Sunday, January 27, 2019

Use OnPrem vRealize Automation to provision on VMConAWS

In this blog, I will be describing the process of how to use OnPrem vRealize Automation (vRA) with VMware Cloud on AWS SDDC

What is VMware Cloud on AWS (VMConAWS)

vSphere based Cloud hosted on AWS public cloud. It allows you to modernize, protect and scale mission-critical vSphere-based applications leveraging AWS

As per standard design for VMConAWS, cloudadmin@vmc.local only has access to following resources
  •       Compute-ResourcePool
  •       Workloads folder
  •       sdddc-cgw-network-1 port group/segment (or Manually created by a user in Compute Gateway)
  •       WorkloadDatastore 


Following are the pre-requisites to be able to successfully provision on VMConAWS using vRA  
  •       vRA 7.2 and above deployed OnPrem
  •      Compute Segment which will be used to provision VMs in VMConAWS
  •      IPSEC VPN between OnPrem and VMConAWS for both Management & Compute CIDR
  •       Firewall Rules for Management & Compute Gateways to allow communication from OnPrem vRA setup 

vRA Configuration

The following section describes the steps how to configure vRA to add VMConAWS as a vCenter endpoint

Quick Note

  • There is no NSX integration available vRA with VMCon AWS 
  • Ensure that all vRealize Automation VMs are configured to use TLS 1.2

In my setup, I am using the latest vRA which is 7.5.1

Add vCenter Endpoint

 Login to vRA  and navigate to Infrastructure > Endpoints
Click New > Virtual > vSphere (vCenter)

Specify the following details

Name of the endpoint
vCenter fqdn

If you have integrated with AD then a user which is added to CloudAdmin Group in VMConAWS vCenter
Password for the account specified above

Click Test Connection and ensure the test is successful

Click on Fabric Groups under Infrastructure and Click New to add Cluster in fabric groups and assign fabric administrators to manage them

Click Reservations under Infrastructure and Click New to create reservations to allocate resources to business groups for VMConAWS vCenter

This is the most important part else your provisioning will fail due to a permissions error

VM & Template Folder
This is done through Custom Property
Use the logical network that you created as part of the prerequisites

Create Blueprint with vSphere(Center) Machine using VC Template – Standard vRA configuration

Publish the Blueprint and perform standard configuration for Catalog Management (Standard vRA Configuration)

Request Deployment from the Catalog and you will see a successful deployment


Once it is configured it will be same as any other vCenter however couple of things to remember

  •       There is no NSX integration available vRA with VMCon AWS hence Admin has to create network manually in SDDC
  •      Please ensure appropriate network configurations are enabled to install software components. Remember VC is in cloud hence the Firewall rules are key and the most important part of the config

No comments:

Post a Comment