VMware vRealize Automation - 7.3 Installation Manual
Installing vRealize
Automation
15 March 2018
vRealize Automation 7.3
Installing vRealize Automation
You can find the most up-to-date technical documentation on the VMware website at:
https://docs.vmware.com/
If you have comments about this documentation, submit your feedback to
docfeedback@vmware.com
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
Copyright © 2012–2018 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc. 2
Contents
vRealize Automation Installation 7
Updated Information 8
vRealize Automation Installation Overview 10
1
About vRealize Automation Installation 10
New in this vRealize Automation Installation 11
vRealize Automation Installation Components 11
The vRealize Automation Appliance 11
Infrastructure as a Service 12
Deployment Type 14
Minimal vRealize Automation Deployments 14
Distributed vRealize Automation Deployments 15
Choosing Your Installation Method 18
Preparing for vRealize Automation Installation 19
2
General Preparation 19
Accounts and Passwords 20
Host Names and IP Addresses 22
Latency and Bandwidth 22
vRealize Automation Appliance 23
vRealize Automation Appliance Ports 23
IaaS Windows Servers 25
IaaS Windows Server Ports 26
IaaS Web Server 27
IaaS Manager Service Host 28
IaaS SQL Server Host 29
IaaS Distributed Execution Manager Host 30
DEM Workers with Amazon Web Services 30
DEM Workers with Openstack or PowerVC 31
DEM Workers with Red Hat Enterprise Virtualization 31
DEM Workers with SCVMM 32
Certificates 33
Extracting Certificates and Private Keys 34
VMware, Inc.
Deploying the vRealize Automation Appliance 35
3
About vRealize Automation Appliance Deployment 35
Deploy the vRealize Automation Appliance 35
3
Installing vRealize Automation
Installing vRealize Automation with the Installation Wizard 39
4
Using the Installation Wizard for Minimal Deployments 39
Start the Installation Wizard for a Minimal Deployment 39
Install the vRealize Automation Management Agent 40
Completing the Installation Wizard 42
Using the Installation Wizard for Enterprise Deployments 42
Start the Installation Wizard for an Enterprise Deployment 42
Install the vRealize Automation Management Agent 43
Completing the Installation Wizard 44
The Standard vRealize Automation Installation Interfaces 46
5
Using the Standard Interfaces for Minimal Deployments 46
Minimal Deployment Checklist 47
Configure the vRealize Automation Appliance 47
Installing IaaS Components 51
Using the Standard Interfaces for Distributed Deployments 57
Distributed Deployment Checklist 57
Disabling Load Balancer Health Checks 58
Certificate Trust Requirements in a Distributed Deployment 58
Configure Web Component, Manager Service and DEM Host Certificate Trust 60
Installation Worksheets 60
Configuring Your Load Balancer 63
Configuring Appliances for vRealize Automation 64
Install the IaaS Components in a Distributed Configuration 70
Installing vRealize Automation Agents 97
Set the PowerShell Execution Policy to RemoteSigned 98
Choosing the Agent Installation Scenario 98
Agent Installation Location and Requirements 99
Installing and Configuring the Proxy Agent for vSphere 99
Installing the Proxy Agent for Hyper-V or XenServer 105
Installing the VDI Agent for XenDesktop 109
Installing the EPI Agent for Citrix 113
Installing the EPI Agent for Visual Basic Scripting 116
Installing the WMI Agent for Remote WMI Requests 120
Silent vRealize Automation Installation 123
6
About Silent vRealize Automation Installation 123
Perform a Silent vRealize Automation Installation 123
Perform a Silent vRealize Automation Management Agent Installation 124
Silent vRealize Automation Installation Answer File 125
VMware, Inc. 4
Installing vRealize Automation
The vRealize Automation Installation Command Line 126
vRealize Automation Installation Command Line Basics 126
vRealize Automation Installation Command Names 127
The vRealize Automation Installation API 128
Convert Between vRealize Automation Silent Properties and JSON 129
vRealize Automation Post-Installation Tasks 131
7
Configure Federal Information Processing Standard Compliant Encryption 131
Enable Automatic Manager Service Failover 132
About Automatic Manager Service Failover 132
Automatic vRealize Automation PostgreSQL Database Failover 133
Replacing Self-Signed Certificates with Certificates Provided by an Authority 134
Changing Host Names and IP Addresses 134
Change the Master vRealize Automation Appliance Host Name 134
Change a Replica vRealize Automation Appliance Host Name 135
Adjusting the SQL Database for a Changed Host Name 136
Change the vRealize Automation Appliance IP Address 137
Change an IaaS Server IP Address 139
Change an IaaS Server Host Name 140
Set the vRealize Automation Login URL to a Custom Name 142
Removing a vRealize Automation Appliance from a Cluster 143
Licensing vRealize Code Stream 143
Installing the vRealize Log Insight Agent on IaaS Servers 143
Change a vRealize Automation Appliance FQDN Back to the Original FQDN 144
Configure SQL AlwaysOn Availability Group 145
Configure Access to the Default Tenant 145
Troubleshooting a vRealize Automation Installation 147
8
Default Log Locations 147
Rolling Back a Failed Installation 148
Roll Back a Minimal Installation 149
Roll Back a Distributed Installation 149
Create a vRealize Automation Support Bundle 150
General Installation Troubleshooting 151
Installation or Upgrade Fails with a Load Balancer Timeout Error 151
Server Times Are Not Synchronized 151
Blank Pages May Appear When Using Internet Explorer 9 or 10 on Windows 7 152
Cannot Establish Trust Relationship for the SSL/TLS Secure Channel 152
Connect to the Network Through a Proxy Server 153
Console Steps for Initial Content Configuration 154
Cannot Downgrade vRealize Automation Licenses 155
VMware, Inc. 5
Installing vRealize Automation
Troubleshooting the vRealize Automation Appliance 155
Installers Fail to Download 155
Encryption.key File has Incorrect Permissions 156
Directories Management Identity Manager Fails to Start After Horizon-Workspace Restart 156
Incorrect Appliance Role Assignments After Failover 158
Failures After Promotion of Replica and Master Nodes 158
Incorrect vRealize Automation Component Service Registrations 159
Additional NIC Causes Management Interface Errors 161
Cannot Promote a Secondary Virtual Appliance to Master 162
Active Directory Sync Log Retention Time Is Too Short 162
RabbitMQ Cannot Resolve Host Names 163
Troubleshooting IaaS Components 164
Prerequisite Fixer Cannot Install .NET Features 164
Validating Server Certificates for IaaS 164
Credentials Error When Running the IaaS Installer 165
Save Settings Warning Appears During IaaS Installation 165
Website Server and Distributed Execution Managers Fail to Install 166
IaaS Authentication Fails During IaaS Web and Model Management Installation 166
Failed to Install Model Manager Data and Web Components 167
IaaS Windows Servers Do Not Support FIPS 168
Adding an XaaS Endpoint Causes an Internal Error 169
Uninstalling a Proxy Agent Fails 169
Machine Requests Fail When Remote Transactions Are Disabled 170
Error in Manager Service Communication 171
Email Customization Behavior Has Changed 171
Troubleshooting Log-In Errors 172
Attempts to Log In as the IaaS Administrator with Incorrect UPN Format Credentials Fails with
No Explanation 172
Log In Fails with High Availability 173
Proxy Prevents VMware Identity Manager User Log In 174
VMware, Inc. 6
vRealize Automation Installation
This vRealize Automation Installation guide contains wizard, manual, and silent installation instructions for
VMware vRealize ™ Automation.
Note Not all features and capabilities of vRealize Automation are available in all editions. For a
comparison of feature sets in each edition, see https://www.vmware.com/products/vrealize-automation/.
Intended Audience
This information is intended for experienced Windows or Linux system administrators who are familiar
with virtual machine technology and data center operations.
VMware Technical Publications Glossary
VMware Technical Publications provides a glossary of terms that might be unfamiliar to you. For
definitions of terms as they are used in VMware technical documentation, go to
http://www.vmware.com/support/pubs.
VMware, Inc.
7
Updated Information
The following table lists the changes to Installing vRealize Automation for this product release.
Revision Description
15 MAR 2018
18 JAN 2018
4 DEC 2017
n
Noted JRE versus JDK in IaaS Web Server and IaaS SQL Server Host.
n
Updated DEM Workers with SCVMM.
n
Added custom URL pointer in Certificates.
n
Revised initial login steps in and around Configure the vRealize Automation Appliance, Configure the First
vRealize Automation Appliance in a Cluster, and Add Another vRealize Automation Appliance to the Cluster.
n
Updated Set the PowerShell Execution Policy to RemoteSigned.
n
Updated renaming procedures with recent findings: Change the Master vRealize Automation Appliance Host
Name, Change a Replica vRealize Automation Appliance Host Name, and Change an IaaS Server Host
Name.
n
Added Set the vRealize Automation Login URL to a Custom Name.
n
Added detail to Server Times Are Not Synchronized.
n
Added Latency and Bandwidth.
n
Added TLS to IaaS Windows Servers.
n
Revised and restored Configure the DEM to Connect to SCVMM at a Different Installation Path.
n
Updated and renamed Change a vRealize Automation Appliance FQDN Back to the Original FQDN.
n
Updated vRealize Automation Appliance Ports.
n
Updated IaaS Windows Server Ports.
n
Updated IaaS SQL Server Host.
n
Updated Change the vRealize Automation Appliance IP Address.
n
Added Change a vRealize Automation Appliance FQDN Back to the Original FQDN.
n
Added Adjusting the SQL Database for a Changed Host Name.
n
Added Change an IaaS Server Host Name.
n
Added Configure SQL AlwaysOn Availability Group.
12 SEP 2017
n
Revised Incorrect vRealize Automation Component Service Registrations.
n
No need to enable RabbitMQ FQDN before installing. Moved instructions to RabbitMQ Cannot Resolve Host
Names.
30 AUG 2017
VMware, Inc. 8
n
Revised IaaS Manager Service Host.
n
Updated the sample figure in Deploy the vRealize Automation Appliance.
n
Revised Machine Requests Fail When Remote Transactions Are Disabled.
n
Revised Directories Management Identity Manager Fails to Start After Horizon-Workspace Restart.
n
Revised Incorrect vRealize Automation Component Service Registrations.
Installing vRealize Automation
Revision Description
7 AUG 2017 Revised .Net and disk statements in IaaS Windows Servers. Added Cannot Promote a Secondary Virtual
Appliance to Master.
EN-002480-02 Corrected naming guidelines in Host Names and IP Addresses. Clarified scale up, in Help and Minimal vRealize
Automation Deployments.
EN-002480-01 Added Change the vRealize Automation Appliance IP Address and Change an IaaS Server IP Address.
EN-002480-00 Initial document release.
VMware, Inc. 9
vRealize Automation Installation
Overview 1
You can install vRealize Automation to support minimal, proof of concept environments, or in different
sizes of distributed, enterprise configurations that are capable of handling production workloads.
Installation can be interactive or silent.
After installation, you start using vRealize Automation by customizing your setup and configuring tenants,
which provides users with access to self-service provisioning and life-cycle management of cloud
services.
This chapter includes the following topics:
n
About vRealize Automation Installation
n
New in this vRealize Automation Installation
n
vRealize Automation Installation Components
n
Deployment Type
n
Choosing Your Installation Method
About vRealize Automation Installation
You can install vRealize Automation through different means, each with varying levels of interactivity.
To install, you deploy a vRealize Automation appliance and then complete the actual installation using
one of the following options:
n
A consolidated, browser-based Installation Wizard
n
Separate browser-based appliance configuration, and separate Windows installations for IaaS server
components
n
A command line based, silent installer that accepts input from an answer properties file
n
An installation REST API that accepts JSON formatted input
VMware, Inc.
10
Installing vRealize Automation
New in this vRealize Automation Installation
If you installed earlier versions of vRealize Automation, be aware of changes in the installation for this
release before you begin.
n
In this release, when a problem occurs with the Manager Service, the service can transparently fail
over to a backup Manager Service host if one is available. You no longer need to log in to the backup
host and start the service.
See About Automatic Manager Service Failover.
n
This release allows for automatic failover of the embedded PostgreSQL database in certain
configurations. See Automatic vRealize Automation PostgreSQL Database Failover.
n
This release of vRealize Automation includes Installation Wizard certificate page options to generate
certificate signing request (CSR) files.
If you expect to import your own certificates, your certificate authority (CA) can use the CSR to more
easily create your SSL certificate.
vRealize Automation Installation Components
A typical vRealize Automation installation consists of a vRealize Automation appliance and one or more
Windows servers that, taken together, provide vRealize Automation Infrastructure as a Service (IaaS).
The vRealize Automation Appliance
The vRealize Automation appliance is a preconfigured Linux virtual appliance. The vRealize Automation
appliance is delivered as an open virtualization file that you deploy on existing virtualized infrastructure
such as vSphere.
The vRealize Automation appliance performs several functions central to vRealize Automation.
n
The appliance contains the server that hosts the vRealize Automation product portal, where users log
in to access self-service provisioning and management of cloud services.
n
The appliance manages single sign-on (SSO) for user authorization and authentication.
n
The appliance server hosts a management interface for vRealize Automation appliance settings.
n
The appliance includes a preconfigured PostgreSQL database used for internal vRealize Automation
appliance operations.
In large deployments with redundant appliances, the secondary appliance databases serve as
replicas to provide high availability.
n
The appliance includes a preconfigured instance of vRealize Orchestrator. vRealize Automation uses
vRealize Orchestrator workflows and actions to extend its capabilities.
VMware, Inc. 11
Installing vRealize Automation
The embedded instance of vRealize Orchestrator is now recommended. In older deployments or
special cases, however, users might connect vRealize Automation to an external
vRealize Orchestrator instead.
n
The appliance contains the downloadable Management Agent installer. All Windows servers that
make up your vRealize Automation IaaS must install the Management Agent.
The Management Agent registers IaaS Windows servers with the vRealize Automation appliance,
automates the installation and management of IaaS components, and collects support and telemetry
information.
Infrastructure as a Service
vRealize Automation IaaS consists of one or more Windows servers that work together to model and
provision systems in private, public, or hybrid cloud infrastructures.
You install vRealize Automation IaaS components on one or more virtual or physical Windows servers.
After installation, IaaS operations appear under the Infrastructure tab in the product interface.
IaaS consists of the following components, which can be installed together or separately, depending on
deployment size.
Web Server
The IaaS Web server provides infrastructure administration and service authoring to the
vRealize Automation product interface. The Web server component communicates with the Manager
Service, which provides updates from the Distributed Execution Manager (DEM), SQL Server database,
and agents.
Model Manager
vRealize Automation uses models to facilitate integration with external systems and databases. The
models implement business logic used by the DEM.
The Model Manager provides services and utilities for persisting, versioning, securing, and distributing
model elements. Model Manager is hosted on one of the IaaS Web servers and communicates with
DEMs, the SQL Server database, and the product interface Web site.
Manager Service
The Manager Service is a Windows service that coordinates communication between IaaS DEMs, the
SQL Server database, agents, and SMTP. In addition, the Manager Service communicates with the Web
server through the Model Manager and must be run under a domain account with local administrator
privileges on all IaaS Windows servers.
Unless you enable automatic Manager Service failover, IaaS requires that only one Windows machine
actively run the Manager Service at a time. For backup or high availability, you may deploy additional
Manager Service machines, but the manual failover approach requires that backup machines have the
service stopped and configured to start manually.
For more information, see About Automatic Manager Service Failover.
VMware, Inc. 12
Installing vRealize Automation
SQL Server Database
IaaS uses a Microsoft SQL Server database to maintain information about the machines it manages, plus
its own elements and policies. Most users allow vRealize Automation to create the database during
installation. Alternatively, you may create the database separately if site policies require it.
Distributed Execution Manager
The IaaS DEM component runs the business logic of custom models, interacting with the IaaS SQL
Server database, and with external databases and systems. A common approach is to install DEMs on
the IaaS Windows server that hosts the active Manager Service, but it is not required.
Each DEM instance acts as a worker or orchestrator. The roles can be installed on the same or separate
servers.
DEM Worker—A DEM worker has one function, to run workflows. Multiple DEM workers increase
capacity and can be installed on the same or separate servers.
DEM Orchestrator—A DEM orchestrator performs the following oversight functions.
n
Monitors DEM workers. If a worker stops or loses its connection to Model Manager, the DEM
orchestrator moves the workflows to another DEM worker.
n
Schedules workflows by creating new workflow instances at the scheduled time.
n
Ensures that only one instance of a scheduled workflow is running at a given time.
n
Preprocesses workflows before they run. Preprocessing includes checking preconditions for
workflows and creating the workflow execution history.
The active DEM orchestrator needs a strong network connection to the Model Manager host. In large
deployments with multiple DEM orchestrators on separate servers, the secondary orchestrators serve as
backups by monitoring the active DEM orchestrator, and provide redundancy and failover if a problem
occurs with the active DEM orchestrator. For this kind of failover configuration, you might consider
installing the active DEM orchestrator with the active Manager Service host, and secondary DEM
orchestrators with the standby Manager Service hosts.
Agents
vRealize Automation IaaS uses agents to integrate with external systems and to manage information
among vRealize Automation components.
A common approach is to install vRealize Automation agents on the IaaS Windows server that hosts the
active Manager Service, but it is not required. Multiple agents increase capacity and can be installed on
the same or separate servers.
Virtualization Proxy Agents
vRealize Automation creates and manages virtual machines on virtualization hosts. Virtualization proxy
agents send commands to, and collect data from, vSphere ESX Server, XenServer, and Hyper-V hosts,
and the virtual machines provisioned on them.
VMware, Inc. 13
Installing vRealize Automation
A virtualization proxy agent has the following characteristics.
n
Typically requires administrator privileges on the virtualization platform that it manages.
n
Communicates with the IaaS Manager Service.
n
Is installed separately and has its own configuration file.
Most vRealize Automation deployments install the vSphere proxy agent. You might install other proxy
agents depending on the virtualization resources in use at your site.
Virtual Desktop Integration Agents
Virtual desktop integration (VDI) PowerShell agents allow vRealize Automation to integrate with external
virtual desktop systems. VDI agents require administrator privileges on the external systems.
You can register virtual machines provisioned by vRealize Automation with XenDesktop on a Citrix
Desktop Delivery Controller (DDC), which allows the user to access the XenDesktop Web interface from
vRealize Automation.
External Provisioning Integration Agents
External provisioning integration (EPI) PowerShell agents allow vRealize Automation to integrate external
systems into the machine provisioning process.
For example, integration with Citrix Provisioning Server enables provisioning of machines by on-demand
disk streaming, and an EPI agent allows you to run Visual Basic scripts as extra steps during the
provisioning process.
EPI agents require administrator privileges on the external systems with which they interact.
Windows Management Instrumentation Agent
The vRealize Automation Windows Management Instrumentation (WMI) agent enhances your ability to
monitor and control Windows system information, and allows you to manage remote Windows servers
from a central location. The WMI agent also enables collection of data from Windows servers that
vRealize Automation manages.
Deployment Type
You can install vRealize Automation as a minimal deployment for proof of concept or development work,
or in a distributed configuration suitable for medium to large production workloads.
Minimal vRealize Automation Deployments
Minimal deployments include one vRealize Automation appliance and one Windows server that hosts the
IaaS components. In a minimal deployment, the vRealize Automation SQL Server database can be on
the same IaaS Windows server with the IaaS components, or on a separate Windows server.
VMware, Inc. 14
Appliance
Postgres DB
vRealize
Orchestrator
IIS
vRealize Automation
Appliance
vRealize Automation
Infrastructure
as a Service (IaaS)
IaaS
SQL Server
Database
• Web Server
• Model Manager Host
• Manager Service Host
• Distributed Execution
Manager (DEM)
• Agent
Virtualization Resources
Users
Installing vRealize Automation
Figure 1‑1. Minimal vRealize Automation Deployment
You cannot convert a minimal deployment to an enterprise deployment. To scale a deployment up, start
with a small enterprise deployment, and add components to that. Starting with a minimal deployment is
not supported.
Note The vRealize Automation documentation includes a complete, sample minimal deployment
scenario that walks you through installation and how to start using the product for proof of concept. See
Installing and Configuring vRealize Automation for the Rainpole Scenario.
Distributed vRealize Automation Deployments
Distributed, enterprise deployments can be of varying size. A basic distributed deployment might improve
vRealize Automation simply by hosting IaaS components on separate Windows servers as shown in the
following figure.
VMware, Inc. 15
Appliance
Postgres DB
vRealize Automation Infrastructure as a Service (IaaS)
vRealize
Orchestrator
vRealize Automation
Appliance
IaaS
SQL Server
Database
IaaS
Agent(s)
IaaS
DEM(s)
IaaS
Web Server
and
Model Manager Host
Virtualization Resources
Users
IIS
IaaS
Manager Service
Host
Installing vRealize Automation
Figure 1‑2. Distributed vRealize Automation Deployment
Many production deployments go even further, with redundant appliances, redundant servers, and load
balancing for even more capacity. Large, distributed deployments provide for better scale, high
availability, and disaster recovery. Note that the embedded instance of vRealize Orchestrator is now
recommended, but you might see vRealize Automation connected to an external vRealize Orchestrator in
older deployments.
VMware, Inc. 16
Appliance Postgres DB
vRealize Automation Infrastructure as a Service (IaaS)
Primary
vRealize Automation
Appliance
Additional
vRealize Automation
Appliances
vRealize
Orchestrator
Load
Balancer
Additional
vRealize
Orchestrators
vRealize Automation Appliance
Load Balancer
IaaS Web Server
and
Model Manager Host
Additional IaaS
Web Servers without
Model Manager
IaaS Web Server
Load Balancer
IaaS
SQL Server
Database
IaaS
Agent(s)
IaaS
DEM
Orchestrator(s)
IaaS
DEM
Worker(s)
Virtualization Resources
Users
IIS IIS
Active IaaS
Manager Service
Host
Passive IaaS
Manager Service
Hosts
IaaS Manager Service
Load Balancer
Installing vRealize Automation
Figure 1‑3. Large Distributed and Load Balanced vRealize Automation Deployment
For more information about scalability and high availability, see the vRealize Automation Reference
Architecture guide.
VMware, Inc. 17
Installing vRealize Automation
Choosing Your Installation Method
The consolidated vRealize Automation Installation Wizard is your primary tool for new
vRealize Automation installations. Alternatively, you might want to perform the manual, separate
installation processes or a silent installation.
n
The Installation Wizard provides a simple and fast way to install, from minimal deployments to
distributed enterprise deployments with or without load balancers. Most users run the Installation
Wizard.
n
If you want to expand a vRealize Automation deployment or if the Installation Wizard stopped for any
reason, you need the manual installation steps. After you begin a manual installation, you cannot go
back and run the Installation Wizard.
n
Depending on your site needs, you might also take advantage of silent, command line or API-based
installation.
VMware, Inc. 18
Preparing for
vRealize Automation Installation 2
You install vRealize Automation into existing virtualization infrastructure. Before you begin an installation,
you need to address certain environmental and system requirements.
This chapter includes the following topics:
n
General Preparation
n
Accounts and Passwords
n
Host Names and IP Addresses
n
Latency and Bandwidth
n
vRealize Automation Appliance
n
IaaS Windows Servers
n
IaaS Web Server
n
IaaS Manager Service Host
n
IaaS SQL Server Host
n
IaaS Distributed Execution Manager Host
n
Certificates
General Preparation
There are several deployment-wide considerations to be aware of before installing vRealize Automation.
For more about high-level environment requirements, including supported operating system and browser
versions, see the vRealize Automation Support Matrix.
User Web Browsers
Multiple browser windows and tabs are not supported. vRealize Automation supports one session per
user.
VMware Remote Consoles provisioned on vSphere support only a subset of vRealize Automation
supported browsers.
VMware, Inc.
19
Installing vRealize Automation
Third Party Software
All third-party software should have the latest vendor patches. Third party software includes Microsoft
Windows and SQL Server.
Time Synchronization
All vRealize Automation appliances and IaaS Windows servers must synchronize to the same time
source. You may use only one of the following sources. Do not mix time sources.
n
The vRealize Automation appliance host
n
One external network time protocol (NTP) server
To use the vRealize Automation appliance host, you must run NTP on the ESXi host. For more about
timekeeping, see VMware Knowledge Base article 1318.
You select the time source on the Installation Prerequisites page of the Installation Wizard.
Accounts and Passwords
There are several user accounts and passwords that you might need to create or plan settings for, before
installing vRealize Automation.
IaaS Service Account
IaaS installs several Windows services that must run under a single user account.
n
The account must be a domain user.
n
The account does not need to be a domain administrator, but must have local administrator
permission, before installation, on all IaaS Windows servers.
n
The account password cannot contain a double quotation mark ( " ) character.
n
The Management Agent installer for IaaS Windows servers prompts you for the account credentials.
n
The account must have Log on as a service permission, which lets the Manager Service start and
generate log files.
n
The account must have dbo permission on the IaaS database.
If you use the installer to create the database, add the account login to SQL Server before
installation. The installer grants the dbo permission after it creates the database.
n
If you use the installer to create the database, in SQL, add the sysadmin role to the account before
installation.
The sysadmin role is not required if you choose to use a pre-existing empty database.
VMware, Inc. 20
Installing vRealize Automation
IIS Application Pool Identity
The account you use as the IIS application pool identity for the Model Manager Web service must have
Log on as batch job permission.
IaaS Database Credentials
You can let the vRealize Automation installer create the database, or you can create it separately using
SQL Server. When the vRealize Automation installer creates the database, the following requirements
apply.
n
For the vRealize Automation installer, if you select Windows Authentication, the account that runs the
Management Agent on the primary IaaS Web server must have the sysadmin role in SQL to create
and alter the size of the database.
n
For the vRealize Automation installer, even if you do not select Windows Authentication, the account
that runs the Management Agent on the primary IaaS Web server must have the sysadmin role in
SQL because the credentials are used at runtime.
n
If you separately create the database, the Windows user or SQL user credentials that you provide
only need dbo permission on the database.
IaaS Database Security Passphrase
The database security passphrase generates an encryption key that protects data in the IaaS SQL
database. You specify the security passphrase on the IaaS Host page of the Installation Wizard.
n
Plan to use the same database security passphrase across the entire installation so that each
component has the same encryption key.
n
Record the passphrase, because you need the passphrase to restore the database if there is a failure
or to add components after initial installation.
n
The database security passphrase cannot contain a double quotation mark ( " ) character. The
passphrase is accepted when you create it but causes the installation to fail.
vSphere Endpoints
If you plan to provision to a vSphere endpoint, you need a domain or local account with enough
permission to perform operations on the target. The account also needs the appropriate level of
permission configured in vRealize Orchestrator.
vRealize Automation Administrator Password
After installation, the vRealize Automation administrator password logs you in to the default tenant. You
specify the administrator password on the Single Sign-On page of the Installation Wizard.
VMware, Inc. 21
Installing vRealize Automation
The vRealize Automation administrator password cannot contain a trailing equals ( = ) character. The
password is accepted when you create it but results in errors later, when you perform operations such as
saving endpoints.
Host Names and IP Addresses
vRealize Automation requires that you name the hosts in your installation according to certain
requirements.
n
All vRealize Automation machines in your installation must be able to resolve each other by fully
qualified domain name (FQDN).
While performing the installation, always enter the complete FQDN when identifying or selecting a
vRealize Automation machine. Do not enter IP addresses or short machine names.
n
In addition to the FQDN requirement, Windows machines that host the Model Manager Web service,
Manager Service, and Microsoft SQL Server database must be able to resolve each other by
Windows Internet Name Service (WINS) name.
Configure your Domain Name System (DNS) to resolve these short WINS host names.
n
Preplan domain and machine naming so that vRealize Automation machine names begin with letters
(a–z, A–Z), end with letters or digits (0–9), and have only letters, digits, or hyphens ( - ) in the middle.
The underscore character ( _ ) must not appear in the host name or anywhere in the FQDN.
For more information about allowable names, review the host name specifications from the Internet
Engineering Task Force. See www.ietf.org.
n
In general, you should expect to keep the host names and FQDNs that you planned for
vRealize Automation systems. Changing a host name is not always possible. When a change is
possible, it might be a complicated procedure.
n
A best practice is to reserve and use static IP addresses for all vRealize Automation appliances and
IaaS Windows servers. vRealize Automation supports DHCP, but static IP addresses are
recommended for long-term deployments such as production environments.
n
You apply an IP address to the vRealize Automation appliance during OVF or OVA deployment.
n
For the IaaS Windows servers, you follow the usual operating system process. Set the IP address
before installing vRealize Automation IaaS.
Latency and Bandwidth
vRealize Automation supports multiple site, distributed installation, but data transmission speed and
volume must meet minimum prerequisites.
vRealize Automation needs an environment of 5 ms or lower network latency, and 1 GB or higher
bandwidth, among the following components.
n
vRealize Automation appliance
n
IaaS Web server
VMware, Inc. 22
Installing vRealize Automation
n
IaaS Model Manager host
n
IaaS Manager Service host
n
IaaS SQL Server database
n
IaaS DEM Orchestrator
The following component might work at a higher latency site, but the practice is not recommended.
n
IaaS DEM Worker
You may install the following component at the site of the endpoint with which it communicates.
n
IaaS Proxy Agent
vRealize Automation Appliance
Most vRealize Automation appliance requirements are preconfigured in the OVF or OVA that you deploy.
The same requirements apply to standalone, master, or replica vRealize Automation appliances.
The minimum virtual machine hardware on which you can deploy is Version 7, or ESX/ESXi 4.x or later.
See VMware Knowledge Base article 2007240. Because of the hardware resource demand, do not
deploy on VMware Workstation.
After deployment, you might use vSphere to adjust vRealize Automation appliance hardware settings to
meet Active Directory requirements. See the following table.
Table 2‑1. vRealize Automation Appliance Hardware Requirements for Active Directory
vRealize Automation Appliance for Small Active Directories vRealize Automation Appliance for Large Active Directories
n
4 CPUs
n
18 GB memory
n
60 GB disk storage
n
4 CPUs
n
22 GB memory
n
60 GB disk storage
A small Active Directory has up to 25,000 users in the organizational unit (OU) to be synced in the ID
Store configuration. A large Active Directory has more than 25,000 users in the OU.
vRealize Automation Appliance Ports
Ports on the vRealize Automation appliance are usually preconfigured in the OVF or OVA that you deploy.
The following ports are used by the vRealize Automation appliance.
Table 2‑2. Incoming Ports
Port Protocol Comments
22 TCP Optional. Access for SSH sessions.
80 TCP Optional. Redirects to 443.
88 TCP (UDP
optional)
443 TCP Access to the vRealize Automation console and API calls.
VMware, Inc. 23
Cloud KDC Kerberos authentication from external mobile devices.
Installing vRealize Automation
Table 2‑2. Incoming Ports (Continued)
Port Protocol Comments
Access for machines to download the guest agent and software bootstrap agent.
Access for load balancer, browser.
4369, 5671,
5672, 25672
5480 TCP Access to the virtual appliance management interface.
5488, 5489 TCP Internally used by the vRealize Automation appliance for updates.
8230, 8280,
8281, 8283
8443 TCP Access for browser. Identity Manager administrator port over HTTPS.
8444 TCP Console proxy communication for vSphere VMware Remote Console connections.
9300–9400 TCP Access for Identity Manager audits.
54328 UDP
TCP RabbitMQ messaging.
Used by the Management Agent.
TCP Internal vRealize Orchestrator instance.
Table 2‑3. Outgoing Ports
Port Protocol Comments
25, 587 TCP, UDP SMTP for sending outbound notification email.
53 TCP, UDP DNS server.
67, 68, 546, 547 TCP, UDP DHCP.
80 TCP Optional. For fetching software updates. Updates can be downloaded separately and
applied.
88, 464, 135 TCP, UDP Domain controller.
110, 995 TCP, UDP POP for receiving inbound notification email.
143, 993 TCP, UDP IMAP for receiving inbound notification email.
123 TCP, UDP Optional. For connecting directly to NTP instead of using host time.
389 TCP Access to View Connection Server.
389, 636, 3268,
3269
443 TCP Communication with IaaS Manager Service and infrastructure endpoint hosts over HTTPS.
445 TCP Access to ThinApp repository for Identity Manager.
902 TCP ESXi network file copy operations and VMware Remote Console connections.
5050 TCP Optional. For communicating with vRealize Business for Cloud.
5432 TCP, UDP Optional. For communicating with another appliance PostgreSQL database.
TCP Active Directory. Default ports shown, but are configurable.
Communication with the vRealize Automation software service over HTTPS.
Access to the Identity Manager upgrade server.
Access to View Connection Server.
VMware, Inc. 24
Installing vRealize Automation
Table 2‑3. Outgoing Ports (Continued)
Port Protocol Comments
5500 TCP RSA SecurID system. Default port shown, but is configurable.
8281 TCP Optional. For communicating with an external vRealize Orchestrator instance.
9300–9400 TCP Access for Identity Manager audits.
54328 UDP
Other ports might be required by specific vRealize Orchestrator plug-ins that communicate with external
systems. See the documentation for the vRealize Orchestrator plug-in.
IaaS Windows Servers
All Windows servers that host IaaS components must meet certain requirements. Address requirements
before you run the vRealize Automation Installation Wizard or the standard Windows-based installer.
n
Place all IaaS Windows servers on the same domain. Do not use Workgroups.
n
Each server needs the following minimum hardware.
n
2 CPUs
n
8 GB memory
n
40 GB disk storage
A server that hosts the SQL database together with IaaS components might need additional
hardware.
n
Because of the hardware resource demand, do not deploy on VMware Workstation.
n
Install Microsoft .NET Framework 4.5.2 or later.
A copy of .NET is available from any vRealize Automation appliance:
https://vrealize-automation-appliance-fqdn:5480/installer/
If you use Internet Explorer for the download, verify that Enhanced Security Configuration is disabled.
Navigate to res://iesetup.dll/SoftAdmin.htm on the Windows server.
n
Install Microsoft PowerShell 2.0, 3.0, or 4.0, based on your version of Windows.
Note that some vRealize Automation upgrades or migrations might require an older or newer
PowerShell version, in addition to the one that you are currently running.
n
If you install more than one IaaS component on the same Windows server, plan to install them to the
same installation folder. Do not use different paths.
n
IaaS servers use TLS for authentication, which is enabled by default on some Windows servers.
Some sites disable TLS for security reasons, but you must leave at least one TLS protocol enabled.
This version of vRealize Automation supports TLS 1.2.
VMware, Inc. 25
Installing vRealize Automation
n
Enable the Distributed Transaction Coordinator (DTC) service. IaaS uses DTC for database
transactions and actions such as workflow creation.
Note If you clone a machine to make an IaaS Windows server, install DTC on the clone after
cloning. If you clone a machine that already has DTC, its unique identifier is copied to the clone,
which causes communication to fail. See Error in Manager Service Communication.
Also enable DTC on the server that hosts the SQL database, if it is separate from IaaS. For more
about DTC enablement, see VMware Knowledge Base article 2038943.
n
Verify that the Secondary Log On service is running. If desired, you may stop the service after
installation is complete.
IaaS Windows Server Ports
Ports on the IaaS Windows servers must be configured before vRealize Automation installation.
Open ports between all IaaS Windows servers according to the following tables. Include the server that
hosts the SQL database, if it is separate from IaaS. Alternatively, if site policies allow, you may disable
firewalls between IaaS Windows servers and SQL Server.
Table 2‑4. Incoming Ports
Port Protocol Component Comments
443 TCP Manager Service Communication with IaaS components and vRealize Automation
appliance over HTTPS
443 TCP vRealize Automation
appliance
443 TCP Infrastructure Endpoint Hosts Communication with IaaS components and vRealize Automation
443 TCP Guest agent
Software bootstrap agent
443 TCP DEM Worker Communication with NSX Manager
1433 TCP SQL Server instance MSSQL
Communication with IaaS components and vRealize Automation
appliance over HTTPS
appliance over HTTPS. Typically, 443 is the default
communication port for virtual and cloud infrastructure endpoint
hosts, but refer to the documentation provided by your
infrastructure hosts for a full list of default and required ports
Communication with Manager Service over HTTPS
Table 2‑5. Outgoing Ports
Port Protocol Component Comments
53 TCP, UDP All DNS
67, 68, 546,
547
123 TCP, UDP All Optional. NTP
443 TCP Manager Service Communication with vRealize Automation appliance over
VMware, Inc. 26
TCP, UDP All DHCP
HTTPS
Installing vRealize Automation
Table 2‑5. Outgoing Ports (Continued)
Port Protocol Component Comments
443 TCP Distributed Execution
Managers
443 TCP Proxy agents Communication with Manager Service and infrastructure
443 TCP Management Agent Communication with the vRealize Automation appliance
443 TCP Guest agent
Software bootstrap agent
1433 TCP Manager Service
Website
5480 TCP All Communication with the vRealize Automation appliance.
Communication with Manager Service over HTTPS
endpoint hosts over HTTPS
Communication with Manager Service over HTTPS
MSSQL
Also, because you enable DTC between all servers, DTC requires port 135 over TCP and a random port
between 1024 and 65535. Note that the Prerequisite Checker validates that DTC is running and the
required ports are open.
IaaS Web Server
A Windows server that hosts the Web component must meet additional requirements, in addition to those
for all IaaS Windows servers.
The requirements are the same, whether or not the Web component hosts the Model Manager.
n
Configure Java.
n
Install 64-bit Java 1.8 or later. Do not use 32-bit.
The JRE is enough. You do not need the full JDK.
n
Set the JAVA_HOME environment variable to the Java installation folder.
n
Verify that %JAVA_HOME%\bin\java.exe is available.
n
Configure Internet Information Services (IIS) according to the following table.
VMware, Inc. 27
Installing vRealize Automation
You need IIS 7.5 for Windows 2008 variants, IIS 8 for Windows 2012, and IIS 8.5 for Windows 2012
R2.
In addition to the configuration settings, avoid hosting additional Web sites in IIS.
vRealize Automation sets the binding on its communication port to all unassigned IP addresses,
making no additional bindings possible. The default vRealize Automation communication port is 443.
Table 2‑6. IaaS Manager Service Host Internet Information Services
IIS Component Setting
Internet Information Services (IIS) roles
IIS Windows Process Activation Service
roles
n
Windows Authentication
n
Static Content
n
Default Document
n
ASPNET 3.5 and ASPNET 4.5
n
ISAPI Extensions
n
ISAPI Filter
n
Configuration API
n
Net Environment
n
Process Model
n
WCF Activation (Windows 2008 variants only)
n
HTTP Activation
n
Non-HTTP Activation (Windows 2008 variants only)
(Windows 2012 variants: Go to Features > .Net Framework 3.5 Features >
Non-HTTP Activation)
IIS Authentication settings Set the following non-defaults.
n
Windows Authentication enabled
n
Anonymous Authentication disabled
Do not change the following defaults.
n
Negotiate Provider enabled
n
NTLM Provider enabled
n
Windows Authentication Kernel Mode enabled
n
Windows Authentication Extended Protection disabled
n
For certificates using SHA512, TLS1.2 must be disabled on Windows 2012
variants
IaaS Manager Service Host
A Windows server that hosts the Manager Service component must meet additional requirements, in
addition to those for all IaaS Windows servers.
The requirements are the same, whether the Manager Service host is a primary or backup.
n
No firewalls can exist between a Manager Service host and DEM host. For port information, see IaaS
Windows Server Ports.
n
The Manager Service host must be able to resolve the NETBIOS name of the SQL Server database
host. If it cannot resolve the NETBIOS name, add the SQL Server NETBIOS name to the Manager
Service machine /etc/hosts file.
VMware, Inc. 28
Installing vRealize Automation
n
Configure Internet Information Services (IIS) according to the following table.
You need IIS 7.5 for Windows 2008 variants, IIS 8 for Windows 2012, and IIS 8.5 for Windows 2012
R2.
In addition to the configuration settings, avoid hosting additional Web sites in IIS.
vRealize Automation sets the binding on its communication port to all unassigned IP addresses,
making no additional bindings possible. The default vRealize Automation communication port is 443.
Table 2‑7. IaaS Manager Service Host Internet Information Services
IIS Component Setting
Internet Information Services (IIS) roles
IIS Windows Process Activation Service
roles
n
Windows Authentication
n
Static Content
n
Default Document
n
ASPNET 3.5 and ASPNET 4.5
n
ISAPI Extensions
n
ISAPI Filter
n
Configuration API
n
Net Environment
n
Process Model
n
WCF Activation (Windows 2008 variants only)
n
HTTP Activation
n
Non-HTTP Activation (Windows 2008 variants only)
(Windows 2012 variants: Go to Features > .Net Framework 3.5 Features >
Non-HTTP Activation)
IIS Authentication settings Set the following non-defaults.
n
Windows Authentication enabled
n
Anonymous Authentication disabled
Do not change the following defaults.
n
Negotiate Provider enabled
n
NTLM Provider enabled
n
Windows Authentication Kernel Mode enabled
n
Windows Authentication Extended Protection disabled
n
For certificates using SHA512, TLS1.2 must be disabled on Windows 2012
variants
IaaS SQL Server Host
A Windows server that hosts the IaaS SQL database must meet certain requirements.
VMware, Inc. 29
Installing vRealize Automation
Your SQL Server can reside on one of your IaaS Windows servers, or on a separate host. When hosted
together with IaaS components, these requirements are in addition to those for all IaaS Windows servers.
n
This release of vRealize Automation does not support the default SQL Server 2016 130 compatibility
mode. If you separately create an empty SQL Server 2016 database for use with IaaS, use 100 or
120 compatibility mode.
If you create the database through the vRealize Automation installer, compatibility is already
configured.
n
AlwaysOn Availability Group (AAG) is only supported with SQL Server 2016 Enterprise. When you
use AAG, you specify the AAG listener FQDN as the SQL Server host.
n
When hosted together with IaaS components, configure Java.
n
Install 64-bit Java 1.8 or later. Do not use 32-bit.
The JRE is enough. You do not need the full JDK.
n
Set the JAVA_HOME environment variable to the Java installation folder.
n
Verify that %JAVA_HOME%\bin\java.exe is available.
n
Use a supported SQL Server version from the vRealize Automation Support Matrix.
n
Enable TCP/IP protocol for SQL Server.
n
SQL Server includes a model database that is the template for all databases created on the SQL
instance. For IaaS to install correctly, do not change the model database size.
n
Usually, the server needs more hardware than the minimums described in IaaS Windows Servers.
n
Before running the vRealize Automation installer, you need to identify accounts and add permissions
in SQL. See Accounts and Passwords.
IaaS Distributed Execution Manager Host
A Windows server that hosts the Distributed Execution Manager (DEM) Orchestrator or Worker
component must meet additional requirements, in addition to those for all IaaS Windows servers.
No firewalls can exist between a DEM host and Manager Service host. For port information, see IaaS
Windows Server Ports.
DEM Workers might have additional requirements depending on the provisioning resources with which
they interact.
DEM Workers with Amazon Web Services
A vRealize Automation IaaS DEM Worker that communicates with Amazon Web Services (AWS) must
meet additional requirements, in addition to those for all IaaS Windows servers and DEMs in general.
A DEM Worker can communicate with AWS for provisioning. The DEM Worker communicates with, and
collects data from, an Amazon EC2 account.
n
The DEM Worker must have Internet access.
VMware, Inc. 30
Loading...