BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
In my years of experience, I have had the opportunity to use multiple versions of VMware vRealize Automation, and I have watched its installation process become more and more streamlined with each new version. As such, I can say with some confidence that vRealize Automation 7 has nearly perfected this installation process. Fortunately, for those accustomed to vRealize Automation 6, the latest version also offers endpoints, compute resources, reservations and machine fixes, making the transition between versions easier.
To install the latest version of vRealize Automation (vRA), go to the administration console of the vRealize appliance at port 5480 to start the installation wizard. In order to plan your deployment and install Windows servers that will run your IaaS components, you'll need a new agent to configure those servers from the wizard. There is no need to install individual components on the Windows machines because everything is triggered through the wizard.
If you are familiar with vRA 6, you will recall that it checks to make sure all prerequisites are met; vRealize Automation 7 does this as well.
As you can see in Figure A, the Windows server I intended to use for IaaS did not have Internet Information Server installed. With previous versions of vRA, you could manually fix any missing elements or run the community-supported prerequisite script to configure your systems. VRA 7, however, has a "Fix" button that automatically goes out to your Windows servers through the new agent and configures all settings. It then runs the prerequisite checker again, and if everything is in order, you may continue your installation. This minimizes the amount of time spent preparing and helps ensure a successful installation.
On the first page of the wizard, you can select your deployment type, with the option of choosing either a minimal or an enterprise deployment. A minimal deployment is useful for a proof of concept installation or if you want to run vRA in a small environment, but the majority of customers will opt to use an enterprise deployment for their production environment. This installation process for an enterprise deployment has also been simplified dramatically. The wizard now asks for all of the details for two vRealize appliances, multiple Windows servers and the load balancer configuration required for such a deployment. VRealize Automation 7 supports F5 and NSX as load balancer types. The installation wizard collects all these details and configures the vRealize appliance cluster with a redundant database setup, configured for access though the load balancer.
Rather than using vSphere Single Sign-On to perform authentication, vRA 7 relies on the new VMware Identity Manager, which is embedded in the vRealize 7 Appliance. This new identity as a service offering still creates an internal domain with the proposed name of "vsphere.local" and a user named "administrator" as well as a new user that is created during installation, named "configurationadmin." This user replaces the need to configure a specific tenant and infrastructure administrator by setting up the infrastructure and configuring the directories that will be used for tenant-based user management. For each tenant you create, you define a user -- for which you may then propose your own username.
Many new items can be configured on a tenant-by-tenant basis, which was not the case in the previous version. Even the login screen and other branding can be modified on a per tenant basis so users can identify the system as their own even before logging into the tenant.
New Blueprint Designer
Once vRealize Automation 7 has been installed and you've logged in, you'll notice the Blueprint Designer has undergone a serious facelift. This combines the creation of infrastructure blueprints and application blueprints. The complete functionality of Application Services has now been integrated into the vRealize Automation Console. There is now only one Blueprint Designer that allows you to not only create a simple blueprint for a Windows server, but also for a complete tiered application stack. This includes integration with network and security to set up the networking environment for your VMs and application stack.
In Figure C, you'll notice a blueprint with two VMs. This is the same functionality as the multimachine blueprint in vRA 6.
Another update to the Blueprint Designer is that blueprints can now be shared between tenants. This new feature means you no longer need to make duplicates of the same blueprint for more than one tenant and also gives users the ability to import and export blueprints. This feature can only be accessed through the command line with the CloudUtil program or through the RESTful API rather than the vRealize Automation 7 interface.
Event-driven extensibility options
Administrators who are familiar with vRA 5 will remember the first customizations done with the vCloud Automation Designer. This method was a lot of work and not very administrator-friendly; it was more targeted toward developers creating customizations for the system. Version 6 of vRA made the process less complex by using the Orchestrator plug-in to extend infrastructure as a service workflows within vRealize Orchestrator (vRO) workflows. If you have worked with either one of these customization methods, you should recognize the workflow stub names shown in Figure D, such as Building Machine, Machine Provisioned and Machine Disposing.
You can still use the customization methods from the two previous versions in vRA 7. However, it's important to move to the new vRA 7 framework at some point. According to the official vRealize Automation 7 release notes:
The workflow stubs are being replaced by the event broker workflow subscriptions. They are still available, supported, and they can be used, but expect them to be removed in a future version of vRealize Automation. To ensure future product compatibility, you should use the workflow subscriptions to run custom workflows based on state changes.
Before looking into the new system, it's interesting to look at how the product has evolved from a Windows-only product to a product with a Linux and Windows engine, and how this shift has phased out .NET Framework components. This statement from the release supports this vision and I suspect that in the next version most, or maybe all, of the Windows components will be replaced. Windows servers might still be necessary for integration with some Windows-based services, but I imagine the core engine will eventually run completely within the vRA Appliance.
VRA 7 also offers a new component called the Event Broker Service, which is based on the open source messaging service RabbitMQ. This service allows software components to generate events and other components to subscribe and reply to events. While it isn't necessarily simpler to use than the component offered in vRA 6, it absolutely makes it easier for multiple configurations to subscribe to the same events. The Event Broker Service also allows you to customize the machine provisioning and approval processes.
As shown in Figure E, a tenant administrator can register a workflow with an event so that it will be triggered. To understand why this is more powerful than registering a workflow in the previous version of vRA, you have to look at how it triggers vRO workflows. In vRA 6, you would create a workflow and assign it to a blueprint with the "Assign a State Change Workflow to a Blueprint" workflow. From there on out, every time that blueprint was used in any of the lifecycles of the machine it provisioned, you would execute the corresponding registered workflow.
With vRA 7, any tenant administrator can create a new workflow subscription and configure the conditions of when to run the workflow when creating it. Since this is done through the vRA console rather than vRO, you can set up any condition you like. This means a workflow can be used for all provisioning operations, or just those done by a specific business group, for a specific operating system and so on.
In Figure F, you will see a list of possible new workflow subscriptions. In the first two rows that vRA 7 has added the ability to register a workflow for an approval policy. A large part of the approval process has remained the same, with the exception that events can now handle approvals. The approval event transfers execution to a vRO workflow and waits for the result of the workflow as a boolean: true for approval and false for denial. The vRO workflow can then reach out to any external system you require to let either a software system or person perform the approval, all within the timeout period you can set yourself.
All in all, vRealize Automation 7 has removed many of the shortcomings of the previous version, strongly improving the multi-tenancy characteristics of the product. Removing the old Application Services component and integrating it with the central Blueprint Designer is a big step and hopefully also interests more customers in using that part of the software. It must be said, however, that automatic application deployments are still only part of the enterprise version of the product.
VRealize Automation extensibility is a priority for many customers, so it's good to see that vRA 7 has moved toward an event-driven model that allows for a more consistent approach throughout the entire software stack.
The building blocks of VMware vRealize
Discussing the new VMware Identity Manager
Is vRealize Automation right for your data center?