If you haven’t read Part 1 of this article you will want to go back and read it before you proceed. In part 2 we will build on the installation that we performed in part 1. Let’s just dig right in and get started.
How this integration works
Configuring the integration to use native vRA authentication requires the user to login to ServiceNow and vRA both. When the user logs into ServiceNow they are redirected to the vRA Login page and was logged in they are then redirected back to ServiceNow. This allows requests the user makes to be passed to vRA as that user. The main difference between this and the SAML (ADFS) integration is the user only need to login to vRA the very first time they use it and never again as the user is auto-magically logged in to vRA in the background using the SAML token. This is a great option for testing the integration without having to touch your Identity Management configuration.
Continue reading “vRA 7.3 – Installing and configuring vRA plugin for ITSM – ServiceNow – Part 2”
One of the most frequent asks when using vRA is, “How do I deploy machines using my company’s hostnaming standards automatically using vRA?” Since the out-of-the box hostnaming only provides a way to do prefix-suffix, the answer to this question usually is that it will require customization.
This solution is intended to provide a way to implement this functionality by using a small, highly versatile custom extension which can handle 95% of use cases without writing custom code.
The rest of this article contains instructions on installing and configuring the vRA Custom Hostnaming Extension. This extension allows administrators to model very specific custom hostnaming schemes for their vRA virtual machines, Deployments, and vCloud Director vApps using vRA custom properties, with dynamic creation of stock machine prefixes and index tracking for each unique hostname combination.
This extension is proof-of-concept or demo grade. While it runs well and consistently, it has not been put through a formal quality assurance process, so please use with caution.
Continue reading “VMware vRealize Automation – vRA7 – Custom Hostnaming Extension for vRA7 and beyond”
So vSphere 6 launched last week and you want to kick the tires in your lab. Hopefully before you install you head on over to VMware and check out the Interoperability Matrixes. I’ve been reading posts online about folks jumping in with both feet and just straight out upgrading to vSphere 6. Of course I may have been one of those people myself.
I being who I am got all excited over the vSphere 6 release and all the new features it offers cracked open the upgrade guide and went all in with the vSphere 6 migration utility and migrated my vCenter 5.5 server to vCenter 6. That’s half the battle right. Get through the migration and everything will be golden. Not quiet. After the migration, (which went fairly smooth by the way) I launched the vSphere web client and went to login and noticed I was not able to login as myself. Luckily the email@example.com account was able to login with no issues. I then started poking around and noticed I no longer had a link for Networking and Security.
Continue reading “VMware vSphere 6 & NSX – Planning on upgrading to vSPhere 6 and in an environment with NSX?”
Yesterday VMware was very busy announcing the release of over 2 dozen product which included two new products to the market these two new additions to the VMware portfolio are:
VMware Integrated Openstack – That’s right it’s out and it’s available now for you to download.
VMware Software Manager 1.0 – This probably not as exciting as VIO, but it will come in handy for finding, selecting, and downloading the content needed to install or upgrade a VMware Suite.
Below is a list of all the products released yesterday including links to their downloads, documentation, and release notes for your convenience.
Continue reading “VMware Introduces 24 product releases including the much anticipated vSPhere 6”
Today VMware released vRealize Automation (vRA) formerly known as vCloud Automation Center (vCAC) version 6.2.1. In the release there is several bug fixes and one enhancement. The enhancement however is one that you may be very interested in.
Remote Console is back! – Remote Console Capabilities for Machines Provisioned with vSphere: Secure remote console capabilities for machines provisioned with vSphere are implemented in this release by means of WebMKS (HTML 5 console) through a console proxy.
To get the latest bits and check it out go to:
vRealize Automation 6.2: https://my.vmware.com/web/vmware/info/slug/infrastructure_operations_management/vmware_vrealize_automation/6_2
This is something that has been long sought after by many. The hardening guide is 38 pages long packed with hardening information for the vRA Appliance, IaaS Server, Identity Appliance, and Application services appliance. This document takes you through the hardening of the SLES 11, PostgresSQL, Windows Host including SQL Server, IIS, and Microsoft .Net. The hardening guide also covers the network security and securing communications between the vRA components.
The network security section of the guide includes a complete list of all the vRA components and the ports/protocols that are used by the component. Even if you are not ready to start creating a fully hardened deployment it’s worth taking a look at the guide and becoming familiar with the the communications between the different components.
Continue reading “VRealize Automation – vRA (vCAC) 6.2 – Hardening Guide Released”
Are you getting ready for the pending release of vRealize Automation 6.2 next week? If so you’ll want to make your first stop GitHub to download Brian Graf’svCAC62-PreReq-Automation.ps1 script. If you are not familiar with Brian’s PreREq automation scrip, it is a script that configures all of the needed requirements ion your Windows IaaS server prior to installing vCAC. Brian did a fantastic job with the creation of this, it is a must have if you are installing vCAC from scratch.
In this version he updated the script to account for vCAC 6.2 Pre-Requisites so head on over to https://github.com/vtagion/Scripts/blob/master/vCAC62-PreReq-Automation.ps1 to download the script and get familiar with it to be prepared for the pendinf release.
One-to-One NAT environments allow you to perform both SNAT and DNAT for all machines provisioned behind and NSX Edge Gateway. For each machine provisioned onto the One-to-One NAT network an External IP is added to the Edge gateway for the NAT translation. The External IP is assigned from the External Network Profile that is assigned to the One-to One NAT Network Profile. Although the One-To-One NAT network will use NAT translation to communicate with the upstream networks (North – South) it is routed to other networks connected to the same NSX Edge Gateway. When deploying a multi-tier application that has multiple network tiers attached to an NSX Edge Gateway all the back-end networks are routable so it’s important no to re-use IP space across different Network Profiles.
In the below diagram there are three Multi-Machine apps. Each one has three web servers, two app servers, and two database servers. The database servers are on a private network, no NAT translation to the upstream networks. The App servers are using a One-to-Many NAT network where they are using SNAT to get access to the upstream network, and the Web Servers are using DNAT for both inbound and outbound traffic. You will notice that each of the Multi-Machine Apps are using the same Up address on the backend, however the IP’s assigned to the NSX Edge Gateway’s external interfaces are different. Notice for the One-to-One NAT that there is an equal number of external IP address. Lao notice in this scenario where we are using both One-to-One and One-To Many the external IP’s are on the same subnet. They all should come from the same External Network Profile that the related to the network that the NSX Edge Uplink interface is provisioned to.
Continue reading “vRealize Autoamtion – vCAC 6.1 – Creating a One to One NAT Network Profile”
The out of the box vCAC –> NSX integration requires the use of Multi-Machine blueprints. Multi-Machine blueprints are basically a blueprint that pulls together one of more single-machine blueprint. In order to create a three tier web application like the one I will be walking through we will need three standard blueprints to utilize within our Multi-Machine blueprint. In the below example will be configuring a Multi-Machine blueprint that will deploy an NSX Edge Gateway on to it’s own reservation and then deploy three different blueprints each onto a different network specific to it’s tier. Example below:
I will be walking through how to create a Multi-Machine blueprint that will build out the equivalent of the above diagrams Multi-Machine App.
Continue reading “vRealize Automation – vCAC 6.1 / NSX 6.1 – Creating a Multi-Machine Blueprint w/NSX Routed Gateway Support”
External Network profiles in vCAC enable you to create a range of IP addresses that can used to statically assign IP address to provisioned workloads in your environment. There are two part to an External Network Profile. There is the Network Profile Information in which you specify the network specific information such as netmask, gateway, DNS Server, Suffixes, and WINs Servers. Then there is the IP ranges these can be one contiguous range of IP address or multiple ranges within the subnet that are broken up.
The Network profile is then assigned to a network within a Reservation and any machine provisioned to that reservation an attached to a network will get it’s IP information form the assigned Network profile. There are a number of ways to utilize External Network Profiles within vCAC , below are some examples:
Continue reading “vRealize Automation – vCAC 6.1 – External Network Profiles”