vRealize Automation – vCAC 6.1 – Custom Property Toolkit for vCO

For those of you who have not seen this yet, it is a must have for anyone writing vCO workflows for vCAC.  VMware’s own Dan Linsey build a set of pre-built workflows to help aid you in your own development efforts.  The toolkit includes workflows for performing Create, Read, Update, & Delete Operations for vCAC custom properties for more than just virtual machine objects.  IT includes support for the following:

 

  • Blueprints
  • Build Profiles
  • Business Groups
  • Endpoints
  • Property Dictionary
  • Virtual Machines
  • and more

Top check out this incredibly useful toolkit head over to the VMware Communities and download it.

vRealize Automation – vCAC 6.x – Removing workflow revisions from Design Center

CloudUtil is a vRA(vCAC) repository management tool that is part of the vRA Designer.  It actually is what you are launching when you run the designer.  When run without parameters it launches the GUI Designer.  It however has other functions that can prove useful from time to time.

For starters if you don’t have the Designer Installed you can get it by going to https://FQDNofvCACAppliance:5480 –> IaaS Install –> vCloud Automation Center Designer.  When you install it make sure you put in the IaaS host, NOT the vCAC appliance hostname.

I frequently get asked how can workflow revisions be removed from the designer.  The answer is they can, but you need a Development Kit license to do so with CloudUtil.  Working in the designer you will come to find out that the revisions add up fast and before you know it you could have hundreds.  I’m going to walk you through a way to remove the revisions without a Development License for CloudUtil.

[Read more…]

vRealize Automation – vCAC 6.1 – Custom vCenter Folder Extension

Overview

vCAC by default will place all provisioned machines into a vCenter folder named VRM.  You can override this using the custom property VMware.VirtualCenter.Folder to tell vCAC where to place the provisioned machine.  While this is great that you can tell vCAC where to place the provisioned machine it isn’t very flexible.  I built the Custom vCenter Folder Extension to fix that and make folder placement as flexible as you need it to be.  VM folder placement is just about organizing virtual machines.  It provides a way to control access to these machines through vCenter as well.  Many organizations control permissions to these environments using these folders and need to be able to place any machine where they need for these purposes.

Multi-Machine blueprints is another area where this extension adds value.  You can control placement of virtual machines by defining the VMware.VirtualCenter.Folder property on a Multi-Machine blueprint folder, but all VM’s for all Multi-Machine apps are placed in the same folder creating confusion as to which VM’s belong to which Multi-Machine application.  Now if you add NSX into the mix and you have Multi-Machine components spread all over the place with no way to easily determine which VM’s as well as NSX Edges go to which application.

When used with Multi-Machine blueprints the Custom vCEnter Folder Extension can place all component Virtual Machines as well as Deployed NSX Edge appliances in a folder named after the Multi-Machine application if you desire making it easy to identify related components of an application.  This also allows you to easily permission vCenter access to the components of the application if necessary.

Features

  • Dynamic Folder Names based on custom naming scheme
  • Multi-Machine folder placement including NSX Edge applince
  • Automatic Multi-Machine folder removal when Multi-Machine app is destroyed

[Read more…]

vRealize Autoamtion – vCAC 6.1 – Creating a One to One NAT Network Profile

One-to-One NAT environments allow you to perform both SNAT and DNAT for all machines provisioned behind and NSX Edge Gateway.  For each machine provisioned onto the One-to-One NAT network an External IP is added to the Edge gateway for the NAT translation.  The External IP is assigned from the External Network Profile that is assigned to the One-to One NAT Network Profile.  Although the One-To-One NAT network will use NAT translation to communicate with the upstream networks (North – South) it is routed to other networks connected to the same NSX Edge Gateway.  When deploying a multi-tier application that has multiple network tiers attached to an NSX Edge Gateway all the back-end networks are routable so it’s important no to re-use IP space across different Network Profiles.

 

In the below diagram there are three Multi-Machine apps.  Each one has three web servers, two app servers, and two database servers.  The database servers are on a private network, no NAT translation to the upstream networks.  The App servers are using a One-to-Many NAT network where they are using SNAT to get access to the upstream network, and the Web Servers are using DNAT for both inbound and outbound traffic.  You will notice that each of the Multi-Machine Apps are using the same Up address on the backend, however the IP’s assigned to the NSX Edge Gateway’s external interfaces are different.  Notice for the One-to-One NAT that there is an equal number of external IP address.  Lao notice in this scenario where we are using both One-to-One and One-To Many the external IP’s are on the same subnet.  They all should come from the same External Network Profile that the related to the network that the NSX Edge Uplink interface is provisioned to.

[Read more…]

vRealize Automation – vCAC 6.1 – Creating a Private Network Profile

Private networks have no upstream (North – South) NAT or routing when they are deployed.  They are networks attached to the deployed NSX Edge Gateway that have East – West routing to other netowrks attached to the same NSX Edge Gateway and that is it.  Due to this unlike the other NSX related Network Profiles we can create the Private Network Profile does not need to have an External Network Profile attached to it.  It’s simply a range of IP’s to be used for the machines provisioned on to the network.

In the below diagram the  blue network will be my private network.  Machines placed on the blue network will only be able to communicate with machines placed on the orange or green network and not anything upstream.  I can also limit it’s communications further by using security policies which we will discuss as a separate topic

[Read more…]