VMware vRealize Automation - 6.2 User Manual
IaaS Configuration for
Cloud Platforms
vRealize Automation 6.2
IaaS Configuration for Cloud Platforms
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
docfeedback@vmware.com
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Copyright © 2008–2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc. 2
Contents
IaaS Configuration for Cloud Platforms 6
Updated Information 6
Using the Goal Navigator 7
Configuring IaaS 8
1
Configuring IaaS for Cloud Checklist 8
Custom Properties in Machine Provisioning, Blueprints, and Build Profiles 9
Order of Precedence for Custom Properties 10
Bringing Resources Under vRealize Automation Management 11
Store User Credentials for Cloud Endpoints 12
Choosing an Endpoint Scenario 12
Create an Amazon AWS Endpoint 13
Create an OpenStack or PowerVC Endpoint 14
Preparing an Endpoint CSV File for Import 15
Import a List of Endpoints 16
Create a Fabric Group 17
Configure Machine Prefixes 18
Create a Business Group 19
Managing Key Pairs 20
Create a Key Pair 20
Upload the Private Key for a Key Pair 21
Export the Private Key from a Key Pair 21
Cloud Reservations 22
Cloud Reservation Selection 22
Choosing a Reservation Scenario 23
Create an Amazon AWS Reservation (non-VPC) 23
Create an Amazon AWS Reservation (VPC) 26
Create a Red Hat OpenStack Reservation 29
VMware, Inc.
Optional Configurations 33
2
Build Profiles and Property Sets 33
Create a Property Set 34
Create a Build Profile 35
Configuring Reservation Policies 37
Configure a Reservation Policy 37
Static IP Address Assignment 39
Create a Network Profile for Static IP Address Assignment 39
Assign a Network Profile to a Reservation 41
3
IaaS Configuration for Cloud Platforms
Cost Information for Cloud Machines 42
Using Optional Amazon Features 43
Using Security Groups for Amazon Web Services 43
Understanding Amazon Web Service Regions 43
Using Virtual Private Cloud 44
Using Elastic Load Balancers 44
Using Elastic IP Addresses 44
Using Elastic Block Storage 45
Using Optional Red Hat OpenStack Features 46
Using Security Groups 46
Using Floating IP Addresses 46
Preparing for Provisioning 47
3
Choosing a Cloud Provisioning Scenario 47
Preparing for Amazon Provisioning 47
Understanding Amazon Machine Images 48
Understanding Amazon Instance Types 49
Add an Amazon Instance Type 49
Preparing for OpenStack Provisioning 50
Preparing for Virtual Machine Image Provisioning 50
Preparing for Linux Kickstart Provisioning 51
Preparing for WIM Provisioning 53
Creating a Cloud Blueprint 63
4
Choosing a Blueprint Scenario 63
Create an Amazon AWS Blueprint 64
Specify Amazon AWS Blueprint Information 65
Specify Amazon AWS Blueprint Build Information 66
Configure Amazon Machine Resources 66
Add Amazon AWS Blueprint Custom Properties 67
Configure Amazon AWS Blueprint Actions 68
Create a Basic Red Hat OpenStack Blueprint 69
Specify Basic Red Hat OpenStack Blueprint Information 69
Specify Basic Red Hat OpenStack Blueprint Build Information 70
Add Basic Red Hat OpenStack Blueprint Custom Properties 71
Configure Basic Red Hat OpenStack Blueprint Actions 72
Create a Red Hat OpenStack Blueprint for Linux Kickstart Provisioning 73
Specify Linux Kickstart Blueprint Information 73
Specify Linux Kickstart Blueprint Build Information 75
Add Required Properties to a Linux Kickstart Blueprint 76
Configure Linux Kickstart Blueprint Actions 79
VMware, Inc. 4
IaaS Configuration for Cloud Platforms
Create an OpenStack Blueprint for WIM Provisioning 80
Specify WIM Blueprint Information 81
Specify WIM Blueprint Build Information 82
Add Required Properties to a WIM Blueprint 83
Configure WIM Blueprint Actions 88
Publish a Blueprint 88
Configuring Advanced Blueprint Settings 90
5
Reservation Policies 90
Add a Reservation Policy to a Blueprint 91
Configuring Network Settings 91
Add a Network Profile for Static IP Assignment to a Blueprint 92
Custom Properties for Networking 93
Enabling Visual Basic Scripts in Provisioning 96
Call a Visual Basic Script from a Blueprint 97
Add Active Directory Cleanup to a Blueprint 98
Enabling Remote Desktop Connections 100
Configure Connections Using RDP 100
Enable Connections Using RDP 101
Enable Connections Using SSH 102
Managing Cloud Infrastructure 104
6
Managing Resource Usage 104
Resource Usage Terminology 104
Choosing a Resource Monitoring Scenario 105
Data Collection 106
Start Endpoint Data Collection Manually 107
Configure Compute Resource Data Collection 107
Manage Amazon EBS Volumes 109
Connecting to a Cloud Machine 109
Collect User Credentials for an Amazon Machine 110
Monitoring Workflows and Viewing Logs 112
7
Machine Life Cycle and Workflow States for Cloud Platforms 113
8
VMware, Inc. 5
IaaS Configuration for Cloud Platforms
IaaS Configuration for Cloud Platforms provides information about integrating cloud platforms such as
Amazon Web Services and Red Hat Enterprise Linux OpenStack Platform with
VMware vRealize ™ Automation.
This documentation guides you through the following processes:
n
Bringing resources under vCloud Automation Center management
n
Configuring IaaS features and policies
n
Preparing for provisioning
n
Creating machine blueprints
All of the IaaS configuration steps that you must complete before machine provisioning are included in
this document. For information about how to manage provisioned machines, see Tenant Administration.
Note Not all features and capabilities of vRealize Automation are available in all editions. For a
comparison of feature sets in each edition, see https://www.vmware.com/products/vrealize-automation/.
Intended Audience
This information is intended for IaaS administrators, fabric administrators, and business group managers
of vRealize Automation. This content is written for experienced Windows or Linux system administrators
who are familiar with virtualization technology and the basic concepts described in Foundations and
Concepts.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For
definitions of terms as they are used in VMware technical documentation, go to
http://www.vmware.com/support/pubs.
Updated Information
This IaaS Configuration for Cloud Platforms is updated with each release of the product or when
necessary.
This table provides the update history of the IaaS Configuration for Cloud Platforms.
VMware, Inc.
6
IaaS Configuration for Cloud Platforms
Revision Description
001644-04
001644-03 Updated the following topics:
001644-02 Updated Add Amazon AWS Blueprint Custom Properties.
001644-01 Updated the following topics regarding Amazon instance types:
001644-00 Initial 6.2 release.
n
Updates to Create an OpenStack or PowerVC Endpoint.
n
Update to clarify static IP for SCVMM is only supported for cloning Linux machines, and only if the guest agent is
installed on your templates. See Add a Network Profile for Static IP Assignment to a Blueprint.
n
Add Required Properties to a WIM Blueprint
n
Custom Properties for WIM Blueprints
n
Preparing for Amazon Provisioning
n
Understanding Amazon Instance Types
n
Configure Amazon Machine Resources
Using the Goal Navigator
The goal navigator guides you through high-level goals that you might want to accomplish in
vRealize Automation.
The goals you can achieve depend on your role. To complete each goal, you must complete a sequence
of steps that are presented on separate pages in the vRealize Automation console.
The goal navigator can answer the following questions:
n
Where do I start?
n
What are all the steps I need to complete to achieve a goal?
n
What are the prerequisites for completing a particular task?
n
Why do I need to do this step and how does this step help me achieve my goal?
The goal navigator is hidden by default. You can expand the goal navigator by clicking the icon on the left
side of the screen.
After you select a goal, you navigate between the pages needed to accomplish the goal by clicking each
step. The goal navigator does not validate that you completed a step, or force you to complete steps in a
particular order. The steps are listed in the recommended sequence. You can return to each goal as many
times as needed.
For each step, the goal navigator provides a description of the task you need to perform on the
corresponding page. The goal navigator does not provide detailed information such as how to complete
the forms on a page. You can hide the page information or move it to a more convenient position on the
page. If you hide the page information, you can display it again by clicking the information icon on the
goal navigator panel.
VMware, Inc. 7
Configuring IaaS 1
Preparation is required by IaaS administrators, tenant administrators, and fabric administrators to bring
resources under vRealize Automation management, allocate resources to users, prepare for provisioning
machines, and create machine blueprints.
This chapter includes the following topics:
n
Configuring IaaS for Cloud Checklist
n
Custom Properties in Machine Provisioning, Blueprints, and Build Profiles
n
Bringing Resources Under vRealize Automation Management
n
Configure Machine Prefixes
n
Create a Business Group
n
Managing Key Pairs
n
Cloud Reservations
Configuring IaaS for Cloud Checklist
IaaS administrators, fabric administrators, tenant administrators, and business group managers perform
required and optional configurations to fully implement and customize vRealize Automation.
The Configuring IaaS Checklist provides a high-level overview of the sequence of steps required to have
a fully functioning IaaS instance.
Table 1‑1. Configuring IaaS checklist
Task Required Role
Store credentials and create endpoints to bring resources under vRealize Automation
management.
See Bringing Resources Under vRealize Automation Management.
Configure the machine prefixes used to create names for machines provisioned through
vRealize Automation.
See Configure Machine Prefixes.
Create at least one business group of users who need to request machines.
See Create a Business Group.
VMware, Inc. 8
IaaS administrator
Fabric administrator
Tenant administrator
IaaS Configuration for Cloud Platforms
Table 1‑1. Configuring IaaS checklist (Continued)
Task Required Role
Create at least one reservation to allocate resources to a business group.
See Choosing a Reservation Scenario.
Configure optional policies and settings.
See Chapter 2 Optional Configurations.
Depending on your intended method of provisioning, preparation outside of
vRealize Automation might be required before you can start creating machine blueprints. For
example, you might need to create the machine images required for your blueprints.
See Choosing a Cloud Provisioning Scenario.
Create and publish machine blueprints.
See Choosing a Blueprint Scenario.
Fabric administrator
Fabric administrator
Outside of vRealize Automation
n
Tenant administrator
n
Business group manager
Before users can request machines, a tenant administrator must configure the service catalog. See
Tenant Administration.
Custom Properties in Machine Provisioning, Blueprints,
and Build Profiles
Custom properties are name-value pairs used to specify attributes of a machine or to override default
specifications.
Different custom properties are used for different provisioning methods, types of machines, and machine
options. Custom properties can be used as described in the following examples:
n
Specify a particular type of guest OS
n
Enable WIM-based provisioning, in which a Windows Imaging File Format (WIM) image of a
reference machine is used to provision new machines
n
Customize the behavior of Remote Desktop Protocol when connecting to a machine
n
Register a virtual machine with a XenDesktop Desktop Delivery Controller (DDC) server
n
Customize a virtual machine’s system specifications, such as adding multiple hard disk drives
n
Customize the guest OS for a machine, for instance, by including specified users in selected local
groups
n
Enable cleanup of a the Active Directory account of a machine after it is destroyed
Specifying the characteristics of the machines to be provisioned is generally done by adding properties to
blueprints and build profiles. You can make custom properties available to multiple blueprints and all
business groups by placing them in build profiles.
Any property specified in a blueprint overrides the same property specified in the incorporated build
profile. This enables a blueprint to use most of the properties in a profile while differing from the profile in
some limited way. For more information, see Order of Precedence for Custom Properties..
VMware, Inc. 9
IaaS Configuration for Cloud Platforms
For example, a blueprint that incorporates a standard developer workstation profile might override the US
English settings in the profile with UK English settings. On the other hand, if no appropriate profile is
available all the needed properties can be specified in the blueprint itself. This arrangement ensures that
the number and complexity of blueprints remain manageable.
At new machine request time, vRealize Automation has not yet allocated a reservation and the compute
resource and endpoint are unknown as well. Therefore, only custom properties from a build profile,
blueprint and business group are reconciled and presented when the machine is requested.
Order of Precedence for Custom Properties
When the same property exists in more than one source, a specific order is followed when applying
properties to the machine.
You can add custom properties that apply to provisioned machines to the following elements:
n
A reservation, to apply the custom properties to all machines provisioned from that reservation
n
A business group, to apply the custom properties to all machines provisioned by business group
members
n
A global or local blueprint, to apply the custom properties to all machines provisioned from the
blueprint
n
Build profiles, which can be incorporated into any global or local blueprint, to apply the custom
properties to all machines provisioned from the blueprint
n
A machine request, if you are a business group manager, to apply the custom properties to the
machine being provisioned
n
The applicable approval policy, if any exist and if advanced approval support is enabled, to require
approvers to provide the values to be applied to the machine being approved
The full order of precedence for custom properties is that any property value specified in a source later in
the list overrides values for the same property specified in sources earlier in the list. The order is shown in
the following list:
1 Build profile
2 Blueprint
3 Business group
4 Compute resource
5 Reservations
6 Endpoint
7 Runtime
For vApps, the order is similar, as shown in the following list:
1 Build profile, specified on a vApp component blueprint
2 vApp component blueprint
VMware, Inc. 10
IaaS Configuration for Cloud Platforms
3 Build profile, specified on a vApp blueprint
4 vApp blueprint
5 Business group
6 Compute resources
7 Reservations
8 Endpoint
9 Runtime specified on a vApp
10 Runtime specified on a component machine
Any runtime property takes higher precedence and overrides a property from any source. A custom
property is marked as runtime if the following conditions exist:
n
The property is marked as Prompt User, which specifies that the user must supply a value for it when
requesting a machine. This requires that the machine requestor customize individual characteristics
of each machine, or gives them the option of doing so when a default value is provided for the
required property.
n
A business group manager is requesting a machine and the property appears in the custom
properties list on the Properties tab of the Confirm Machine Request page.
Custom properties in reservations and business groups may be applied to many machines so they should
be used carefully. Their use is typically limited to purposes related to their sources, such as resource
management, line of business accounting, and so on. Specifying the characteristics of the machine to be
provisioned is generally done by adding properties to blueprints and build profiles.
Each blueprint of any type can optionally incorporate one or more build profiles and thereby inherit the
custom properties in those profiles. Build profiles are especially useful for applying common sets of
properties for specific purposes to a wide range of blueprints. For example, your site might want to add a
second disk to, customize Microsoft Remote Desktop Protocol behavior for, and enable Active Directory
cleanup for a wide variety of machines. If a build profile with the necessary properties is created, it can be
incorporated into all of your blueprints, local or global.
When creating and managing build profiles, a fabric administrator can load a number of predefined
property sets to add several related properties all at once, instead of one by one.
Bringing Resources Under vRealize Automation Management
For vRealize Automation to manage your infrastructure, IaaS administrators must create endpoints, store
administrator-level user credentials for those endpoints, and add compute resources to a fabric group.
Depending on your environment, the procedure for creating endpoints and storing credentials differs
slightly.
VMware, Inc. 11
IaaS Configuration for Cloud Platforms
For cloud platforms, compute resources represent regions rather than specific virtualization hosts.
vRealize Automation collects information about the regions available on each cloud endpoint and an IaaS
administrator can add the regions to a fabric group.
Store User Credentials for Cloud Endpoints
An IaaS administrator stores administrator-level credentials so that vRealize Automation can
communicate with your cloud endpoints. Because the same credentials can be used for multiple
endpoints, credentials are managed separately from endpoints and associated when endpoints are
created or edited.
Prerequisites
Log in to the vRealize Automation console as an IaaS administrator.
Procedure
1 Select Infrastructure > Endpoints > Credentials.
2 Click New Credentials.
3 Enter a name and, optionally, a description.
4 Type the credentials in the User name and Password text boxes.
Cloud Platform Description
Amazon AWS Type the access key ID into the User name text box and the Secret access key
into the Password text boxes.
For example:
n
User name: AKIAIOSFODNN7EXAMPLE
n
Password: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
For information about obtaining your access key ID and secret access key, see
the Amazon documentation.
Red Hat OpenStack Type the user name and password for Red Hat OpenStack user account.
The credentials you provide must be a user in the Red Hat OpenStack tenant
associated with the endpoint. If you have multiple Red Hat OpenStack endpoints
associated with different Red Hat OpenStack tenants, you can store the
credentials for a single user who is an administrator in all the tenants, or separate
administrator users for each Red Hat OpenStack tenant.
5
Click the Save icon (
What to do next
).
Now that your credentials are stored, you are ready to create an endpoint.
Choosing an Endpoint Scenario
IaaS administrators are responsible for creating the endpoints that allow vRealize Automation to
communicate with your infrastructure. Depending on your environment, the procedure to create the
endpoints differs slightly.
VMware, Inc. 12
IaaS Configuration for Cloud Platforms
Table 1‑2. Choosing an Endpoint Scenario
Scenario Procedure
Connect to an Amazon AWS cloud service account. Create an Amazon AWS Endpoint
Connect to a Red Hat OpenStack tenant. Create an OpenStack or PowerVC Endpoint
Connect to a PowerVC tenant. Create an OpenStack or PowerVC Endpoint
Import a list of endpoints.
n
Preparing an Endpoint CSV File for Import
n
Import a List of Endpoints
Create an Amazon AWS Endpoint
An IaaS administrator creates an endpoint to connect to an Amazon Web Services instance.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Store User Credentials for Cloud Endpoints.
Procedure
1 Select Infrastructure > Endpoints > Endpoints.
2 Select New Endpoint > Cloud > Amazon EC2.
3 Enter a name and, optionally, a description.
Typically this name indicates the Amazon Web Services account that corresponds to this endpoint.
4 Select the Credentials for the endpoint.
Only one endpoint can be associated with an Amazon access key ID.
5 (Optional) Click the Use proxy server check mark box to configure additional security and force
connections to Amazon Web Services to pass through a proxy server.
a Type the host name of your proxy server in the Hostname text box.
b Type the port number to use for connecting to the proxy server in the Port text box.
c (Optional) Click the Browse icon next to the Credentials text box.
Select or create credentials that represent the user name and password for the proxy server, if
required by the proxy configuration.
6 (Optional) Add any custom properties.
7 Click OK.
After the endpoint is created, vRealize Automation begins collecting data from the Amazon Web Services
regions.
What to do next
Add the compute resources from your endpoint to a fabric group.
VMware, Inc. 13
IaaS Configuration for Cloud Platforms
See Create a Fabric Group.
Create an OpenStack or PowerVC Endpoint
An IaaS administrator creates an endpoint to allow vRealize Automation to communicate with your
OpenStack or PowerVC instance.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Store User Credentials for Cloud Endpoints.
n
Verify that your vRealize Automation DEMs are installed on a machine that meets the Openstack or
PowerVC requirements. See Installation and Configuration.
Procedure
1 Select Infrastructure > Endpoints > Endpoints.
2 Select New Endpoint > Cloud > OpenStack.
3 Enter a name and, optionally, a description.
4 Type the URL for the endpoint in the Address text box.
Option Description
PowerVC The URL must be of the format https://FQDN/powervc/openstack/service.
For example:
https://openstack.mycompany.com/powervc/openstack/admin.
Openstack The URL must be of the format FQDN:5000 or IP_address:5000. Do not include
the /v2.0 suffix in the endpoint address. For example:
https://openstack.mycompany.com:5000.
5 Select the Credentials for the endpoint.
The credentials you provide must have the administrator role in the Red Hat OpenStack tenant
associated with the endpoint.
6 Type a Red Hat OpenStack tenant name in the OpenStack project text box.
If you set up multiple endpoints with different Red Hat OpenStack tenants, create reservation policies
for each tenant. This ensures that machines are provisioned to the appropriate tenant resources.
7 (Optional) Add any custom properties.
8 Click OK.
What to do next
Add the compute resources from your endpoint to a fabric group.
See Create a Fabric Group.
VMware, Inc. 14
IaaS Configuration for Cloud Platforms
Custom Properties for Openstack Endpoints
vRealize Automation includes custom properties you might want to use when you configure your
Openstack endpoints in vRealize Automation.
Table 1‑3. Custom Properties for Openstack Endpoints
Custom Property Description
VirtualMachine.Admin.ConnectAddress.Regex
VirtualMachine.NetworkN.AddressM Defines additional M IP address allocated for an Openstack
VMware.Endpoint.Openstack.IdentityProvider.Version
Used by a vRealize Automation administrator to define a regular
expression to match an IP address for terminal connections,
such as an RDP connection. If matched, the IP address is saved
under the VirtualMachine.Admin.ConnectAddress custom
property. Otherwise, the first available IP address is designated.
For example, setting the property value to 10.10.0. allows
selection of an IP address from a 10.10.0.* subnet that is
assigned to the virtual machine. If the subnet has not been
assigned, the property is ignored.
This property is available for use with Openstack.
instance for network N, excluding the IP address set specified
by the VirtualMachine.NetworkN.Address. property.
Additional addresses are displayed on the Network tab in the
Additional Addresses column.
This property is used by Openstack machine state data
collection.
While this property is only data-collected by the OpenStack
endpoint, it is not specific to OpenStack and can be used for
lifecycle extensibility by other endpoint types.
For 6.2.4 and 6.2.5, specifies the version of Openstack Identity
provider (Keystone) to use when authenticating an Openstack
endpoint. Configure a value of 3 to authenticate with Keystone
version 3 OpenStack Identity Provider. If you use any other
value, or do not use this custom property, authentication defaults
to Keystone version 2.
VMware.Endpoint.Openstack.Release
Specifies the OpenStack release, for example Havana or
Icehouse, when creating an OpenStack endpoint. Required for
6.2.1, 6.2.2, and 6.2.3 OpenStack provisioning. Deprecated as
of 6.2.4.
Preparing an Endpoint CSV File for Import
Instead of adding endpoints one at a time by using the vRealize Automation console, you can import a list
of endpoints of various types by uploading a CSV file.
The CSV file must contain a header row with the expected fields. Fields are case sensitive and must be in
a specific order. You can upload multiple endpoints of varying types with the same CSV file. For
vCloud Director, system administrator accounts are imported, rather than organization administrator
endpoints.
VMware, Inc. 15
IaaS Configuration for Cloud Platforms
Table 1‑4. CSV File Fields and Their Order for Importing Endpoints
Field Description
InterfaceType
Address
Credentials
Name
Description
(Required)
You can upload multiple types of endpoints in a single file.
n
AmazonEC2
n
Openstack
n
vCloud
n
vCO
n
CiscoUCS
n
DellIdrac
n
HPIlo
n
NetAppOnTap
n
SCVMM
n
KVM
n
vSphere
(Required for all interface types except Amazon AWS) URL for the endpoint. For information
about the required format for your platform type, see the appropriate procedure to create an
endpoint for your platform.
(Required) Name you gave the user credentials when you stored them in vRealize Automation.
(Required) Provide a name for the endpoint. For RedHat Openstack, the address is used as the
default name.
(Optional) Provide a description for the endpoint.
DataCenter
Row
Rack
OpenstackProject
(Optional) For physical machines, you can provide the datacenter where the machine is located.
(Optional) For physical machines, you can provide the row where the machine is located.
(Optional) For physical machines, you can provide the rack where the machine is located.
(Required for RedHat Openstack only) Provide the tenant name for the endpoint.
Import a List of Endpoints
Importing a CSV file of endpoints can be more efficient than adding endpoints one at a time by using the
vRealize Automation console.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Store the credentials for your endpoints.
n
Prepare an Endpoint CSV file for import.
Procedure
1 Select Infrastructure > Endpoints > Endpoints.
2 Click Import Endpoints.
3 Click Browse.
VMware, Inc. 16
IaaS Configuration for Cloud Platforms
4 Locate the CSV file that contains your endpoints.
5 Click Open.
A CSV file opens that contains a list of endpoints in the following format:
InterfaceType,Address,Credentials,Name,Description
vCloud,https://abxpoint2vco,svc-admin,abxpoint2vco,abxpoint
6 Click Import.
You can edit and manage your endpoints through the vRealize Automation console.
Create a Fabric Group
An IaaS administrator can organize virtualization compute resources and cloud endpoints into fabric
groups by type and intent. An IaaS administrator also assigns one or more fabric administrators to
manage the resources in the fabric group.
You can grant the Fabric Administrator role to multiple users by either adding multiple users one at a time
or by choosing an identity store group or custom group as your fabric administrator.
Prerequisites
n
Log in to the vRealize Automation console as an IaaS administrator.
n
Create at least one endpoint.
Procedure
1 Select Infrastructure > Groups > Fabric Groups.
2 Click New Fabric Group.
3 Enter a name in the Name text box.
4 (Optional) Enter a description in the Description text box.
5 Type a user name or group name in the Fabric administrators text box and press Enter.
Repeat this step to add multiple users or groups to the role.
6 Click one or more Compute resources to include in your fabric group.
Only templates that exist on the clusters you select for your fabric group are discovered during data
collection and available for cloning on reservations you create for business groups.
7 Click OK.
Fabric administrators can now configure machine prefixes.
Users who are currently logged in to the vRealize Automation console must log out and log back in to the
vRealize Automation console before they can navigate to the pages to which they have been granted
access.
VMware, Inc. 17
IaaS Configuration for Cloud Platforms
Configure Machine Prefixes
Fabric administrators create machine prefixes that are used to create names for machines provisioned
through vRealize Automation. Tenant administrators and business group managers select these machine
prefixes and assign them to provisioned machines through blueprints and business group defaults.
A prefix is a base name to be followed by a counter of a specified number of digits. When the digits are all
used, vRealize Automation rolls back to the first number.
Machine prefixes must conform to the following limitations:
n
Contain only the case-insensitive ASCII letters a through z, the digits 0 through 9, and the hyphen (-).
n
Not begin with a hyphen.
n
No other symbols, punctuation characters, or blank spaces can be used.
n
No longer than 15 characters, including the digits, to conform to the Windows limit of 15 characters in
host names.
Longer host names are truncated when a machine is provisioned, and updated the next time data
collection is run. However, for WIM provisioning names are not truncated and provisioning fails when
the specified name is longer than 15 characters.
n
vRealize Automation does not support multiple virtual machines of the same name in a single
instance. If you choose a naming convention that causes an overlap in machine names,
vRealize Automation does not provision a machine with the redundant name. If possible,
vRealize Automation skips the name that is already in use and generates a new machine name using
the specified machine prefix. If a unique name cannot be generated, provisioning fails.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Blueprints > Machine Prefixes.
2
Click the Add icon ( ).
3 Enter the machine prefix in the Machine Prefix text box.
4 Enter the number of counter digits in the Number of Digits text box.
5 Enter the counter start number in the Next Number text box.
6
Click the Save icon (
).
Tenant administrators can create business groups so that users can access vRealize Automation to
request machines.
VMware, Inc. 18
IaaS Configuration for Cloud Platforms
Create a Business Group
Tenant administrators create business groups to associate a set of services and resources to a set of
users, often corresponding to a line of business, department, or other organizational unit. Users must
belong to a business group to request machines.
To add multiple users to a business group role, you can add multiple individual users, or you can add
multiple users at the same time by adding an identity store group or a custom group to a role. For
example, you can create a custom group Sales Support Team and add that group to the support role. For
information about creating custom groups, see Tenant Administration. You can also use existing identity
store user groups. The users and groups you choose must be valid in the identity store.
Prerequisites
n
Log in to the vRealize Automation console as a tenant administrator.
n
Request a machine prefix from a fabric administrator. See Configure Machine Prefixes.
Procedure
1 Select Infrastructure > Groups > Business Groups.
2
Click the Add icon ( ).
3 (Optional) Select an existing business group from the Copy from existing group drop-down box.
Data from the group you chose appears.
4 Enter a name in the Name text box.
5 (Optional) Enter a description in the Description text box.
6 Select a Default machine prefix.
7 (Optional) Type a default Active directory container for machines provisioned in this group and
press Enter.
The Active Directory container is used only for WIM provisioning. Other provisioning methods require
additional configuration to join provisioned machines to an AD container.
8 Type a user name or group name in the Group manager role search box and press Enter.
Repeat this step to add more than one user or group to the role. You do not have to specify users at
this time. You can create empty business groups to populate later.
9 Type one or more user names or group names in the Send manager emails to text box and press
Enter.
Multiple entries must be separated with commas. For example,
JoeAdmin@mycompany.com,WeiMgr@mycompany.com.
VMware, Inc. 19
IaaS Configuration for Cloud Platforms
10 Add users to your business group.
Multiple entries must be separated by line breaks. You do not have to specify users at this time. You
can create empty business groups to populate later.
a Type a user name or group name in the Support role search box and press Enter.
Repeat this step to add more than one user or group to the role.
b Type a user name or group name in the User role search box and press Enter.
Repeat this step to add more than one user or group to the role.
11 (Optional) Add any custom properties.
12 Click OK.
Fabric administrators can now allocate resources to your business group by creating a reservation.
Managing Key Pairs
Key pairs are used to provision and connect to a cloud instance. A key pair is used to decrypt Windows
passwords or to log in to a Linux machine.
Key pairs are required for provisioning with Amazon AWS. For Red Hat OpenStack, key pairs are
optional.
Existing key pairs are imported as part of data collection when you add a cloud endpoint. A fabric
administrator can also create and manage key pairs by using the vRealize Automation console. If you
delete a key pair from the vRealize Automation console, it is also deleted from the cloud service account.
In addition to managing key pairs manually, you can configure vRealize Automation to generate key pairs
automatically per machine or per business group.
n
A fabric administrator can configure the automatic generation of key pairs at a reservation level.
n
If the key pair is going to be controlled at the blueprint level, the fabric administrator must select Not
Specified on the reservation.
n
A tenant administrator or business group manager can configure the automatic generation of key
pairs at a blueprint level.
n
If key pair generation is configured at both the reservation and blueprint level, the reservation setting
overrides the blueprint setting.
Create a Key Pair
A fabric administrator can create key pairs for use with cloud endpoints by using the vRealize Automation
console.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
An IaaS administrator must have created a cloud endpoint and added cloud compute resources to a
fabric group.
VMware, Inc. 20
IaaS Configuration for Cloud Platforms
Procedure
1 Select Infrastructure > Reservations > Key Pairs.
2 Click New Key Pair.
3 Enter a name in the Name text box.
4 Select a cloud region from the Compute resource drop-down menu.
5
Click the Save icon ( ).
The key pair is ready to use when the Secret Key column has the value ************.
Upload the Private Key for a Key Pair
A fabric administrator can upload the private key for a key pair in PEM format.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
You must already have a key pair. See Create a Key Pair.
Procedure
1 Select Infrastructure > Reservations > Key Pairs.
2 Locate the key pair for which you want to upload a private key.
3
Click the Edit icon (
).
4 Use one of the following methods to upload the key.
n
Browse for a PEM-encoded file and click Upload.
n
Paste the text of the private key, beginning with -----BEGIN RSA PRIVATE KEY----- and
ending with -----END RSA PRIVATE KEY-----.
5
Click the Save icon (
).
Export the Private Key from a Key Pair
A fabric administrator can export the private key from a key pair to a PEM-encoded file.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A key pair with a private key must exist. See Upload the Private Key for a Key Pair.
Procedure
1 Select Infrastructure > Reservations > Key Pairs.
2 Locate the key pair from which you want to export the private key.
VMware, Inc. 21
IaaS Configuration for Cloud Platforms
3
Click the Export icon ( ).
4 Browse to the location where you want to save the file and click Save.
Cloud Reservations
A cloud reservation provides access to the provisioning services of a cloud service account for a
particular business group.
A group can have multiple reservations on one endpoint or reservations on multiple endpoints.
A reservation may also define policies, priorities, and quotas that determine machine placement.
Cloud Reservation Selection
When a member of a business group requests a cloud machine, a reservation must be selected from the
reservations that belong to the business group.
The reservation on which a machine is provisioned must satisfy the following criteria:
n
The reservation must be of the same platform type as the blueprint from which the machine was
requested.
n
The reservation must be enabled.
n
The reservation must have capacity remaining in its machine quota or have an unlimited quota.
The allocated machine quota includes only machines that are powered on. For example, if a
reservation has a quota of 50, and 40 machines have been provisioned but only 20 of them are
powered on, the reservation’s quota is 40 percent allocated, not 80 percent.
n
The reservation must have the security groups specified in the machine request.
n
The reservation must be associated with a region that has the machine image specified in the
blueprint.
n
For Amazon machines, the request specifies an availability zone and whether the machine is to be
provisioned a subnet in a Virtual Private Cloud (VPC) or a in a non-VPC location. The reservation
must match the network type (VPC or non-VPC).
n
If the cloud provider supports network selection and the blueprint has specific network settings, the
reservation must have the same networks.
If the blueprint or reservation specifies a network profile for static IP address assignment, an IP
address must be available to assign to the new machine.
n
If the blueprint specifies a reservation policy, the reservation must belong to that reservation policy.
Reservation policies are a way to guarantee that the selected reservation satisfies any additional
requirements for provisioning machines from a specific blueprint. For example, if a blueprint uses a
specific machine image, you can use reservation policies to limit provisioning to reservations
associated with the regions that have the required image.
If no reservation is available that meets all of the selection criteria, provisioning fails.
VMware, Inc. 22
IaaS Configuration for Cloud Platforms
If multiple reservations meet all of the criteria, the reservation from which to provision a requested
machine is determined by the following logic:
n
Reservations with higher priority are selected over reservations with lower priority.
n
If multiple reservations have the same priority, the reservation with the lowest percentage of its
machine quota allocated is selected.
n
If multiple reservations have the same priority and quota usage, machines are distributed among
reservations in round-robin fashion.
Choosing a Reservation Scenario
A fabric administrator creates reservations to allocate resources to business groups. Depending on your
scenario, the procedure to create an endpoint differs.
Each business group must have at least one reservation for its members to provision machines of that
type. For example, a business group with a Red Hat OpenStack reservation, but not an Amazon AWS
reservation, cannot request a machine from Amazon AWS. The group must be allocated a reservation
specifically for Amazon AWS resources.
Table 1‑5. Choosing a Reservation Scenario
Scenario Procedure
Create a reservation to allocate resources on Amazon AWS
(without using Virtual Private Cloud)
Create a reservation to allocate resources on Amazon AWS
using Virtual Private Cloud
Create a reservation to allocate resources on
Red Hat OpenStack
Create an Amazon AWS Reservation (non-VPC)
Create an Amazon AWS Reservation (VPC)
Create a Red Hat OpenStack Reservation
Create an Amazon AWS Reservation (non-VPC)
Fabric administrators must allocate resources to machines by creating a reservation before members of a
business group can request machines.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A tenant administrator must create at least one business group. See Create a Business Group.
Procedure
1 Specify Amazon AWS Reservation Information (non-VPC)
Each reservation is configured for a specific business group to grant them access to request
machines on a specified compute resource.
2 Specify Amazon AWS Key Pairs and Network Settings (non-VPC)
Configure the resources and network paths available to machines that are provisioned by using this
reservation.
VMware, Inc. 23
IaaS Configuration for Cloud Platforms
3 Configure Amazon AWS Alerts (non-VPC)
You can configure alerts to send email notifications whenever reservation resources are low.
Specify Amazon AWS Reservation Information (non-VPC)
Each reservation is configured for a specific business group to grant them access to request machines on
a specified compute resource.
Note After you create a reservation, you cannot change the business group or the compute resource.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Select New Reservation > Cloud and select the type of reservation you are creating.
Select Amazon EC2.
3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu.
Data from the reservation you chose appears, and you can make changes as required for your new
reservation.
4 Select a compute resource on which to provision machines from the Compute resource drop-down
menu.
When you select an available compute resource, the Name field automatically populates.
5 Select a tenant from the Tenant drop-down menu.
6 Select a business group from the Business group drop-down menu.
Only users in this business group can provision machines by using this reservation.
7 Select a reservation policy from the Reservation policy drop-down menu.
8 (Optional) Type a number in the Machine quota text box to set the maximum number of machines
that can be provisioned on this reservation.
Only machines that are powered on are counted towards the quota. Leave blank to make the
reservation unlimited.
9 Type a number in the Priority text box to set the priority for the reservation.
The priority is used when a business group has more than one reservation. A reservation with priority
1 is used for provisioning over a reservation with priority 2.
10 (Optional) Deselect the Enable this reservation check box if you do not want this reservation active.
11 (Optional) Add any custom properties.
Do not navigate away from this page. Your reservation is not complete.
VMware, Inc. 24
IaaS Configuration for Cloud Platforms
Specify Amazon AWS Key Pairs and Network Settings (non-VPC)
Configure the resources and network paths available to machines that are provisioned by using this
reservation.
Prerequisites
Specify Amazon AWS Reservation Information (non-VPC).
Procedure
1 Click the Resources tab.
2 Select a method of assigning key pairs to compute instances from the Key pair drop-down menu.
Option Description
Not Specified Controls key pair behavior at the blueprint level rather than the reservation level.
Auto-Generated per Business Group Every machine provisioned in the same business group has the same key pair,
including machines provisioned on other reservations when the machine has the
same compute resource and business group. Because key pairs generated this
way are associated with a business group, the key pairs are deleted when the
business group is deleted.
Auto-Generated per Machine Each machine has a unique key pair. This is the most secure method because no
key pairs are shared among machines.
Specific Key Pair Every machine provisioned on this reservation has the same key pair. Browse for
a key pair to use for this reservation.
3 Select one or more available zones in the Locations list to make them available for this reservation.
Because Amazon machine images are region-specific, the Amazon machine images specified in a
blueprint require that the requesting user select a location in the corresponding region. This allows
vRealize Automation to select an appropriate reservation during provisioning.
4 Select one or more security groups that can be assigned to a machine during provisioning from the
security groups list.
5 If Amazon elastic load balancing is enabled, select from the Load balancers list to apply to the
selected locations.
Do not navigate away from this page. Your reservation is not complete.
Configure Amazon AWS Alerts (non-VPC)
You can configure alerts to send email notifications whenever reservation resources are low.
Alerts are an optional step in the reservation configuration. If you do not want to set alerts, click OK to
save your reservation.
VMware, Inc. 25
IaaS Configuration for Cloud Platforms
If configured, alerts are generated daily, rather than when the specified thresholds are reached.
Important Notifications are only sent if emails are configured and notifications are enabled. See Tenant
Administration.
Prerequisites
Specify Amazon AWS Key Pairs and Network Settings (non-VPC).
Procedure
1 Click the Alerts tab.
2 Set capacity alerts to On.
3 Use the sliders to set thresholds for resource allocation.
4 Type one or more user email addresses or group names to receive alert notifications in the
Recipients text box.
Press Enter to separate multiple entries.
5 Select Send alerts to group manager to include group managers in the email alerts.
6 Choose a reminder frequency (days).
7 Click OK.
Tenant administrators and business group managers can now create blueprints. You can configure
optional policies such as reservation policies.
Create an Amazon AWS Reservation (VPC)
Fabric administrators must allocate resources to machines by creating a reservation before members of a
business group can request machines them .
Amazon Web Services users can create a Amazon Virtual Private Cloud to design a virtual network
topology according to your specifications. If you plan to use Amazon VPC, you must assign an
Amazon VPC to a vRealize Automation reservation.
Note After you create a reservation, you cannot change the business group or the compute resource.
For information about creating an Amazon VPC by using the AWS Management Console, see
Amazon Web Services documentation.
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A tenant administrator must create at least one business group. See Create a Business Group.
n
Create an Amazon Virtual Private Cloud environment for use with vRealize Automation. See Using
Virtual Private Cloud.
VMware, Inc. 26
IaaS Configuration for Cloud Platforms
Procedure
1 Specify Amazon AWS with Amazon VPC Reservation Information
Fabric administrators configure each reservation for a specific business group to grant them access
to request machines on a specified compute resource.
2 Specify Amazon AWS with Amazon VPC Key Pairs and Network Settings
Configure the resources and network paths that are available to machines provisioned by using this
reservation.
3 Configure Amazon AWS with Amazon VPC Alerts
Optionally, you can configure alerts to send email notifications whenever reservation resources are
low.
Specify Amazon AWS with Amazon VPC Reservation Information
Fabric administrators configure each reservation for a specific business group to grant them access to
request machines on a specified compute resource.
Note After you create a reservation, you cannot change the business group or the compute resource.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Select New Reservation > Cloud and select the type of reservation you are creating.
Select Amazon EC2.
3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu.
Data from the reservation you chose appears, and you can make changes as required for your new
reservation.
4 Select a compute resource on which to provision machines from the Compute resource drop-down
menu.
When you select an available compute resource, the Name field automatically populates.
5 Select a tenant from the Tenant drop-down menu.
6 Select a business group from the Business group drop-down menu.
Only users in this business group can provision machines by using this reservation.
7 (Optional) Select a reservation policy from the Reservation policy drop-down menu.
This option requires additional configuration. You must create a reservation policy.
VMware, Inc. 27
IaaS Configuration for Cloud Platforms
8 (Optional) Type a number in the Machine quota text box to set the maximum number of machines
that can be provisioned on this reservation.
Only machines that are powered on are counted towards the quota. Leave blank to make the
reservation unlimited.
9 Type a number in the Priority text box to set the priority for the reservation.
The priority is used when a business group has more than one reservation. A reservation with priority
1 is used for provisioning over a reservation with priority 2.
10 (Optional) Deselect the Enable this reservation check box if you do not want this reservation active.
11 (Optional) Add any custom properties.
Do not navigate away from this page. Your reservation is not complete.
Specify Amazon AWS with Amazon VPC Key Pairs and Network Settings
Configure the resources and network paths that are available to machines provisioned by using this
reservation.
Prerequisites
Specify Amazon AWS with Amazon VPC Reservation Information.
Procedure
1 Click the Resources tab.
2 Select a method of assigning key pairs to compute instances from the Key pair drop-down menu.
Option Description
Not Specified Controls key pair behavior at the blueprint level rather than the reservation level.
Auto-Generated per Business Group Every machine provisioned in the same business group has the same key pair,
including machines provisioned on other reservations when the machine has the
same compute resource and business group. Because key pairs generated this
way are associated with a business group, the key pairs are deleted when the
business group is deleted.
Auto-Generated per Machine Each machine has a unique key pair. This is the most secure method because no
key pairs are shared among machines.
Specific Key Pair Every machine provisioned on this reservation has the same key pair. Browse for
a key pair to use for this reservation.
3 Select the Assign to a subnet in a VPC check box to open the Amazon VPC list.
4
Locate the Amazon VPC to assign and click the Edit icon (
) to open the Edit VPC page.
a In the Subnets list, select each subnet in the Amazon VPC that you want to be available for
provisioning.
b In the Security Groups list, select each group that can be assigned to a machine during
provisioning.
VMware, Inc. 28
IaaS Configuration for Cloud Platforms
c If you are using the elastic load balancer feature, select from the list of Load Balancers that
apply to the selected subnets to use in the Amazon VPC.
d Click the Save icon.
Do not navigate away from this page. Your reservation is not complete.
For related information about security groups, see Using Security Groups for Amazon Web Services.
For related information about load balancers, see Using Elastic Load Balancers.
Configure Amazon AWS with Amazon VPC Alerts
Optionally, you can configure alerts to send email notifications whenever reservation resources are low.
Alerts are an optional step in the reservation configuration. If you do not want to set alerts, click OK to
save your reservation.
If configured, alerts are generated daily, rather than when the specified thresholds are reached.
Important Notifications are only sent if emails are configured and notifications are enabled. See Tenant
Administration.
Prerequisites
Specify Amazon AWS with Amazon VPC Key Pairs and Network Settings.
Procedure
1 Click the Alerts tab.
2 Set capacity alerts to On.
3 Use the sliders to set thresholds for resource allocation.
4 Type one or more user email addresses or group names to receive alert notifications in the
Recipients text box.
Press Enter to separate multiple entries.
5 Select Send alerts to group manager to include group managers in the email alerts.
6 Choose a reminder frequency (days).
7 Click OK.
Tenant administrators and business group managers can create blueprints. You can configure optional
policies such as reservation policies.
Create a Red Hat OpenStack Reservation
Before members of a business group can request machines, fabric administrators must allocate
resources to them by creating a reservation.
VMware, Inc. 29
IaaS Configuration for Cloud Platforms
Prerequisites
n
Log in to the vRealize Automation console as a fabric administrator.
n
A tenant administrator must create at least one business group. See Create a Business Group.
Procedure
1 Specify Reservation Information
Each reservation is configured for a specific business group to grant them access to request
machines on a specified compute resource.
2 Specify Key Pairs and Network Settings
Configure the key pairs, security groups, and networks available to machines provisioned through
this reservation.
3 Configure Alerts
Optionally, you can configure alerts to send notifications whenever reservation resources are low.
Specify Reservation Information
Each reservation is configured for a specific business group to grant them access to request machines on
a specified compute resource.
Note Once you create a reservation, you cannot change the business group or the compute resource.
Prerequisites
Log in to the vRealize Automation console as a fabric administrator.
Procedure
1 Select Infrastructure > Reservations > Reservations.
2 Select New Reservation > Cloud > OpenStack.
3 (Optional) Select an existing reservation from the Copy from existing reservation drop-down menu.
Data from the reservation you chose appears, and you can make changes as required for your new
reservation.
4 Select a compute resource on which to provision machines from the Compute resource drop-down
menu.
The reservation name appears in the Name text box.
5 Enter a name in the Name text box.
6 Select a tenant from the Tenant drop-down menu.
7 Select a business group from the Business group drop-down menu.
Only users in this business group can provision machines by using this reservation.
VMware, Inc. 30
Loading...