VMware vRealize Automation - 6.2 Administrator’s Guide
System Administration
vRealize Automation 6.2
System Administration
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
docfeedback@vmware.com
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Copyright © 2008–2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc. 2
Contents
System Administration 5
Updated Information 6
Configuring vRealize Automation 7
1
Configuring System Settings 7
Configure Branding for the vRealize Automation Console 7
Configuring Global Email Servers for Notifications 8
Configuring IaaS 10
Setting Resource-Intensive Concurrency Limits 10
Configuring Templates for Automatic IaaS Emails 14
Enabling Remote Desktop Connections 18
Enabling Users to Select Datacenter Locations 19
Enabling Visual Basic Scripts in Provisioning 20
The Customer Experience Improvement Program 21
Join or Leave the Customer Experience Improvement Program for vRealize Automation 21
Configure Data Collection Time 22
Configure the vRealize Automation Appliance Database 23
2
Configure Database Virtual IP 24
Configure Internal Appliance Database 24
Configure Appliance Database Replication on the Secondary Appliance 26
Test Appliance Database Failover 27
Test Appliance Database Failback 28
VMware, Inc.
Perform an Appliance Database Failover 30
3
Validate Appliance Database Replication 32
4
Bulk Import, Update, or Migrate Virtual Machines 34
5
Generate Virtual Machine CSV Data File 35
Edit Virtual Machine CSV Data File 36
Import, Update, or Migrate One or More Virtual Machines 37
Managing vRealize Automation 39
6
Managing Tenants 39
Tenancy Overview 39
Create and Configure a Tenant 44
3
System Administration
Brand Tenant Login Pages 47
Install a Hotfix 48
Updating vRealize Automation Certificates 49
View License Usage 68
Monitoring Logs and Services 68
Starting Up and Shutting Down vRealize Automation 72
Customize Data Rollover Settings 75
Remove an Identity Appliance from a Domain 76
Extracting Certificates and Private Keys 50
Update vRealize Automation Certificates when all are Expired 50
Updating the Identity Appliance Certificate 51
Updating the vRealize Appliance Certificate 54
Updating the IaaS Certificate 58
Replace the Identity Appliance Management Site Certificate 61
Updating the vRealize Appliance Management Site Certificate 62
Replace a Management Agent Certificate 65
Resolve Certificate Revocation Errors 67
View the Event Log 69
Viewing Host Information for Clusters in Distributed Deployments 69
vRealize Automation Services 71
Start Up vRealize Automation 72
Restart vRealize Automation 73
Shut Down vRealize Automation 74
Backup and Recovery for vRealize Automation Installations 78
7
Backing Up vRealize Automation 78
Backing Up vRealize Automation Databases 79
Backing Up the Identity Appliance 80
Backing Up the vRealize Appliance 80
Backing Up Load Balancers 81
Backing Up IaaS Components 82
Backing Up vRealize Automation Certificates 83
Activate the Failover IaaS Server 83
vRealize Automation System Recovery 84
Restoring vRealize Automation Databases 84
Restoring the Identity Appliance 86
Restore the vRealize Appliance and Load Balancer 87
Restoring the IaaS Website, Manager Services, and Their Load Balancers 89
Reinstall the DEM Orchestrator and the DEM Workers 91
Reinstall the IaaS Agents 92
VMware, Inc. 4
System Administration
System Administration tells you how to customize, configure, and manage vRealize Automation. It
includes information about customizing the vRealize Appliance and VMware Infrastructure as a Service
servers as well as information about managing tenants, using the bulk import feature, and performing
backup and restore procedures.
Note Not all features and capabilities of vRealize Automation are available in all editions. For a
comparison of feature sets in each edition, see https://www.vmware.com/products/vrealize-automation/.
Intended Audience
This information is intended for anyone who wants to configure and manage vRealize Automation. The
information is written for experienced Windows or Linux system administrators who are familiar with
virtual machine technology and datacenter operations.
vCloud Suite Licensing and Integration
You can license vRealize Automation individually or as part of vCloud Suite. You should consider the
licensing and integration options that are available to you.
Some vCloud Suite components are available as standalone products that are licensed on a per-virtual
machine basis. When the products are part of vCloud Suite, they are licensed on a per-CPU basis. You
can run an unlimited number of virtual machines on CPUs that are licensed with vCloud Suite. For more
information, see vCloud Suite Architecture Overview and Use Cases.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For
definitions of terms as they are used in VMware technical documentation, go to
http://www.vmware.com/support/pubs.
VMware, Inc.
5
Updated Information
This System Administration guide for vRealize Automation is updated with each release of the product or
when necessary.
This table provides the update history of the System Administration guide.
Revision Description
EN-001648-08
n
Updated Modify an Existing Automatic Email Template.
n
Updated Customize the Date for Email Notification for Machine Expiration.
n
Added Install a Hotfix.
n
Added Resolve Certificate Revocation Errors.
EN-001648-07 Updated documentation for Start Up vRealize Automation.
EN-001648-06
n
New documentation for Brand Tenant Login Pages
n
New documentation for importing virtual machines with static IP addresses. See Edit Virtual Machine CSV
Data File.
EN-001648-05
EN-001648-04
n
Updated documentation for Chapter 2 Configure the vRealize Automation Appliance Database
n
New documentation for Chapter 2 Configure the vRealize Automation Appliance Database
n
Updated documentation for Chapter 7 Backup and Recovery for vRealize Automation Installations.
EN-001648-03 Clarification of steps in the following topics:
n
Update the vRealize Appliance with the Identity Appliance Certificate
n
Update the vRealize Appliance with the IaaS Certificate
EN-001648-02
n
New documentation for Starting Up and Shutting Down vRealize Automation.
n
Revised and updated documentation for Management Agents. See Manually Update Management Agents to
Recognize a vRealize Appliance Management Site Certificate
EN-001648-01
n
Revised and updated documentation for Chapter 7 Backup and Recovery for vRealize Automation
Installations.
EN-001648-00 Initial release.
VMware, Inc. 6
Configuring
vRealize Automation 1
System administrators can change the appearance of the vRealize Automation console, configure
notifications for the vRealize Automation appliance, and configure Infrastructure as a Service features.
This chapter includes the following topics:
n
Configuring System Settings
n
Configuring IaaS
n
The Customer Experience Improvement Program
Configuring System Settings
System administrators can configure system settings to change the appearance of the
vRealize Automation console and configure inbound and outbound email servers to handle system
notifications.
Configure Branding for the vRealize Automation Console
System administrators can change the appearance of the vRealize Automation console to meet site-
specific branding guidelines by changing the logo, the background color, and information in the header
and footer.
System administrators control the default branding for tenants. Tenant administrators can use the default
or reconfigure branding for each tenant.
As you make changes, a preview of each change appears at the bottom of the form. The changes take
effect when they are saved.
Prerequisites
Log in to the vRealize Automation console as a system administrator or tenant administrator.
Procedure
1 Select Administration > Branding.
2 Clear the Use default check box.
VMware, Inc.
7
System Administration
3 Create a banner.
a Click Choose File to upload a logo image.
b Follow the prompts to finish creating the banner.
4 Click Next.
5 Type the copyright information in the Copyright notice text box and press Enter to preview your
selection.
6 (Optional) Type the URL to your privacy policy in the Privacy policy link text box and press Enter to
preview your selection.
7 (Optional) Type the URL to your contact page in the Contact link text box and press Enter to preview
your selection.
8 Click Update.
The console is updated with your changes.
Configuring Global Email Servers for Notifications
Tenant administrators can add email servers as part of configuring notifications for their own tenants. As a
system administrator, you can set up global inbound and outbound email servers that appear to all
tenants as the system defaults. If tenant administrators do not override these settings before enabling
notifications, vRealize Automation uses the globally configured email servers.
Create a Global Inbound Email Server
System administrators create a global inbound email server to handle inbound email notifications, such as
approval responses. You can create only one inbound server, which appears as the default for all tenants.
If tenant administrators do not override these settings before enabling notifications, vRealize Automation
uses the globally configured email server.
Prerequisites
Log in to the vRealize Automation console as a system administrator.
Procedure
1 Select Administration > Email Servers.
2
Click the Add icon ( ).
3 Select Email – Inbound.
4 Click OK.
5 Enter a name in the Name text box.
6 (Optional) Enter a description in the Description text box.
7 (Optional) Select the SSL check box to use SSL for security.
8 Choose a server protocol.
VMware, Inc. 8
System Administration
9 Type the name of the server in the Server Name text box.
10 Type the server port number in the Server Port text box.
11 Type the folder name for emails in the Folder Name text box.
This option is required only if you choose IMAP server protocol.
12 Enter a user name in the User Name text box.
13 Enter a password in the Password text box.
14 Type the email address that vRealize Automation users can reply to in the Email Address text box.
15 (Optional) Select Delete From Server to delete from the server all processed emails that are
retrieved by the notification service.
16 Choose whether vRealize Automation can accept self-signed certificates from the email server.
17 Click Test Connection.
18 Click Add.
Create a Global Outbound Email Server
System administrators create a global outbound email server to handle outbound email notifications. You
can create only one outbound server, which appears as the default for all tenants. If tenant administrators
do not override these settings before enabling notifications, vRealize Automation uses the globally
configured email server.
Prerequisites
Log in to the vRealize Automation console as a system administrator.
Procedure
1 Select Administration > Email Servers.
2
Click the Add icon ( ).
3 Select Email – Outbound.
4 Click OK.
5 Enter a name in the Name text box.
6 (Optional) Enter a description in the Description text box.
7 Type the name of the server in the Server Name text box.
8 Choose an encryption method.
n
Click Use SSL.
n
Click Use TLS.
n
Click None to send unencrypted communications.
9 Type the server port number in the Server Port text box.
VMware, Inc. 9
System Administration
10 (Optional) Select the Required check box if the server requires authentication.
a Type a user name in the User Name text box.
b Type a password in the Password text box.
11 Type the email address that vRealize Automation emails should appear to originate from in the
Sender Address text box.
This email address corresponds to the user name and password you supplied.
12 Choose whether vRealize Automation can accept self-signed certificates from the email server.
13 Click Test Connection.
14 Click Add.
Configuring IaaS
A system administrator can adjust concurrency limits for an IaaS Windows server to best use resources,
customize email sent from the server, and enable connections to other machines.
Setting Resource-Intensive Concurrency Limits
To conserve resources, vRealize Automation limits the number of concurrently running instances of
machine provisioning and data collection. You can change the limits.
Configuring Concurrent Machine Provisioning
Multiple concurrent requests for machine provisioning can impact the performance of
vRealize Automation. You can make some changes to limits placed on proxy agents and workflow
activities to alter performance.
Depending on the needs of machine owners at your site, the vRealize Automation server may receive
multiple concurrent requests for machine provisioning. This can happen under the following
circumstances:
n
A single user submits a request for multiple machines
n
Many users request machines at the same time
n
One or more group managers approve multiple pending machine requests in close succession
The time required for vRealize Automation to provision a machine generally increases with larger
numbers of concurrent requests. The increase in provisioning time depends on three important factors:
n
The effect on performance of concurrent resource-intensive vRealize Automation workflow activities,
including the SetupOS activity (for machines created within the virtualization platform, as in WIM-
based provisioning) and the Clone activity (for machines cloned within the virtualization platform).
n
The configured vRealize Automation limit on the number of resource-intensive (typically lengthy)
provisioning activities that can be executed concurrently. By default this is two. Concurrent activities
beyond the configured limit are queued.
VMware, Inc. 10
System Administration
n
Any limit within the virtualization platform or cloud service account on the number of
vRealize Automation work items (resource-intensive or not) that can be executed concurrently. For
example, the default limit in vCenter Server is four, with work items beyond this limit being queued.
By default, vRealize Automation limits concurrent virtual provisioning activities for hypervisors that use
proxy agents to two per proxy agent. This ensures that the virtualization platform managed by a particular
agent never receives enough resource-intensive work items to prevent execution of other items. Plan to
carefully test the effects of changing the limit before making any changes. Determining the best limit for
your site may require that you investigate work item execution within the virtualization platform as well as
workflow activity execution within vRealize Automation.
If you do increase the configured vRealize Automation per-agent limit, you may have to make additional
configuration adjustments in vRealize Automation, as follows:
n
The default execution timeout intervals for the SetupOS and Clone workflow activities are two hours
for each. If the time required to execute one of these activities exceeds this limit, the activity is
cancelled and provisioning fails. To prevent this failure, increase one or both of these execution
timeout intervals.
n
The default delivery timeout intervals for the SetupOS and Clone workflow activities are 20 hours for
each. Once one of these activities is initiated, if the machine resulting from the activity has not been
provisioned within 20 hours, the activity is cancelled and provisioning fails. Therefore, if you have
increased the limit to the point at which this sometimes occurs, you will want to increase one or both
of these delivery timeout intervals.
Configuring Concurrent Data Collections
By default, vRealize Automation limits concurrent data collection activities. If you change this limit, you
can avoid unnecessary timeouts by changing the default execution timeout intervals for the different types
of data collection.
vRealize Automation regularly collects data from known virtualization compute resources through its
proxy agents and from cloud service accounts and physical machines through the endpoints that
represent them. Depending on the number of virtualization compute resources, agents, and endpoints in
your site, concurrent data collection operations may occur frequently.
Data collection running time depends on the number of objects on endpoints including virtual machines,
datastores, templates, and compute resources. Depending on many conditions, a single data collection
can require a significant amount of time. As with machine provisioning, concurrency increases the time
required to complete data collection.
By default, concurrent data collection activities are limited to two per agent, with those over the limit being
queued. This ensures that each data collection completes relatively quickly and that concurrent data
collection activities are unlikely to affect IaaS performance.
VMware, Inc. 11
System Administration
Depending on the resources and circumstances at your site, however, it may be possible to raise the
configured limit while maintaining fast enough performance to take advantage of concurrency in proxy
data collection. Although raising the limit can increase the time required for a single data collection, this
might be outweighed by the ability to collect more information from more compute resources and
machines at one time.
If you do increase the configured per-agent limit, you might have to adjust the default execution timeout
intervals for the different types of data collection that use a proxy agent—inventory, performance, state,
and WMI. If the time required to execute one of these activities exceeds the configured timeout intervals,
the activity is canceled and restarted. To prevent cancellation of the activity, increase one or more of
these execution timeout intervals.
Adjust Concurrency Limits and Timeout Intervals
You can change the per-agent limits on concurrent provisioning, data collection activities, and the default
timeout intervals.
When typing a time value for these variables, use the format hh:mm:ss (hh=hours, mm=minutes, and
ss=seconds).
Prerequisites
Log in as an administrator to the server hosting the IaaS Manager Service. For distributed installations,
this is the server on which the Manager Service was installed.
Procedure
1 Open the ManagerService.exe.config file in an editor. The file is located in the
vRealize Automation server install directory, typically %SystemDrive%\Program Files
x86\VMware\vCAC\Server.
2 Locate the section called workflowTimeoutConfigurationSection.
3 Update the following variables, as required.
Parameter Description
MaxOutstandingResourceIntensiveWor
kItems
CloneExecutionTimeout Virtual provisioning execution timeout interval
SetupOSExecutionTimeout Virtual provisioning execution timeout interval
CloneTimeout Virtual provisioning clone delivery timeout interval
SetupOSTimeout Virtual provisioning setup OS delivery timeout interval
CloudInitializeProvisioning Cloud provisioning initialization timeout interval
MaxOutstandingDataCollectionWorkItemsConcurrent data collection limit
Concurrent provisioning limit (default is two)
InventoryTimeout Inventory data collection execution timeout interval
PerformanceTimeout Performance data collection execution timeout interval
StateTimeout State data collection execution timeout interval
VMware, Inc. 12
System Administration
4 Save and close the file.
5 Select Start > Administrative Tools > Services.
6 Stop and then restart the vRealize Automation service.
7 (Optional) If vRealize Automation is running in High Availability mode, any changes made to the
ManagerService.exe.config file after installation must be made on both the primary and failover
servers.
Adjust Execution Frequency of Machine Callbacks
You can change the frequency of several callback procedures, including the frequency that the
vRealize Automation callback procedure is run for changed machine leases.
vRealize Automation uses a configured time interval to run different callback procedures on the Model
Manager service, such as ProcessLeaseWorkflowTimerCallbackIntervalMiliSeconds which searches for
machines whose leases have changed. You can change these time intervals to check more or less
frequently.
When entering a time value for these variables, enter a value in milliseconds. For example, 10000
milliseconds = 10 seconds and 3600000 milliseconds = 60 minutes = 1 hour.
Prerequisites
Log in as an administrator to the server hosting the IaaS Manager Service. For distributed installations,
this is the server on which the Manager Service was installed.
Procedure
1 Open the ManagerService.exe.config file in an editor. The file is located in the
vRealize Automation server install directory, typically %SystemDrive%\Program Files
x86\VMware\vCAC\Server.
2 Update the following variables, as desired.
Parameter Description
RepositoryWorkflowTimerCallbackMili
Seconds
ProcessLeaseWorkflowTimerCallbackI
ntervalMiliSeconds
BulkRequestWorkflowTimerCallbackMi
liSeconds
MachineRequestTimerCallbackMiliSec
onds
MachineWorkflowCreationTimerCallba
ckMiliSeconds
Checks the repository service, or Model Manager Web Service, for activity.
Default value is 10000.
Checks for expired machine leases. Default value is 3600000.
Checks for bulk requests. Default value is 10000.
Checks for machine requests. Default value is 10000.
Checks for new machines. Default value is 10000.
3 Save and close the file.
4 Select Start > Administrative Tools > Services.
VMware, Inc. 13
System Administration
5 Stop and then restart the vCloud Automation Center service.
6 (Optional) If vRealize Automation is running in High Availability mode, any changes made to the
ManagerService.exe.config file after installation must be made on both the primary and failover
servers.
Configuring Templates for Automatic IaaS Emails
You can configure the templates for automatic notification emails sent to machine owners by the IaaS
service about events involving their machines.
The events that trigger these notifications include, for example, the expiration or approaching expiration of
archive periods and virtual machine leases.
Tenant administrators can enable or disable IaaS email notifications for machine owners, and machine
owners can choose to receive or not receive email notifications. Anyone with access to the
directory \Templates under the vRealize Automation server install directory (typically %SystemDrive
%\Program Files x86\VMware\vCAC\Server) can configure the templates for these email notifications.
Email Template Object Reference
You can add email template objects to automatic email templates to return information about URIs,
machines, blueprints, costs, and requests.
You can use the following email template objects to return information to automatic email templates.
n
WebsiteURIItems
n
WebsiteURIInbox
n
VirtualMachineEx
n
VirtualMachineTemplateEx
n
ReservationHelper
n
Request
n
RequestWithAudit
The WebsiteURIItems object returns the URL of the Items tab on the vRealize Automation console, for
example https://vcac.mycompany.com/shell-ui-app/org/mytenant/#csp.catalog.item.list.
To use this object to provide a link to the My Items page in the console, consider the following sample
lines.
Click
<a>
<xsl:attribute name="href">
<xsl:value-of select="//WebsiteURIItems"/>
</xsl:attribute><xsl:value-of select="//WebsiteURIItems"/>here</a>
for your provisioned items.
VMware, Inc. 14
System Administration
The WebsiteURIInbox object returns the URL of the Inbox tab on the vRealize Automation console, for
example https://vcac.mycompany.com/shell-ui-app/org/mytenant/#cafe.work.items.list. To
use this object to provide a link to the My Inbox page in the console, consider the following sample lines.
Click
<a>
<xsl:attribute name="href">
<xsl:value-of select="//WebsiteURIInbox"/></xsl:attribute><xsl:value-of
select="//WebsiteURIInbox"/>here</a>
for your assigned tasks.
The VirtualMachineEx object returns a specific item of information about the machine associated with the
event triggering the email. The information is determined by the attribute provided with the object; see the
table Selected Attributes of the VirtualMachineEx Object for more information. For example, you could
use the following line to include the expiration date of the machine in an email.
<xsl:value-of select="//VirtualMachineEx/Expires"/>
Table 1‑1. Selected Attributes of the VirtualMachineEx Object
Attribute Returns
Name Name of machine as generated by vRealize Automation
Description Machine’s description
DnsName Machine’s DNS name
TemplateName Name of blueprint from which machine was provisioned
StoragePath If a virtual machine, name of storage path on which machine was provisioned
State/Name Status of machine
Owner Owner of machine
Expires Date on which machine expires
ExpireDays Number of days until machine expires
CreationTime Date and time at which machine was provisioned
HostName If a virtual machine, name of host where machine was provisioned
GroupName Name of business group in which machine was provisioned
ReservationName Name of reservation on which machine was provisioned
Group/AdministratorE
mail
Names of users or groups who receive group manager emails for business group for which machine was
provisioned
In addition, the special attribute Properties lets you search the custom properties associated with the
machine for a specific property and return the value if found. For example, to include the value of
Image.WIM.Name, which specifies the name of the WIM image from which a machine was provisioned,
you could use the following lines.
<xsl:for-each select="//VirtualMachineEx/Properties/NameValue">
<xsl:if test="starts-with(Name, 'Image.WIM.Name')">
<xsl:value-of select="Value"/>
VMware, Inc. 15
System Administration
If the machine does not have the Image.WIM.Name property, nothing is returned.
The VirtualMachineTemplateEx object returns a specific item of information about the source blueprint of
the machine associated with the even triggering the email. The information is determined by the attribute
provided with the object; see the table Selected Attributes of the VirtualMachineTemplateEx Email Object
for more information. For example, to include the daily cost specified in the source blueprint you could
use the following line:
<xsl:value-of select="//VirtualMachineTemplateEx/Cost"/>
Table 1‑2. Selected Attributes of the VirtualMachineTemplateEx Email Object
Attribute Returns
Name Name of blueprint
Description Blueprint’s description
MachinePrefix Machine prefix specified in blueprint
LeaseDays Number of lease days specified in blueprint
ExpireDays If a virtual blueprint, number of archive days specified
Cost Daily cost specified in blueprint
VirtualMachineTemplateEx also takes the special attribute Properties to let you search the custom
properties included in the blueprint for a specific property and return the value if found, as described for
the VirtualMachineEx object.
The ReservationHelper object returns information about the daily cost of the machine, as specified by the
attributes in the table Selected Attributes of the ReservationHelper Email Object, when a cost profile
applies to the virtual or physical machine associated with the event triggering the email.
Table 1‑3. Selected Attributes of the ReservationHelper Email Object
Attribute Returns
DailyCostFormatted Daily cost of machine
LeaseCostFormatted Daily cost times the number of days in the machine’s lease.
Modify an Existing Automatic Email Template
You can edit the automatic email templates used by the IaaS service when notifying machine owners and
managers.
You can customize the text and format of the automatic email for an IaaS event by editing the XSLT
template for the event. You can find the following IaaS templates in the directory \Templates under the
vRealize Automation server install directory (typically %SystemDrive%\Program Files
x86\VMware\vCAC\Server).
For related information about configuring vRealize Automation email notifications, see the following
Knowledge Base articles:
n
Customizing email templates in vRealize Automation (2088805)
VMware, Inc. 16
System Administration
n
Examples for customizing email templates in vRealize Automation (2102019)
To modify the email notification setting for machine expirations, use the vRealize Automation Global
Properties page. See Customize the Date for Email Notification for Machine Expiration.
n
ArchivePeriodExpired
n
EpiRegister
n
EpiUnregister
n
LeaseAboutToExpire
n
LeaseExpired
n
LeaseExpiredPowerOff
n
ManagerLeaseAboutToExpire
n
ManagerLeaseExpired
n
ManagerReclamationExpiredLeaseModified
n
ManagerReclamationForcedLeaseModified
n
ReclamationExpiredLeaseModified
n
ReclamationForcedLeaseModified
n
VdiRegister
n
VdiUnregister
Prerequisites
Log in to the IaaS Manager Service host using administrator credentials.
Procedure
1 Change to the directory \Templates.
2 Edit an XSLT template as required.
Customize the Date for Email Notification for Machine Expiration
You can choose when to send email to notify users of a machine expiration date.
Procedure
1 Log in to vRealize Automation as a vRealize administrator.
2 Navigate Infrastructure > Administration > Global Properties > Group: EmailByState.
3 On the Global Properties page, locate the WorkflowEmailByState section.
VMware, Inc. 17
System Administration
4 Change the value of DaysNotificationBeforeExpire to the number of days prior to machine
expiration that you want the email sent. The default is 7.
This setting requires that the LeaseExpired option is set to true. You can set separate values for
owners and managers.
Enabling Remote Desktop Connections
A system administrator can create a custom remote desktop protocol file that tenant administrators and
business group managers use in blueprints to configure RDP settings.
The following high-level overview is the sequence of tasks required to enable machine users to connect
using RDP.
1 A system administrator creates a custom RDP file and places it in the Website\Rdp subdirectory of
the vRealize Automation installation directory. Provide fabric administrators, tenant administrators,
and business group managers with the full pathname for the custom RDP file so that it can be
included in blueprints.
2 (Optional) A fabric administrator creates a build profile using the property set
RemoteDesktopProtocolProperties to compile RDP custom properties and values for tenant
administrators and business group managers to include in their blueprints.
3 A tenant administrator or business group manager adds the RDP custom properties to a blueprint to
configure the RDP settings of machines provisioned from the blueprint.
4 A tenant administrator or business group manager enables the Connect using RDP or SSH option in
a blueprint.
5 A tenant administrator or business group manager entitles users or groups to use the Connect using
RDP or SSH option. See Tenant Administration.
Create a Custom RDP file
A system administrator creates a custom RDP file and provides fabric administrators, tenant
administrators, and business group managers with the full pathname for the file so it can be included in
blueprints.
Note If you are using Internet Explorer with Enhanced Security Configuration enabled, .rdp files cannot
be downloaded.
Prerequisites
Log in to the IaaS Manager Service as an administrator.
Procedure
1 Set your current directory to <vCAC_installation_dir>\Rdp.
2 Copy the file Default.rdp and rename it to Console.rdp in the same directory.
3 Open the Console.rdp file in an editor.
VMware, Inc. 18
System Administration
4 Add RDP settings to the file.
For example, connect to console:i:1.
5 If you are working in a distributed environment, log in as a user with administrative privileges to the
IaaS Host Machine where the Model Manager Website component is installed.
6 Copy the Console.rdp file to the directory <vCAC_installation_dir>\Website\Rdp.
What to do next
See Enabling Remote Desktop Connections for an overview of steps and options for making RDP
connections available. Consult your IaaS configuration guide for next steps for your site configuration.
Enabling Users to Select Datacenter Locations
The Display location on request check box on the Blueprint Information tab allows users to select a
particular datacenter location at which to provision a requested virtual or cloud machine.
For example, if you have an office in London and an office in Boston, you might have compute resources
and business groups in both locations. By enabling the Display location on request check box, your
business group users can choose to provision their machines with the resources that are local, for
example.
The following is a high-level overview of the sequence of steps required to enable users to select
datacenter locations:
1 A system administrator adds datacenter location information to a locations file.
2 A fabric administrator edits a compute resource to associate it with a location.
3 A tenant administrator or business group manager creates a blueprint that prompts users to choose a
datacenter location when submitting a machine request.
Add Datacenter Locations
The first step in making location choices available to users is for a system administrator to add location
information to a locations file.
Prerequisites
Log in to the IaaS web site host using administrator credentials.
Procedure
1 Edit the file WebSite\XmlData\DataCenterLocations.xml in the Windows server install directory
(typically %SystemDrive%\Program Files x86\VMware\vCAC\Server).
2 For each location, create a Data Name entry in the CustomDataType section of the file. For example:
- <CustomDataType>
<Data Name="London" Description="London datacenter" />
<Data Name="Boston" Description="Boston datacenter" />
</CustomDataType
VMware, Inc. 19
System Administration
3 Save and close the file.
4 Restart the manager service.
A fabric administrator can edit a compute resource to associate it with a location. See IaaS Configuration
for Cloud Platforms or IaaS Configuration for Virtual Platforms.
Removing Datacenter Locations
To remove a datacenter location from a user menu, a system administrator must remove the location
information from the locations file and a fabric administrator must remove location information from the
compute resource.
For example, if you add London to the locations file, associate ten compute resources with that location,
and then remove London from the file, the compute resources are still associated with the location
London and London is still included in the location drop-down list on the Confirm Machine Request page.
To remove the location from the drop-down list, a fabric administrator must edit the compute resource and
reset the Location to blank for all compute resources that are associated with the location.
The following is a high-level overview of the sequence of steps required to remove a datacenter location:
1 A system administrator removes the datacenter location information from the locations file.
2 A fabric administrator removes all the compute resource associations to the location by editing the
locations of each associated compute resource.
Enabling Visual Basic Scripts in Provisioning
Visual Basic scripts are run outside of vRealize Automation as additional steps in the machine life cycle
and can be used to update the custom property values of machines. Visual Basic scripts can be used with
any provisioning method.
For example, you could use a script to generate certificates or security tokens before provisioning and
then use those certificates and tokens in provisioning a machine.
Note This information does not apply to Amazon Web Services.
When executing a Visual Basic script, the EPI agent passes all machine custom properties as arguments
to the script. To return updated property values to vRealize Automation, you must place these properties
in a dictionary and call a function provided by vRealize Automation.
The sample Visual Basic script PrePostProvisioningExample.vbs is included in the Scripts
subdirectory of the EPI agent installation directory. This script contains a header to load all arguments into
a dictionary, a body in which you can include your functions, and a footer to return updated custom
properties to vRealize Automation.
The following is a high-level overview of the steps required to use Visual Basic scripts in provisioning:
1 A system administrator installs and configures an EPI agent for Visual Basic scripts. See Installation
and Configuration.
VMware, Inc. 20
System Administration
2 A system administrator creates Visual Basic scripts and places them on the system where the EPI
agent is installed.
3 Gather the following information for tenant administrators and business group managers for each
Visual Basic script:
n
The complete path to the Visual Basic script, including the filename and extension. For example,
%System Drive%Program Files (x86)\VMware\vCAC
Agents\EPI_Agents\Scripts\SendEmail.vbs.
Note A fabric administrator can create a build profile by using the property sets
ExternalPreProvisioningVbScript and ExternalPostProvisioningVbScript to provide this required
information. Doing so makes it easier for tenant administrators and business group managers to
include this information correctly in their blueprints.
4 Tenant administrators and business group managers use custom properties in their blueprints to call
the Visual Basic scripts.
The Customer Experience Improvement Program
This product participates in VMware's Customer Experience Improvement Program (CEIP). The CEIP
provides VMware with information that enables VMware to improve its products and services, to fix
problems, and to advise you on how best to deploy and use our products. You can choose to join or leave
the CEIP for vRealize Automation at any time.
Details regarding the data collected through CEIP and the purposes for which it is used by VMware are
set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html.
Join or Leave the Customer Experience Improvement Program for vRealize Automation
You can join or leave the Customer Experience Improvement Program (CEIP) for vRealize Automation at
any time.
vRealize Automation gives you the opportunity to join the Customer Experience Improvement Program
(CEIP) when you initially install and configure the product. After installation, you can join or leave the
CEIP by following these steps.
Procedure
1 Log in as root to the vRealize Appliance management interface.
https://vrealize-automation-appliance-FQDN:5480
2 Click the Telemetry tab.
3 Check or uncheck the Join the VMware Customer Experience Improvement Program option.
When checked, the option activates the Program and sends data to https://vmware.com.
4 Click Save Settings.
VMware, Inc. 21
System Administration
Configure Data Collection Time
You can set the day and time when the Customer Experience Improvement Program (CEIP) sends data
to VMware.
Procedure
1 Log in to a console session on the vRealize Appliance as root.
2 Open the following file in a text editor.
/etc/telemetry/telemetry-collector-vami.properties
3 Edit the properties for day of week (dow) and hour of day (hod).
Property Description
frequency.dow=<day-of-week>
frequency.hod=<hour-of-day>
Day when data collection occurs.
Local time of day when data collection occurs. Possible
values are 0–23.
4 Save and close telemetry-collector-vami.properties.
5 Apply the settings by entering the following command.
vcac-config telemetry-config-update --update-info
Changes are applied to all nodes in your deployment.
VMware, Inc. 22
Configure the vRealize
Automation Appliance Database 2
The vRealize Automation system has been updated to use an internal database that now offers clustering
and streaming replication. Users must update new and existing vRealize Automation 6.x systems to use
this new Appliance Database.
Designate one vRealize Appliance as the primary Appliance Database machine and the second as the
secondary Appliance Database machine. When configured correctly, each appliance can support the
Appliance Database as needed.
Note The Appliance Database replication channel is not encrypted.
Prerequisites
n
Create DNS entry, for example: dbCluster.domain.local
n
IP address allocated for load balancer.
n
Two installed vRealize Appliances freshly deployed and resolvable through DNS.
n
The user configuring the Appliance Database must have Administrator access to vSphere in order to
add new disks to the vRealize Appliances.
n
Download the 2108923_dbCluster.zip file from the VMware Knowledge Base.
The link is http://kb.vmware.com/selfservice/microsites/search.do?
cmd=displayKC&docType=kc&externalId=2108923 if you need to paste it into a browser.
Procedure
1 Configure Database Virtual IP
Configure the database virtual IP (VIP) as appropriate for your system configuration in accordance
with VMware guidelines.
2 Configure Internal Appliance Database
Configure an Appliance Database on both the designated primary and secondary vRealize
Appliances.
3 Configure Appliance Database Replication on the Secondary Appliance
Configure the secondary or failover virtual appliance to support appliance database replication.
4 Test Appliance Database Failover
Test failover functionality from the primary appliance database machine to the secondary machine.
VMware, Inc.
23
System Administration
5 Test Appliance Database Failback
Test that failback from the secondary appliance database machine to the primary machine functions.
Configure Database Virtual IP
Configure the database virtual IP (VIP) as appropriate for your system configuration in accordance with
VMware guidelines.
The appropriate virtual IP for your system depends upon numerous factors, including whether or not it
uses a load balancer. Most distributed production systems use a load balancer.
The active node in the network load balancer should be the master node with the writeable database.
Procedure
1 Review your system configuration and choose an appropriate virtual IP (VIP configuration.
Consult the VMware Knowledge Base for information about choosing a VIP configuration.
2 Configure the database virtual IP (VIP) as appropriate for your system configuration.
When configuring the VIP, observe the following.
n
Port 5432 must be balanced.
n
Only the current master node can be active in the load balancer.
Configure Internal Appliance Database
Configure an Appliance Database on both the designated primary and secondary vRealize Appliances.
For related information, see the following content:
n
Add a New Hard Disk to a Virtual Machine in vSphere Web Client in vSphere product documentation
n
Gracefully Shutting Down a Windows Guest When the Virtual Machine Powers Off (1744) in the
VMware Knowledge Base.
Procedure
1 Perform a graceful shutdown of the target appliance using shut down guest in the
VMware vCenter Server™.
2 Add a 20 GB disk to the virtual appliance by using the VMware vCenter Server™.
3 Power on the appliance.
4 Verify that SSH is enabled on the virtual appliance.
a Log in to the Virtual Appliance Management Interface at https://appliance_IP:5480.
b Click the Admin tab.
c Ensure that the SSH service enabled and Administrator SSH login enabled check boxes are
selected.
d Click Save Settings.
VMware, Inc. 24
System Administration
5 Unzip the 2108923_dbCluster.zip file that you downloaded from the VMware Knowledge Base and
copy the 2108923_dbCluster.tar file to the appliance.
6 Extract the configureDisk.sh and pgClusterSetup.sh files using the tar xvf
2108923_dbCluster.tar command.
# tar xvf 2108923_dbCluster.tar
configureDisk.sh
pgClusterSetup.sh
7 Locate the disk you added using the parted -1 command.
Note For a fresh vRealize Automation deployment, the disk name should be /dev/sdd. The name
differs depending on the original version of vRealize Automation deployed.
# parted -1
...
Error: /dev/sdd: unrecognized disk label
Sector size (logical/physical): 512B/512B
8 Configure the disk using the ./configureDisk.sh disk name command.
For a vRealize Automation deployment, the exact command is ./configureDisk.sh /dev/sdd.
# ./configureDisk.sh /dev/sdd
...
Ownership changed successfully
WAL Archive disk configured successfully
9 Run the pgClusterSetup.sh script using the following command.
/pgClusterSetup.sh [-d] <db_fqdn> [-D] <db_vip> [-w] <db_pass> [-r]
<replication_password> [-p] <postgres_password>
Replace the parameters with the following values as appropriate for your system.
Option Value
[-d] Database load balancer FQDN
[-D] Database virtual IP address. Optional, will create /etc/hosts entry.
[-w] Sets the database password to the specified entry.
[-r] Replication password. Optional, will use the database password if not set.
[-p] Postgres password. Optional, will use database password if not set.
VMware, Inc. 25
System Administration
For example, ./pgClusterSetup.sh -d pgCluster.domain.local -w changeMe1! -r
changeMe1! -p changeMe1!
Note If you are using a load balancer virtual IP, specify the -D parameter using the IP address of the
virtual IP.
# ./pgClusterSetup.sh -d dbCluster.domain.local -w changeMe1! -r changeMe1! -p changeMe1!
...
11.) Updating vRealize Automation to utilize database cluster fully qualified domain name
Finished
10 Update the password from ChangeMe! to one that is appropriate for your system.
What to do next
Configure Appliance Database Replication on the Secondary Appliance.
Configure Appliance Database Replication on the
Secondary Appliance
Configure the secondary or failover virtual appliance to support appliance database replication.
Set up database replication on the designated secondary appliance so that the appliance database on the
primary appliance is replicated on the secondary appliance in the case of failover.
Prerequisites
The appliance database is installed and configured as described in vRealize Automation Installation and
Configuration.
Procedure
1 Log in to the virtual appliance as root using SSH with the su - postgres command.
2 Configure replication as the postgres user using the following command.
./run_as_replica -h <Primary Appliance> -b -W -U replicate
Replace the parameters with the following values.
Option Value
[-h] Hostname of the master database server. Port 5432 is assumed.
[-b] Take a base backup from the master. This option destroys the current contents of the data
directory.
VMware, Inc. 26
System Administration
Option Value
[-W] Prompt for the password of the user performing the replication.
[-U] The user performing the replication. Generally this user is replicate.
For example:
# su - postgres
/opt/vmware/vpostgres/current/share/run_as_replica -h app1.domain.local -b -W -U replicate
3 Enter the replicate user password when prompted.
4 Type "yes" after verifying the thumb print of the primary machine when prompted.
5 Enter the postgres user password when prompted.
6 Type "yes" in response to the following message.
"Type yes to enable WAL archiving on primary."
7 Type "yes" in response to the following message.
"WARNING: the base backup operation will replace the current contents of the data directory. Please
confirm by typing yes."
What to do next
Validate that the replication was successful. See Chapter 4 Validate Appliance Database Replication.
Test Appliance Database Failover
Test failover functionality from the primary appliance database machine to the secondary machine.
For this test, the appliance database is failed over, and the replica database on the secondary appliance
becomes the master database.
Prerequisites
The appliance database is installed and configured on primary and secondary vRealize Appliances as
described in vRealize Automation Installation and Configuration.
Procedure
1 Log in to your primary, or master, appliance as root using SSH.
2 Stop the vpostgres service using the service vpostgres stop command.
A message similar to the following appears.
# service vpostgres stop
Stopping VMware vPostgres: Last login: Mon Apr 27 19:49:26 UTC 2015 on pts/0
ok
3 Log in to the secondary appliance as root using SSH.
VMware, Inc. 27
System Administration
4 Run the /opt/vmware/vpostgres/current/share/promote_replica_to_primary command as
the postgres user to promote the replica database to master.
su - postgres
/opt/vmware/vpostgres/current/share/promote_replica_to_primary
server promoting
Note After running this command, the replica database on the secondary appliance becomes the
master. The appliance database on the original primary appliance does not become an actual replica
until you run the run_as_replica command.
5 Log in to the targeted replica appliance machine as root using SSH.
6 Configure replication using the following command.
./run_as_replica -h master database appliance -b -W -U replicate
Replace the parameters with the following values.
Option Value
[-h] Host name of the master database server. Port 5432 is assumed.
[-b] Take a base backup from the master. This option destroys the current contents of the data
directory.
[-W] Prompt for the password of the user performing the replication.
[-U] The user performing the replication. Generally this user is replicate.
For example:
# su - postgres
/opt/vmware/vpostgres/current/share/run_as_replica -h app2.domain.local -b -W -U replicate
7 Enter the replicate user password when prompted.
8 Type "yes" after verifying the thumb print of the primary machine when prompted.
9 Enter the postgres user password when prompted.
10 Type "yes" in response to the following message.
"WARNING: the base backup operation will replace the current contents of the data directory. Please
confirm by typing yes."
What to do next
Validate that the replication was successful. See Chapter 4 Validate Appliance Database Replication.
Test Appliance Database Failback
Test that failback from the secondary appliance database machine to the primary machine functions.
VMware, Inc. 28
Loading...