VMware vRealize Automation - 7.1 User’s Manual
Configuring vRealize Automation
vRealize Automation 7.1
Configuring vRealize Automation
You can find the most up-to-date technical documentation on the VMware Web site at:
hps://docs.vmware.com/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2015, 2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Conguring vRealize Automation 7
Updated Information 9
External Preparations for Provisioning 11
1
Preparing Your Environment for vRealize Automation Management 11
Checklist for Preparing NSX Network and Security Conguration 12
Checklist for Preparing External IPAM Provider Support 14
Preparing Your vCloud Director Environment for vRealize Automation 16
Preparing Your vCloud Air Environment for vRealize Automation 17
Preparing Your Amazon AWS Environment 17
Preparing Red Hat OpenStack Network and Security Features 22
Preparing Your SCVMM Environment 23
Preparing for Machine Provisioning 24
Choosing a Machine Provisioning Method to Prepare 24
Checklist for Running Visual Basic Scripts During Provisioning 27
Using vRealize Automation Guest Agent in Provisioning 28
Checklist for Preparing to Provision by Cloning 33
Preparing for vCloud Air and vCloud Director Provisioning 45
Preparing for Linux Kickstart Provisioning 46
Preparing for SCCM Provisioning 48
Preparing for WIM Provisioning 49
Preparing for Virtual Machine Image Provisioning 57
Preparing for Amazon Machine Image Provisioning 58
Scenario: Prepare vSphere Resources for Machine Provisioning in Rainpole 60
Preparing for Software Provisioning 62
Preparing to Provision Machines with Software 63
Scenario: Prepare a vSphere CentOS Template for Clone Machine and Software Component
Blueprints 67
Scenario: Prepare for Importing the Dukes Bank for vSphere Sample Application Blueprint 70
VMware, Inc.
Conguring Tenant Seings 75
2
Choosing Directories Management Conguration Options 76
Directories Management Overview 76
Using Directories Management to Create an Active Directory Link 79
Managing User Aributes that Sync from Active Directory 91
Managing Connectors 92
Join a Connector Machine to a Domain 92
About Domain Controller Selection 93
Managing Access Policies 96
Integrating Alternative User Authentication Products with Directories Management 101
Scenario: Congure an Active Directory Link for a Highly Available vRealize Automation 118
3
Configuring vRealize Automation
Congure Smart Card Authentication for vRealize Automation 120
Generate a Connector Activation Token 121
Deploy the Connector OVA File 121
Congure Connector Seings 122
Apply Public Certicate Authority 123
Create a Workspace Identity Provider 125
Congure Certicate Authentication and Congure Default Access Policy Rules 125
Create a Multi Domain or Multi Forest Active Directory Link 126
Conguring Groups and User Roles 127
Assign Roles to Directory Users or Groups 127
Create a Custom Group 128
Create a Business Group 129
Troubleshooting Slow Performance When Displaying Group Members 131
Scenario: Congure the Default Tenant for Rainpole 131
Scenario: Create Local User Accounts for Rainpole 132
Scenario: Connect Your Corporate Active Directory to vRealize Automation for Rainpole 133
Scenario: Congure Branding for the Default Tenant for Rainpole 134
Scenario: Create a Custom Group for Your Rainpole Architects 135
Scenario: Assign IaaS Administrator Privileges to Your Custom Group of Rainpole Architects 136
Create Additional Tenants 136
Specify Tenant Information 137
Congure Local Users 137
Appoint Administrators 138
Delete a Tenant 138
Conguring Custom Branding 139
Custom Branding for Tenant Login Page 139
Custom Branding for Tenant Applications 140
Checklist for Conguring Notications 141
Conguring Global Email Servers for Notications 144
Add a Tenant-Specic Outbound Email Server 145
Add a Tenant-Specic Inbound Email Server 146
Override a System Default Outbound Email Server 147
Override a System Default Inbound Email Server 148
Revert to System Default Email Servers 149
Congure Notications 149
Customize the Date for Email Notication for Machine Expiration 149
Conguring Templates for Automatic IaaS Emails 150
Subscribe to Notications 150
Create a Custom RDP File to Support RDP Connections for Provisioned Machines 150
Scenario: Add Datacenter Locations for Cross Region Deployments 151
Conguring vRealize Orchestrator and Plug-Ins 152
Congure the Default Workow Folder for a Tenant 152
Congure an External vRealize Orchestrator Server 153
Log in to the vRealize Orchestrator Conguration Interface 154
Log in to the vRealize Orchestrator Client 154
Conguring Resources 157
3
Checklist for Conguring IaaS Resources 157
Store User Credentials 158
4 VMware, Inc.
Choosing an Endpoint Scenario 160
Create a Fabric Group 175
Congure Machine Prexes 176
Managing Key Pairs 176
Creating a Network Prole 178
Conguring Reservations and Reservation Policies 191
Scenario: Congure IaaS Resources for Rainpole 221
Scenario: Apply a Location to a Compute Resource for Cross Region Deployments 225
Checklist for Provisioning a vRealize Automation Deployment Using an External IPAM
Provider 225
Conguring XaaS Resources 226
Congure the Active Directory Plug-In as an Endpoint 227
Congure the HTTP-REST Plug-In as an Endpoint 228
Congure the PowerShell Plug-In as an Endpoint 230
Congure the SOAP Plug-In as an Endpoint 231
Congure the vCenter Server Plug-In as an Endpoint 232
Installing Additional Plug-Ins on the Default vRealize Orchestrator Server 233
Working With Active Directory Policies 234
Create and Apply Active Directory Policies 234
Contents
Providing On-Demand Services to Users 237
4
Designing Blueprints 237
Exporting and Importing Blueprints 239
Scenario: Importing the Dukes Bank for vSphere Sample Application and Conguring for Your
Environment 240
Scenario: Test the Dukes Bank Sample Application 243
Building Your Design Library 244
Designing Machine Blueprints 246
Designing Machine Blueprints with NSX Networking and Security 278
Designing Software Components 290
Creating XaaS Blueprints and Resource Actions 306
Publishing a Blueprint 348
Assembling Composite Blueprints 349
Understanding Nested Blueprint Behavior 350
Selecting a Machine Component that Supports Software Components 352
Creating Property Bindings Between Blueprint Components 352
Creating Explicit Dependencies and Controlling the Order of Provisioning 353
Scenario: Assemble and Test a Blueprint to Deliver MySQL on Rainpole Linked Clone
Machines 354
Managing the Service Catalog 357
Checklist for Conguring the Service Catalog 358
Creating a Service 359
Working with Catalog Items and Actions 361
Creating Entitlements 363
Working with Approval Policies 369
Scenario: Congure the Catalog for Rainpole Architects to Test Blueprints 386
Scenario: Test Your Rainpole CentOS Machine 389
Scenario: Make the CentOS with MySQL Application Blueprint Available in the Service Catalog 390
Scenario: Create and Apply CentOS with MySQL Approval Policies 393
VMware, Inc. 5
Configuring vRealize Automation
Index 399
6 VMware, Inc.
Configuring vRealize Automation
Conguring vRealize Automation provides information about conguring vRealize Automation and your
external environments to prepare for vRealize Automation provisioning and catalog management.
For information about supported integrations, see hps://www.vmware.com/pdf/vrealize-automation-71-
support-matrix.pdf.
Intended Audience
This information is intended for IT professionals who are responsible for conguring vRealize Automation
environment, and for infrastructure administrators who are responsible for preparing elements in their
existing infrastructure for use in vRealize Automation provisioning. The information is wrien for
experienced Windows and Linux system administrators who are familiar with virtual machine technology
and datacenter operations.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions
of terms as they are used in VMware technical documentation, go to
hp://www.vmware.com/support/pubs.
VMware, Inc.
7
Configuring vRealize Automation
8 VMware, Inc.
Updated Information
This Conguring vRealize Automation is updated with each release of the product or when necessary.
This table provides the update history of the Conguring vRealize Automation.
Revision Description
EN-002076-04
EN-002076-03 Added a note to “Specify Tenant Information,” on page 137 indicating that tenant URLs must use only
EN-002076-02
EN-002076-01
EN-002076-00 Initial 7.1 release.
Updated “Install the Guest Agent on a Windows Reference Machine,” on page 31.
n
Updated “Prepare a Windows Reference Machine to Support Software,” on page 63.
n
Updated “Prepare a Linux Reference Machine to Support Software,” on page 65.
n
Updated “Create an Active Directory Policy,” on page 235.
n
lowercase characters.
Updated “Preparing for vCloud Air and vCloud Director Provisioning,” on page 45.
n
Updated “Create a vCloud Director Endpoint,” on page 165.
n
Updated “Exporting and Importing Blueprints,” on page 239.
n
Updated “vSphere Machine Component Seings,” on page 250.
n
Added “Delete a Tenant,” on page 138.
n
Updated “Amazon Machine Component Seings,” on page 259.
n
Updated “Troubleshooting Blueprints for Clone and Linked Clone,” on page 267.
n
VMware, Inc. 9
Configuring vRealize Automation
10 VMware, Inc.
External Preparations for
Provisioning 1
You may need to create or prepare some elements outside of vRealize Automation to support catalog item
provisioning. For example, if you want to provide a catalog item for provisioning a clone machine, you need
to create a template on your hypervisor to clone from.
This chapter includes the following topics:
“Preparing Your Environment for vRealize Automation Management,” on page 11
n
“Preparing for Machine Provisioning,” on page 24
n
“Preparing for Software Provisioning,” on page 62
n
Preparing Your Environment for vRealize Automation Management
Depending on your integration platform, you might have to make some conguration changes before you
can bring your environment under vRealize Automation management, or before you can leverage certain
features.
Table 1‑1. Preparing Your Environment for vRealize Automation Integration
Environment Preparations
If you want to leverage NSX to manage
NSX
vCloud Director
vCloud Air
networking and security features of
machines provisioned with
vRealize Automation, prepare your NSX
instance for integration. See “Checklist for
Preparing NSX Network and Security
Conguration,” on page 12.
Install and congure your vCloud Director
instance, set up your vSphere and cloud
resources, and identify or create
appropriate credentials to provide
vRealize Automation with access to your
vCloud Director environment. See
“Preparing Your vCloud Director
Environment for vRealize Automation,” on
page 16.
Register for your vCloud Air account, set
up your vCloud Air environment, and
identify or create appropriate credentials to
provide vRealize Automation with access
to your environment. See “Preparing for
vCloud Air and vCloud Director
Provisioning,” on page 45.
VMware, Inc. 11
Configuring vRealize Automation
Table 1‑1. Preparing Your Environment for vRealize Automation Integration (Continued)
Environment Preparations
Amazon AWS
Red Hat OpenStack
SCVMM
External IPAM Providers Register an external IPAM provider
All other environments You do not need to make changes to your
Prepare elements and user roles in your
Amazon AWS environment for use in
vRealize Automation, and understand how
Amazon AWS features map to
vRealize Automation features. See
“Preparing Your Amazon AWS
Environment,” on page 17.
If you want to leverage Red Hat OpenStack
to manage networking and security
features of machines provisioned with
vRealize Automation, prepare your
Red Hat OpenStack instance for
integration. See “Preparing Red Hat
OpenStack Network and Security
Features,” on page 22.
Congure storage, networking, and
understand template and hardware prole
naming restrictions. See “Preparing Your
SCVMM Environment,” on page 23.
package or plug-in, run the conguration
workows, and register the IPAM solution
as a new vRealize Automation endpoint.
See “Checklist for Preparing External IPAM
Provider Support,” on page 14.
environment. You can begin preparing for
machine provisioning by creating
templates, boot environments, or machine
images. See “Preparing for Machine
Provisioning,” on page 24.
Checklist for Preparing NSX Network and Security Configuration
Before you can use NSX network and security options in vRealize Automation, you must congure the
external NSX network and security environment that you intend to use.
Much of the vRealize Automation support for network and security conguration that you specify in
blueprints and reservations is congured externally and made available to vRealize Automation after data
collection is run on the compute resources.
For more information about the available network and conguration options that you can congure for
vRealize Automation, see “Conguring Network and Security Component Seings,” on page 281.
Table 1‑2. Preparing NSX Networking and Security Checklist
Task Location Details
Install and
congure the NSX
plug-in.
Congure NSX
network seings,
including gateway
and transport
zone seings.
Install the NSX plug-in in vRealize Orchestrator. See “Install the NSX Plug-In on
vRealize Orchestrator,” on page 13
and the NSX Administration Guide.
Congure network seings in NSX. See the NSX Administration Guide.
12 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Table 1‑2. Preparing NSX Networking and Security Checklist (Continued)
Task Location Details
Create NSX
security policies,
tags, and groups.
Congure NSX
load balancer
seings.
Congure security seings in NSX. See the NSX Administration Guide.
Congure an NSX load balancer to work with
vRealize Automation.
See the NSX Administration Guide.
Also see Custom Properties for
Networking in Custom Properties
Reference.
Install the NSX Plug-In on vRealize Orchestrator
Installing the NSX plug-in requires that you download the vRealize Orchestrator installer le, use the
vRealize Orchestrator Conguration interface to upload the plug-in le, and install the plug-in on a
vRealize Orchestrator server.
N If you are using an embedded vRealize Orchestrator that contains an installed NSX plug-in, you do
not need to perform the following plug-in installation steps because the NSX plug-in is already installed.
For general plug-in update and troubleshooting information, see vRealize Orchestrator documentation at
hps://www.vmware.com/support/pubs/orchestrator_pubs.html.
Prerequisites
Verify that you are running a supported vRealize Orchestrator instance.
n
For information about seing up vRealize Orchestrator, see Installing and Conguring VMware vRealize
Orchestrator.
Verify that you have credentials for an account with permission to install vRealize Orchestrator plug-ins
n
and to authenticate through vCenter Single Sign-On.
Verify that you installed the correct version of the NSX plug-in. See vRealize Automation Support Matrix.
n
Verify that you installed the vRealize Orchestrator client and that you can log in with Administrator
n
credentials.
Procedure
1 Download the plug-in le to a location accessible from the vRealize Orchestrator server.
The plug-in installer le name format, with appropriate version values, is o11nplugin-
nsx-1.n.n.vmoapp. Plug-in installation les for the NSX networking and security product are available
from the VMware product download site at hp://vmware.com/web/vmware/downloads.
2 Open a browser and start the vRealize Orchestrator conguration interface.
An example of the URL format is hps://orchestrator_server.com:8283.
3 Click Plug-Ins in the left pane and scroll down to the Install new plug-in section.
4 In the Plug-In text box, browse to the plug-in installer le and click Upload and install.
The le must be in .vmoapp format.
5 At the prompt, accept the license agreement in the Install a plug-in pane.
6 In the Enabled plug-ins installation status section, conrm that the correct NSX plug-in name is
specied.
See vRealize Automation Support Matrix for version information.
The status Plug-in will be installed at next server startup, appears.
VMware, Inc. 13
Configuring vRealize Automation
7 Restart the vRealize Orchestrator server service.
8 Restart the vRealize Orchestrator conguration interface.
9 Click Plug-Ins and verify that the status changed to Installation OK.
10 Start the vRealize Orchestrator client application, log in, and use the tab to navigate through
the library to the NSX folder.
You can browse through the workows that the NSX plug-in provides.
What to do next
Create a vRealize Orchestrator endpoint in vRealize Automation to use for running workows. See “Create
a vRealize Orchestrator Endpoint,” on page 162.
Run a vRealize Orchestrator and NSX Security Workflow
Before you use the NSX security policy features from vRealize Automation, an administrator must run the
Enable security policy support for overlapping subnets workow in vRealize Orchestrator.
Security policy support for the overlapping subnets workow is applicable to an NSX 6.1 and later
endpoint. Run this workow only once to enable this support.
Prerequisites
Verify that a vSphere endpoint is registered with an NSX endpoint. See “Create a vSphere Endpoint,”
n
on page 160.
Log in to the vRealize Orchestrator client as an administrator.
n
Verify that you ran the Create NSX endpoint vRO work ow.
n
Procedure
1 Click the tab and select NSX > NSX for VCAC.
2 Run the Create NSX endpoint workow and respond to prompts.
3 Run the Enable security policy support for overlapping subnets workow.
4 Select the NSX endpoint as the input parameter for the workow.
Use the IP address you specied when you created the vSphere endpoint to register an NSX instance.
After you run this workow, the distributed rewall rules dened in the security policy are applied only on
the vNICs of the security group members to which this security policy is applied.
What to do next
Apply the applicable security features for the blueprint.
Checklist for Preparing External IPAM Provider Support
You can obtain IP addresses and ranges for use in network prole denition from a supported external
IPAM provider, such as Infoblox.
Before you can use an external IPAM provider endpoint in a vRealize Automation network prole, you
must download or otherwise obtain a vRealize Orchestrator IPAM provider package, import the package
and run required workows in vRealize Orchestrator, and register the IPAM solution as a
vRealize Automation endpoint in vRealize Orchestrator.
For an overview of the provisioning process for using an external IPAM provider to supply a range of
possible IP addresses, see “Checklist for Provisioning a vRealize Automation Deployment Using an External
IPAM Provider,” on page 225.
14 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Table 1‑3. Preparing for External IPAM Provider Support Checklist
Task Location Details
Obtain and
import the
supported
external IPAM
Provider
vRealize
Orchestrator plugin.
Run the
required
conguration
workows and
register the
external IPAM
solution as a
vRealize
Automation
endpoint.
Download the IPAM provider package, for example
Infoblox IPAM, from the VMware Solution Exchange and
import the package to vRealize Orchestrator.
If the VMware Solution Exchange
(hps://solutionexchange.vmware.com/store/category_gr
oups/cloud-management) does not contain the IPAM
provider package that you need, you can create your own
using the IPAM Solution Provider SDK and supporting
documentation.
Run the vRealize Orchestrator conguration workows
and register the IPAM provider endpoint type in
vRealize Orchestrator.
See “Obtain and Import the External
IPAM Provider Package in vRealize
Orchestrator,” on page 15.
See “Run the Workow to Register the
Infoblox IPAM Endpoint Type in
vRealize Orchestrator,” on page 16.
Obtain and Import the External IPAM Provider Package in vRealize Orchestrator
To prepare to dene and use an external IPAM provider endpoint, you must rst obtain the external IPAM
provider package and import the package in vRealize Orchestrator.
You can download and use an existing third-party IP Address Management provider package, such as
Infoblox IPAM. You can also create your own package using a VMware-supplied SDK and accompanying
SDK documentation, for example to create a package for use with Bluecat IPAM. This example uses the
Infoblox IPAM package.
After you obtain and import the external IPAM provider package in vRealize Orchestrator, run the required
workows and register the IPAM endpoint type.
For more information about importing packages and running vRealize Orchestrator workows, see Using
the VMware vRealize Orchestrator Client. For more information about extending vRealize Automation with
vRealize Orchestrator packages and workows, see Life Cycle Extensibility.
Prerequisites
Log in to vRealize Orchestrator with administrator privileges for importing, conguring, and
n
registering a vRealize Orchestrator package.
Procedure
1 Open the VMware Solution Exchange site at
hps://solutionexchange.vmware.com/store/category_groups/cloud-management.
2 Select Cloud Management Marketplace.
3 Locate and download the plug-in or package, for example Infoblox VIPAM Plug-in.
4 In vRealize Orchestrator, click the Administrator tab and click Import package.
5 Select the package or plug-in, for example select the Infoblox IPAM plug-in.
6 Select all workows and artifacts and click Import selected elements.
What to do next
“Run the Workow to Register the Infoblox IPAM Endpoint Type in vRealize Orchestrator,” on page 16.
VMware, Inc. 15
Configuring vRealize Automation
Run the Workflow to Register the Infoblox IPAM Endpoint Type in vRealize Orchestrator
Run the registration workow in vRealize Orchestrator to support vRealize Automation use of the external
IPAM provider and register the Infoblox IPAM endpoint type for use in vRealize Automation.
To register IPAM endpoint types in vRealize Orchestrator, you are prompted to supply
vRealize Automation vRA Administrator credentials. T
For more information about importing packages and running vRealize Orchestrator workows, see Using
the VMware vRealize Orchestrator Client. For more information about extending vRealize Automation with
vRealize Orchestrator packages and workows, see Life Cycle Extensibility.
Prerequisites
“Obtain and Import the External IPAM Provider Package in vRealize Orchestrator,” on page 15
n
Verify that you are logged in to vRealize Orchestrator with vRealize Automation with authority to run
n
workows.
Be prepared to supply vRealize Automation IaaS administrator credentials when prompted.
n
Procedure
1 In vRealize Orchestrator, click the Design tab, select Administrator > Library, and select IPAM Service
Package SDK.
Each IPAM provider package is uniquely named and contains unique workows. The workow names
might be similar between provider packages. The location of the workows in vRealize Orchestrator
can be dierent and is provider-specic.
2 Run the Register IPAM Endpoint registration workow and specify the IPAM Inoblox endpoint type.
3 At the prompt for vRealize Automation credentials, enter your vRealize Automation IaaS administrator
credentials.
The package registers InfoBlox as a new IPAM endpoint type in the vRealize Automation endpoint service
and makes the endpoint type available when you dene endpoints in vRealize Automation.
What to do next
You can now create an IPAM Inoblox type endpoint in vRealize Automation. See “Create an External
IPAM Provider Endpoint,” on page 163.
Preparing Your vCloud Director Environment for vRealize Automation
Before you can integrate vCloud Director with vRealize Automation, you must install and congure your
vCloud Director instance, set up your vSphere and cloud resources, and identify or create appropriate
credentials to provide vRealize Automation with access to your vCloud Director environment.
Configure Your Environment
Congure your vSphere resources and cloud resources, including virtual datacenters and networks. For
more information, see the vCloud Director documentation.
Required Credentials for Integration
Create or identify either organization administrator or system administrator credentials that your
vRealize Automation IaaS administrators can use to bring your vCloud Director environment under
vRealize Automation management as an endpoint.
16 VMware, Inc.
Chapter 1 External Preparations for Provisioning
User Role Considerations
vCloud Director user roles in an organization do not need to correspond with roles in vRealize Automation
business groups. If the user account does not exist in vCloud Director, vCloud Director performs a lookup
in the associated LDAP or Active Directory and creates the user account if the user exists in the identity
store. If it cannot create the user account, it logs a warning but does not fail the provisioning process. The
provisioned machine is then assigned to the account that was used to congure the vCloud Director
endpoint.
For related information about vCloud Director user management, see the vCloud Director documentation.
Preparing Your vCloud Air Environment for vRealize Automation
Before you integrate vCloud Air with vRealize Automation, you must register for your vCloud Air account,
set up your vCloud Air environment, and identify or create appropriate credentials to provide
vRealize Automation with access to your environment.
Configure Your Environment
Congure your environment as instructed in the vCloud Air documentation.
Required Credentials for Integration
Create or identify either virtual infrastructure administrator or account administrator credentials that your
vRealize Automation IaaS administrators can use to bring your vCloud Air environment under
vRealize Automation management as an endpoint.
User Role Considerations
vCloud Air user roles in an organization do not need to correspond with roles in vRealize Automation
business groups. For related information about vCloud Air user management, see the vCloud Air
documentation.
Preparing Your Amazon AWS Environment
Prepare elements and user roles in your Amazon AWS environment, prepare Amazon AWS to communicate
with the guest agent and Software bootstrap agent, and understand how Amazon AWS features map to
vRealize Automation features.
Amazon AWS User Roles and Credentials Required for vRealize Automation
You must congure credentials in Amazon AWS with the permissions required for vRealize Automation to
manage your environment.
You must have certain Amazon access rights to successfully provision machines by using
vRealize Automation.
Role and Permission Authorization in Amazon Web Services
n
The Power User role in AWS provides an AWS Directory Service user or group with full access to AWS
services and resources.
You do not need any AWS credentials to create an AWS endpoint in vRealize Automation. However, the
AWS user who creates an Amazon machine image is expected by vRealize Automation to have the
Power User role.
Authentication Credentials in Amazon Web Services
n
VMware, Inc. 17
Configuring vRealize Automation
The AWS Power User role does not allow management of AWS Identity and Access Management (IAM)
users and groups. For management of IAM users and groups, you must be congured with AWS Full
Access Administrator credentials.
vRealize Automation requires access keys for endpoint credentials and does not support user names
and passwords. To obtain the access key needed to create the Amazon endpoint, the Power User must
either request a key from a user who has AWS Full Access Administrator credentials or be additionally
congured with the AWS Full Access Administrator policy.
For information about enabling policies and roles, see the AWS Identity and Access Management (IAM) section
of Amazon Web Services product documentation.
Allow Amazon AWS to Communicate with the Software Bootstrap Agent and Guest Agent
If you intend to provision application blueprints that contain Software, or if you want the ability to further
customize provisioned machines by using the guest agent, you must enable connectivity between your
Amazon AWS environment, where your machines are provisioned, and your vRealize Automation
environment, where the agents download packages and receive instructions.
When you use vRealize Automation to provision Amazon AWS machines with the vRealize Automation
guest agent and Software bootstrap agent, you must set up network-to-Amazon VPC connectivity so your
provisioned machines can communicate back to vRealize Automation to customize your machines.
For more information about Amazon AWS VPC connectivity options, see the Amazon AWS documentation.
Using Optional Amazon Features
vRealize Automation supports several Amazon features, including Amazon Virtual Private Cloud, elastic
load balancers, elastic IP addresses, and elastic block storage.
Using Amazon Security Groups
Specify at least one security group when creating an Amazon reservation. Each available region requires at
least one specied security group.
A security group acts as a rewall to control access to a machine. Every region includes at least the default
security group. Administrators can use the Amazon Web Services Management Console to create additional
security groups, congure ports for Microsoft Remote Desktop Protocol or SSH, and set up a virtual private
network for an Amazon VPN.
When you create an Amazon reservation or congure a machine component in the blueprint, you can
choose from the list of security groups that are available to the specied Amazon account region. Security
groups are imported during data collection.
For information about creating and using security groups in Amazon Web Services, see Amazon
documentation.
Understanding Amazon Web Service Regions
Each Amazon Web Services account is represented by a cloud endpoint. When you create an
Amazon Elastic Cloud Computing endpoint in vRealize Automation, regions are collected as compute
resources. After the IaaS administrator selects compute resources for a business group, inventory and state
data collections occur automatically.
Inventory data collection, which occurs automatically once a day, collects data about what is on a compute
resource, such as the following data:
Elastic IP addresses
n
Elastic load balancers
n
18 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Elastic block storage volumes
n
State data collection occurs automatically every 15 minutes by default. It gathers information about the state
of managed instances, which are instances that vRealize Automation creates. The following are examples of
state data:
Windows passwords
n
State of machines in load balancers
n
Elastic IP addresses
n
A fabric administrator can initiate inventory and state data collection and disable or change the frequency of
inventory and state data collection.
Using Amazon Virtual Private Cloud
Amazon Virtual Private Cloud allows you to provision Amazon machine instances in a private section of the
Amazon Web Services cloud.
Amazon Web Services users can use Amazon VPC to design a virtual network topology according to your
specications. You can assign an Amazon VPC in vRealize Automation. However, vRealize Automation
does not track the cost of using the Amazon VPC.
When you provision using Amazon VPC, vRealize Automation expects there to be a VPC subnet from
which Amazon obtains a primary IP address. This address is static until the instance is terminated. You can
also use the elastic IP pool to also aach an elastic IP address to an instance in vRealize Automation. That
would allow the user to keep the same IP if they are continually provisioning and tearing down an instance
in Amazon Web Services.
Use the AWS Management Console to create the following elements:
An Amazon VPC, which includes Internet gateways, routing table, security groups and subnets, and
n
available IP addresses.
An Amazon Virtual Private Network if users need to log in to Amazon machines instances outside of
n
the AWS Management Console.
vRealize Automation users can perform the following tasks when working with an Amazon VPC:
A fabric administrator can assign an Amazon VPC to a cloud reservation. See “Create an Amazon
n
Reservation,” on page 194.
A machine owner can assign an Amazon machine instance to an Amazon VPC.
n
For more information about creating an Amazon VPC, see Amazon Web Services documentation.
Using Elastic Load Balancers for Amazon Web Services
Elastic load balancers distribute incoming application trac across Amazon Web Services instances.
Amazon load balancing enables improved fault tolerance and performance.
Amazon makes elastic load balancing available for machines provisioned using Amazon EC2 blueprints.
The elastic load balancer must be available in the Amazon Web Services, Amazon Virtual Private Network
and at the provisioning location. For example, if a load balancer is available in us-east1c and a machine
location is us-east1b, the machine cannot use the available load balancer.
vRealize Automation does not create, manage, or monitor the elastic load balancers.
For information about creating Amazon elastic load balancers by using the
Amazon Web Services Management Console, see Amazon Web Services documentation.
VMware, Inc. 19
Configuring vRealize Automation
Using Elastic IP Addresses for Amazon Web Services
Using an elastic IP address allows you to rapidly fail over to another machine in a dynamic
Amazon Web Services cloud environment. In vRealize Automation, the elastic IP address is available to all
business groups that have rights to the region.
An administrator can allocate elastic IP addresses to your Amazon Web Services account by using the
AWS Management Console. There are two groups of elastic IP addresses in any given a region, one range is
allocated for non-Amazon VPC instances and another range is for Amazon VPCs. If you allocate addresses
in a non-Amazon VPC region only, the addresses are not available in an Amazon VPC. The reverse is also
true. If you allocate addresses in an Amazon VPC only, the addresses are not available in a nonAmazon VPC region.
The elastic IP address is associated with your Amazon Web Services account, not a particular machine, but
only one machine at a time can use the address. The address remains associated with your
Amazon Web Services account until you choose to release it. You can release it to map it to a specic
machine instance.
An IaaS architect can add a custom property to a blueprint to assign an elastic IP address to machines
during provisioning. Machine owners and administrators can view the elastic IP addresses assigned to
machines, and machine owners or administrators with rights to edit machines can assign an elastic IP
addresses after provisioning. However, if the address is already associated to a machine instance, and the
instance is part of the Amazon Virtual Private Cloud deployment, Amazon does not assign the address.
For more information about creating and using Amazon elastic IP addresses, see Amazon Web Services
documentation.
Using Elastic Block Storage for Amazon Web Services
Amazon elastic block storage provides block level storage volumes to use with an Amazon machine instance
and Amazon Virtual Private Cloud. The storage volume can persist past the life of its associated Amazon
machine instance in the Amazon Web Services cloud environment.
When you use an Amazon elastic block storage volume in conjunction with vRealize Automation, the
following caveats apply:
You cannot aach an existing elastic block storage volume when you provision a machine instance.
n
However, if you create a new volume and request more than one machine at a time, the volume is
created and aached to each instance. For example, if you create one volume named volume_1 and
request three machines, a volume is created for each machine. Three volumes named volume_1 are
created and aached to each machine. Each volume has a unique volume ID. Each volume is the same
size and in the same location.
The volume must be of the same operating system and in the same location as the machine to which
n
you aach it.
vRealize Automation does not manage the primary volume of an elastic block storage-backed instance.
n
For more information about Amazon elastic block storage, and details on how to enable it by using
Amazon Web Services Management Console, see Amazon Web Services documentation.
20 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Scenario: Configure Network-to-Amazon VPC Connectivity for a Proof of Concept Environment
As the IT professional seing up a proof of concept environment to evaluate vRealize Automation, you want
to temporarily congure network-to-Amazon VPC connectivity to support the vRealize Automation
Software feature.
Network-to-Amazon VPC connectivity is only required if you want to use the guest agent to customize
provisioned machines, or if you want to include Software components in your blueprints. For a production
environment, you would congure this connectivity ocially through Amazon Web Services, but because
you are working in a proof of concept environment, you want to create temporary network-to-Amazon VPC
connectivity. You establish the SSH tunnel and then congure an Amazon reservation in
vRealize Automation to route through your tunnel.
Prerequisites
Install and fully congure vRealize Automation. See Installing and Conguring vRealize Automation for the
n
Rainpole Scenario.
Create an Amazon AWS security group called TunnelGroup and congure it to allow access on port 22.
n
Create or identify a CentOS machine in your Amazon AWS TunnelGroup security group and note the
n
following congurations:
Administrative user credentials, for example root.
n
Public IP address.
n
Private IP address.
n
Create or identify a CentOS machine on the same local network as your vRealize Automation
n
installation.
Install OpenSSH SSHD Server on both tunnel machines.
n
Procedure
1 Log in to your Amazon AWS tunnel machine as the root user or similar.
2 Disable iptables.
# service iptables save
# service iptables stop
# chkconfig iptables off
3 Edit /etc/ssh/sshd_config to enable AllowTCPForwarding and GatewayPorts.
4 Restart the service.
/etc/init.d/sshd restart
5 Log in to the CentOS machine on the same local network as your vRealize Automation installation as
the root user.
VMware, Inc. 21
Configuring vRealize Automation
6 Invoke the SSH Tunnel from the local network machine to the Amazon AWS tunnel machine.
ssh -N -v -o "ServerAliveInterval 30" -o "ServerAliveCountMax 40" -o "TCPKeepAlive yes” \
-R 1442:vRealize_automation_appliance_fqdn:5480 \
-R 1443:vRealize_automation_appliance_fqdn:443 \
-R 1444:manager_service_fqdn:443 \
User of Amazon tunnel machine@Public IP Address of Amazon tunnel machine
You congured port forwarding to allow your Amazon AWS tunnel machine to access
vRealize Automation resources, but your SSH tunnel does not function until you congure an Amazon
reservation to route through the tunnel.
What to do next
1 Install the software bootstrap agent and the guest agent on a Windows or Linux reference machine to
create an Amazon Machine Image that your IaaS architects can use to create blueprints. See “Preparing
for Software Provisioning,” on page 62.
2 Congure your Amazon reservation in vRealize Automation to route through your SSH tunnel. See
“Scenario: Create an Amazon Reservation for a Proof of Concept Environment,” on page 209.
Preparing Red Hat OpenStack Network and Security Features
vRealize Automation supports several features in OpenStack including security groups and oating IP
addresses. Understand how these features work with vRealize Automation and congure them in your
environment.
Using OpenStack Security Groups
Security groups allow you to specify rules to control network trac over specic ports.
You can specify security groups when creating a reservation and also in the blueprint canvas. You can also
specify security groups when requesting a machine.
Security groups are imported during data collection.
Each available region requires at least one specied security group. When you create a reservation, the
available security groups that are available to you in that region are displayed. Every region includes at least
the default security group.
Additional security groups must be managed in the source resource. For more information about managing
security groups for the various machines, see the OpenStack documentation.
Using Floating IP Addresses with OpenStack
You can assign oating IP addresses to a running virtual instance in OpenStack.
To enable assignment of oating IP addresses, you must congure IP forwarding and create a oating IP
pool in Red Hat OpenStack. For more information, see the Red Hat OpenStack documentation.
You must entitle the Associate Floating IP and Disassociate Floating IP actions to machine owners. The
entitled users can then associate a oating IP address to a provisioned machine from the external networks
aached to the machine by selecting an available address from the oating IP address pool. After a oating
IP address has been associated with a machine, a vRealize Automation user can select a Disassociate
Floating IP option to view the currently assigned oating IP addresses and disassociate an address from a
machine.
22 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Preparing Your SCVMM Environment
Before you begin creating SCVMM templates and hardware proles for use in vRealize Automation
machine provisioning, you must understand the naming restrictions on template and hardware prole
names, and congure SCVMM network and storage seings.
Template and Hardware Profile Naming
Because of naming conventions that SCVMM and vRealize Automation use for templates and hardware
proles, do not start your template or hardware prole names with the words temporary or prole. For
example, the following words are ignored during data collection:
TemporaryTemplate
n
Temporary Template
n
TemporaryProle
n
Temporary Prole
n
Prole
n
Required Network Configuration for SCVMM Clusters
SCVMM clusters only expose virtual networks to vRealize Automation, so you must have a 1:1 relationship
between your virtual and logical networks. Using the SCVMM console, map each logical network to a
virtual network and congure your SCVMM cluster to access machines through the virtual network.
Required Storage Configuration for SCVMM Clusters
On SCVMM Hyper-V clusters, vRealize Automation collects data and provisions on shared volumes only.
Using the SCVMM console, congure your clusters to use shared resource volumes for storage.
Required Storage Configuration for Standalone SCVMM Hosts
For standalone SCVMM hosts, vRealize Automation collects data and provisions on the default virtual
machine path. Using the SCVMM console, congure default virtual machine paths for your standalone
hosts.
VMware, Inc. 23
Configuring vRealize Automation
Preparing for Machine Provisioning
Depending on your environment and your method of machine provisioning, you might need to congure
elements outside of vRealize Automation. For example, you might need to congure machine templates or
machine images. You might also need to congure NSX seings or run vRealize Orchestrator workows.
Choosing a Machine Provisioning Method to Prepare
For most machine provisioning methods, you must prepare some elements outside of vRealize Automation.
Table 1‑4. Choosing a Machine Provisioning Method to Prepare
Scenario
Congure
vRealize Automation to
run custom Visual Basic
scripts as additional
steps in the machine life
cycle, either before or
after machine
provisioning. For
example, you could use a
pre-provisioning script
to generate certicates or
security tokens before
provisioning, and then a
post-provisioning script
to use the certicates and
tokens after machine
provisioning.
Provision application
blueprints that automate
the installation,
conguration, and life
cycle management of
middleware and
application deployment
components such as
Oracle, MySQL, WAR,
and database Schemas.
Further customize
machines after
provisioning by using
the guest agent.
Provision machines with
no guest operating
system. You can install
an operating system
after provisioning.
Supported
Endpoint Agent Support
You can
run Visual
Basic
scripts
with any
supported
endpoint
except
Amazon
AWS.
vSpher
n
e
vCloud
n
Air
vCloud
n
Directo
r
Amazo
n
n AWS
All virtual
endpoints
and
Amazon
AWS.
All virtual
machine
endpoints.
Depends on the
provisioning
method you
choose.
(Required)
n
Guest agent
(Required)
n
Software
bootstrap
agent and
guest agent
(Required)
n
Guest agent
(Optional)
n
Software
bootstrap
agent and
guest agent
Not supported Basic No required pre-provisioning
Provisioning
Method Pre-provisioning Preparations
Supported as an
additional step in
any provisioning
method, but you
cannot use Visual
Basic scripts with
Amazon AWS
machines.
Clone
n
Clone (for
n
vCloud Air or
vCloud
Director)
Linked clone
n
Amazon
n
Machine Image
Supported for all
provisioning
methods except
Virtual Machine
Image.
“Checklist for Running Visual
Basic Scripts During
Provisioning,” on page 27
If you want the ability to use
Software components in your
blueprints, prepare a provisioning
method that supports the guest
agent and Software bootstrap
agent. For more information about
preparing for Software, see
“Preparing for Software
Provisioning,” on page 62.
If you want the ability to
customize machines after
provisioning, select a provisioning
method that supports the guest
agent. For more information about
the guest agent, see “Using
vRealize Automation Guest Agent
in Provisioning,” on page 28.
preparations outside of
vRealize Automation.
24 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Table 1‑4. Choosing a Machine Provisioning Method to Prepare (Continued)
Scenario
Provision a spaceecient copy of a virtual
machine called a linked
clone. Linked clones are
based on a snapshot of a
VM and use a chain of
delta disks to track
dierences from a parent
machine.
Provision a space-
ecient copy of a virtual
machine by using
Net App FlexClone
technology.
Provision machines by
cloning from a template
object created from an
existing Windows or
Linux machine, called
the reference machine,
and a customization
object.
Provision vCloud Air or
vCloud Director
machines by cloning
from a template and
customization object.
Provision a machine by
booting from an ISO
image, using a kickstart
or autoYaSt
conguration le and a
Linux distribution image
to install the operating
system on the machine.
Provision a machine and
pass control to an SCCM
task sequence to boot
from an ISO image,
deploy a Windows
operating system, and
install the
vRealize Automation
guest agent.
Supported
Endpoint Agent Support
vSphere
n
(Optional)
Guest agent
(Optional)
n
Software
bootstrap
agent and
guest agent
vSphere (Optional) Guest
agent
n
n
n
vSpher
e
KVM
(RHEV
)
SCVM
M
(Optional)
n
Guest agent
(Optional for
n
vSphere only)
Software
bootstrap
agent and
guest agent
n
n
vCloud
Air
vCloud
Directo
r
(Optional)
n
Guest agent
(Optional)
n
Software
bootstrap
agent and
guest agent
n
n
All
virtual
endpoi
nts
Red
Guest agent is
installed as part
of the preparation
instructions.
Hat
OpenSt
ack
All virtual
machine
endpoints.
Guest agent is
installed as part
of the preparation
instructions.
Provisioning
Method Pre-provisioning Preparations
Linked Clone You must have an existing
NetApp FlexClone “Checklist for Preparing to
Clone See “Checklist for Preparing to
vCloud Air or
vCloud Director
Cloning
Linux Kickstart “Preparing for Linux Kickstart
SCCM “Preparing for SCCM
vSphere virtual machine.
If you want to support Software,
you must install the guest agent
and software bootstrap agent on
the machine you intend to clone.
Provision by Cloning,” on
page 33
Provision by Cloning,” on
page 33.
If you want to support Software,
you must install the guest agent
and software bootstrap agent on
the vSpheremachine you intend to
clone.
See “Preparing for vCloud Air
and vCloud Director
Provisioning,” on page 45.
If you want to support Software,
create a template that contains the
guest agent and software
bootstrap agent. For vCloud Air,
congure network connectivity
between your
vRealize Automation
environment and your vCloud Air
environment.
Provisioning,” on page 46
Provisioning,” on page 48
VMware, Inc. 25
Configuring vRealize Automation
Table 1‑4. Choosing a Machine Provisioning Method to Prepare (Continued)
Scenario
Provision a machine by
booting into a WinPE
environment and
installing an operating
system using a Windows
Imaging File Format
(WIM) image of an
existing Windows
reference machine.
Launch an instance from
a virtual machine image.
Launch an instance from
an Amazon Machine
Image.
Supported
Endpoint Agent Support
n
n
All
virtual
endpoi
nts
Red
Hat
OpenSt
ack
Guest agent is
required. You can
use PEBuilder to
create a WinPE
image that
includes the guest
agent. You can
create the WinPE
image by using
another method,
but you must
manually insert
the guest agent.
Red Hat
Not supported Virtual Machine
OpenStack
Amazon
AWS
(Optional)
n
Guest agent
(Optional)
n
Software
bootstrap
agent and
guest agent
Provisioning
Method Pre-provisioning Preparations
WIM “Preparing for WIM
Provisioning,” on page 49
See “Preparing for Virtual
Image
Machine Image Provisioning,” on
page 57.
Amazon Machine
Image
Associate Amazon machine
images and instance types with
your Amazon AWS account.
If you want to support Software,
create an Amazon Machine Image
that contains the guest agent and
software bootstrap agent, and
congure network-to-VPC
connectivity between your
Amazon AWS and
vRealize Automation
environments.
26 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Checklist for Running Visual Basic Scripts During Provisioning
You can congure vRealize Automation to run your custom Visual Basic scripts as additional steps in the
machine life cycle, either before or after machine provisioning. For example, you could use a preprovisioning script to generate certicates or security tokens before provisioning, and then a postprovisioning script to use the certicates and tokens after machine provisioning. You can run Visual Basic
scripts with any provisioning method, but you cannot use Visual Basic scripts with Amazon AWS machines.
Table 1‑5. Running Visual Basic Scripts During Provisioning Checklist
Task Location Details
Install and congure the EPI agent
for Visual Basic scripts.
Create your visual basic scripts.
Gather the information required to
include your scripts in blueprints.
Typically the Manager Service host See Installing vRealize Automation 7.1.
Machine where EPI agent is installed vRealize Automation includes a
sample Visual Basic script
PrePostProvisioningExample.vbs
in the Scripts subdirectory of the EPI
agent installation directory. This script
contains a header to load all
arguments into a dictionary, a body in
which you can include your functions,
and a footer to return updated custom
properties to vRealize Automation.
When executing a Visual Basic script,
the EPI agent passes all machine
custom properties as arguments to the
script. To return updated property
values to vRealize Automation, place
these properties in a dictionary and
call a function provided by
vRealize Automation.
Capture information and transfer to
your infrastructure architects
N A fabric administrator can
create a property group by using the
property sets
ExternalPreProvisioningVbScript and
ExternalPostProvisioningVbScript to
provide this required information.
Doing so makes it easier for blueprint
architects to include this information
correctly in their blueprints.
The complete path to the Visual
n
Basic script, including the lename
and extension. For example,
%System Drive%Program Files
(x86)\VMware\vCAC
Agents\EPI_Agents\Scripts\Se
ndEmail.vbs.
To run a script before
n
provisioning, instruct
infrastructure architects to enter
the complete path to the script as
the value of the custom property
ExternalPreProvisioningVbScr
ipt. To run a script after
provisioning, they need to use the
custom property
ExternalPostProvisioningVbSc
ript.
VMware, Inc. 27
Configuring vRealize Automation
Using vRealize Automation Guest Agent in Provisioning
You can install the guest agent on reference machines to further customize a machine after deployment. You
can use the reserved guest agent custom properties to perform basic customizations such as adding and
formaing disks, or you can create your own custom scripts for the guest agent to run within the guest
operating system of a provisioned machine.
After the deployment is completed and the customization specication is run (if you provided one), the
guest agent creates an XML le that contains all of the deployed machine's custom properties
c:\VRMGuestAgent\site\workitem.xml, completes any tasks assigned to it with the guest agent custom
properties, and then deletes itself from the provisioned machine.
You can write your own custom scripts for the guest agent to run on deployed machines, and use custom
properties on the machine blueprint to specify the location of those scripts and the order in which to run
them. You can also use custom properties on the machine blueprint to pass custom property values to your
scripts as parameters.
For example, you could use the guest agent to make the following customizations on deployed machines:
Change the IP address
n
Add or format drives
n
Run security scripts
n
Initialize another agent, for example Puppet or Chef
n
You can also provide an encrypted string as a custom property in a command line argument. This allows
you to store encrypted information that the guest agent can decrypt and understand as a valid command
line argument.
Your custom scripts do not have to be locally installed on the machine. As long as the provisioned machine
has network access to the script location, the guest agent can access and run the scripts. This lowers
maintenance costs because you can update your scripts without having to rebuild all of your templates.
If you choose to install the guest agent to run custom scripts on provisioned machines, your blueprints must
include the appropriate guest agent custom properties. For example, if you install the guest agent on a
template for cloning, create a custom script that changes the provisioned machine's IP address, and place the
script in a shared location, you need to include a number of custom properties in your blueprint.
Table 1‑6. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent
Custom Property Description
VirtualMachine.Admin.UseGuestAgent Set to true to initialize the guest agent when the
provisioned machine is started.
VirtualMachine.Customize.WaitComplete
Set to True to prevent the provisioning workow from
sending work items to the guest agent until all
customizations are complete.
28 VMware, Inc.
Chapter 1 External Preparations for Provisioning
Table 1‑6. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent
(Continued)
Custom Property Description
VirtualMachine.SoftwareN.ScriptPath
VirtualMachine.ScriptPath.Decrypt
Species the full path to an application's install script. The
path must be a valid absolute path as seen by the guest
operating system and must include the name of the script
lename.
You can pass custom property values as parameters to the
script by inserting {CustomPropertyName} in the path string.
For example, if you have a custom property named
ActivationKey whose value is 1234, the script path is
D:\InstallApp.bat –key {ActivationKey}. The guest
agent runs the command D:\InstallApp.bat –key
1234. Your script le can then be programmed to accept
and use this value.
Insert {Owner} to pass the machine owner name to the
script.
You can also pass custom property values as parameters to
the script by inserting {YourCustomProperty} in the path
string. For example, entering the
value \\vra-
scripts.mycompany.com\scripts\changeIP.bat runs
the changeIP.bat script from a shared location, but
entering the
value \\vra-
scripts.mycompany.com\scripts\changeIP.bat
{VirtualMachine.Network0.Address} runs the
changeIP script but also passes the value of the
VirtualMachine.Network0.Address property to the
script as a parameter.
Allows vRealize Automation to obtain an encrypted string
that is passed as a properly formaed
VirtualMachine.SoftwareN.ScriptPath custom
property statement to the gugent command line.
You can provide an encrypted string, such as your
password, as a custom property in a command-line
argument. This allows you to store encrypted information
that the guest agent can decrypt and understand as a valid
command-line argument. For example, the
VirtualMachine.Software0.ScriptPath =
c:\dosomething.bat password custom property string
is not secure as it contains an actual password.
To encrypt the password, you can create a
vRealize Automation custom property, for example
MyPassword = password, and enable encryption by
selecting the available check box. The guest agent decrypts
the [MyPassword] entry to the value in the custom
property MyPassword and runs the script as
c:\dosomething.bat password.
n
Create custom property MyPassword = password
where password is the value of your actual password.
Enable encryption by selecting the available check box.
Set custom property
n
VirtualMachine.ScriptPath.Decrypt as
VirtualMachine.ScriptPath.Decrypt = true.
Set custom property
n
VirtualMachine.Software0.ScriptPath as
VirtualMachine.Software0.ScriptPath =
c:\dosomething.bat [MyPassword].
VMware, Inc. 29
Configuring vRealize Automation
Table 1‑6. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent
(Continued)
Custom Property Description
For more information about custom properties you can use with the guest agent, see Custom Properties
Reference.
Install the Guest Agent on a Linux Reference Machine
Install the Linux guest agent on your reference machines to further customize machines after deployment.
Prerequisites
Identify or create the reference machine.
n
The guest agent les you download contain both tar.gz and RPM package formats. If your operating
n
system cannot install tar.gz or RPM les, use a conversion tool to convert the installation les to your
preferred package format.
If you set VirtualMachine.ScriptPath.Decrypt to false,
or do not create the
VirtualMachine.ScriptPath.Decrypt custom property,
then the string inside the square brackets ( [ and ]) is not
decrypted.
Procedure
1 Navigate to the vCloud Automation Center Appliance management console installation page.
For example: hps://vcac-hostname.domain.name:5480/installer/.
2 Download and save the Linux Guest Agent Packages.
3 Unpack the LinuxGuestAgentPkgs le.
4 Install the guest agent package that corresponds to the guest operating system you are deploying
during provisioning.
a Navigate to the LinuxGuestAgentPkgs subdirectory for your guest operating system.
b Locate your preferred package format or convert a package to your preferred package format.
c Install the guest agent package on your reference machine.
For example, to install the les from the RPM package, run rpm -i
gugent-7.0.0-012715.x86_64.rpm.
5 Congure the guest agent to communicate with the Manager Service by running installgugent.sh
Manager_Service_Hostname_fdqn:portnumber ssl platform.
The default port number for the Manager Service is 443. Accepted platform values are ec2, vcd, vca, and
vsphere.
Option Description
If you are using a load balancer
With no load balancer
Enter the fully qualied domain name and port number of your Manager
Service load balancer. For example:
cd /usr/share/gugent
./installgugent.sh
load_balancer_manager_service.mycompany.com:443 ssl ec2
Enter the fully qualied domain name and port number of your Manager
Service machine. For example:
cd /usr/share/gugent
./installgugent.sh manager_service_machine.mycompany.com:
443 ssl vsphere
30 VMware, Inc.
Loading...