Sunday 7 May 2017

VCP7-CMA Section 5 - Blueprint Dissection

Section 5: Configure and Administer Fabric Groups and Endpoints
+ Objective 5.1: Create and Manage VMware Endpoints
Knowledge
·      Integrate vRealize Automation with NSX
Starts at the vSphere End point (outlined below), on the network profile (Infrastructure > Reservations > Network Profiles to define Routed and NAT profiles) and on a blueprint

·      Add a vRealize Orchestrator endpoint to vRealize Automation
Administration > vRO Configuration > Endpoints




If you are using the internal vRO server then the Address is https://<IP or FQDN of vRO/vco
If you are using external vRO server then the address is https://<IP or FQDN of vRO:8281/vco
Add VMware.VCenterOrchestrator.Priority as a custom property with a value of 1 – this is essential for NSX.

·      Configure the NSX plugin in vRealize Orchestrator
This is possible from vRO, but should be done from vRA…  To do it from vRO, run the workflow Library, NSX, Configuration, Create NSX Endpoint:

And you can verify it’s added in the Inventory tab:


·      However, assuming you’ve set vRA up correctly (i.e., the vRO Endpoint as mentioned above)…   Add NSX to the vSphere (vCenter) endpoint as mentioned in the below section ‘Configure NSX Network and Security for the vSphere endpoint’

After you’ve added the NSX Networking and Security to the vSphere endpoint, you can do a data collection against Network and Security Inventory:


When that succeeds, when you look in vRO, you’ll see the NSX plugin has registered itself with the NSX Endpoint:


·      Perform data collection in vRealize Automation
Infrastructure > Compute Resources > hover over the arrow next to the compute resources and select ‘Data Collection’:

and click on ‘Request Now’ under the required item you wish to ‘data collect’…  Normally, this is useful if you change templates in vSphere and want the templates to be reflected in vRA.

·      Create and configure a vSphere Endpoint
Infrastructure > Endpoints > Endpoints > +New > Virtual > vSphere (vCenter)



·      Configure NSX Network and Security for the vSphere endpoint
The checkbox above ‘Specify manager for network and security platform’

(typo on the IP address J)
·      Create and configure a vCloud Air Endpoint
Same as for vSphere, but select +New > Cloud > vCloud Air




Objective 5.2: Create and Manage Fabric Groups, Reservations and Network Profiles
Knowledge
·      Create and configure a fabric group
You need to be an IaaS Administrator
Infrastructure > Endpoints >  Fabric Groups > + New


Choose name, description, Fabric administrators, plus the actual compute resource you wish to use. 

Also, you can see in the above screenshot the AWS resources are added to a fabric group in the same way as vSphere resources.

·      Select compute resources to include in the fabric group
See above - plus can be retrospectively added by editing the FG:

·      Configure compute resource Data Collection
Infrastructure > Endpoints > Endpoints - hover over the arrow next to the compute resource > View compute Resources
Hover over the Compute resource and select  'Data Collection'

From here, you can run a data collection, adjust the frequency, or enable/disable data collections

·      Create a vSphere reservation
Covered in section 4.5
·      Assign a business group to the vSphere reservation
Covered in section 4.5
·      Create a vCloud Air Reservation
First, the vCloud Air Endpoint needs to be added...  Infrastructure > Endpoints > Endpoints > +New:

After which, you can create the reservation... Infrastructure > Reservations > Reservations > + New > vCloud Air

Complete the reservation in the same way as a vSphere reservation, selecting the vCA resource from the Resources tab.

·      Assign a business group to the vSphere reservation
Covered in section 4.5
·      Create and configure network profile types
Infrastructure > Reservations > Network Profiles > +New >
Covered in section 1 incorrectly (section 1 is looking for blueprint config (i.e., add a network to the blueprint and select which network you want to use)
o   For static IP address assignment
o   External network profiles
o   NAT network profiles
o   Routed network profile
·      Create and configure machine prefixes
Covered very briefly in section 2.3
Infrastructure > Administration > Machine Prefixes > +New
Select the prefix name, number of digits vRA will append and the next number (i.e., on the first creation, where the numbering will start from).  After which, this can be configured on the business group or on the blueprint:



VCP7-CMA Section 4 - Blueprint Dissection

Section 4: Configure and Manage the vRealize Automation Catalog
+ Objective 4.1: Manage the vRealize Automation Catalog
Knowledge
·      Create and configure the catalog service
From vRA, Administration > Catalog Management > Services > +
Depending on the use cases will depend on what services will be created here…  Typically, I see OS families for IaaS (for example, Windows Servers might be one), XaaS for a particular function (e.g., extensibility with a backup tool – so ‘backup services’ for example), anything special for a particular business unit (for example, a complex blueprint for a specific application where 3x servers are deployed with a DB on one, App tier on another and IIS on the 3rd).




Yes I have used Super Mario as an Icon – just to demonstrate how this looks to the user later on!
·      Activate the catalog service
Done with the ‘Status’ above – so once a service has been created, it can be ‘Active’, ‘Inactive’ or ‘Deleted’.
·      Add catalog items to the service
Administration > Catalog Management > Catalog Items > Select a blueprint you have created that does not belong to a service (or does and you want to change the service it belongs to) and click on its name (it’s a hyperlink):






Choose the service you want to put it in, give it an icon (yes that is Bill Gates at the Windows 95 BSOD Conference episode, again, to show how this looks to a user)
·      Create and configure entitlements
Administration > Catalog Management > Entitlements > +

Give it a title, choose who the business group is (I only have one so it’s not selectable) and choose the users you want to add…  There is the option for ‘All Users and Groups’ which is new in vRA 7.2, or you can tie it down to a specific set of users / groups:

Click Next to go to the ‘Items & Approvals’ tab:

Click on the + next to each category to tie together the service, item and actions you want to entitle the user to as part of this action (so here, we want to entitle the service Windows Desktops, the item Windows 95 and we can be granular about which actions we want to add (such as power, RDP access, console access, snapshotting the VM,etc, or custom actions that you have created) but we will just add everything).

Click ‘Finish’.
·      Specify users and groups for entitlements
Listed above – can be retrospectively changed too
·      Add and manage entitlement services
Listed above – can be retrospectively changed too
·      Add and manage catalog items
Listed above – can be retrospectively changed too
·      Add and manage actions
Listed above – can be retrospectively changed too
·      Activate entitlements
After an entitlement has been created, it can be deactivated or activated:

by clicking ‘Deactive’ or ‘Activate’

            Tie it all together – the user will see under Catalog…


Objective 4.2: Create and Manage Approval Policies

Knowledge
·      Create approval policies
Administration > Approval Policies > +

Choose the type approval policy (i.e., what user action do you want to create an approval policy for?


Give the approval policy a name & define the conditions (Click on + on pre-approval or post-approval (n.b., pre approvals are before the event has occurred, post are after the event has occurred, but before releasing the service to the user))



After clicking on + to add a level (As I have one here – one named 2 vCPU)



You can choose what will trigger the approval policy (for example, here I have defined that if a user requests a VM with more than 2 vCPUs, they must get approval from a specific group of users; businessadmins…

·      Specify approval policy information
See above
·      Determine when approvals should be executed
See above
·      Add pre-approval and post-approval levels
See above
·      Configure approval forms with defined approvers
See above
·      Manage approval policies
There is not much you can do other than delete or copy a policy… You cannot modify it (despite there being an ‘Edit’ button).
·      Modify, deactivate, and delete approval policies
To modify a policy, copy the Approval Policy, modify it and reapply it.  You can delete it from here too.


Once you have created an Approval Policy, you can apply it to an Entitled Item as part of an Entitlement:



So as a user I have requested an item from the catalog with 2 vCPUs which will trigger the approval policy:



Then, when I log on as a member of ‘businessadmins’, I can see in my Inbox an approval which I can choose what to do with:

Click on the number of the request which is a hyperlink then you can choose to approve or reject the VM:



Objective 4.3: Provision Resources from a vRealize Automation Catalog
IMO this is a ‘how to be a user’ section – which I am fine with J
Knowledge
·      Request a catalog resource
Catalog > choose the service you want > Click on ‘Request’:

·      Complete any applicable forms


You can change individual VMs as part of the deployment (i.e., choose #CPU / RAM, etc).  Click on the server type (W2012r2 here, not actually Windows 95 I’m afraid L)


·      Monitor and validate a successful provisioning process
Once submitted (submitted – not saved), click on ‘Requests’ tab, then the request number which is a hyperlink to the request:


Click on ‘Execution Information’ to show details of the actual deployment.


·      Request catalog items on behalf of another user
You must be a support user and will see the ‘On behalf of:’ box in the Service Catalog:

  
+ Objective 4.4: Locate and Reclaim Resources Based on Provided Criteria
Knowledge
·      Locate resources for reclamation based on provided criteria
Administration > Reclamation > Tenant Machines > Click on the two arrows next to advanced search to perform a search based on your criteria:


·      Initiate a system reclamation
Select the VMs with the check box and click on ‘Reclaim Virtual Machines’:


·      Eliminate known used systems
This is not clear – but I am assuming it means ‘don’t include systems that you know are in use’…  If so, then you can uncheck them from the above list – or use the Advanced Search to highlight only the VMs relevant based on whatever criteria you choose (VMs owned by a particular user you dislike, VMs with more than 8 vCPUs, etc)

Objective 4.5: Manage Provisioned Resources
Knowledge
·      Identify and locate owned items by assigned role
Not 100% on what is being asked here – but I believe it is…  Items > Change the ‘Owned by’ to a particular group:

·      Define resource quotas for managed resources based on design requirements
Infrastructure > Reservations > Reservations > from here, you can create a ‘vSphere (vCenter)’ resource and define how much resource you want it to have:


N.B., you tie this to a group of users by creating a business group (Administration > Users & Groups > Business Groups, to which you can add your users, etc.

Which will default to having no resource available


So back to Infrastructure > Reservations > Reservations to add the resource to the Business Group:

Where you can define how much resource you want your BG to have (you need to assign a network too)

And as if by magic… (Look at the figures next to the New Business Group Demo)

A reservation (not a reservation policy) is needed to provision a VM!

·      Add resource portlets to the vRealize Automation home page
From the home screen, click on the pencil (top right), and ‘Add Portlet’.  Then choose the relevant ones (IaaS Capacity Usage by Compute Resource, IaaS Capaity Usage by Group, etc).





I have also included in the background the message board which can point to any https:// site… can come in very handy for some custom stuff (integration with 3rd party systems that might not be 100% vRO-able, company policies, etc)