Wednesday, 29 March 2017

VCP7-CMA Section 3 - Blueprint Dissection

+ Section 3: Install and Configure vRealize Automation and Related Components
+ Objective 3.1:Install a Minimal Deployment
·      Identify IaaS minimal deployment prerequisites
-       A single Windows VM to run the IaaS role itself, plus SQL (can be hosted on the same box for a lab / demo deployment).  This will run everything that is not the appliance (i.e., Web Server, Model Manager, Manager Service, DEM roles, agents).
-       An appliance VM which can be standalone
·      Validate environment readiness for a given design based on install type
Consider the usual stuff; hostnames & IP addresses (put them into DNS), available compute resource, password considerations, service accounts, security, time synchronisation, etc.

For the minimal deployment, make sure the Windows box is deployed, IIS is configured correctly, the IaaS components are installed (usually done during the Deployment Wizard)…  For a minimal deployment, you can get away with self-signed certificates and there is no load balancer requirements…

Taken directly from the Install and Configure PDF:

·      Deploy and configure vRealize Automation Appliance OVF
The install process has been covered off in some serious depth by other bloggers so I am not going to reinvent the wheel… have a look through:  Also, download the OVF and have a go J
·      Install using the installation wizard
As above
·      Install manually, remediating IaaS prerequisites and installing all IaaS components
https://vraapp.domain.local:5480/installer/, from there you can download the required software bundles. 

·      Install Management Agent(s) at the appropriate time
vCAC-IaaSManagementAgent-Setup.msi.  Run through the install wizard for all IaaS hosts at this point:

·      Implement and manage CA signed certificates
From https://vraapp:5480 - vRA Settings > Host Settings > Certificate Action > Import:

Copy and paste the RSA Private Key and Certificate Chain into the box (plus pass phrase if it has one).

But more info on how this actually works can be found in the install and configure guide (link above on p28) and KB 2106583 (below) give more details

Objective 3.2: Install an Enterprise Deployment
·      Identify IaaS enterprise deployment prerequisites
Two vRealize Automation server appliances
A number of IaaS servers (depending on the size of deployment), normally following the design:
From 7.2, the design includes Embedded vRO (whereas before this used to be a separately deployed instance.  Having said this, it is still recommended for a handful of use-cases (such as multitenancy which IMO is a huge use-case!)
·      Validate environment readiness for given design based on install type and size
For a distributed deployment, you need to do what is above in standalone, plus:
o   Configure your load balancer
o   Install the IaaS components across multiple VMs (and LB these)
·      Confirm DNS configuration for servers and load balancers based on deployment type and size
Simple nslookups & pings to make sure your VIP is working.
·      Deploy and configure vRealize Automation Appliance OVF
See below – notes & link to article
·      Install using the installation wizard
o   Determine and select appropriate deployment based on size
For distributed, there are three options:  Small, Medium and Large…
-       Small – 10000 managed machines, 500 catalog items, 10 concurrent machine provisions
-       Medium – 30000 managed machines, 1000 catalog items, 50 concurrent machine provisions
-       Large – 5000 managed machines, 2500 catalog items, 100 concurrent machine provisions

o   Determine and select the appropriate servers for component installation
See above – detailed in each link
o   Prepare the environment for installation based on deployment size
o   Install IaaS Web components and model manager data
o   Install IaaS manager server and DEM Orchestrator components
o   Install DEM Workers
o   Install Management Agents
As with the standalone installer, I’m not going to redo what others have already done very well – so check out this

·      Implement and manage CA signed certificates
One of my least favourite topics!!  I believe what they are probably asking you to do here is:

https://vraapp:5480 - vRA Settings > Host Settings > Certificate Action > Import
Copy and paste the RSA Private Key and Certificate Chain into the box (plus pass phrase if it has one).

But more info on how this actually works can be found in the install and configure guide (link above on p28) and KB 2106583 (below) give more details

Objective 3.3: Install and Configure vRealize Business Standard for use with vRealize Automation
·      Create and configure a vRealize Business tenant
No mention of deploying the OVA so I won’t cover it J but usual stuff applies – make sure DNS resolution is working, set up NTP synchronisation, etc.
Add the vRA host through the vRB portal:

Click ‘Register’ and you’ll eventually see:

Then – in vRA, create your groups (see the step below) and add your users into it.

Once you log in (after adding groups) you’ll need to add the license code:

and then you can log in:

You will  need to add a vCenter to vRB – so back to vRA > Administration > Business Management > vCenter Server > +

 (you may have two for vROps too)

You will see this after a while:

When you do, you can click ‘Yes’ and see a more up-to-date view:

·      Create a user based on defined credentials for vRealize Business in vRealize Automation

Once you add a user to the relevant role, you’ll see:

·      Select the credentials for the vRealize Business user
Unclear what is meant by this…  If it’s talking about how you give access to vRB, it’s mentioned above.  If it’s talking about how to change the root password of the appliance, I couldn’t find a gui method, but this can be done using passwd from the console:

·      Configure vRealize Business to connect to vRealize Automation
Mentioned above
Objective 3.4: Troubleshoot Common vRealize Automation Installation and Configuration Errors
·      Perform a rollback installation on a minimal or enterprise deployment
Either roll back to snapshot (below) or uninstall all Windows components using the Windows uninstaller, issue an iisreset, revert the database to where it was before starting, reset IIS to use port 443 in the bindings on the default web site and check that the application repository, vRA and WAPI have been deleted and the app pools RepositoryAppPool, vCACAppPool and WapiAppPool have been deleted.
o   Revert to pre-installation snapshots if available
I will assume that anyone looking at deploying vRA and sitting the VCP7-CMA exam knows how to use snapshots J
·      Generate a vRealize Automation support bundle
https://vrapp:5480 > login > vRA Settings > Cluster > Generate Support Bundle:

·      Validate DNS configuration settings
Can this be asking to do any more than ping / nslookups?  You can see all nodes are online on the cluster settings (see below)
·      Confirm time synchronization
https://vraapp:5480 > login > vRA Settings > Cluster > Check the time offset there to make sure it is minimal (600 seconds is the point where installs will fail… but I would suggest no enterprise network servers should have time more than 5 seconds spread.  If I can manage it on the kit I have, you can manage it on your customers kit!!)

Let’s assume your Windows hosts are setup correctly and their AD time is synchronised from something accurate…  From the Windows box you can run w32tm commands and from Linux using ntpq –p


ntpq –p:

·      Confirm matching certificates
Vague what this is after – but check:
-       For a load balanced role, both the VIP hostname (i.e. vraapp) and the individual nodes (vraapp01 and vraapp02) are in the certificate… That you can hit all three individually and get no warnings.
-       You can get certificate information from https://vraapp/vcac/services/api/status
-       Certificate is trusted Root on the machine you’re working on
-       No name mismatch
-       No expiration