VMware Hands-on Labs - HOL-1921-01-CMP


Lab Overview - HOL-1921-01-CMP - vRealize Automation 7 - Getting Started

Lab Guidance


Note: It may take more than 90 minutes to complete this lab. You should expect to only finish 2-3 of the modules during your time.  The modules are independent of each other so you can start at the beginning of any module and proceed from there. You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

This introductory lab demonstrates the features of vRealize  Automation and is a great place to start to begin learning about the  powerful capabilities and features of the solution.

Lab Module List:

 Lab Captains:

 

This lab manual can be downloaded from the Hands-on Labs Document site found here:

http://docs.hol.vmware.com

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

http://docs.hol.vmware.com/announcements/nee-default-language.pdf


 

Introduction to the Scenario

Rainpole Systems is an electronics manufacturer located in Palo Alto, California. Rainpole designs and manufactures electronic devices for use in everything from aircraft instrumentation to home automation. Given the diversity of their product set, Rainpole needs to develop cloud-based IT services to support the increasing demands of the business units and their developers.

Rainpole Systems is planning to use vRealize Automation to automate and streamline development of their custom developed eCommerce application. Rainpole is just beginning their journey into automating the deployment and management of development resources. By providing a self-service catalog to the developers, they will be able to offer Infrastructure as a Service (IaaS) to the organization while putting policies and governance in place that will allow them to manage the  lifecycle of the resources.

You will take on the roles of a Rainpole Cloud Administrator, a Rainpole Developer, and a Development Manager in this exciting lab exercise to experience how VMware and vRealize Automation can help make these goals a reality.

 

 

Location of the Main Console

 

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

 

 

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

 

 

Click and Drag Lab Manual Content Into Console Active Window

You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

 

 

Accessing the Online International Keyboard

 

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

 

 

Click once in active console window

 

In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts.

  1. Click once in the active console window.
  2. Click on the Shift key.

 

 

Click on the @ key

 

  1. Click on the "@ key".

Notice the @ sign entered in the active console window.

 

 

Activation Prompt or Watermark

 

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

 

 

Look at the lower right portion of the screen

 

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes you lab has not changed to "Ready", please ask for assistance.

 

Module 1 - What Can vRealize Automation 7 Do for You? (30 minutes)

Introduction


Module 1 is an Introduction to Self-Service in vRealize Automation. It is intended to provide you with an overview of some of the major features of vRealize Automation that enable users to deploy, configure and interact with virtual machines. In this module you will first assume the role of a user in the development group. In this role you will deploy a VM from the service catalog and manage its lifecycle through the use of a "lease". You will also interact with a VM through vRealize Automation, adding capacity and accessing the VM console. You will then follow a request as it moves through the process of being approved by various administrators within the organization.


Self Service Catalog Familiarization


For the first lesson, you will view the console as a development user.  Your company, Rainpole, has recently invested in the VMware vRealize Suite as the basis for a new private cloud infrastructure. vRealize Suite contains a number of technologies that enable IT to deliver services on-demand, at the speed of business. One of those technologies, vRealize Automation, will provide you with a self-service portal through which you can request and interact with virtual machines. Your IT department says that this will allow you get the resources you need, when you need them - no waiting!


 

Open a Web Browser

 

  1. Click the Chrome icon in the Windows Quick Launch task bar

 

 

Log In

 

  1. Log in as devuser with password VMware1!
  2. Click Sign in

 

 

Self-Service Portal

 

The self-service portal is the starting point to all of the services your organization offers you. You can see that by accessing the tabs at the top of the screen you can:

  1. Review your home page.
  2. Request additional services.
  3. Review existing services
  4. Track your submitted or saved requests
  5. Check your inbox for approval requests, action items, and reclamation requests.

 

 

Home Tab

 

When you first log in, you will be on the Home tab.  This is the basic user dashboard.  It contains portlets that show a variety of information, such as:

  1. My Open Requests displays any active or pending requests belonging to the logged in user.
  2. My Items is a portlet that lists the deployed objects owned by this user.
  3. My Inbox contains any notices that are relevant to the user.
  4. Calendar of Events allows the user to quickly identify when important events, such as lease expiration, are coming up.

 

 

Begin a New Request

 

Now you will request a new virtual machine.

  1. Click on the Catalog tab

 

 

Service Catalog

 

To start out you are brought to the "Infrastructure" category of the Service Catalog.  We will be focusing on Infrastructure as a Service (IAAS) provisioning.  (We do not use other service types for this lab.)

The user devuser has been given access to several blueprints.  Each blueprint represents a separate machine that the user can request and manage.  The blueprint describes the entire lifcycle for the request.  Let's give it a try.

1.    Select Request on the CentOS blueprint.

 

 

Complete the New Request From

 

The New Request form provides you with some options to fill out which will determine the number of the deployments you wish to request, as well as the configuration parameters for your new Virtual Machine(s).

1.  Provide a Description for this deployment.  You may use the description provided in the screenshot, or create your own.

2.  Enter a Reason for the request.   This field can be used to inform approvers why you have requested this blueprint.  Approvers and Approval Policies will be covered in more detail in later modules.

3. To configure the VM that will be deployed in this blueprint, select the CentOS item.

Note:  Please do not change the Deployments field.  Requesting multiple deployments can cause performance issues with your lab, and the request will take an excessive amount of time to deploy.

 

 

Configuring the Virtual Machine

 

This service will default to a single instance of the VM with 1CPU, 1024MB Memory, and 10GB of storage.

1.  Verify that the VM configuration settings are correct, and modify the description for the machine if desired.  NOTE:  Although the number of CPUs can be adjusted, continue with the default of 1 CPU for this exercise.  If you change the number of CPUs, the VM will not deploy.  Later in this module, you will discover why.

2.  Review the disk configuration for the VM by clicking on the Storage tab.

 

 

Configuring the Virtual Machine (Cont.)

 

Review the storage configuration for the VM and ensure that drive 0 has a capacity of 10GB.  Here you can add additional disks to the system, but the default will be sufficient for your needs in this case.

Now that you have verified the VM's configuration, you are ready to submit your request.

1.  Click the Submit button.

*Note: You will notice that you also have the option to Save your request so that you can finish working on it later if you are unable to complete the request at that time.

 

 

Request Submitted

 

You have just submitted your first request in vRealize Automation!  You will now follow your submission through the rest of the deployment process.

  1. Click OK to proceed, and return to the Service Catalog page.
  2. Once there, select Requests tab to check on the status of your request.

 

 

Review Your Request

 

This tab will show you the request state as it moves through the provisioning process.  Note that the Status of this request is now In Progress.  This deployment will take some time in the lab environment, so we will return to it later in the module.

This exercise demonstrated the ease at which vRealize Automation allows a user to request items through a service catalog.  But what if you require more than the default resource allocation for a request?  In the next exercise, we will show how approval policies allow for flexibility in the request process, but still provide IT with control.

 

Using Approval Policies


Approval policies are very flexible, and may be configured with one or more conditional levels of approval. For example, a VM requested with a standard configuration may require no approval.  A VM that deviates from that standard may require an IT manager's approval.  A non-standard VM that also exceeds a specific cost threshold may require the IT manager's approval, but also that of the Finance department.  The approval triggers can be based on specific attributes of the request or the requested item, such as number of CPUs, memory, etc. The creation and configuration of these policies will be explored in later modules.


 

Requesting a Larger Deployment

 

While developing your application on the VM you deployed previously, you determine that you may need additional resources in order to get the best performance for the application. Create a new request in vRealize Automation for a larger VM:

  1. Click the Catalog tab at the top of the screen (not shown)
  2. Locate the CentOS item and click Request (not shown)
  3. Select the CentOS VM item
  4. Increase the # CPUs from to 2
  5. Enter Approval Policy Test under Description
  6. Click Submit
  7. Click OK when the successful submission dialog appears (not shown)

While a request is pending approval, the workflow will pause until the approver(s) take action.

To see your pending request, click on the Requests tab and look for the item with a status of Pending Approval. This VM request must be approved by the Development Manager due to the additional CPUs.

 

 

Approving a Request via Email

The request you just submitted has sent an email to the Development Manager of Rainpole Systems, requesting approval of the increased CPU count on your new server. Here we will explore how an approval is handled via e-mail.

 

 

Open the Email Client for devuser

 

From Google Chrome, open Webmail by;

  1. Select the New Tab icon to open a new browser tab.
  2. Clicking on the HOL Admin folder in the bookmark bar.
  3. Click on Webmail.

 

 

Log In to Webmail

 

Log in to the Dev User e-mail to verify that your request has been submitted.

  1. Username: devuser@rainpole.com
  2. Password: VMware1!
  3. Click Login

 

 

View devuser's Pending Request

 

You may see several new e-mails.

  1. Locate the one titled Request #xx For "CentOS has been submitted" which is most recent. It should be the first message in the list.
  2. In the bottom pane, you will see the details of your new request displayed.

Note: You may have to refresh the Mail UI.

 

 

Log Out of devuser's Mailbox

 

  1. Select "Logout" located at the top right corner of the Mail client UI to return to the login screen (Note:  do not close the browser tab, since it will still be needed)

 

 

Log In to the Email Client as devmgr

 

  1. Log in to email using devmgr@rainpole.com
  2. Enter the password VMware1!
  3. Click Login

 

 

View Approval Request as devmgr

 

Next, you will approve the request as the development manager.

  1. Click on the email with the subject line beginning Action Needed: Request for CentOS (It should be the first message in the list)
  2. View the email in the lower pane.  Scroll the lower pane down to the end of the message to find two links:  Approve and Reject
  3. Click Approve

 

 

Send Approval Email as devmgr

 

After clicking on Approve in the e-mail you received, a new message will appear.

  1. Verify that you are sending From the devmgr@rainpole.com account by selecting it from the dropdown. Do not modify the subject line.
  2. Type Approved in the text field.
  3. Click Send

 

 

Log Out of devmgr's Mailbox

 

  1. Click Logout located at the top right corner of the Mail client UI

 

 

Approving a Service Request via the Self-Service Portal

Now you will log in to vRealize Automation as the Rainpole CFO to finalize the approvals.

 

 

Log Out of vRealize Automation

 

First, return to Google Chrome and select the vRealize Automation tab. Then log out of the vRealize Automation portal.

  1. Click Logout

 

 

Return to Login Page

 

  1. Click Go back to login page to return to the vRealize Automation login page

 

 

Log In to vRealize Automation as the CFO

 

Log in to the vRealize Automation Portal.

  1. Username: cfo
  2. Password: VMware1!
  3. Press the Sign in button

 

 

Review Your Pending Approvals as CFO

 

  1. Click on the Inbox tab
  2. Click on the number for the Approval line item to open the request (NOTE: the approval item may not be available initially due to the nature of the lab environment.  If the approval item shown above is not available, click the Refresh icon at the bottom of the Approvals pane until it becomes available.)

 

 

Process an Approval via vRealize Automation

 

The details of the approval provide you with a Justification field for providing information to the requestor as to why their request was approved or rejected. In this case we will go ahead and approve this request.

  1. Provide a justification for the approval by entering Approved in the Justification field
  2. Click Approve to allow the request to move forward

 

 

Log Out of vRealize Automation

 

Now that you have approved the request, you must log back in to the portal as devuser to see the status of your request.

  1. Click Logout

 

 

Return to Login Page

 

  1. Click Go back to login page to return to the vRealize Automation login page

 

 

Log In as devuser

 

  1. Log in as devuser with password VMware1!
  2. Click: Sign in

 

 

View the Approved Request

 

  1. Click on the Requests tab.  You will see your most recent request is now In Progress.

This exercise is complete.  In the next exercise, we will explore how vRealize Automation allows users to interact with deployed VMs, using the first machine deployed.  In the Requests tab, this first deployment request should show a Status of Successful - if the Status remains In Progress, click the Refresh icon at the bottom of the page (not shown) periodically until the status changes.

 

Interact with Deployed VMs


Now that you have deployed a Virtual Machine using the vRealize Automation Self-Service Catalog, you will explore the entitlements that have been assigned to devuser which allow you to interact with your VM.


 

Entitlement Policies

Entitlement policies control ongoing management functions each user is allowed to perform against their machines. Ongoing management functions include (but are not limited to) the following operations:

Depending upon the entitlement policies, users can also modify policies of public cloud machines. Examples are elastic block storage, elastic load balancers, and security groups.

 

 

Reviewing Your Entitlements

 

To see which actions you are currently entitled to:

  1. Click on the Items tab to view your currently deployed items
  2. Click on the Machines section to see your VMs
  3. Select dev-xx row (where xx is the number assigned to your VM) Note: Do not click on the name of the VM.
  4. Click the Actions drop-down menu

The Actions menu lists all of the actions you are currently entitled to on this VM. As you can see there are quite a few options assigned to devuser ranging from power operations, to snapshots, and lifecycle options.

 

 

Accessing Your VM

 

In this case you would like to access the console of the VM and validate that SSH services are running so that you can access the VM via SSH.

  1. Select dev-xx row (where xx is the number assigned to your VM)
  2. Click the Actions drop-down menu
  3. Select Connect to Remote Console

Note:  You may see the Pop-up Blocked message in the upper right hand corner of the browser. If you see this message:

  1. Click on the warning
  2. Select Always allow pop-ups from https://vra-01a.corp.local
  3. Click DONE
  4. Repeat the steps above in order to open the Remote Console

 

 

Log In to the Remote Console

 

When you first launch the console, the screen may be blank as the VM has put the display to sleep. Click inside the window to activate the blue box, and press any key to display the login prompt. Log in to the console using the following credentials:

  1. dev-001 login: root
  2. password: VMware1! (Note: nothing will be displayed on the console while the password is being entered. Press Enter to submit)

 

 

Verify that the SSH Service is Running

 

Once logged in, you will run a command and verify that the SSH service is online.

  1. Run the command service sshd status (press enter to submit the command)
  2. Verify that the output of the command is displayed as: openssh-daemon (pid xxxx) is running...

If the output of the command reads openssh-daemon is stopped run the following command

This should start the service and allow you to move forward.

 

 

Determine the IP Address of Your VM

 

Since you would like to connect to this VM via SSH, you will need to determine the IP address of the VM you deployed.

  1. Run the command ifconfig (press enter to submit the command)
  2. Find the inet addr value in the eth0 block of the output of the command. This is the IP address of this VM.

Please make note of the as your IP address may not be the same as this example.

 

 

Connect to Your VM via SSH

 

You will use the PuTTY tool to establish an SSH connection to your VM.

  1. Click on the PuTTY icon on the taskbar
  2. Enter the IP address you noted from the previous step in the Host Name (or IP address)field in the PuTTY Configuration window
  3. Click Open to begin the session (NOTE: if a window titled "PuTTY Security Alert" appears, click Yes to continue)

 

 

Log In to the VM

 

  1. Log in as root
  2. A public key may have already been configured for this VM, so entering a password may not be necessary

Now that you have connected via SSH you are able to interact with the VM as you wish. Feel free to explore the VM and run any commands you may know.

Note: If public key authentication is not available, the password for the root account is VMware1!

 

 

Close the SSH Window

 

  1. When you are ready, type exit and press Enter to disconnect the SSH session and close the PuTTY window.

 

 

Close the Remote Console Connection

 

  1. Similarly, in the Remote Console window type exit and press Enter to log out of the remote console session.
  2. Click the x next to the browser tab name to close the Remote Console window.

 

VM Lifecycle Management


VMware vRealize Automation provides your organization with the ability to very closely manage the lifecycle of the components that are deployed from the self-service catalog. VMs and other components are subject to lease times, expiry periods, and destruction dates. Managing the lifecycle of these objects allows organizations to manage their capacity more effectively and ensure that waste minimized in their environments. In this lesson you will review the major components of lifecycle management, and what they mean to your deployments.


 

Lease Management

 

After deploying the CentOS catalog item, you notice that the lease time you've been provided is insufficient for your project's requirements. You will need to request more time on the lease in order to complete your project. Here you will learn how to extend the lease using the Resource Actions.

  1. If you are not currently viewing the Items tab, navigate to the Items tab at the top of the page.

 

 

Extending the Lease

 

  1. Select the CentOS-<UID> deployment at the end of the list (do not click on the item name itself.) This is the same deployment used in the previous exercise.
  2. Click the Actions drop-down button in the toolbar
  3. From the list that appears, select Change Lease

 

 

Change Lease Properties

 

A new window will appear asking for parameters around the Lease Extension. Complete the form as follows:

  1. Expiration Date: Set to:1st of next calendar month (using US date format - mm/dd/yyyy)
  2. Enter 12:00 AM in the time field
  3. Select Submit

 

 

Action Submitted

 

Tenant Administrators define Entitlements to determine what end users like devuser are able to do with their machines.  Some users may only be able to connect to their machine, while other users, like developers, may be given more control and allowance to perform actions such as reboots, reconfigurations, or even snapshots.

Approvals can be required selectively to these actions based on group.  As there is not currently an approval policy defined for this resource action and user, the lease change will take effect immediately.  We'll explore configuring approval policies in another module.

  1. Click OK to return to the Items tab

You can verify the deployment's new lease expiration date in the Expires column.

 

 

Lease Expiration

When a deployment's lease expires, it can remain in an archived state for an amount of time determined by your organization.  During that time, you can request to have the deployment unarchived and redeployed with no loss of data.  Once the archival period has ended, the deployment will be destroyed.  Organizations use this feature to ensure that capacity is utilized efficiently and to avoid having idle resources taking up space in the environment.

 

 

Reclamation Requests

If an administrator determines that one of your deployments might be a candidate for reclamation before your lease expires, they can send you a Reclamation Request which will be found in the Inbox tab in the vRealize Automation portal.  The request specifies a new lease length in days, the amount of time given for the machine owner's response, and which machines to target for reclamation.

 

 

Cleaning Up

If you plan to continue on to other modules in this lab, please follow the steps below to ensure that there are enough available resources for the remaining exercises.  If you do not plan to do other modules in this lab, you may stop now.

 

 

Destroying Provisioned VMs

 

To ensure that enough resources are available for the next modules in the lab, we must clean up the VMs which we have provisioned.  To do so:

  1. Navigate to the Items tab at the top of the screen
  2. Select the row for the newly provisioned VM so that it is highlighted (do not click on the deployment name itself)
  3. Click Actions
  4. Select Destroy from the drop-down menu
  5. Click Submit to submit the request (not shown)
  6. Click OK on the Request Submission dialog (not shown)

Repeat these steps for the second VM in the Deployments list.

 

Conclusion


You've just been introduced to some of the ways that VMware vRealize Automation can provide automated infrastructure delivery, governance, and lifecycle management. You learned how to consume infrastructure resources from the self-service portal, manage the  lifecycle of your deployments, and saw how governance can be put in place to manage requests via approval policies. In the upcoming modules you will learn about the administrative functions behind the scenes of what you just covered, as well as how to build your own services and approval policies.


 

You've finished Module 1

 

Congratulations on completing  Module 1.

If you are looking for additional information on vRealize Automation, try one of these:

Proceed to any module below which interests you most.

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 2 - Introduction to Administration (30 Minutes)

Introduction


Now that you're familiar with the vRealize Automation user interface, you'll learn how to administer the self service experience by becoming a Cloud Administrator. You will then create an Infrastructure as a Service (IaaS) Administrator, and a Tenant Administrator where you will learn about the basic functionality of each role. As an IaaS Administrator you will learn how endpoints are configured to communicate with vSphere infrastructure and automate the tasks and requests that are submitted via the self-service portal. As a Tenant Administrator you will learn how to manage Business Groups, the Self-Service Portal, and how to apply your company's branding to the portal.


Configure Administrator Accounts


VMware vRealize Automation uses two distinct types of administrator accounts to divide up the administrative tasks required to manage the infrastructure endpoints, compute resource reservations, users, groups, and policies that need to be put in place. These two accounts are known as the IaaS Administrator and the Tenant Administrator. Here you will configure these administrator accounts and assign them to the vsphere.local tenant.


 

Launch Chrome Browser

 

  1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.

 

 

Log In to vRealize Automation

 

Opening the browser will take you to the vRealize Automation login page.  In order to configure the administrator accounts, you will need to log in to the vsphere.local domain rather than the default corp.local.

  1. Click Sign in to a different domain

 

 

Select Domain

 

You will need to log in to the vsphere.local domain to gain access to the Tenant configuration portal.

  1. From the Select your domain drop-down menu, select vsphere.local
  2. Uncheck the Remember this setting checkbox
  3. Click Next

 

 

Log In

 

Log in with the following credentials:

  1. Username: administrator
  2. Password: VMware1!
  3. Click Sign in

 

 

Default Tenant Administrator Portal

 

The Default Tenant Administrator Portal allows you to create and manage tenants, configure default branding, set up email servers for notifications, view event logs, and configure the server itself. You will be managing the vsphere.local tenant and assigning new administrators.

  1. Click on the vsphere.local tenant name to open the Edit Tenant dialog

 

 

Configure the Tenant Administrator

 

  1. Select the Administrators tab
  2. Type devmgr in the Tenant administrators search field and press the enter key
  3. Select the Development Manager (devmgr@corp.local) result

Selecting the account will assign devmgr as a Tenant Administrator for this tenant. You will now need to assign an IaaS Administrator.

 

 

Configure the IaaS Administrator

 

  1. Type itmgr in the IaaS Administrators search field and press the enter key
  2. Select the IT Manager (itmgr@corp.local) result

Selecting the account will assign itmgr as an IaaS Administrator for this tenant.

  1. Click Finish to submit the changes you've made to the vsphere.local tenant.

 

 

Log Out

 

Log out of the Default Tenant Administrator portal.

  1. Click Logout

 

 

Return to Login Screen

 

  1. Click Go back to login page

 

 

Confirm corp.local Domain

 

Since you unchecked the Remember this setting checkbox before the previous login, the corp.local domain should be selected as the login domain for vRealize Automation.  If corp.local is not selected, then select it from the drop-down and verify that the Remember this setting checkbox is checked.

  1. Click Next

 

Tenant Administration


In this section you will become familiar with the role that the Tenant Administrator plays in vRealize Automation. A Tenant Administrator is responsible for the governance, policies, and entitlements that you explored in the previous module. Here you will learn how these are configured and review some existing settings. The actual configuration of these policies and entitlements will be covered in a later module.


 

Log In

 

Log in as the devmgr user, which has now been assigned the Tenant Administrator role.

  1. Username: devmgr
  2. Password: VMware1!
  3. Click Sign in

 

 

Tenant Administrator Portal

 

The Tenant Administrator Portal shows you some tabs which you might recognize from the previous module, but it also includes two new tabs.

  1. Administration - This tab contains all of the administrative functions that are available to you as the Tenant Administrator.
  2. Infrastructure - Allows you to review recent events that have occurred on your tenant's infrastructure.

 

 

 

Administration Tab

 

  1. Click the Administration tab

You have a number of administrative functions available. Take a moment to review what each function provides:

Feel free to click through any of these options to see what has already been configured before moving on.

 

 

Customize Your Tenant

 

Your company, Rainpole Inc., would like you to customize the vRealize Automation portal so that it matches your company's branding.

Select Branding from the left pane

 

 

 

Change Default Branding

 

  1. Select Header & Footer Branding
  2. Uncheck the Use default checkbox.

 

 

 

  1. Click the Browse button next to the Header Logo (not shown)
  2. Navigate to C:\hol\HOL-1921-01-CMP
  3. Select the Rainpole_logo.png file
  4. Click Open to import the image

 

 

Change the Background Color

 

  1. Scroll to the right in order to view the background color text box
  2. In the Product name field, enter Rainpole Inc. Self-Service Portal
  3. Change the Background hex color field to 20c576 and press Enter to update the preview window
  4. Click Finish to apply your changes, which will refresh the page to apply the new branding

Note: If you get an error message after applying the branding, please read to the next step.

 

 

If you get an Error

 

In some rare cases in the Hands-On Labs, applying this branding can cause an error message to appear. If you experience this, please follow these steps before continuing with the lab. If you did not get the error, you may skip this step!

  1. Log out of vRealize Automation by clicking the "Logout" link in the upper right corner of the screen
  2. Log back in to vRealize Automation using the cloudadmin account and password VMware1!

 

 

Branding Applied

 

Now that you've applied your branding to the portal, you may customize the login screen as well.

 

 

Customize the Login Screen

 

  1. Select Login Screen Branding from the menu on the left
  2. Scroll down until the Logo pane is fully in view
  3. Click Upload
  4. Navigate to C:\hol\HOL-1921-01-CMP (not shown)
  5. Select the Rainpole_logo.png image file (not shown)
  6. Click Open to upload the image (not shown)

After uploading the new login screen branding, scroll to the bottom of the Login Screen Branding window (not shown) and click Save to use the Rainpole logo on the login screen.

 

 

Log Out to View Login Screen Changes

 

  1. Click Logout

 

 

Return to Login Screen

 

  1. Click Go back to login page and verify that the Rainpole Systems logo is now present on the login screen

 

Infrastructure as a Service Administration


The IaaS Administrator is responsible for maintaining the endpoints which provision the resources requested by the consumers of the self-service catalog. They are also responsible for authoring, and maintaining the services and blueprints that are offered up in the catalog. Here you will assume the role of the IaaS Administrator and review the privileges assigned to this user.


 

Log In as itmgr

 

Log in as the itmgr user, which you assigned the IaaS Administrator role earlier in the module.

  1. Log in as itmgr with the password VMware1!
  2. Click Sign in

 

 

IaaS Administrator Portal

 

The IaaS Administrator portal contains fewer tabs than the Tenant Administrator, and it is primarily focused on managing the infrastructure.

 

 

Infrastructure Tab

 

As the IaaS Administrator, you are responsible for managing and maintaining the infrastructure and endpoints utilized by the catalog services your users request.

  1. Navigate to the Infrastructure tab

Review the options available in this section:

 

 

Endpoints

 

IaaS Administrators create the endpoints that allow vRealize Automation to communicate with your infrastructure.  Depending on your machine provisioning needs, the procedure to create an endpoint differs.  An endpoint can be configured to communicate with hypervisors such as vSphere, Hyper-V, KVM, or to public cloud services such as AWS, or to additional infrastructure services such as Infoblox for IPAM.

This flexibility allows your organization to deploy your workloads wherever you determine to be best for your company's needs, and to integrate with the ancillary services in your environment.

  1. Click Endpoints in the menu on the left (not shown,) and click Endpoints once again from the resulting list
  2. Select the vCenter endpoint (do not click on the name vCenter itself)
  3. Click Edit

 

 

Examine the vCenter Endpoint

 

This vSphere (vCenter) endpoint is configured to talk directly to vCenter Server.  This allows vRealize Automation to gather data on the vSphere infrastructure, create reservations that will be consumed by service catalog users, and deploy resources to your vSphere environment.  This endpoint is also associated with an NSX endpoint, which we will observe momentarily.

  1. View the vCenter Server Name, Description, Address, and connection credentials
  2. Click Associations

 

 

View vCenter Endpoint Associations

 

The vSphere (vCenter) endpoint is configured to communicate with NSX.  Integration with NSX will enable your services to leverage the networking and security features provided by NSX when deploying catalog items.  For example, a VM can be automatically configured with networking information, security policies, and load balancers when it is deployed.

  1. Click Cancel to return to the list of endpoints

 

 

Verify the NSX Endpoint

 

  1. Verify the NSX_vCenter endpoint in the Endpoints list.  This endpoint is separately configured and then associated with the vCenter endpoint, as you noted in the previous step.
  2. When ready, click Fabric Groups on the left to proceed

 

 

Fabric Groups

 

As an IaaS Administrator, you can organize virtualization compute resources and cloud endpoints into fabric groups by type and intent.  One or more fabric administrators manage the resources in each fabric group.

Fabric administrators are responsible for creating reservations on the compute resources in their groups to allocate fabric to specific business groups.  Fabric groups are created in a specific tenant, but their resources can be made available to users who belong to business groups in all tenants.

  1. Hover over Development Fabric Group and click Edit in the resulting drop-down menu

 

 

Manage a Fabric Group

 

Note the details of this fabric group:

  1. Fabric administrators are listed here.  These users are able to "carve up" the compute resources available to this fabric group, and assign them to business groups as necessary.
  2. The Compute resources available to this fabric group can be seen here.  Note that this fabric group leverages the RegionA01-COMP01 vSphere cluster.
  3. Click Cancel as we do not wish to modify the Development Fabric Group at this time.

 

 

Monitoring Infrastructure Activity

 

Now that your endpoints are configured, you may need to check on the status of the endpoints and other services within vRealize Automation.

  1. Click on < Infrastructure (not shown) and then click Monitoring to display the Monitoring menu

 

 

Audit Log

 

  1. Click Audit Log

The audit log provides details about the status of managed virtual machines, as well as activities performed on these machines during reconfiguration.  The log includes information about machine lifecycle events, fabric group management, and more.

 

 

DEM Status

 

  1. Click DEM Status

A Distributed Execution Manager (DEM) runs the business logic of custom models, interacting with the database, and with the external databases and systems as required.

Each DEM instance acts in either a Worker role or in an Orchestrator role.  The Worker role is responsible for running workflows.  The Orchestrator role is responsible for monitoring DEM Worker instances, preprocessing workflows to run, and scheduling workflows.

The DEM Orchestrator performs these specific tasks:

 

 

Log

 

  1. Click Log

The Log Viewer shows general system status logs.  These logs will include informational messages from the various services within vRealize Automation, along with errors and warnings that may help in troubleshooting issues with vRealize Automation.

 

 

Workflow History

 

  1. Click Workflow History
  2. Select a Workflow from the workflow column, and click on it to view its details

This view displays workflow history and optionally, you may open a specific workflow to display its execution details.

 

 

Log Out

 

Now that you're familiar with the functions available to the Infrastructure, you can log out of vRealize Automation.

  1. Click Logout

 

 

Return to Login Screen

 

  1. Click Go back to login page

At this point, you have completed the exercise.  If you wish to continue with subsequent modules, please proceed to the next steps to remove the branding applied previously.  If you do not plan to do other modules in this lab, you may stop now.

 

 

Log In as devmgr

 

  1. Log in as devmgr with the password VMware1!
  2. Click Sign in

 

 

 

  1. Navigate to the Administration tab
  2. Click Branding (not shown) and then click Header & Footer Branding
  3. Check the box next to Use default to reset to the default branding
  4. Click Finish to reload the portal with the default branding

 

 

Revert to Default Login Screen Image

 

  1. Click Login Screen Branding
  2. Scroll down to view the Logo pane
  3. Click Remove to remove the Rainpole logo
  4. Scroll down and click Save (not shown)

 

Conclusion


Now that you've gained a basic understanding of the IaaS and Infrastructure Administrator roles, and what their functions are, you should be able to create and manage a tenant, assign administrator roles, create business groups, connect endpoints to infrastructure, and customize the vRealize Automation interface.


 

You've finished Module 2

 

Congratulations on completing Module 2.

If you are looking for additional information on administering vRealize Automation, try one of these:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 3 - Basic Service Authoring (60 minutes)

Introduction


In this module, you will assume the role of a Cloud Administrator and learn how to create new services, build and publish basic blueprints, and assign those blueprints to services which can be consumed by your organization. This module will take roughly 45 minutes to complete. If you need additional time to complete this lab, you may click the Extend button at the top of the Hands On Labs interface.


Creating a New Service


Services are used to organize catalog items into related offerings to make it easier for service catalog users to browse for the catalog items they need.

For example, catalog offerings can be organized into Infrastructure Services, Application Services, and Desktop Services.

A tenant administrator or catalog administrator can specify information about the service such as the service hours, support team, and change window. Although the catalog does not enforce service-level agreements on services, this information is available to business users browsing the service catalog.

Your IT Director has requested a new Service that will hold Rainpole Inc. internal applications. In this lesson you will create a new service and assign it to the appropriate business group.


 

Open Chrome Browser

 

1.  Click on the Chrome Icon on the Windows Quick Launch Task Bar.

 

 

Log In

 

Log in using the following credentials:

1. Username: cloudadmin

2. Password: VMware1!

3. Click Sign in

 

 

Create a New Service

 

  1. Navigate to the Administration tab, and select Catalog Management (not shown) from the list on the left
  2. Select Services
  3. Click New to begin creating a new Service

 

 

New Service

 

  1. In the Name field, enter Rainpole Apps
  2. In the Description field, enter Rainpole Inc. Applications
  3. Click the Browse... button next to the Icon field to import to the Rainpole Systems logo

 

 

 

  1. Navigate to C:\hol\HOL-1921-01-CMP
  2. Select the Rainpole_logo.png file
  3. Click Open to import the logo to your new service

 

 

Complete the Service Configuration

 

Review the settings for the new service.  These options do not need to be modified, but you can see that vRealize Automation allows you to set active hours for the service, and to specify an owner, support team, and a change window for catalog maintenance.

  1. Click OK to create the new service

 

 

Configure Entitlement

 

Now that the Rainpole Apps service has been created, you need to entitle it to the appropriate Business Groups.

  1. Click Entitlements

 

 

Edit the Development Services Entitlement

 

Entitlements determine which users and groups can request specific catalog items, or perform specific actions on deployed items.  Entitlements are specific to a business group.

  1. Select the row labeled Development Services (Note:  if you click the name directly, you will be taken to the Edit screen and can skip step 2.  Otherwise, the row will be highlighted and the Edit button will activate.)
  2. Click Edit

 

 

Edit Entitlement

 

  1. Select the Items & Approvals tab
  2. Enter Rainpole in the search field, and press the Enter key
  3. Click the Rainpole Apps search result in the box that appears in order to add the service
  4. Click Finish to submit the changes

You have completed this exercise.  Now that you've created the Rainpole Apps service and entitled it to your developers, you will need to add content to the service for them to consume.  In the upcoming sections you will create a basic blueprint, publish it to the Rainpole Apps service, and add the ability for developers requesting the blueprint to choose from a set list of deployment sizes.

 

Creating a Basic Blueprint


Let's begin by creating a very basic Converged Blueprint.


 

Click on the Design Tab

 

  1. Click the Design tab to navigate to the Blueprint Design area

In the menu on the left, you can see three options:  Blueprints, Software Components, and XaaS.  The Design tab is where you will create and manage all three types of objects.  A Blueprint is a complete deployment - Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and so on.  Software Components and XaaS objects are consumed by the blueprints, and XaaS objects can be exposed independently as a published catalog item.

Notice that there are already several blueprints present in the environment.  Let's review the most basic one, which you will use in the next steps.

2.   Click on the CentOS blueprint

 

 

Explore the Blueprint Design Canvas

 

Welcome to the Blueprint Design Canvas!

This particular blueprint is a very basic IaaS blueprint that deploys a single vSphere virtual machine running CentOS.  This VM is attached to an existing internal network.

  1. View the list of Categories in the upper left corner.  This list represents the available types of resources that can be consumed on the canvas, including different private and public cloud VMs, Software Components such as web servers, databases, and custom applications, Containers, NSX components like Load Balancers, Security Groups, and Virtual Networks, and more.  Feel free to explore these categories, but do not make any changes to this blueprint.
  2. Click the CentOS vSphere Machine object in the canvas to bring up its properties dialog below the Design Canvas pane

 

 

Review Machine Blueprint Settings

 

In the properties dialog for the CentOS VM, you can see the configuration that dictates how this machine will be deployed.

  1. Click on the Build Information tab
  2. Click the drop-down next to Clone from snapshot
  3. Note the option Use current snapshot - this option will simplify the job of updating blueprints if additional snapshots are taken of the template VM after this blueprint is created (in this case, base-linux-cli in the Clone from field above)
  4. Click Cancel (Note:  if you are prompted to discard your changes, click Yes)

 

 

Create a New Blueprint

 

Now you will create a new blueprint.  You'll start by creating a basic IaaS blueprint that you can use to provision raw vSphere VMs.  With this blueprint as a starting point, you will later be able to expand on it by adding parameters, managed software components, NSX integrations for network and security services, and more as needed.

  1. Click +New

 

 

Enter Blueprint Properties - General

 

  1. Enter Rainpole Wordpress Environment for the name.  Note that the ID field is populated automatically as you enter the name, although it cannot contain spaces or special characters.
  2. Enter a Description:  Create a multi-tier Wordpress environment for Rainpole Development
  3. Change the Archive period to 5 days
  4. Click OK to proceed to the Blueprint Design Canvas

 

 

Add Existing Network to Blueprint

 

You are now back at the Blueprint Design Canvas, but it is blank.  Before we add any virtual machines to this blueprint, we will add an existing network for the VMs to consume.

  1. Click the Network & Security category on the left
  2. Click Existing Network and drag the icon onto the Design Canvas (Note:  when the Existing Network object is on the canvas, the Existing_Network_1 dialog will slide up from the bottom as pictured.)
  3. Click the ... icon to select an Existing Network.  Choose Default External Network Profile from the list, and click OK (not pictured)
  4. Click on the Down Arrow to close the configuration dialog

 

 

Add vSphere Machine to Blueprint

 

  1. Change the Category on the left to Machine Types
  2. Scroll down the list in the lower left pane until you see vSphere (vCenter) Machine
  3. Click and drag the vSphere (vCenter) Machine object onto the Design Canvas, which will open the vSphere_vCenter_Machine_1 dialog (the object can be placed above or below the Existing Network object on the canvas)

 

 

Enter vSphere Machine Parameters - General

 

Now you will configure the vSphere Machine to be deployed.

  1. Change the ID field to rainpole-wp-web.  This will allow you to easily identify this vSphere Machine type as a Rainpole Wordpress web server later on.
  2. Select dev- as the Machine Prefix

 

 

Enter vSphere Machine Parameters - Build Information

 

  1. Click on the Build Information tab
  2. Select Linked Clone as the Action.  The Provisioning Workflow field should automatically change to CloneWorkflow
  3. Click on the ... button next to Clone From, and select the base-linux-cli VM from the list and click OK (not shown)
  4. Click on the drop-down for Clone from snapshot, and select application authoring snapshot from the list.  This will allow you to leverage Software Components in this blueprint at a later date.
  5. Enter CentOS for the Customization spec (Note:  this field is CASE SENSITIVE)

 

 

Configure Machine Parameters - Network

 

  1. Click on the Network tab
  2. Click the +New button to add a new network connection
  3. Click the drop-down and select DefaultExternalNetworkProfile (which was added to the canvas prior prior to the vSphere Machine)
  4. Click OK
  5. Click the Down Arrow to close the configuration dialog.  You should see the rainpole-wp-web VM on the canvas, with a link to the existing network.

 

 

Add a Second vSphere Machine to the Blueprint

 

Now you will add another vSphere Machine to this blueprint.  This machine will act as the database server for the environment.

  1. Click on the vSphere (vCenter) Machine object, and drag it onto the design canvas.  The object should already be visible in the lower left.  Drag the new machine so that it is just to the left of the one you've already configured (this is only to keep the screen visually organized - the object can be dragged to any location on the design canvas.)
  2. Click on the General tab in the resulting vSphere_vCenter_Machine_1 configuration dialog
  3. Change the ID to rainpole-wp-db to signify this VM as a Rainpole Wordpress DB server
  4. Select a Machine Prefix of dev-

 

 

Configure Machine Parameters - Build Information

 

  1. Click on the Build Information tab
  2. Select Linked Clone as the Action.  The Provisioning Workflow field should automatically change to CloneWorkflow
  3. Click on the ... button next to Clone From, and select the base-linux-cli VM from the list and click OK (not shown)
  4. Click on the drop-down for Clone from snapshot, and select application authoring snapshot from the list.  This will allow you to leverage Software Components in this blueprint at a later date.
  5. Enter CentOS for the Customization spec (Note:  this field is CASE SENSITIVE)

 

 

Configure Machine Parameters - Network

 

  1. Click on the Network tab
  2. Click the +New button to add a new network connection
  3. Click the drop-down and select DefaultExternalNetworkProfile (which was added to the canvas prior prior to the vSphere Machine)
  4. Click OK
  5. Click the Finish button below the dialog window to save the blueprint and close the Blueprint Design Canvas

 

 

Publish New Blueprint

 

The blueprint has been created.  However, it is in Draft status by default.  Before the blueprint can be entitled for developers to use, it must be published and added to the vRealize Automation catalog.

  1. Click on the row named Rainpole Wordpress Environment to select it (Note:  do not click on the blue text of the name, or you will be taken back to the Blueprint Design Canvas.)
  2. Click the Publish icon
  3. Verify that the Status for this blueprint has changed to Published

 

 

Entitle New Blueprint

 

First, you will add this blueprint to the service you created earlier.  This will allow all users entitled to that Service to consume this blueprint.

  1. Navigate to the Administration tab and click Catalog Management (not shown)
  2. Click Catalog Items
  3. Scroll down until you see the Rainpole Wordpress Environment item in the list
  4. Click on Rainpole Wordpress Environment to enter the catalog item configuration screen

 

 

Select Service

 

  1. Scroll down to the bottom of the Configure Catalog Item screen
  2. Click the Service drop-down and select Rainpole Apps
  3. Click OK

Congratulations!  You have created a simple blueprint to deploy two vSphere Machines, and entitled it for Rainpole's developers to use.  Continue to the next exercise to discover how to leverage parameterized blueprints to provide more flexibility to your users, and to observe the blueprint deployment in action.

 

Creating a Parameterized Blueprint


In the previous exercise, you created a blueprint for Rainpole's developers to consume.  The ability to create web and database servers for new application development will save Rainpole significant time.

However, some of Rainpole's developers are requesting the ability to be able to choose to deploy database servers of varying sizes.  One way to deliver on this request is to leverage parameterized blueprints in vRealize Automation.

Parameterized blueprints allow you to configure options for vSphere Machine resource sizing (commonly known as "t-shirt sizing") as well as deployment options, rather than requiring separate blueprints for each option.  This reduces blueprint sprawl and provides more flexibility to your users.

In this exercise, you will create a set of component profiles that will be attached to the database machine in the blueprint you created previously.  With these components in place, you will assume the role of a developer and deploy the created blueprint, noting the parameter options.


 

Create Component Profiles

 

Before we can leverage parameters in a blueprint, we must define component profiles that can be used.

  1. Navigate to Administration and select Property Dictionary from the menu on the left (not shown)
  2. Click Component Profiles

The available profile groups are Image, which will override values in the Build Information tab for vSphere Machines in blueprints, and Size, which will override vSphere Machine resource settings (CPU, memory, or storage.)

3.   When ready, click Size to continue

 

 

Create New Component Profiles

 

  1. Click Value Sets
  2. Click +New to create a new value for this component profile

NOTE:  Disregard the 2 existing size values.  These values are used by another lab in the 1921 series.

 

 

Create Small Profile Set

 

  1. For Display name, enter Small (the Name field will be populated automatically)
  2. For Description, enter Small Wordpress DB server size
  3. Change the value of Memory (MB) to 1024
  4. Change the value of Storage (GB) to 10
  5. Click Save to save this value

 

 

Create Large Profile Set

 

  1. Click +New to create an additional value for this set (the New icon will become inactive, and the ValueSet.Small item will be added to the list)
  2. For Display name, enter Large
  3. For Description, enter Large Wordpress DB server size
  4. Change the value of Memory (MB) to 2048
  5. Change the value of Storage (GB) to 10
  6. Click Finish to complete this value set

 

 

Choose Blueprint to Parameterize

 

With the component parameters defined, you will now proceed to add these values to a vSphere Machine in the Rainpole Wordpress Environment blueprint.  This will allow the Rainpole developers to be able to choose the memory allocation for the database servers at request time.

  1. Navigate to the Design tab.  The Blueprints section will be opened by default
  2. Click on the Rainpole Wordpress Environment blueprint name in order to open it in the Blueprint Design Canvas

 

 

Add Profile to Rainpole DB Machine

 

  1. In the Design Canvas pane, click on the rainpole-wp-db vSphere Machine object in order to open the configuration dialog
  2. Click on the Profiles tab
  3. Click +Add

 

 

Add Size Component Profile to Blueprint Item

 

  1. Check the box next to Size
  2. Click OK to add this component profile to the vSphere Machine object

 

 

Edit Value Sets for Component Profile

 

With the component profile added to the Rainpole DB vSphere Machine, you can now enable the previously defined values for this blueprint object.

  1. Click Size to select the component profile
  2. Click Edit Value Sets

 

 

Select Value Sets

 

Now we will choose the size values we created earlier to be part of this value set.  The pre-existing values will not be used for this exercise.

  1. Click the checkbox next to the Large value
  2. Click the checkbox next to the Small value
  3. Click the radio button in the Default column for the Small value.  This will make the Small value the default for this object.
  4. Click OK to close the Select Value Sets window
  5. Click Finish (not shown) to save the blueprint and close the design canvas

 

 

Switch to devuser

 

  1. Click Logout

 

 

Return to Login Page

 

  1. Click Go back to login page

 

 

Log In as devuser

 

  1. Log in as devuser with password VMware1!
  2. Click Sign in

 

 

Request Your New Blueprint

 

  1. Navigate to the Catalog tab
  2. Select the new Rainpole Apps service
  3. Click Request on the Rainpole Wordpress Environment blueprint

 

 

New Request

 

Note that the two vSphere Machines defined in the blueprint, rainpole-wp-db and rainpole-wp-web, are listed in this request.

  1. Click rainpole-wp-db to select this object in the request

 

 

Change Rainpole DB Deployment Size

 

  1. Scroll to the right to modify the Size drop-down
  2. Select Large from the Size drop-down menu.  This will modify the resource allocation for the Rainpole Wordpress DB server during the deployment.
  3. Click Submit to complete the request

 

 

Request Submitted

 

  1. Click OK

 

 

Review Your Request

 

  1. Navigate to the Requests tab
  2. Press the Refresh button to refresh the status of the request.  Note:  you may have to click Refresh several times before the request has completed.
  3. Monitor the progress of the request until the Status changes to Successful

 

 

View Your Deployment

 

Now that the request has been successfully submitted, you will take a look at the items that were deployed.

  1. Navigate to the Items tab
  2. Expand the Rainpole Wordpress Environment item to see the deployed VMs.  Note that this deployment includes 2 vSphere Machines as defined in the blueprint
  3. Click the name of the dev-### VM with a Component value of rainpole-wp-db to view the details of the Rainpole DB server

 

 

Verify Rainpole Wordpress DB Server Sizing

 

  1. In the Item Details screen, verify that the Memory (MB) value is set to 2048.  This is the value determined by the Large parameter defined previously.
  2. Scroll down and click Close (not shown)

 

 

 

Clean Up Provisioned VMs

 

To ensure that enough resources are available for the remaining modules in the lab, you must clean up the VMs that have been provisioned.  To do so:

  1. Select the row for this module's deployment so it is highlighted (do not click on the name itself, or you will be taken to the Item Details screen)
  2. Click Actions
  3. Select Destroy from the drop-down
  4. Click Submit to complete the request, and OK to dismiss the success confirmation (not shown)

 

Conclusion


Now that you've created your first blueprint, you understand how to use the design canvas, configure default settings for blueprint items, publish a blueprint, and entitle it by assigning it to a service.  In the next module you will learn how to apply policies and governance to blueprints and catalog items.


 

You've finished Module 3

 

Congratulations on completing  Module 3.

If you are looking for additional information on authoring services within vRealize Automation, try one of these:

Proceed to any module below which interests you most.

 

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Module 4 - Policy-Based Lifecycle Management and Governance (30 minutes)

Introduction


In this module you will assume the role of a Cloud Administrator and explore putting policies and governance in place to manage the lifecycle of the VMs managed by vRealize Automation. This module will take roughly 30 minutes to complete. If you need additional time to complete this lab, you may click the Extend button at the top of the Hands On Labs interface.


Lease Management


A blueprint can optionally define a lease duration for machines provisioned from that blueprint.

If a blueprint does not specify a lease period, machines are provisioned from that blueprint with no expiration date.  If a blueprint specifies a single value for lease duration, machines are provisioned from that blueprint with an expiration date based on the blueprint lease duration.  The expiration date is calculated from the time of the request, not from when the machine was provisioned.

If a blueprint specifies a range of possible lease durations, a user can select the desired lease duration within that range when submitting the machine request.  Machine requests can be subject to approval based on the requested lease duration.

When a machine lease expires, the machine is powered off.  When the archive period expires, the machine is destroyed.  You can reactivate an archived machine by setting the expiration date to a date in the future in order to extend its lease, and then powering it back on.

You can send notification emails to alert machine owners and business group managers that a machine's lease is about to expire and again when the lease expires.  Users can be entitled to request a lease extension at any time before it expires.  A business group manager or support user can also change the expiration date for a machine after it is provisioned.


 

Managing Leases in vRealize Automation

In this exercise, you will adjust the lease times on a vRealize Automation blueprint.  Once complete, you will deploy a virtual machine using this blueprint, and view the timeframes for lease expiration and archival.

Following the deployment, you will expire the lease on the virtual machine and verify that it is in an expired state.  With the machine's lease expired, you will then renew and extend the lease so that the virtual machine will remain available.

 

 

Open Google Chrome

 

  1. From the Windows Quick Launch task bar, click on the Chrome icon to open the web browser.

 

 

Log In to vRealize Automation

 

  1. Log in as cloudadmin with the password VMware1!
  2. Click Sign in

 

 

Configure Blueprint

 

Leases and archive times are configured within the blueprints that are deployed by vRealize Automation.  In order to change the default lease and archive period, you must edit the blueprint.

  1. Navigate to the Design tab
  2. Select the CentOS blueprint
  3. Click Edit

 

 

Blueprint Properties

 

In order to ensure adequate resources across Rainpole's development environment, leases will be used to clean up unused resources.  The developers at Rainpole have requested enough lease time to complete their testing, and they would also like to have more time to recover the virtual machine should its lease expire.

  1. Click the Configure icon (gear)
  2. Change the Minimum value for Lease (days) to 10
  3. Change the Maximum value for Lease (days) to 30
  4. Change the Archive (days) field to 15
  5. Click OK to close the Blueprint Properties window
  6. Click Finish to save and close the blueprint

The archive period will allow the developers to redeploy a blueprint and restore the state it was in when the lease expired.  Once the archive period expires, the deployment is destroyed.

 

 

Log Out of vRealize Automation

 

  1. Click Logout to log out of vRealize Automation

 

 

Return to Login Screen

 

  1. Click Go back to login page to return to the vRealize Automation login screen

 

 

Log In as devuser

 

  1. Log in as devuser with the password VMware1!
  2. Click Sign in

 

 

Begin a New Request

 

Verify your changes by requesting the blueprint from the catalog.

  1. Navigate to the Catalog tab
  2. Select Request on the CentOS catalog item

 

 

Review Lease Settings

 

  1. Note the default value for Lease days is 10 (with the option to select a value between 10 and 30)
  2. Click Submit

 

 

Request Submitted

 

You will now follow your request through the rest of the deployment process.

  1. Click OK to proceed, and return to the Service Catalog page (not shown)
  2. Click the Requests tab to check on the status of your request.

Verify that the message "The request has been submitted successfully" before moving on.  If you receive an error, verify that the Lab Status is "Ready" and try submitting the request again.

 

 

Review Your Request

 

This tab will show you the request state as it moves through the provisioning process.  The deployment may take a few minutes to complete.

  1. Press the Refresh button to refresh the status of the request
  2. Monitor the progress until the Status changes to Successful.  You may have to click Refresh several times before the request has completed.

 

 

Lease Information

 

Once the request has been completed, we'll be able to view the new virtual machine under Items.

  1. Click the Items tab
  2. Expand the CentOS item to see the virtual machine that was deployed
  3. Note the dates under the Expires and Destroy On columns - the deployment will expire 10 days from now, and will be destroyed 15 days after that

 

 

Expiring a Lease

 

When a lease expires, all of the virtual machines in the deployment will be powered off and any other resources associated with the deployment will be expired as well.

  1. Select the CentOS row.  Be careful not to click on the blue text as this will take you to the details of the deployment.
  2. Click Actions
  3. Select Expire from the Actions drop-down menu
  4. Click Submit in the confirmation window (not shown)
  5. Click OK to dismiss the window after the request has been completed successfully

 

 

Verify Lease Expiration

 

  1. Verify that the Expires column has been updated to today's date, and that the Destroy On column shows a date 15 days from today.
  2. You may need to click the Refresh icon a few times for the new dates and times to appear

 

 

Examine Expired Items

 

  1. Expand the CentOS item
  2. Select the dev-XX VM - click on the name to be taken to the Item Details screen

 

 

VM Status

 

This VM has expired, but the state it was in when the lease expired has been archived.  The only action available is to Destroy the VM from this view, but the owner of this VM can modify the lease and restore the VM back to its previous state.

  1. Scroll to the bottom of the pane
  2. Click Close (not shown)

 

 

Extending the Lease

 

In order to make use of this VM again, the lease must be extended.

  1. Select the row for the CentOS deployment.  Be careful not to click on the blue text as this will take you to the details for the deployment.
  2. Click the Actions icon
  3. Select Change Lease from the Actions drop-down menu

 

 

Change Lease Properties

 

A new window will appear asking for parameters to change the lease expiration date.  Complete the form as follows:

  1. Expiration Date:  Set to 1st of next calendar month (using US date format:  mm/dd/yyyy)
  2. Enter 12:00 AM in the time field
  3. Click Submit
  4. Click OK (not shown)

 

 

Lease Restored

 

Note the new Expires date, and the Destroy On date set for 15 days after expiration.  The owner of this deployment will now have access to their VM and no data will have been lost.

 

 

Log Out

 

  1. Click Logout

 

 

Return to Login Screen

 

  1. Click Go back to login page to return to the login screen

 

Create and Apply an Approval Policy


An approval policy is used to govern whether a service catalog user requires approval from someone in your organization in order to provision items in your environment.

A tenant administrator or approval administrator can create approval policies.  The policies can be for pre-provisioning or post-provisioning.  If a pre-approval is configured, then the request must be approved before the request is provisioned.  If it is a post-approval, then the request must be approved before the provisioned item is released to the requesting user.

The policies are applied to items in an entitlement.  You can apply them to services, catalog items, catalog item components, or actions that require an approver to approve or reject a provisioning request.

When a service catalog user requests an item that includes one or more approval policies, the approval request is sent to the approvers.  If approved, the request moves forward.  If rejected, the request is canceled and the service catalog user is notified regarding the rejection.


 

Log In

 

  1. Log in as cloudadmin with password VMware1!
  2. Click Sign in

 

 

Manage Approval Policies

 

The IT management at Rainpole Inc. have stipulated that any requests asking for more than 1GB of memory must be approved by the IT Manager.  You will use vRealize Automation to put this policy into place.

  1. Navigate to the Administration tab
  2. Select Approval Policies (this section may be selected by default)
  3. Click New

 

 

Select Approval Policy Type

 

You will need to apply this policy to the virtual machines being deployed within a catalog item request:

  1. Scroll down until you see Service Catalog - Catalog Item Request - Virtual Machine
  2. Select the Service Catalog - Catalog Item Request - Virtual Machine row
  3. Click OK

 

 

Approval Policy Configuration

 

  1. Enter VM Memory Approval in the Name field
  2. Change the Status from Draft to Active
  3. Click the green + to add a new approval level to this policy

 

 

Pre-Approval Level

 

  1. Enter Memory Exceeds 1024 in the Name field
  2. Select Required based on conditions
  3. Select Memory (MB) from the Clause drop-down menu
  4. Select > from the next drop-down menu that appears
  5. Enter 1024 in the field provided in the Value drop-down

 

 

Pre-Approval Level (Continued)

 

  1. Scroll to the right
  2. Verify that Specific users and groups is selected under the Approvers section
  3. Type itmgr into the search bar, and press Enter
  4. Select IT Manager (itmgr@corp.local) from the drop-down menu
  5. Verify that Anyone can approve is selected
  6. Click OK (you may need to scroll down in order to see the button)

 

 

Finalize the Policy

 

  1. Click OK to finalize the new approval policy

 

 

Apply the Approval Policy

 

The approval policy you've just created must now be applied to a catalog item:

  1. Click on Catalog Management

 

 

Change Entitlements

 

  1. Select Entitlements
  2. Click Development to open the Edit Entitlements screen

 

 

Items and Approvals

 

  1. Navigate to the Items & Approvals tab
  2. Add a new Entitled Item by clicking on the green +

 

 

Choose Item and Apply Policy

 

  1. Select the Windows Server 2012 item (you may need to scroll down until you find it)
  2. Click Show all to show all available Approval Policies
  3. Select VM Memory Approval [Service Catalog - Catalog Item Request - Virtual Machine] from the drop-down menu
  4. Click OK
  5. Click Finish (not shown) to entitle the approval policy to this blueprint

 

 

Log Out

 

Now that the approval policy has been applied to the catalog item, log out as cloudadmin so you can test the new policy.

  1. Click Logout

 

 

Return to Login Screen

 

  1. Click Go back to login page

 

 

Log In as devuser

 

  1. Log in as devuser with password VMware1!
  2. Click Sign in

 

 

Request Blueprint

 

  1. Click Catalog to navigate to the service catalog
  2. Click Request on the Windows 2012 blueprint

 

 

New Request

 

  1. In the Description field, enter Memory approval policy test
  2. In the Reason for request field, enter Testing new approval policy
  3. Select the Windows 2012 VM item

 

 

Change Memory Values

 

  1. Change the Memory (MB) value to 2048
  2. Click Submit
  3. Click OK (not shown)

 

 

Review Request

 

  1. Navigate to the Requests tab
  2. Note that the request is now displaying a Status of Pending Approval

 

 

Log Out

 

  1. Click Logout

 

 

Return to Login Screen

 

  1. Click Go back to login page to return to the login screen

 

 

Log In as IT Manager

 

  1. Log in as itmgr with password VMware1!
  2. Click Sign in

 

 

Check Inbox

 

  1. Click Inbox to navigate to the approval inbox
  2. Click the Approval Number for the new request

 

 

Approve the Request

 

  1. In the Justification field, type Approved
  2. Click Approve

 

 

Log Out

 

  1. Click Logout

 

 

Return to Login Screen

 

  1. Click Go back to login page to return to the login screen

 

 

Log In as devuser

 

  1. Log in as devuser with password VMware1!
  2. Click Sign in

 

 

Review Request

 

  1. Click Requests to navigate to the list of requested items
  2. Refresh the status using the Refresh button at the bottom of the request list - this process may take several minutes and require multiple refreshes
  3. Note that the Status for this request changes to Successful once the request is complete

You have completed this exercise, and have successfully leveraged an approval policy to demonstrate a request that will only complete upon manager approval.

 

Conclusion


In this module, you learned how to manage the lease expiration settings of vRealize Automation blueprints, and how to create and apply approval policies.  These policies allow vRealize Automation consumers to request blueprint items on demand, while still allowing IT to manage availability of the underlying resources.


 

You've finished Module 4

 

Congratulations on completing Module 4.

If you are looking for additional information on lifecycle management and governance of vRealize Automation resources, try one of these:

Proceed to any module below which interests you most. [Add any custom/optional information for your lab manual.]

 

 

How to End Lab

 

To end your lab click on the END button.  

 

Conclusion

Thank you for participating in the VMware Hands-on Labs. Be sure to visit http://hol.vmware.com/ to continue your lab experience online.

Lab SKU: HOL-1921-01-CMP

Version: 20181113-014623