VMware vRealize Automation - 7.1 User’s Manual

Configuring vRealize Automation

vRealize Automation 7.1

Configuring vRealize Automation

You can find the most up-to-date technical documentation on the VMware Web site at:

hps://docs.vmware.com/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

Copyright © 2015, 2016 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc.

3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com

2 VMware, Inc.

Contents

Conguring vRealize Automation 7

Updated Information 9

External Preparations for Provisioning 11

1

Preparing Your Environment for vRealize Automation Management 11

Checklist for Preparing NSX Network and Security Conguration 12

Checklist for Preparing External IPAM Provider Support 14

Preparing Your vCloud Director Environment for vRealize Automation 16

Preparing Your vCloud Air Environment for vRealize Automation 17

Preparing Your Amazon AWS Environment 17

Preparing Red Hat OpenStack Network and Security Features 22

Preparing Your SCVMM Environment 23

Preparing for Machine Provisioning 24

Choosing a Machine Provisioning Method to Prepare 24

Checklist for Running Visual Basic Scripts During Provisioning 27

Using vRealize Automation Guest Agent in Provisioning 28

Checklist for Preparing to Provision by Cloning 33

Preparing for vCloud Air and vCloud Director Provisioning 45

Preparing for Linux Kickstart Provisioning 46

Preparing for SCCM Provisioning 48

Preparing for WIM Provisioning 49

Preparing for Virtual Machine Image Provisioning 57

Preparing for Amazon Machine Image Provisioning 58

Scenario: Prepare vSphere Resources for Machine Provisioning in Rainpole 60

Preparing for Software Provisioning 62

Preparing to Provision Machines with Software 63

Scenario: Prepare a vSphere CentOS Template for Clone Machine and Software Component

Blueprints 67

Scenario: Prepare for Importing the Dukes Bank for vSphere Sample Application Blueprint 70

VMware, Inc.

Conguring Tenant Seings 75

2

Choosing Directories Management Conguration Options 76

Directories Management Overview 76

Using Directories Management to Create an Active Directory Link 79

Managing User Aributes that Sync from Active Directory 91

Managing Connectors 92

Join a Connector Machine to a Domain 92

About Domain Controller Selection 93

Managing Access Policies 96

Integrating Alternative User Authentication Products with Directories Management 101

Scenario: Congure an Active Directory Link for a Highly Available vRealize Automation 118

3

Configuring vRealize Automation

Congure Smart Card Authentication for vRealize Automation 120

Generate a Connector Activation Token 121

Deploy the Connector OVA File 121

Congure Connector Seings 122

Apply Public Certicate Authority 123

Create a Workspace Identity Provider 125

Congure Certicate Authentication and Congure Default Access Policy Rules 125

Create a Multi Domain or Multi Forest Active Directory Link 126

Conguring Groups and User Roles 127

Assign Roles to Directory Users or Groups 127

Create a Custom Group 128

Create a Business Group 129

Troubleshooting Slow Performance When Displaying Group Members 131

Scenario: Congure the Default Tenant for Rainpole 131

Scenario: Create Local User Accounts for Rainpole 132

Scenario: Connect Your Corporate Active Directory to vRealize Automation for Rainpole 133

Scenario: Congure Branding for the Default Tenant for Rainpole 134

Scenario: Create a Custom Group for Your Rainpole Architects 135

Scenario: Assign IaaS Administrator Privileges to Your Custom Group of Rainpole Architects 136

Create Additional Tenants 136

Specify Tenant Information 137

Congure Local Users 137

Appoint Administrators 138

Delete a Tenant 138

Conguring Custom Branding 139

Custom Branding for Tenant Login Page 139

Custom Branding for Tenant Applications 140

Checklist for Conguring Notications 141

Conguring Global Email Servers for Notications 144

Add a Tenant-Specic Outbound Email Server 145

Add a Tenant-Specic Inbound Email Server 146

Override a System Default Outbound Email Server 147

Override a System Default Inbound Email Server 148

Revert to System Default Email Servers 149

Congure Notications 149

Customize the Date for Email Notication for Machine Expiration 149

Conguring Templates for Automatic IaaS Emails 150

Subscribe to Notications 150

Create a Custom RDP File to Support RDP Connections for Provisioned Machines 150

Scenario: Add Datacenter Locations for Cross Region Deployments 151

Conguring vRealize Orchestrator and Plug-Ins 152

Congure the Default Workow Folder for a Tenant 152

Congure an External vRealize Orchestrator Server 153

Log in to the vRealize Orchestrator Conguration Interface 154

Log in to the vRealize Orchestrator Client 154

Conguring Resources 157

3

Checklist for Conguring IaaS Resources 157

Store User Credentials 158

4 VMware, Inc.

Choosing an Endpoint Scenario 160

Create a Fabric Group 175

Congure Machine Prexes 176

Managing Key Pairs 176

Creating a Network Prole 178

Conguring Reservations and Reservation Policies 191

Scenario: Congure IaaS Resources for Rainpole 221

Scenario: Apply a Location to a Compute Resource for Cross Region Deployments 225

Checklist for Provisioning a vRealize Automation Deployment Using an External IPAM

Provider 225

Conguring XaaS Resources 226

Congure the Active Directory Plug-In as an Endpoint 227

Congure the HTTP-REST Plug-In as an Endpoint 228

Congure the PowerShell Plug-In as an Endpoint 230

Congure the SOAP Plug-In as an Endpoint 231

Congure the vCenter Server Plug-In as an Endpoint 232

Installing Additional Plug-Ins on the Default vRealize Orchestrator Server 233

Working With Active Directory Policies 234

Create and Apply Active Directory Policies 234

Contents

Providing On-Demand Services to Users 237

4

Designing Blueprints 237

Exporting and Importing Blueprints 239

Scenario: Importing the Dukes Bank for vSphere Sample Application and Conguring for Your

Environment 240

Scenario: Test the Dukes Bank Sample Application 243

Building Your Design Library 244

Designing Machine Blueprints 246

Designing Machine Blueprints with NSX Networking and Security 278

Designing Software Components 290

Creating XaaS Blueprints and Resource Actions 306

Publishing a Blueprint 348

Assembling Composite Blueprints 349

Understanding Nested Blueprint Behavior 350

Selecting a Machine Component that Supports Software Components 352

Creating Property Bindings Between Blueprint Components 352

Creating Explicit Dependencies and Controlling the Order of Provisioning 353

Scenario: Assemble and Test a Blueprint to Deliver MySQL on Rainpole Linked Clone

Machines 354

Managing the Service Catalog 357

Checklist for Conguring the Service Catalog 358

Creating a Service 359

Working with Catalog Items and Actions 361

Creating Entitlements 363

Working with Approval Policies 369

Scenario: Congure the Catalog for Rainpole Architects to Test Blueprints 386

Scenario: Test Your Rainpole CentOS Machine 389

Scenario: Make the CentOS with MySQL Application Blueprint Available in the Service Catalog 390

Scenario: Create and Apply CentOS with MySQL Approval Policies 393

VMware, Inc. 5

Configuring vRealize Automation

Index 399

6 VMware, Inc.

Configuring vRealize Automation

Conguring vRealize Automation provides information about conguring vRealize Automation and your
external environments to prepare for vRealize Automation provisioning and catalog management.

For information about supported integrations, see hps://www.vmware.com/pdf/vrealize-automation-71-

support-matrix.pdf.

Intended Audience

This information is intended for IT professionals who are responsible for conguring vRealize Automation
environment, and for infrastructure administrators who are responsible for preparing elements in their
existing infrastructure for use in vRealize Automation provisioning. The information is wrien for
experienced Windows and Linux system administrators who are familiar with virtual machine technology
and datacenter operations.

VMware Technical Publications Glossary

VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For denitions
of terms as they are used in VMware technical documentation, go to

hp://www.vmware.com/support/pubs.

VMware, Inc.

7

Configuring vRealize Automation

8 VMware, Inc.

Updated Information

This Conguring vRealize Automation is updated with each release of the product or when necessary.

This table provides the update history of the Conguring vRealize Automation.

Revision Description

EN-002076-04

EN-002076-03 Added a note to “Specify Tenant Information,” on page 137 indicating that tenant URLs must use only

EN-002076-02

EN-002076-01

EN-002076-00 Initial 7.1 release.

Updated “Install the Guest Agent on a Windows Reference Machine,” on page 31.

n

Updated “Prepare a Windows Reference Machine to Support Software,” on page 63.

n

Updated “Prepare a Linux Reference Machine to Support Software,” on page 65.

n

Updated “Create an Active Directory Policy,” on page 235.

n

lowercase characters.

Updated “Preparing for vCloud Air and vCloud Director Provisioning,” on page 45.

n

Updated “Create a vCloud Director Endpoint,” on page 165.

n

Updated “Exporting and Importing Blueprints,” on page 239.

n

Updated “vSphere Machine Component Seings,” on page 250.

n

Added “Delete a Tenant,” on page 138.

n

Updated “Amazon Machine Component Seings,” on page 259.

n

Updated “Troubleshooting Blueprints for Clone and Linked Clone,” on page 267.

n

VMware, Inc. 9

Configuring vRealize Automation

10 VMware, Inc.

External Preparations for

Provisioning 1

You may need to create or prepare some elements outside of vRealize Automation to support catalog item
provisioning. For example, if you want to provide a catalog item for provisioning a clone machine, you need
to create a template on your hypervisor to clone from.

This chapter includes the following topics:

“Preparing Your Environment for vRealize Automation Management,” on page 11

n

“Preparing for Machine Provisioning,” on page 24

n

“Preparing for Software Provisioning,” on page 62

n

Preparing Your Environment for vRealize Automation Management

Depending on your integration platform, you might have to make some conguration changes before you
can bring your environment under vRealize Automation management, or before you can leverage certain
features.

Table 1‑1. Preparing Your Environment for vRealize Automation Integration

Environment Preparations

If you want to leverage NSX to manage

NSX

vCloud Director

vCloud Air

networking and security features of
machines provisioned with
vRealize Automation, prepare your NSX
instance for integration. See “Checklist for

Preparing NSX Network and Security

Conguration,” on page 12.

Install and congure your vCloud Director
instance, set up your vSphere and cloud
resources, and identify or create
appropriate credentials to provide
vRealize Automation with access to your
vCloud Director environment. See

“Preparing Your vCloud Director
Environment for vRealize Automation,” on

page 16.

Register for your vCloud Air account, set
up your vCloud Air environment, and
identify or create appropriate credentials to
provide vRealize Automation with access
to your environment. See “Preparing for

vCloud Air and vCloud Director
Provisioning,” on page 45.

VMware, Inc. 11

Configuring vRealize Automation

Table 1‑1. Preparing Your Environment for vRealize Automation Integration (Continued)

Environment Preparations

Amazon AWS

Red Hat OpenStack

SCVMM

External IPAM Providers Register an external IPAM provider

All other environments You do not need to make changes to your

Prepare elements and user roles in your
Amazon AWS environment for use in
vRealize Automation, and understand how
Amazon AWS features map to
vRealize Automation features. See

“Preparing Your Amazon AWS
Environment,” on page 17.

If you want to leverage Red Hat OpenStack
to manage networking and security
features of machines provisioned with
vRealize Automation, prepare your
Red Hat OpenStack instance for
integration. See “Preparing Red Hat

OpenStack Network and Security
Features,” on page 22.

Congure storage, networking, and
understand template and hardware prole
naming restrictions. See “Preparing Your

SCVMM Environment,” on page 23.

package or plug-in, run the conguration
workows, and register the IPAM solution
as a new vRealize Automation endpoint.
See “Checklist for Preparing External IPAM

Provider Support,” on page 14.

environment. You can begin preparing for
machine provisioning by creating
templates, boot environments, or machine
images. See “Preparing for Machine

Provisioning,” on page 24.

Checklist for Preparing NSX Network and Security Configuration

Before you can use NSX network and security options in vRealize Automation, you must congure the
external NSX network and security environment that you intend to use.

Much of the vRealize Automation support for network and security conguration that you specify in
blueprints and reservations is congured externally and made available to vRealize Automation after data
collection is run on the compute resources.

For more information about the available network and conguration options that you can congure for
vRealize Automation, see “Conguring Network and Security Component Seings,” on page 281.

Table 1‑2. Preparing NSX Networking and Security Checklist

Task Location Details

Install and
congure the NSX
plug-in.

Congure NSX
network seings,
including gateway
and transport
zone seings.

Install the NSX plug-in in vRealize Orchestrator. See “Install the NSX Plug-In on

vRealize Orchestrator,” on page 13

and the NSX Administration Guide.

Congure network seings in NSX. See the NSX Administration Guide.

12 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Table 1‑2. Preparing NSX Networking and Security Checklist (Continued)

Task Location Details

Create NSX
security policies,
tags, and groups.

Congure NSX
load balancer

seings.

Congure security seings in NSX. See the NSX Administration Guide.

Congure an NSX load balancer to work with

vRealize Automation.

See the NSX Administration Guide.

Also see Custom Properties for
Networking in Custom Properties
Reference.

Install the NSX Plug-In on vRealize Orchestrator

Installing the NSX plug-in requires that you download the vRealize Orchestrator installer le, use the
vRealize Orchestrator Conguration interface to upload the plug-in le, and install the plug-in on a
vRealize Orchestrator server.

N If you are using an embedded vRealize Orchestrator that contains an installed NSX plug-in, you do
not need to perform the following plug-in installation steps because the NSX plug-in is already installed.

For general plug-in update and troubleshooting information, see vRealize Orchestrator documentation at

hps://www.vmware.com/support/pubs/orchestrator_pubs.html.

Prerequisites

Verify that you are running a supported vRealize Orchestrator instance.

n

For information about seing up vRealize Orchestrator, see Installing and Conguring VMware vRealize
Orchestrator.

Verify that you have credentials for an account with permission to install vRealize Orchestrator plug-ins

n

and to authenticate through vCenter Single Sign-On.

Verify that you installed the correct version of the NSX plug-in. See vRealize Automation Support Matrix.

n

Verify that you installed the vRealize Orchestrator client and that you can log in with Administrator

n

credentials.

Procedure

1 Download the plug-in le to a location accessible from the vRealize Orchestrator server.

The plug-in installer le name format, with appropriate version values, is o11nplugin-

nsx-1.n.n.vmoapp. Plug-in installation les for the NSX networking and security product are available

from the VMware product download site at hp://vmware.com/web/vmware/downloads.

2 Open a browser and start the vRealize Orchestrator conguration interface.

An example of the URL format is hps://orchestrator_server.com:8283.

3 Click Plug-Ins in the left pane and scroll down to the Install new plug-in section.

4 In the Plug-In  text box, browse to the plug-in installer le and click Upload and install.

The le must be in .vmoapp format.

5 At the prompt, accept the license agreement in the Install a plug-in pane.

6 In the Enabled plug-ins installation status section, conrm that the correct NSX plug-in name is

specied.

See vRealize Automation Support Matrix for version information.

The status Plug-in will be installed at next server startup, appears.

VMware, Inc. 13

Configuring vRealize Automation

7 Restart the vRealize Orchestrator server service.

8 Restart the vRealize Orchestrator conguration interface.

9 Click Plug-Ins and verify that the status changed to Installation OK.

10 Start the vRealize Orchestrator client application, log in, and use the  tab to navigate through

the library to the NSX folder.

You can browse through the workows that the NSX plug-in provides.

What to do next

Create a vRealize Orchestrator endpoint in vRealize Automation to use for running workows. See “Create

a vRealize Orchestrator Endpoint,” on page 162.

Run a vRealize Orchestrator and NSX Security Workflow

Before you use the NSX security policy features from vRealize Automation, an administrator must run the

Enable security policy support for overlapping subnets workow in vRealize Orchestrator.

Security policy support for the overlapping subnets workow is applicable to an NSX 6.1 and later
endpoint. Run this workow only once to enable this support.

Prerequisites

Verify that a vSphere endpoint is registered with an NSX endpoint. See “Create a vSphere Endpoint,”

n

on page 160.

Log in to the vRealize Orchestrator client as an administrator.

n

Verify that you ran the Create NSX endpoint vRO work ow.

n

Procedure

1 Click the  tab and select NSX > NSX  for VCAC.

2 Run the Create NSX endpoint workow and respond to prompts.

3 Run the Enable security policy support for overlapping subnets workow.

4 Select the NSX endpoint as the input parameter for the workow.

Use the IP address you specied when you created the vSphere endpoint to register an NSX instance.

After you run this workow, the distributed rewall rules dened in the security policy are applied only on
the vNICs of the security group members to which this security policy is applied.

What to do next

Apply the applicable security features for the blueprint.

Checklist for Preparing External IPAM Provider Support

You can obtain IP addresses and ranges for use in network prole denition from a supported external
IPAM provider, such as Infoblox.

Before you can use an external IPAM provider endpoint in a vRealize Automation network prole, you
must download or otherwise obtain a vRealize Orchestrator IPAM provider package, import the package
and run required workows in vRealize Orchestrator, and register the IPAM solution as a
vRealize Automation endpoint in vRealize Orchestrator.

For an overview of the provisioning process for using an external IPAM provider to supply a range of
possible IP addresses, see “Checklist for Provisioning a vRealize Automation Deployment Using an External

IPAM Provider,” on page 225.

14 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Table 1‑3. Preparing for External IPAM Provider Support Checklist

Task Location Details

Obtain and
import the
supported
external IPAM
Provider
vRealize
Orchestrator plug­in.

Run the
required

conguration
workows and

register the
external IPAM
solution as a
vRealize
Automation
endpoint.

Download the IPAM provider package, for example
Infoblox IPAM, from the VMware Solution Exchange and
import the package to vRealize Orchestrator.

If the VMware Solution Exchange
(hps://solutionexchange.vmware.com/store/category_gr

oups/cloud-management) does not contain the IPAM

provider package that you need, you can create your own
using the IPAM Solution Provider SDK and supporting
documentation.

Run the vRealize Orchestrator conguration workows
and register the IPAM provider endpoint type in
vRealize Orchestrator.

See “Obtain and Import the External

IPAM Provider Package in vRealize
Orchestrator,” on page 15.

See “Run the Workow to Register the

Infoblox IPAM Endpoint Type in
vRealize Orchestrator,” on page 16.

Obtain and Import the External IPAM Provider Package in vRealize Orchestrator

To prepare to dene and use an external IPAM provider endpoint, you must rst obtain the external IPAM
provider package and import the package in vRealize Orchestrator.

You can download and use an existing third-party IP Address Management provider package, such as
Infoblox IPAM. You can also create your own package using a VMware-supplied SDK and accompanying
SDK documentation, for example to create a package for use with Bluecat IPAM. This example uses the
Infoblox IPAM package.

After you obtain and import the external IPAM provider package in vRealize Orchestrator, run the required
workows and register the IPAM endpoint type.

For more information about importing packages and running vRealize Orchestrator workows, see Using
the VMware vRealize Orchestrator Client. For more information about extending vRealize Automation with
vRealize Orchestrator packages and workows, see Life Cycle Extensibility.

Prerequisites

Log in to vRealize Orchestrator with administrator privileges for importing, conguring, and

n

registering a vRealize Orchestrator package.

Procedure

1 Open the VMware Solution Exchange site at

hps://solutionexchange.vmware.com/store/category_groups/cloud-management.

2 Select Cloud Management Marketplace.

3 Locate and download the plug-in or package, for example Infoblox VIPAM Plug-in.

4 In vRealize Orchestrator, click the Administrator tab and click Import package.

5 Select the package or plug-in, for example select the Infoblox IPAM plug-in.

6 Select all workows and artifacts and click Import selected elements.

What to do next

“Run the Workow to Register the Infoblox IPAM Endpoint Type in vRealize Orchestrator,” on page 16.

VMware, Inc. 15

Configuring vRealize Automation

Run the Workflow to Register the Infoblox IPAM Endpoint Type in vRealize Orchestrator

Run the registration workow in vRealize Orchestrator to support vRealize Automation use of the external
IPAM provider and register the Infoblox IPAM endpoint type for use in vRealize Automation.

To register IPAM endpoint types in vRealize Orchestrator, you are prompted to supply
vRealize Automation vRA Administrator credentials. T

For more information about importing packages and running vRealize Orchestrator workows, see Using
the VMware vRealize Orchestrator Client. For more information about extending vRealize Automation with
vRealize Orchestrator packages and workows, see Life Cycle Extensibility.

Prerequisites

“Obtain and Import the External IPAM Provider Package in vRealize Orchestrator,” on page 15

n

Verify that you are logged in to vRealize Orchestrator with vRealize Automation with authority to run

n

workows.

Be prepared to supply vRealize Automation IaaS administrator credentials when prompted.

n

Procedure

1 In vRealize Orchestrator, click the Design tab, select Administrator > Library, and select IPAM Service

Package SDK.

Each IPAM provider package is uniquely named and contains unique workows. The workow names
might be similar between provider packages. The location of the workows in vRealize Orchestrator
can be dierent and is provider-specic.

2 Run the Register IPAM Endpoint registration workow and specify the IPAM Inoblox endpoint type.

3 At the prompt for vRealize Automation credentials, enter your vRealize Automation IaaS administrator

credentials.

The package registers InfoBlox as a new IPAM endpoint type in the vRealize Automation endpoint service
and makes the endpoint type available when you dene endpoints in vRealize Automation.

What to do next

You can now create an IPAM Inoblox type endpoint in vRealize Automation. See “Create an External

IPAM Provider Endpoint,” on page 163.

Preparing Your vCloud Director Environment for vRealize Automation

Before you can integrate vCloud Director with vRealize Automation, you must install and congure your
vCloud Director instance, set up your vSphere and cloud resources, and identify or create appropriate
credentials to provide vRealize Automation with access to your vCloud Director environment.

Configure Your Environment

Congure your vSphere resources and cloud resources, including virtual datacenters and networks. For
more information, see the vCloud Director documentation.

Required Credentials for Integration

Create or identify either organization administrator or system administrator credentials that your
vRealize Automation IaaS administrators can use to bring your vCloud Director environment under
vRealize Automation management as an endpoint.

16 VMware, Inc.

Chapter 1 External Preparations for Provisioning

User Role Considerations

vCloud Director user roles in an organization do not need to correspond with roles in vRealize Automation
business groups. If the user account does not exist in vCloud Director, vCloud Director performs a lookup
in the associated LDAP or Active Directory and creates the user account if the user exists in the identity
store. If it cannot create the user account, it logs a warning but does not fail the provisioning process. The
provisioned machine is then assigned to the account that was used to congure the vCloud Director
endpoint.

For related information about vCloud Director user management, see the vCloud Director documentation.

Preparing Your vCloud Air Environment for vRealize Automation

Before you integrate vCloud Air with vRealize Automation, you must register for your vCloud Air account,
set up your vCloud Air environment, and identify or create appropriate credentials to provide
vRealize Automation with access to your environment.

Configure Your Environment

Congure your environment as instructed in the vCloud Air documentation.

Required Credentials for Integration

Create or identify either virtual infrastructure administrator or account administrator credentials that your
vRealize Automation IaaS administrators can use to bring your vCloud Air environment under
vRealize Automation management as an endpoint.

User Role Considerations

vCloud Air user roles in an organization do not need to correspond with roles in vRealize Automation
business groups. For related information about vCloud Air user management, see the vCloud Air
documentation.

Preparing Your Amazon AWS Environment

Prepare elements and user roles in your Amazon AWS environment, prepare Amazon AWS to communicate
with the guest agent and Software bootstrap agent, and understand how Amazon AWS features map to
vRealize Automation features.

Amazon AWS User Roles and Credentials Required for vRealize Automation

You must congure credentials in Amazon AWS with the permissions required for vRealize Automation to
manage your environment.

You must have certain Amazon access rights to successfully provision machines by using
vRealize Automation.

Role and Permission Authorization in Amazon Web Services

n

The Power User role in AWS provides an AWS Directory Service user or group with full access to AWS
services and resources.

You do not need any AWS credentials to create an AWS endpoint in vRealize Automation. However, the
AWS user who creates an Amazon machine image is expected by vRealize Automation to have the
Power User role.

Authentication Credentials in Amazon Web Services

n

VMware, Inc. 17

Configuring vRealize Automation

The AWS Power User role does not allow management of AWS Identity and Access Management (IAM)
users and groups. For management of IAM users and groups, you must be congured with AWS Full
Access Administrator credentials.

vRealize Automation requires access keys for endpoint credentials and does not support user names
and passwords. To obtain the access key needed to create the Amazon endpoint, the Power User must
either request a key from a user who has AWS Full Access Administrator credentials or be additionally
congured with the AWS Full Access Administrator policy.

For information about enabling policies and roles, see the AWS Identity and Access Management (IAM) section
of Amazon Web Services product documentation.

Allow Amazon AWS to Communicate with the Software Bootstrap Agent and Guest Agent

If you intend to provision application blueprints that contain Software, or if you want the ability to further
customize provisioned machines by using the guest agent, you must enable connectivity between your
Amazon AWS environment, where your machines are provisioned, and your vRealize Automation
environment, where the agents download packages and receive instructions.

When you use vRealize Automation to provision Amazon AWS machines with the vRealize Automation
guest agent and Software bootstrap agent, you must set up network-to-Amazon VPC connectivity so your
provisioned machines can communicate back to vRealize Automation to customize your machines.

For more information about Amazon AWS VPC connectivity options, see the Amazon AWS documentation.

Using Optional Amazon Features

vRealize Automation supports several Amazon features, including Amazon Virtual Private Cloud, elastic
load balancers, elastic IP addresses, and elastic block storage.

Using Amazon Security Groups

Specify at least one security group when creating an Amazon reservation. Each available region requires at
least one specied security group.

A security group acts as a rewall to control access to a machine. Every region includes at least the default
security group. Administrators can use the Amazon Web Services Management Console to create additional
security groups, congure ports for Microsoft Remote Desktop Protocol or SSH, and set up a virtual private
network for an Amazon VPN.

When you create an Amazon reservation or congure a machine component in the blueprint, you can
choose from the list of security groups that are available to the specied Amazon account region. Security
groups are imported during data collection.

For information about creating and using security groups in Amazon Web Services, see Amazon
documentation.

Understanding Amazon Web Service Regions

Each Amazon Web Services account is represented by a cloud endpoint. When you create an
Amazon Elastic Cloud Computing endpoint in vRealize Automation, regions are collected as compute
resources. After the IaaS administrator selects compute resources for a business group, inventory and state
data collections occur automatically.

Inventory data collection, which occurs automatically once a day, collects data about what is on a compute
resource, such as the following data:

Elastic IP addresses

n

Elastic load balancers

n

18 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Elastic block storage volumes

n

State data collection occurs automatically every 15 minutes by default. It gathers information about the state
of managed instances, which are instances that vRealize Automation creates. The following are examples of
state data:

Windows passwords

n

State of machines in load balancers

n

Elastic IP addresses

n

A fabric administrator can initiate inventory and state data collection and disable or change the frequency of
inventory and state data collection.

Using Amazon Virtual Private Cloud

Amazon Virtual Private Cloud allows you to provision Amazon machine instances in a private section of the
Amazon Web Services cloud.

Amazon Web Services users can use Amazon VPC to design a virtual network topology according to your
specications. You can assign an Amazon VPC in vRealize Automation. However, vRealize Automation
does not track the cost of using the Amazon VPC.

When you provision using Amazon VPC, vRealize Automation expects there to be a VPC subnet from
which Amazon obtains a primary IP address. This address is static until the instance is terminated. You can
also use the elastic IP pool to also aach an elastic IP address to an instance in vRealize Automation. That
would allow the user to keep the same IP if they are continually provisioning and tearing down an instance
in Amazon Web Services.

Use the AWS Management Console to create the following elements:

An Amazon VPC, which includes Internet gateways, routing table, security groups and subnets, and

n

available IP addresses.

An Amazon Virtual Private Network if users need to log in to Amazon machines instances outside of

n

the AWS Management Console.

vRealize Automation users can perform the following tasks when working with an Amazon VPC:

A fabric administrator can assign an Amazon VPC to a cloud reservation. See “Create an Amazon

n

Reservation,” on page 194.

A machine owner can assign an Amazon machine instance to an Amazon VPC.

n

For more information about creating an Amazon VPC, see Amazon Web Services documentation.

Using Elastic Load Balancers for Amazon Web Services

Elastic load balancers distribute incoming application trac across Amazon Web Services instances.
Amazon load balancing enables improved fault tolerance and performance.

Amazon makes elastic load balancing available for machines provisioned using Amazon EC2 blueprints.

The elastic load balancer must be available in the Amazon Web Services, Amazon Virtual Private Network
and at the provisioning location. For example, if a load balancer is available in us-east1c and a machine
location is us-east1b, the machine cannot use the available load balancer.

vRealize Automation does not create, manage, or monitor the elastic load balancers.

For information about creating Amazon elastic load balancers by using the
Amazon Web Services Management Console, see Amazon Web Services documentation.

VMware, Inc. 19

Configuring vRealize Automation

Using Elastic IP Addresses for Amazon Web Services

Using an elastic IP address allows you to rapidly fail over to another machine in a dynamic
Amazon Web Services cloud environment. In vRealize Automation, the elastic IP address is available to all
business groups that have rights to the region.

An administrator can allocate elastic IP addresses to your Amazon Web Services account by using the
AWS Management Console. There are two groups of elastic IP addresses in any given a region, one range is
allocated for non-Amazon VPC instances and another range is for Amazon VPCs. If you allocate addresses
in a non-Amazon VPC region only, the addresses are not available in an Amazon VPC. The reverse is also
true. If you allocate addresses in an Amazon VPC only, the addresses are not available in a non­Amazon VPC region.

The elastic IP address is associated with your Amazon Web Services account, not a particular machine, but
only one machine at a time can use the address. The address remains associated with your
Amazon Web Services account until you choose to release it. You can release it to map it to a specic
machine instance.

An IaaS architect can add a custom property to a blueprint to assign an elastic IP address to machines
during provisioning. Machine owners and administrators can view the elastic IP addresses assigned to
machines, and machine owners or administrators with rights to edit machines can assign an elastic IP
addresses after provisioning. However, if the address is already associated to a machine instance, and the
instance is part of the Amazon Virtual Private Cloud deployment, Amazon does not assign the address.

For more information about creating and using Amazon elastic IP addresses, see Amazon Web Services
documentation.

Using Elastic Block Storage for Amazon Web Services

Amazon elastic block storage provides block level storage volumes to use with an Amazon machine instance
and Amazon Virtual Private Cloud. The storage volume can persist past the life of its associated Amazon
machine instance in the Amazon Web Services cloud environment.

When you use an Amazon elastic block storage volume in conjunction with vRealize Automation, the
following caveats apply:

You cannot aach an existing elastic block storage volume when you provision a machine instance.

n

However, if you create a new volume and request more than one machine at a time, the volume is
created and aached to each instance. For example, if you create one volume named volume_1 and
request three machines, a volume is created for each machine. Three volumes named volume_1 are
created and aached to each machine. Each volume has a unique volume ID. Each volume is the same
size and in the same location.

The volume must be of the same operating system and in the same location as the machine to which

n

you aach it.

vRealize Automation does not manage the primary volume of an elastic block storage-backed instance.

n

For more information about Amazon elastic block storage, and details on how to enable it by using
Amazon Web Services Management Console, see Amazon Web Services documentation.

20 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Scenario: Configure Network-to-Amazon VPC Connectivity for a Proof of Concept Environment

As the IT professional seing up a proof of concept environment to evaluate vRealize Automation, you want
to temporarily congure network-to-Amazon VPC connectivity to support the vRealize Automation
Software feature.

Network-to-Amazon VPC connectivity is only required if you want to use the guest agent to customize
provisioned machines, or if you want to include Software components in your blueprints. For a production
environment, you would congure this connectivity ocially through Amazon Web Services, but because
you are working in a proof of concept environment, you want to create temporary network-to-Amazon VPC
connectivity. You establish the SSH tunnel and then congure an Amazon reservation in
vRealize Automation to route through your tunnel.

Prerequisites

Install and fully congure vRealize Automation. See Installing and Conguring vRealize Automation for the

n

Rainpole Scenario.

Create an Amazon AWS security group called TunnelGroup and congure it to allow access on port 22.

n

Create or identify a CentOS machine in your Amazon AWS TunnelGroup security group and note the

n

following congurations:

Administrative user credentials, for example root.

n

Public IP address.

n

Private IP address.

n

Create or identify a CentOS machine on the same local network as your vRealize Automation

n

installation.

Install OpenSSH SSHD Server on both tunnel machines.

n

Procedure

1 Log in to your Amazon AWS tunnel machine as the root user or similar.

2 Disable iptables.

# service iptables save

# service iptables stop

# chkconfig iptables off

3 Edit /etc/ssh/sshd_config to enable AllowTCPForwarding and GatewayPorts.

4 Restart the service.

/etc/init.d/sshd restart

5 Log in to the CentOS machine on the same local network as your vRealize Automation installation as

the root user.

VMware, Inc. 21

Configuring vRealize Automation

6 Invoke the SSH Tunnel from the local network machine to the Amazon AWS tunnel machine.

ssh -N -v -o "ServerAliveInterval 30" -o "ServerAliveCountMax 40" -o "TCPKeepAlive yes” \

-R 1442:vRealize_automation_appliance_fqdn:5480 \

-R 1443:vRealize_automation_appliance_fqdn:443 \

-R 1444:manager_service_fqdn:443 \

User of Amazon tunnel machine@Public IP Address of Amazon tunnel machine

You congured port forwarding to allow your Amazon AWS tunnel machine to access
vRealize Automation resources, but your SSH tunnel does not function until you congure an Amazon
reservation to route through the tunnel.

What to do next

1 Install the software bootstrap agent and the guest agent on a Windows or Linux reference machine to

create an Amazon Machine Image that your IaaS architects can use to create blueprints. See “Preparing

for Software Provisioning,” on page 62.

2 Congure your Amazon reservation in vRealize Automation to route through your SSH tunnel. See

“Scenario: Create an Amazon Reservation for a Proof of Concept Environment,” on page 209.

Preparing Red Hat OpenStack Network and Security Features

vRealize Automation supports several features in OpenStack including security groups and oating IP
addresses. Understand how these features work with vRealize Automation and congure them in your
environment.

Using OpenStack Security Groups

Security groups allow you to specify rules to control network trac over specic ports.

You can specify security groups when creating a reservation and also in the blueprint canvas. You can also
specify security groups when requesting a machine.

Security groups are imported during data collection.

Each available region requires at least one specied security group. When you create a reservation, the
available security groups that are available to you in that region are displayed. Every region includes at least
the default security group.

Additional security groups must be managed in the source resource. For more information about managing
security groups for the various machines, see the OpenStack documentation.

Using Floating IP Addresses with OpenStack

You can assign oating IP addresses to a running virtual instance in OpenStack.

To enable assignment of oating IP addresses, you must congure IP forwarding and create a oating IP
pool in Red Hat OpenStack. For more information, see the Red Hat OpenStack documentation.

You must entitle the Associate Floating IP and Disassociate Floating IP actions to machine owners. The
entitled users can then associate a oating IP address to a provisioned machine from the external networks
aached to the machine by selecting an available address from the oating IP address pool. After a oating
IP address has been associated with a machine, a vRealize Automation user can select a Disassociate
Floating IP option to view the currently assigned oating IP addresses and disassociate an address from a
machine.

22 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Preparing Your SCVMM Environment

Before you begin creating SCVMM templates and hardware proles for use in vRealize Automation
machine provisioning, you must understand the naming restrictions on template and hardware prole
names, and congure SCVMM network and storage seings.

Template and Hardware Profile Naming

Because of naming conventions that SCVMM and vRealize Automation use for templates and hardware
proles, do not start your template or hardware prole names with the words temporary or prole. For
example, the following words are ignored during data collection:

TemporaryTemplate

n

Temporary Template

n

TemporaryProle

n

Temporary Prole

n

Prole

n

Required Network Configuration for SCVMM Clusters

SCVMM clusters only expose virtual networks to vRealize Automation, so you must have a 1:1 relationship
between your virtual and logical networks. Using the SCVMM console, map each logical network to a
virtual network and congure your SCVMM cluster to access machines through the virtual network.

Required Storage Configuration for SCVMM Clusters

On SCVMM Hyper-V clusters, vRealize Automation collects data and provisions on shared volumes only.
Using the SCVMM console, congure your clusters to use shared resource volumes for storage.

Required Storage Configuration for Standalone SCVMM Hosts

For standalone SCVMM hosts, vRealize Automation collects data and provisions on the default virtual
machine path. Using the SCVMM console, congure default virtual machine paths for your standalone
hosts.

VMware, Inc. 23

Configuring vRealize Automation

Preparing for Machine Provisioning

Depending on your environment and your method of machine provisioning, you might need to congure
elements outside of vRealize Automation. For example, you might need to congure machine templates or
machine images. You might also need to congure NSX seings or run vRealize Orchestrator workows.

Choosing a Machine Provisioning Method to Prepare

For most machine provisioning methods, you must prepare some elements outside of vRealize Automation.

Table 1‑4. Choosing a Machine Provisioning Method to Prepare

Scenario

Congure

vRealize Automation to
run custom Visual Basic
scripts as additional
steps in the machine life
cycle, either before or
after machine
provisioning. For
example, you could use a
pre-provisioning script
to generate certicates or
security tokens before
provisioning, and then a
post-provisioning script
to use the certicates and
tokens after machine
provisioning.

Provision application
blueprints that automate
the installation,
conguration, and life
cycle management of
middleware and
application deployment
components such as
Oracle, MySQL, WAR,
and database Schemas.

Further customize
machines after
provisioning by using
the guest agent.

Provision machines with
no guest operating
system. You can install
an operating system
after provisioning.

Supported
Endpoint Agent Support

You can
run Visual
Basic
scripts
with any
supported
endpoint
except
Amazon
AWS.

vSpher

n

e

vCloud

n

Air

vCloud

n

Directo
r

Amazo

n

n AWS

All virtual
endpoints
and
Amazon
AWS.

All virtual
machine
endpoints.

Depends on the
provisioning
method you
choose.

(Required)

n

Guest agent

(Required)

n

Software
bootstrap
agent and
guest agent

(Required)

n

Guest agent

(Optional)

n

Software
bootstrap
agent and
guest agent

Not supported Basic No required pre-provisioning

Provisioning
Method Pre-provisioning Preparations

Supported as an
additional step in
any provisioning
method, but you
cannot use Visual
Basic scripts with
Amazon AWS
machines.

Clone

n

Clone (for

n

vCloud Air or
vCloud
Director)

Linked clone

n

Amazon

n

Machine Image

Supported for all
provisioning
methods except
Virtual Machine
Image.

“Checklist for Running Visual
Basic Scripts During
Provisioning,” on page 27

If you want the ability to use
Software components in your
blueprints, prepare a provisioning
method that supports the guest
agent and Software bootstrap
agent. For more information about
preparing for Software, see

“Preparing for Software
Provisioning,” on page 62.

If you want the ability to
customize machines after
provisioning, select a provisioning
method that supports the guest
agent. For more information about
the guest agent, see “Using

vRealize Automation Guest Agent
in Provisioning,” on page 28.

preparations outside of
vRealize Automation.

24 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Table 1‑4. Choosing a Machine Provisioning Method to Prepare (Continued)

Scenario

Provision a space­ecient copy of a virtual

machine called a linked
clone. Linked clones are
based on a snapshot of a
VM and use a chain of
delta disks to track
dierences from a parent
machine.

Provision a space-
ecient copy of a virtual
machine by using
Net App FlexClone
technology.

Provision machines by
cloning from a template
object created from an
existing Windows or
Linux machine, called
the reference machine,
and a customization
object.

Provision vCloud Air or
vCloud Director
machines by cloning
from a template and
customization object.

Provision a machine by
booting from an ISO
image, using a kickstart
or autoYaSt
conguration le and a
Linux distribution image
to install the operating
system on the machine.

Provision a machine and
pass control to an SCCM
task sequence to boot
from an ISO image,
deploy a Windows
operating system, and
install the
vRealize Automation
guest agent.

Supported
Endpoint Agent Support

vSphere

n

(Optional)
Guest agent

(Optional)

n

Software
bootstrap
agent and
guest agent

vSphere (Optional) Guest

agent

n

n

n

vSpher
e

KVM
(RHEV
)

SCVM
M

(Optional)

n

Guest agent

(Optional for

n

vSphere only)
Software
bootstrap
agent and
guest agent

n

n

vCloud
Air

vCloud
Directo
r

(Optional)

n

Guest agent

(Optional)

n

Software
bootstrap
agent and
guest agent

n

n

All
virtual
endpoi
nts

Red

Guest agent is
installed as part
of the preparation
instructions.

Hat
OpenSt
ack

All virtual
machine
endpoints.

Guest agent is
installed as part
of the preparation
instructions.

Provisioning
Method Pre-provisioning Preparations

Linked Clone You must have an existing

NetApp FlexClone “Checklist for Preparing to

Clone See “Checklist for Preparing to

vCloud Air or
vCloud Director
Cloning

Linux Kickstart “Preparing for Linux Kickstart

SCCM “Preparing for SCCM

vSphere virtual machine.

If you want to support Software,
you must install the guest agent
and software bootstrap agent on
the machine you intend to clone.

Provision by Cloning,” on

page 33

Provision by Cloning,” on

page 33.

If you want to support Software,
you must install the guest agent
and software bootstrap agent on
the vSpheremachine you intend to
clone.

See “Preparing for vCloud Air

and vCloud Director
Provisioning,” on page 45.

If you want to support Software,
create a template that contains the
guest agent and software
bootstrap agent. For vCloud Air,
congure network connectivity
between your
vRealize Automation
environment and your vCloud Air
environment.

Provisioning,” on page 46

Provisioning,” on page 48

VMware, Inc. 25

Configuring vRealize Automation

Table 1‑4. Choosing a Machine Provisioning Method to Prepare (Continued)

Scenario

Provision a machine by
booting into a WinPE
environment and
installing an operating
system using a Windows
Imaging File Format
(WIM) image of an
existing Windows
reference machine.

Launch an instance from
a virtual machine image.

Launch an instance from
an Amazon Machine
Image.

Supported
Endpoint Agent Support

n

n

All
virtual
endpoi
nts

Red
Hat
OpenSt
ack

Guest agent is
required. You can
use PEBuilder to
create a WinPE
image that
includes the guest
agent. You can
create the WinPE
image by using
another method,
but you must
manually insert
the guest agent.

Red Hat

Not supported Virtual Machine

OpenStack

Amazon
AWS

(Optional)

n

Guest agent

(Optional)

n

Software
bootstrap
agent and
guest agent

Provisioning
Method Pre-provisioning Preparations

WIM “Preparing for WIM

Provisioning,” on page 49

See “Preparing for Virtual

Image

Machine Image Provisioning,” on

page 57.

Amazon Machine
Image

Associate Amazon machine
images and instance types with
your Amazon AWS account.

If you want to support Software,
create an Amazon Machine Image
that contains the guest agent and
software bootstrap agent, and
congure network-to-VPC
connectivity between your
Amazon AWS and
vRealize Automation
environments.

26 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Checklist for Running Visual Basic Scripts During Provisioning

You can congure vRealize Automation to run your custom Visual Basic scripts as additional steps in the
machine life cycle, either before or after machine provisioning. For example, you could use a pre­provisioning script to generate certicates or security tokens before provisioning, and then a post­provisioning script to use the certicates and tokens after machine provisioning. You can run Visual Basic
scripts with any provisioning method, but you cannot use Visual Basic scripts with Amazon AWS machines.

Table 1‑5. Running Visual Basic Scripts During Provisioning Checklist

Task Location Details

Install and congure the EPI agent
for Visual Basic scripts.

Create your visual basic scripts.

Gather the information required to
include your scripts in blueprints.

Typically the Manager Service host See Installing vRealize Automation 7.1.

Machine where EPI agent is installed vRealize Automation includes a

sample Visual Basic script

PrePostProvisioningExample.vbs

in the Scripts subdirectory of the EPI
agent installation directory. This script
contains a header to load all
arguments into a dictionary, a body in
which you can include your functions,
and a footer to return updated custom
properties to vRealize Automation.

When executing a Visual Basic script,
the EPI agent passes all machine
custom properties as arguments to the
script. To return updated property
values to vRealize Automation, place
these properties in a dictionary and
call a function provided by
vRealize Automation.

Capture information and transfer to
your infrastructure architects

N A fabric administrator can
create a property group by using the
property sets
ExternalPreProvisioningVbScript and
ExternalPostProvisioningVbScript to
provide this required information.
Doing so makes it easier for blueprint
architects to include this information
correctly in their blueprints.

The complete path to the Visual

n

Basic script, including the lename
and extension. For example,

%System Drive%Program Files
(x86)\VMware\vCAC
Agents\EPI_Agents\Scripts\Se
ndEmail.vbs.

To run a script before

n

provisioning, instruct
infrastructure architects to enter
the complete path to the script as
the value of the custom property

ExternalPreProvisioningVbScr
ipt. To run a script after

provisioning, they need to use the
custom property

ExternalPostProvisioningVbSc
ript.

VMware, Inc. 27

Configuring vRealize Automation

Using vRealize Automation Guest Agent in Provisioning

You can install the guest agent on reference machines to further customize a machine after deployment. You
can use the reserved guest agent custom properties to perform basic customizations such as adding and
formaing disks, or you can create your own custom scripts for the guest agent to run within the guest
operating system of a provisioned machine.

After the deployment is completed and the customization specication is run (if you provided one), the
guest agent creates an XML le that contains all of the deployed machine's custom properties

c:\VRMGuestAgent\site\workitem.xml, completes any tasks assigned to it with the guest agent custom

properties, and then deletes itself from the provisioned machine.

You can write your own custom scripts for the guest agent to run on deployed machines, and use custom
properties on the machine blueprint to specify the location of those scripts and the order in which to run
them. You can also use custom properties on the machine blueprint to pass custom property values to your
scripts as parameters.

For example, you could use the guest agent to make the following customizations on deployed machines:

Change the IP address

n

Add or format drives

n

Run security scripts

n

Initialize another agent, for example Puppet or Chef

n

You can also provide an encrypted string as a custom property in a command line argument. This allows
you to store encrypted information that the guest agent can decrypt and understand as a valid command
line argument.

Your custom scripts do not have to be locally installed on the machine. As long as the provisioned machine
has network access to the script location, the guest agent can access and run the scripts. This lowers
maintenance costs because you can update your scripts without having to rebuild all of your templates.

If you choose to install the guest agent to run custom scripts on provisioned machines, your blueprints must
include the appropriate guest agent custom properties. For example, if you install the guest agent on a
template for cloning, create a custom script that changes the provisioned machine's IP address, and place the
script in a shared location, you need to include a number of custom properties in your blueprint.

Table 1‑6. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent

Custom Property Description

VirtualMachine.Admin.UseGuestAgent Set to true to initialize the guest agent when the

provisioned machine is started.

VirtualMachine.Customize.WaitComplete

Set to True to prevent the provisioning workow from
sending work items to the guest agent until all
customizations are complete.

28 VMware, Inc.

Chapter 1 External Preparations for Provisioning

Table 1‑6. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent
(Continued)

Custom Property Description

VirtualMachine.SoftwareN.ScriptPath

VirtualMachine.ScriptPath.Decrypt

Species the full path to an application's install script. The
path must be a valid absolute path as seen by the guest
operating system and must include the name of the script

lename.

You can pass custom property values as parameters to the
script by inserting {CustomPropertyName} in the path string.
For example, if you have a custom property named

ActivationKey whose value is 1234, the script path is
D:\InstallApp.bat –key {ActivationKey}. The guest
agent runs the command D:\InstallApp.bat –key

1234. Your script le can then be programmed to accept

and use this value.

Insert {Owner} to pass the machine owner name to the
script.

You can also pass custom property values as parameters to
the script by inserting {YourCustomProperty} in the path
string. For example, entering the
value \\vra-
scripts.mycompany.com\scripts\changeIP.bat runs
the changeIP.bat script from a shared location, but
entering the
value \\vra-

scripts.mycompany.com\scripts\changeIP.bat
{VirtualMachine.Network0.Address} runs the

changeIP script but also passes the value of the
VirtualMachine.Network0.Address property to the
script as a parameter.

Allows vRealize Automation to obtain an encrypted string
that is passed as a properly formaed
VirtualMachine.SoftwareN.ScriptPath custom
property statement to the gugent command line.

You can provide an encrypted string, such as your
password, as a custom property in a command-line
argument. This allows you to store encrypted information
that the guest agent can decrypt and understand as a valid
command-line argument. For example, the

VirtualMachine.Software0.ScriptPath =
c:\dosomething.bat password custom property string

is not secure as it contains an actual password.

To encrypt the password, you can create a
vRealize Automation custom property, for example
MyPassword = password, and enable encryption by
selecting the available check box. The guest agent decrypts
the [MyPassword] entry to the value in the custom
property MyPassword and runs the script as
c:\dosomething.bat password.

n

Create custom property MyPassword = password
where password is the value of your actual password.
Enable encryption by selecting the available check box.

Set custom property

n

VirtualMachine.ScriptPath.Decrypt as

VirtualMachine.ScriptPath.Decrypt = true.

Set custom property

n

VirtualMachine.Software0.ScriptPath as

VirtualMachine.Software0.ScriptPath =
c:\dosomething.bat [MyPassword].

VMware, Inc. 29

Configuring vRealize Automation

Table 1‑6. Custom Properties for Changing IP Address of a Provisioned Machine with a Guest Agent
(Continued)

Custom Property Description

For more information about custom properties you can use with the guest agent, see Custom Properties
Reference.

Install the Guest Agent on a Linux Reference Machine

Install the Linux guest agent on your reference machines to further customize machines after deployment.

Prerequisites

Identify or create the reference machine.

n

The guest agent les you download contain both tar.gz and RPM package formats. If your operating

n

system cannot install tar.gz or RPM les, use a conversion tool to convert the installation les to your
preferred package format.

If you set VirtualMachine.ScriptPath.Decrypt to false,
or do not create the
VirtualMachine.ScriptPath.Decrypt custom property,
then the string inside the square brackets ( [ and ]) is not
decrypted.

Procedure

1 Navigate to the vCloud Automation Center Appliance management console installation page.

For example: hps://vcac-hostname.domain.name:5480/installer/.

2 Download and save the Linux Guest Agent Packages.

3 Unpack the LinuxGuestAgentPkgs le.

4 Install the guest agent package that corresponds to the guest operating system you are deploying

during provisioning.

a Navigate to the LinuxGuestAgentPkgs subdirectory for your guest operating system.

b Locate your preferred package format or convert a package to your preferred package format.

c Install the guest agent package on your reference machine.

For example, to install the les from the RPM package, run rpm -i

gugent-7.0.0-012715.x86_64.rpm.

5 Congure the guest agent to communicate with the Manager Service by running installgugent.sh

Manager_Service_Hostname_fdqn:portnumber ssl platform.

The default port number for the Manager Service is 443. Accepted platform values are ec2, vcd, vca, and

vsphere.

Option Description

If you are using a load balancer

With no load balancer

Enter the fully qualied domain name and port number of your Manager
Service load balancer. For example:

cd /usr/share/gugent
./installgugent.sh
load_balancer_manager_service.mycompany.com:443 ssl ec2

Enter the fully qualied domain name and port number of your Manager
Service machine. For example:

cd /usr/share/gugent
./installgugent.sh manager_service_machine.mycompany.com:
443 ssl vsphere

30 VMware, Inc.