Sunday, January 27, 2019

Use OnPrem vRealize Automation to provision on VMConAWS

In this blog, I will be describing the process of how to use OnPrem vRealize Automation (vRA) with VMware Cloud on AWS SDDC

What is VMware Cloud on AWS (VMConAWS)


vSphere based Cloud hosted on AWS public cloud. It allows you to modernize, protect and scale mission-critical vSphere-based applications leveraging AWS

As per standard design for VMConAWS, cloudadmin@vmc.local only has access to following resources
  •       Compute-ResourcePool
  •       Workloads folder
  •       sdddc-cgw-network-1 port group/segment (or Manually created by a user in Compute Gateway)
  •       WorkloadDatastore 

Pre-requisites


Following are the pre-requisites to be able to successfully provision on VMConAWS using vRA  
  •       vRA 7.2 and above deployed OnPrem
  •      Compute Segment which will be used to provision VMs in VMConAWS
  •      IPSEC VPN between OnPrem and VMConAWS for both Management & Compute CIDR
  •       Firewall Rules for Management & Compute Gateways to allow communication from OnPrem vRA setup 


vRA Configuration


The following section describes the steps how to configure vRA to add VMConAWS as a vCenter endpoint

Quick Note

  • There is no NSX integration available vRA with VMCon AWS 
  • Ensure that all vRealize Automation VMs are configured to use TLS 1.2

In my setup, I am using the latest vRA which is 7.5.1


Add vCenter Endpoint

 Login to vRA  and navigate to Infrastructure > Endpoints
Click New > Virtual > vSphere (vCenter)















Specify the following details

Input
Description
Name
Name of the endpoint
Address
vCenter fqdn
https://fqdn/sdk
Username
cloudadmin@vmc.local

If you have integrated with AD then a user which is added to CloudAdmin Group in VMConAWS vCenter
Password
Password for the account specified above

Click Test Connection and ensure the test is successful












Click on Fabric Groups under Infrastructure and Click New to add Cluster in fabric groups and assign fabric administrators to manage them









Click Reservations under Infrastructure and Click New to create reservations to allocate resources to business groups for VMConAWS vCenter

















This is the most important part else your provisioning will fail due to a permissions error

Resource
Value
ResourcePool
Compute-ResourcePool
Datastore
WorkloadDatastore
VM & Template Folder
Workloads
This is done through Custom Property
Vmware.VirtualCenter.Folder
Network
Use the logical network that you created as part of the prerequisites


























































Create Blueprint with vSphere(Center) Machine using VC Template – Standard vRA configuration
















Publish the Blueprint and perform standard configuration for Catalog Management (Standard vRA Configuration)

Request Deployment from the Catalog and you will see a successful deployment







































Conclusion

Once it is configured it will be same as any other vCenter however couple of things to remember

  •       There is no NSX integration available vRA with VMCon AWS hence Admin has to create network manually in SDDC
  •      Please ensure appropriate network configurations are enabled to install software components. Remember VC is in cloud hence the Firewall rules are key and the most important part of the config

No comments:

Post a Comment