled to reprovision machines can reprovision machines created from
this blueprint.
Note The options that appear on the Actions tab depend on your platform and any customizations
made to your vRealize Automation instance.
Prerequisites
Add Required Properties to a WIM Blueprint.
Procedure
1 Click the Actions tab.
2 (Optional) Select the check boxes for each machine option to enable for machines provisioned from
this blueprint.
3 Click OK.
Your blueprint is saved in draft state.
What to do next
Publish your blueprint to make it available as a catalog item. See Publish a Blueprint.

Publish a Blueprint

Blueprints are saved in the draft state and must be manually published before you can configure them as
catalog items.
You need to publish a blueprint only once. Any changes you make to a published blueprint are
automatically reflected in the catalog.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Create a blueprint.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Point to the blueprint to publish and click Publish from the drop-down menu.
VMware, Inc. 88
IaaS Configuration for Cloud Platforms
3 Click OK.
Your blueprint is now ready for tenant administrators, business group managers, and service architects to
associate it with a catalog service and entitle users to request it from the catalog.
What to do next
For information about how to configure and manage the catalog, see Tenant Administration.
VMware, Inc. 89
Configuring Advanced Blueprint
Settings 5
Tenant administrators and business group managers can use custom properties and optional policies to
configure advanced blueprint settings such as reservation policies, Visual Basic scripts, and Active
Directory cleanup.
This chapter includes the following topics:
n

Reservation Policies

n
Configuring Network Settings
n
Enabling Visual Basic Scripts in Provisioning
n
Add Active Directory Cleanup to a Blueprint
n
Enabling Remote Desktop Connections
n
Enable Connections Using SSH
Reservation Policies
When a user requests a machine, it can be provisioned on any reservation of the appropriate type that
has sufficient capacity for the machine. You can apply a reservation policy to a blueprint to restrict the
machines provisioned from a that blueprint to a subset of available reservations.
Reservation policies provide an optional and helpful means of controlling how reservation requests are
processed. A reservation policy is often used to collect resources into groups for different service levels,
or to make a specific type of resource easily available for a particular purpose. The following scenarios
provide a few examples of possible uses for reservation policies:
n
To ensure that machines provisioned from a virtual blueprint are placed on reservations with storage
devices that support NetApp FlexClone
n
To restrict provisioning of cloud machines to a specific region containing a machine image that is
required for a specific blueprint
n
To restrict provisioning of Cisco UCS physical machines to reservations on endpoints on which the
selected service profile template and boot policy are available
n
As an additional means of using a Pay As You Go allocation model for vApps
You can add multiple reservations to a reservation policy, but a reservation can belong to only one policy.
You can assign a single reservation policy to more than one blueprint. A blueprint can have only one
reservation policy.
VMware, Inc.
90
IaaS Configuration for Cloud Platforms
A reservation policy can include reservations of different types, but only reservations that match the
blueprint type are considered when selecting a reservation for a particular request. For more information about how reservations are selected for provisioning a machine, see IaaS Configuration for Cloud Platforms, IaaS Configuration for Physical Machines, or IaaS Configuration for Virtual Platforms.
Note If you have SDRS enabled on your platform, you can allow SDRS to load balance storage for
individual virtual machine disks, or all storage for the virtual machine. If you are working with SDRS
datastore clusters, conflicts can occur when you use reservation policies and storage reservation policies.
For example, if a standalone datastore or a datastore within an SDRS cluster is selected on one of the
reservations in a policy or storage policy, your virtual machine storage might be frozen instead of driven
by SDRS.

Add a Reservation Policy to a Blueprint

When tenant administrators and business group managers create a new blueprint, the option to add a
reservation policy appears. To add a reservation policy to an existing blueprint, you edit the blueprint.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Verify that a fabric administrator configured a reservation policy. See Configure a Reservation Policy.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Point to the blueprint to edit.
3
Click the Edit icon ( ).
4 Select a Reservation policy from the Reservation policy drop-down menu.
5 Click OK.
The machines provisioned from your blueprint are now restricted to the resources specified in your
reservation policy.
Configuring Network Settings
You can also specify aspects of network configuration such as static IP address assignment, the networks
to which machines should be attached, and other networking details.
By default, vCloud Automation Center uses DHCP to assign IP addresses to provisioned machines. For
cloud and virtual machines provisioned by using cloning or Linux kickstart/autoYaST provisioning, it is
possible to assign static IP addresses from a predefined range. Static IP address assignment can be
configured either at the reservation level or at the blueprint level.
Note This information does not apply to Amazon Web Services.
VMware, Inc. 91
IaaS Configuration for Cloud Platforms
Add a Network Profile for Static IP Assignment to a Blueprint
Tenant administrators and business group managers can configure static IP assignment at the blueprint
level.
Note This information does not apply to Amazon Web Services.
For a list of custom properties related to networking, see Custom Properties for Networking.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
A fabric administrator must Create a Network Profile for Static IP Address Assignment.
n
Create at least one blueprint that is eligible for static IP assignment. Static IP is supported with cloud
and virtual machines provisioned by cloning or Linux kickstart/autoYaST. For SCVMM, you can only
use static IP addresses if you are cloning Linux machines and you installed the guest agent on your
template.
n
For vSphere clone blueprints, you must specify a valid customization specification on the Build
Information tab of the blueprint.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Point to the blueprint for which you want to enable static IP assignment and click Edit.
3 Click the Properties tab.
4 Specify a network profile to use for assigning static IP addresses to a network device on machines
provisioned from this blueprint.
a Click New Property.
b Type VirtualMachine.NetworkN.ProfileName in the Name text box, where N is the number of
the network device for which to enable static IP assignment.
For example: VirtualMachine.Network0.ProfileName.
c Type the name of the network profile that defines the static IP addresses that can be assigned to
the network device.
d (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
e
Click the Save icon (
).
Repeat this step to configure static IP assignment for additional network devices in this blueprint.
VMware, Inc. 92
IaaS Configuration for Cloud Platforms
5 Click OK.

Custom Properties for Networking

The vRealize Automation custom properties for networking specify configuration for a specific network
device on a machine.
Note This information does not apply to Amazon Web Services.
Network assignments are performed during machine allocation. vRealize Automation retrieves network
information from the blueprint. If you want to assign more than one network, use the VirtualMachine.NetworkN.Name custom property on your machine blueprint. If you do not provide
custom properties, allocation only assigns one network, which is picked using a round robin method in
conjunction with the selected reservation.
By default, a machine has one network device configured with the VirtualMachine.Network0.Name property. You can configure additional network devices by using the VirtualMachine.NetworkN.Name
custom property.
The numbering of network properties must be sequential, starting with 0. For example, if you specify
custom properties for only VirtualMachine.Network0 and VirtualMachine.Network2, the properties
for VirtualMachine.Network2 are ignored, because the preceding network,
VirtualMachine.Network1, was not specified.
Table 51. Custom Properties for Networking Configuration
Custom Property Description
VirtualMachine.NetworkN.Address Specifies the IP address of network device N in a machine
provisioned with a static IP address.
VirtualMachine.NetworkN.MacAddressType Indicates whether the MAC address of network device N is
generated or user-defined (static). This property is available for
cloning.
The default value is generated. If the value is static, you must also use VirtualMachine.NetworkN.MacAddress to specify
the MAC address.
VirtualMachine.NetworkN custom properties are designed to
be specific to individual blueprints and machines. When a
machine is requested, network and IP address allocation is
performed before the machine is assigned to a reservation.
Because blueprints are not guaranteed to be allocated to a
specific reservation, do not use this property on a reservation.
VMware, Inc. 93
IaaS Configuration for Cloud Platforms
Table 51. Custom Properties for Networking Configuration (Continued)
Custom Property Description
VirtualMachine.NetworkN.MacAddress Specifies the MAC address of a network device N. This property
is available for cloning.
If the value of VirtualMachine.NetworkN.MacAddressType is
generated, this property contains the generated address.
If the value of VirtualMachine.Network.N.MacAddressType
is static, this property specifies the MAC address. For virtual
machines provisioned on ESX server hosts, the address must
be in the range specified by VMware. For details, see vSphere
documentation.
VirtualMachine.NetworkN custom properties are designed to
be specific to individual blueprints and machines. When a
machine is requested, network and IP address allocation is
performed before the machine is assigned to a reservation.
Because blueprints are not guaranteed to be allocated to a
specific reservation, do not use this property on a reservation.
VirtualMachine.NetworkN.Name Specifies the name of the network to connect to, for example the
network device N to which a machine is attached.
By default, a network is assigned from the network paths
available on the reservation on which the machine is
provisioned.
You can ensure that a network device is connected to a specific
network by setting the value of this property to the name of a
network on an available reservation.
VirtualMachine.NetworkN custom properties are designed to
be specific to individual blueprints and machines. When a
machine is requested, network and IP address allocation is
performed before the machine is assigned to a reservation.
Because blueprints are not guaranteed to be allocated to a
specific reservation, do not use this property on a reservation.
You can add this property to a vApp (vCloud) blueprint or a vApp
(vCloud) Component blueprint.
VirtualMachine.NetworkN.PortID Specifies the port ID to use for network device N when using a
dvPort group with a vSphere distributed switch.
VirtualMachine.NetworkN custom properties are designed to
be specific to individual blueprints and machines. When a
machine is requested, network and IP address allocation is
performed before the machine is assigned to a reservation.
Because blueprints are not guaranteed to be allocated to a
specific reservation, do not use this property on a reservation.
VMware, Inc. 94
IaaS Configuration for Cloud Platforms
Table 51. Custom Properties for Networking Configuration (Continued)
Custom Property Description
VirtualMachine.NetworkN.ProfileName Specifies the name of a network profile from which to assign a
static IP address to network device Nor from which to obtain the
range of static IP addresses that can be assigned to network device N of a cloned machine, where N=0 for the first device, 1
for the second, and so on.
If a network profile is specified in the network path in the
reservation on which the machine is provisioned, a static IP
address is assigned from that network profile. You can ensure
that a static IP address is assigned from a specific profile by
setting the value of this property to the name of a network
profile.
n
VirtualMachine.NetworkN.SubnetMask
n
VirtualMachine.NetworkN.Gateway
n
VirtualMachine.NetworkN.PrimaryDns
n
VirtualMachine.NetworkN.SecondaryDns
n
VirtualMachine.NetworkN.PrimaryWins
n
VirtualMachine.NetworkN.SecondaryWins
n
VirtualMachine.NetworkN.DnsSuffix
n
VirtualMachine.NetworkN.DnsSearchSuffixes
Appending a name allows you to create multiple versions of a
custom property. For example, the following properties might list
load balancing pools set up for general use and machines with
high, moderate, and low performance requirements:
n
VCNS.LoadBalancerEdgePool.Names
n
VCNS.LoadBalancerEdgePool.Names.moderate
n
VCNS.LoadBalancerEdgePool.Names.high
n
VCNS.LoadBalancerEdgePool.Names.low
Note In a multi-machine service, this custom property is
supported only for VM components with Routed Virtual Wire. It is
also not supported for pre-defined static IP addresses for VM
components in the context of a multi-machine blueprint.
Configures attributes of the network profile specified in
VirtualMachine.NetworkN.ProfileName.
VCNS.LoadBalancerEdgePool.Names.name Specifies the vCloud Networking and Security load balancing
pools to which the virtual machine is assigned during
provisioning. The virtual machine is assigned to all service ports of all specified pools. The value is an edge/pool name or a list of edge/pool names separated by commas. Names are case-
sensitive.
Appending a name allows you to create multiple versions of a
custom property. For example, the following properties might list
load balancing pools set up for general use and machines with
high, moderate, and low performance requirements:
n
VCNS.LoadBalancerEdgePool.Names
n
VCNS.LoadBalancerEdgePool.Names.moderate
n
VCNS.LoadBalancerEdgePool.Names.high
n
VCNS.LoadBalancerEdgePool.Names.low
Note In a multi-machine service, this custom property is
supported only for VM components with Routed Virtual Wire. It is
also not supported for pre-defined static IP addresses for VM
components in the context of a multi-machine blueprint.
VMware, Inc. 95
IaaS Configuration for Cloud Platforms
Table 51. Custom Properties for Networking Configuration (Continued)
Custom Property Description
VCNS.SecurityGroup.Names.name Specifies the vCloud Networking and Security security group or
groups to which the virtual machine is assigned during
provisioning. The value is a security group name or a list of
names separated by commas. Names are case-sensitive.
Appending a name allows you to create multiple versions of the
property, which can be used separately or in combination. For
example, the following properties can list security groups
intended for general use, for the sales force, and for support:
n
VCNS.SecurityGroup.Names
n
VCNS.SecurityGroup.Names.sales
n
VCNS.SecurityGroup.Names.support
VCNS.SecurityTag.Names.name Specifies the vCloud Networking and Security security tag or
tags to which the virtual machine is associated during
provisioning. The value is a security tag name or a list of names
separated by commas. Names are case-sensitive.
Appending a name allows you to create multiple versions of the
property, which can be used separately or in combination. For
example, the following properties can list security tags intended
for general use, for the sales force, and for support:
n
VCNS.SecurityTag.Names
n
VCNS.SecurityTag.Names.sales
n
VCNS.SecurityTag.Names.support

Enabling Visual Basic Scripts in Provisioning

Visual Basic scripts are run outside of vRealize Automation as additional steps in the machine life cycle
and can be used to update the custom property values of machines. Visual Basic scripts can be used with
any provisioning method.
For example, you could use a script to generate certificates or security tokens before provisioning and
then use those certificates and tokens in provisioning a machine.
Note This information does not apply to Amazon Web Services.
When executing a Visual Basic script, the EPI agent passes all machine custom properties as arguments
to the script. To return updated property values to vRealize Automation, you must place these properties
in a dictionary and call a function provided by vRealize Automation.
The sample Visual Basic script PrePostProvisioningExample.vbs is included in the Scripts
subdirectory of the EPI agent installation directory. This script contains a header to load all arguments into
a dictionary, a body in which you can include your functions, and a footer to return updated custom
properties to vRealize Automation.
The following is a high-level overview of the steps required to use Visual Basic scripts in provisioning:
1 A system administrator installs and configures an EPI agent for Visual Basic scripts. See Installation
and Configuration.
VMware, Inc. 96
IaaS Configuration for Cloud Platforms
2 A system administrator creates Visual Basic scripts and places them on the system where the EPI
agent is installed.
3 Gather the following information for tenant administrators and business group managers for each
Visual Basic script:
n
The complete path to the Visual Basic script, including the filename and extension. For example,
%System Drive%Program Files (x86)\VMware\vCAC
Agents\EPI_Agents\Scripts\SendEmail.vbs.
Note A fabric administrator can create a build profile by using the property sets
ExternalPreProvisioningVbScript and ExternalPostProvisioningVbScript to provide this required
information. Doing so makes it easier for tenant administrators and business group managers to
include this information correctly in their blueprints.
4 Tenant administrators and business group managers use custom properties in their blueprints to call
the Visual Basic scripts.

Call a Visual Basic Script from a Blueprint

Tenant administrators and business group managers can call Visual Basic scripts to run outside of
vRealize Automation as additional steps in the machine life cycle and to update custom property values of
machines.
Note If your fabric administrator creates a build profile that contains the required custom properties and
you include it in your blueprint, you do not need to individually add the required custom properties to the
blueprint.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Gather the following information from your fabric administrator for each Visual Basic script:
n
The complete path to the Visual Basic script, including the filename and extension. For example,
%System Drive%Program Files (x86)\VMware\vCAC
Agents\EPI_Agents\Scripts\SendEmail.vbs.
Note Your fabric administrator might have provided this information in a build profile.
n
Create at least one blueprint.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Point to the blueprint to which you want to add Visual Basic scripts and click Edit.
3 Click the Properties tab.
4 (Optional) Select one or more build profiles from the Build profiles menu.
Build profiles contain groups of custom properties. Fabric administrators can create build profiles.
VMware, Inc. 97
IaaS Configuration for Cloud Platforms
5 Add the Visual Basic script custom properties.
a Click New Property.
b Type the Visual Basic script custom property name in the Name text box.
Option Description
VbScript.PreProvisioning.Name Runs the Visual Basic script before a machine is provisioned.
VbScript.PostProvisioning.Name Runs the Visual Basic script after a machine is provisioned.
VbScript.UnProvisioning.Name Runs the Visual Basic script when a provisioned machine is destroyed.
c Type the complete pathname, including filename and extension, to the Visual Basic script in the
Value text box.
For example, %SystemDrive%\Program Files (x86)\VMware\vCAC
Agents\EPI_Agent\Scripts\SendEmail.vbs.
d (Optional) Select the Encrypted check box to encrypt the custom property in the database.
e (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
f
Click the Save icon ( ).
6 Repeat to add multiple Visual Basic scripts to your blueprint.
7 Click OK.

Add Active Directory Cleanup to a Blueprint

Tenant administrators and business group managers configure the Active Directory Cleanup Plugin by
using a set of custom properties to specify actions to take in Active Directory when a machine is deleted
from a hypervisor.
Note If your fabric administrator creates a build profile that contains the required custom properties and
you include it in your blueprint, you do not need to individually add the required custom properties to the
blueprint.
Prerequisites
Note This information does not apply to Amazon Web Services.
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Gather the following information from your fabric administrator:
n
An Active Directory account user name and password with sufficient rights to delete, disable,
rename, or move AD accounts. The user name must be in domain\username format.
VMware, Inc. 98
IaaS Configuration for Cloud Platforms
n
(Optional) The name of the OU to which to move destroyed machines.
n
(Optional) The prefix to attach to destroyed machines.
Note Your fabric administrator might have provided this information in a build profile.
n
Create at least one blueprint.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Point to the blueprint to which you want to add the Active Directory Cleanup Plugin and click Edit.
3 Click the Properties tab.
4 (Optional) Select one or more build profiles from the Build profiles menu.
Build profiles contain groups of custom properties. Fabric administrators can create build profiles.
5 Enable the Active Directory Cleanup Plugin.
a Click New Property.
b Type Plugin.AdMachineCleanup.Execute in the Name text box.
c Type true in the Value text box.
d (Optional) Select the Encrypted check box to encrypt the custom property in the database.
e (Optional) Select the Prompt user check box to require the user to provide a value when they
request a machine.
If you choose to prompt users for a value, any value you provide for the custom property is
presented to them as the default. If you do not provide a default, users cannot continue with the
machine request until they provide a value for the custom property.
f
Click the Save icon (
).
6 Add the remaining Active Directory Cleanup Plugin custom properties.
Option Description and Value
Plugin.AdMachineCleanup.UserName
Plugin.AdMachineCleanup.Password
Plugin.AdMachineCleanup.Delete
Plugin.AdMachineCleanup.MoveToOu
Plugin.AdMachineCleanup.RenamePre
fix
Type the Active Directory account user name in the Value text box. This user
must have sufficient privileges to delete, disable, move, and rename Active
Directory accounts. The user name must be in the format domain\username.
Type the password for the Active Directory account user name in the Value text
box.
Set to True to delete the accounts of destroyed machines, instead of disabling
them.
Moves the account of destroyed machines to a new Active Directory
organizational unit. The value is the organization unit to which you are moving the account. This value must be in ou=OU, dc=dc format, for example
ou=trash,cn=computers,dc=lab,dc=local.
Renames the accounts of destroyed machines by adding a prefix. The value is
the prefix string to prepend, for example destroyed_.
VMware, Inc. 99
IaaS Configuration for Cloud Platforms
7 Click OK.

Enabling Remote Desktop Connections

A system administrator can create a custom remote desktop protocol file that tenant administrators and
business group managers use in blueprints to configure RDP settings.
The following high-level overview is the sequence of tasks required to enable machine users to connect
using RDP.
1 A system administrator creates a custom RDP file and places it in the Website\Rdp subdirectory of
the vRealize Automation installation directory. Provide fabric administrators, tenant administrators,
and business group managers with the full pathname for the custom RDP file so that it can be
included in blueprints.
2 (Optional) A fabric administrator creates a build profile using the property set
RemoteDesktopProtocolProperties to compile RDP custom properties and values for tenant
administrators and business group managers to include in their blueprints.
3 A tenant administrator or business group manager adds the RDP custom properties to a blueprint to
configure the RDP settings of machines provisioned from the blueprint.
4 A tenant administrator or business group manager enables the Connect using RDP or SSH option in
a blueprint.
5 A tenant administrator or business group manager entitles users or groups to use the Connect using
RDP or SSH option. See Tenant Administration.
Configure Connections Using RDP
Tenant administrators and business group managers can use custom properties to configure RDP
settings.
Note If your fabric administrator creates a build profile that contains the required custom properties and
you include it in your blueprint, you do not need to individually add the required custom properties to the
blueprint.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator or business group manager.
n
Create at least one blueprint.
Procedure
1 Select Infrastructure > Blueprints > Blueprints.
2 Point to the blueprint to change and click Edit.
3 Click the Properties tab.
4 (Optional) Select one or more build profiles from the Build profiles menu.
Build profiles contain groups of custom properties. Fabric administrators can create build profiles.
VMware, Inc. 100
Loading...