+ Section 3: Install and Configure vRealize Automation and
Related Components
+ Objective 3.1:Install a Minimal Deployment
Knowledge
·
Identify IaaS minimal deployment prerequisites
-
A single Windows VM to
run the IaaS role itself, plus SQL (can be hosted on the same box for a lab /
demo deployment). This will run
everything that is not the appliance (i.e., Web Server, Model Manager, Manager
Service, DEM roles, agents).
-
An appliance VM which
can be standalone
·
Validate environment readiness for a given
design based on install type
Consider the usual
stuff; hostnames & IP addresses (put them into DNS), available compute
resource, password considerations, service accounts, security, time
synchronisation, etc.
For the minimal
deployment, make sure the Windows box is deployed, IIS is configured correctly,
the IaaS components are installed (usually done during the Deployment Wizard)… For a minimal deployment, you can get away
with self-signed certificates and there is no load balancer requirements…
Taken directly from
the Install and Configure PDF:
·
Deploy and configure vRealize Automation
Appliance OVF
The install process
has been covered off in some serious depth by other bloggers so I am not going
to reinvent the wheel… have a look through:
http://www.virtuallyghetto.com/2016/02/automating-vrealize-automation-7-minimal-install-part-1-vra-appliance-deployment.html. Also, download the
OVF and have a go J
·
Install using the installation wizard
As above
·
Install manually, remediating IaaS prerequisites
and installing all IaaS components
https://vraapp.domain.local:5480/installer/,
from there you can download the required software
bundles.
·
Install Management Agent(s) at the appropriate
time
vCAC-IaaSManagementAgent-Setup.msi. Run through the install wizard for all IaaS
hosts at this point:
·
Implement and manage CA signed certificates
Copy and
paste the RSA Private Key and Certificate Chain into the box (plus pass phrase
if it has one).
But more
info on how this actually works can be found in the install and configure guide
(link above on p28) and KB 2106583 (below) give more details
Objective 3.2: Install an
Enterprise Deployment
Knowledge
·
Identify IaaS enterprise deployment
prerequisites
Two vRealize
Automation server appliances
A number of IaaS
servers (depending on the size of deployment), normally following the design:
From 7.2, the
design includes Embedded vRO (whereas before this used to be a separately
deployed instance. Having said this, it
is still recommended for a handful of use-cases (such as multitenancy which IMO
is a huge use-case!)
·
Validate environment readiness for given design based
on install type and size
For a distributed
deployment, you need to do what is above in standalone, plus:
o
Configure your load
balancer
o
Install the IaaS
components across multiple VMs (and LB these)
Properly configure
a certificates for the components; have a read through http://pubs.vmware.com/vrealize-automation-72/index.jsp#com.vmware.vrealize.automation.doc/GUID-DBB53ACA-C13D-40DB-9B45-61F75DEA8B00.html#GUID-DBB53ACA-C13D-40DB-9B45-61F75DEA8B00
·
Confirm DNS configuration for servers and load
balancers based on deployment type and size
Simple nslookups
& pings to make sure your VIP is working.
·
Deploy and configure vRealize Automation
Appliance OVF
See below – notes
& link to open902.com article
·
Install using the installation wizard
o
Determine and select appropriate deployment
based on size
For distributed, there are three options: Small, Medium and Large…
-
Small – 10000 managed
machines, 500 catalog items, 10 concurrent machine provisions
-
Medium – 30000 managed
machines, 1000 catalog items, 50 concurrent machine provisions
-
Large – 5000 managed machines,
2500 catalog items, 100 concurrent machine provisions
o
Determine and select the appropriate servers for
component installation
See above – detailed in each link
o
Prepare the environment for installation based on
deployment size
o
Install IaaS Web components and model manager
data
o
Install IaaS manager server and DEM Orchestrator
components
o
Install DEM Workers
o
Install Management Agents
As with the
standalone installer, I’m not going to redo what others have already done very
well – so check out this http://open902.com/vrealize-automation-7-enterprise-install/
Also, don’t forget
the official install documentation: http://pubs.vmware.com/vra-70/topic/com.vmware.ICbase/PDF/vrealize-automation-70-installation-and-configuration.pdf
·
Implement and manage CA signed certificates
One of my
least favourite topics!! I believe what
they are probably asking you to do here is:
https://vraapp:5480 - vRA Settings > Host Settings > Certificate Action
> Import
Copy and
paste the RSA Private Key and Certificate Chain into the box (plus pass phrase
if it has one).
But more
info on how this actually works can be found in the install and configure guide
(link above on p28) and KB 2106583 (below) give more details
Objective 3.3: Install and Configure vRealize Business
Standard for use with vRealize Automation
Knowledge
·
Create and configure a vRealize Business tenant
No mention of
deploying the OVA so I won’t cover it J but usual stuff applies –
make sure DNS resolution is working, set up NTP synchronisation, etc.
Add the vRA host
through the vRB portal:
Click ‘Register’
and you’ll eventually see:
Then – in vRA, create your groups (see the step below) and
add your users into it.
Once you log in (after adding groups) you’ll need to add the
license code:
and then you can log in:
You will need to add a
vCenter to vRB – so back to vRA > Administration > Business Management
> vCenter Server > +
(you may have two for vROps too)
You will see this
after a while:
When you do, you
can click ‘Yes’ and see a more up-to-date view:
·
Create a user based on defined credentials for
vRealize Business in vRealize Automation
Once you add a user
to the relevant role, you’ll see:
·
Select the credentials for the vRealize Business
user
Unclear what is
meant by this… If it’s talking about how
you give access to vRB, it’s mentioned above.
If it’s talking about how to change the root password of the appliance, I
couldn’t find a gui method, but this can be done using passwd from the console:
·
Configure vRealize Business to connect to
vRealize Automation
Mentioned above
Objective 3.4: Troubleshoot Common vRealize Automation
Installation and Configuration Errors
Knowledge
·
Perform a rollback installation on a minimal or
enterprise deployment
Either roll back to
snapshot (below) or uninstall all Windows components using the Windows
uninstaller, issue an iisreset, revert the database to where it was before
starting, reset IIS to use port 443 in the bindings on the default web site and
check that the application repository, vRA and WAPI have been deleted and the
app pools RepositoryAppPool, vCACAppPool and WapiAppPool have been deleted.
o
Revert to pre-installation snapshots if
available
I will assume that anyone looking at deploying
vRA and sitting the VCP7-CMA exam knows how to use snapshots J
·
Generate a vRealize Automation support bundle
·
Validate DNS configuration settings
Can this be asking
to do any more than ping / nslookups?
You can see all nodes are online on the cluster settings (see below)
·
Confirm time synchronization
https://vraapp:5480 > login > vRA Settings > Cluster > Check the
time offset there to make sure it is minimal (600 seconds is the point where
installs will fail… but I would suggest no enterprise network servers should
have time more than 5 seconds spread. If
I can manage it on the kit I have, you can manage it on your customers kit!!)
Let’s assume your
Windows hosts are setup correctly and their AD time is synchronised from
something accurate… From the Windows box
you can run w32tm commands and from Linux using ntpq –p
W32tm:
ntpq –p:
·
Confirm matching certificates
Vague what this is
after – but check:
-
For a load balanced
role, both the VIP hostname (i.e. vraapp) and the individual nodes (vraapp01
and vraapp02) are in the certificate… That you can hit all three individually
and get no warnings.
-
You can get certificate
information from https://vraapp/vcac/services/api/status
-
Certificate is trusted
Root on the machine you’re working on
-
No name mismatch
-
No expiration
No comments:
Post a Comment