Deploying and configuring VMware vRealize has many steps that must be carefully completed before everything is...
said and done. Once you have the vRealize Automation server, infrastructure as a service server and identity servers all set up and working, it's time to look at the post-deployment setup of vRealize.
The first step is to configure the VMware vRealize portal and settings. Start by going to the initial URL to configure vRealize (http://fqdn/vcac). Then, use your single sign-on username and password for this part (email@example.com). This URL is used to configure and set up tenants within the environment.
If you are getting strange errors, it is more than likely one of two possible issues. To start, ensure that the domain name system is fully working -- both forward and reverse. Next, make sure you have the proper time zone selected and the time is accurate across all servers. Even being a minute out can cause this type of error. If everything is correct, you should see what is displayed in Figure 1.
As you can see in the default setup, there is only one tenant, which is the default tenant. In order to modify the vsphere.local tenant, click it. To keep things simple, we will only be using this default tenant in our experiments. On the following webpages, the first tab will be grayed out -- which makes sense, as it is the default tenant.
The second tab, Identity Stores, is where the administrator connects an Active Directory (AD) or another identity system to the tenant in question. In my case, this it is my test.local AD domain. Although it may look a bit scary, the answers to all of the fields that you need to fill in can be looked up. You can take the domain details in Figure 3 and swap them with yours, with obvious substitutions, and it should work without an issue.
Once you have filled in all of the required fields, click "Test Connection," and it should report that the connection is available in green. Save it by clicking "Add" at the bottom. Once the addition is complete, it will take you back to the identity store with your domain filled out.
The last tab, as its name suggests, is where an administrator can configure the administrative roles for this tenant. There are two types of administrators: tenant administrators and infrastructure administrators.
We touched upon this when we talked about the basics of VMware vRealize, but as a quick reminder, the tenant administrators take care of items within the tenant -- such as group management, approvals and entitlements. The infrastructure administrator manages the resources and endpoints, among other things.
It is possible to have one account in two or more roles, but that is considered bad practice, and presents security risks and several auditing issues. As this is a home-test lab, we don't need to be too concerned about the security. Obviously, in a production environment, significantly more care needs to be taken.
In this example, we will use the domain admin group. In the administrators tab, type in the group name; and when it appears, click on it. This will add it to the relevant group, and once it's added, it should look something like what is shown Figure 4. Click update to complete it.
At this point, the initial server-side configuration of the main vRealize tenant is done. If you wanted to configure additional tenants, you could do so by clicking "Add Tenant" on the initial screen (Figure 1) and repeating the process.
While still in vRealize as the infrastructure as a service (IaaS) admin, you need to configure some resources that the infrastructure administrators can allocate as needed. From the original screen (Figure 1), choose "Endpoints" and click "Edit." Endpoints are where all the compute resource and storage are added into the VMware vRealize environment.
For this example, we are using only local vCenter storage, but you can add other various hypervisors and cloud infrastructure in an actual live environment.
It is critical that the endpoint name is the same as that configured when you ran the IaaS installer. Unless you changed it, the default will be "vCenter." If the name field does not match the one created earlier, it will never work. The description field can be any description or just left blank, and the address field should refer to your vCenter. It must appear in the following format: https://vcenter-fqdn/sdk. In my case, this meant: https://vc.test.local/sdk.
VMware vRealize stores all the connection credentials for compute resource in its own system. To give the endpoint the vCenter credentials, click the button to the right of the "Credentials" field and select "New Credentials." You can give the name anything you want. The username should be the account to use -- in our case, firstname.lastname@example.org -- and after you enter the password, click "OK" to commit the credentials.
It can take several minutes for VMware vRealize to discover the underlying data. Check to ensure there are no error messages by going to the infrastructure log and reviewing it for any error messages. After several minutes, when you return to the Endpoints menu, you should see a yellow bar, stating: "Compute resources for this data endpoint were collected." This means that vRealize has successfully collected the data from that resource. This will include information such as capacity, clusters and networks, among other things.
Before you start working on the business side of the vRealize installation, create some machine prefixes. Due to everything being automated, the prefixes are used to give newly created servers a unique identity.
To create these machine prefixes, go to "Infrastructure Blueprints/Machine Prefixes," and click "New Machine Prefix." Use a good prefix, as you will need to be able to differentiate the machine names -- especially when there may be several groups, each with its own sets of machines. In this example, I created a fictitious test group with a prefix of "test." The number of digit column refers to how large you want the pool of numbers to be. If you chose two digits, you could have up to 99 machines on this prefix.
Once this is done, it is time to create the infrastructure for business groups. Go to "Infrastructure Groups/Business Groups," and click "New Business Group."
Fill in the details, including a (group) name and useful description. The machine group should be the one we created a few moments ago. Select it by using the button to the right of the field. The group-manager role can be set to "Domain Admins" for this test. If this was a production setup, it would be the relevant user or group. The vRealize system can also integrate with email for approvals, but the implementation of that is beyond the scope of this introduction and setup of VMware vRealize.
As you can see in Figure 6, the new group has no resources available to it. This is fixed by creating reservations for the group. As the name suggests, the reservation is effectively a slice of our resources from the vSphere endpoint we created before.
Creating a reservation is quite straightforward. Under the "Infrastructure/Reservations/Reservations" tab, click "New Reservation/Virtual/vSphere."
Once the reservation portion is filled in and saved, go to the Resources tab -- as shown in Figure 7. Select the amount of RAM you want to allocate to the reservation. The storage available to the cluster should be visible as well. If you put a tick in the box for storage as I did, you can then reserve portions of storage. The networking portion will allow you to also select from the networks available to that reservation.