vExpert 2017 Second Half Award Announcement

VMW-LOGO-vEXPERT-2017-k

This Wednesday VMware announced the result for the vExpert 2017 second half award program with new vExperts.

I’m humbled and honored to be recognize as a vExpert for the first time.

I wish to thank Ariel Sanchez for mentoring me on the vExpert program and to Corey Romero and the rest of the VMware Social Media & Community Team for all the effort you put into the vExpert program to make it the success it is.

vExpert 2017 Second Half Announcement

My vExpert Directory

 

Objective 2.2: Create and Manage Directories

This is part of my VCP7-CMA study guide – Objective 2.2: Create and Manage Directories.

Official Blueprint-


Knowledge

  • Create and manage LDAP directory for Active Directory in vRealize Automation
  • Create and manage Windows Integrated Authentication Directory in vRealize Automation
  • Determine and configure appropriate user and directory binding details
  • Evaluate directory synchronization health and troubleshoot issues

Tools


In vRealize 7.x VMware replaced the underlying identity management system from vCenter SSO to VMware Identity Manager (vIDM), vIDM is integrated to the vRA 7.x appliance and is easy to scale with the addition of another vRA appliance.

Continue reading

Objective 2.4: Manage User and Group Role Assignments

This is part of VCP7-CMA study guide – Objective 2.4: Manage User and Group Role Assignments.

Official Blueprint-


Knowledge

  • Explain the roles available to vRealize Automation and vRealize Business
  • Assign roles to individual users for a given design
  • Assign roles to directory groups for a given design
  • Create vRealize Automation custom groups and assign roles

Tools


Explain the roles available to vRealize Automation and vRealize Business

Assign roles to individual users for a given design

See “Assign roles to directory groups for a given design”.

Assign roles to directory groups for a given design

Prerequisites

Log in to the vRealize Automation console as a tenant administrator.

Procedure

  1. Select Administration > Users & Groups > Directory Users & Groups.
  2. Enter a user or group name in the Search box and press Enter.Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain.
  3. Click the name of the user or group to which you want to assign roles.
    vra-roles1
  4. Select one or more roles from the Add Roles to this User (or Group, the process is the same) list.The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
    vra-roles2
  5. (Optional) Click Next to view more information about the user or group.
  6. Click Update Finish.

Users who are currently logged in to the vRealize Automation console must log out and log back in to the vRealize Automation console before they can navigate to the pages to which they have been granted access.

 Source – Assign Roles to Directory Users or Groups

Create vRealize Automation custom groups and assign roles

Tenant administrators can create custom groups by combining other custom groups, identity store groups, and individual identity store users.
You can assign roles to your custom group, but it is not necessary in all cases. For example, you can create a custom group called Machine Specification Approvers, to use for all machine pre-approvals. You can also create custom groups to map to your business groups so that you can manage all groups in one place. In those cases, you do not need to assign roles.

Prerequisites

Log in to the vRealize Automation console as a tenant administrator.

Procedure

  1. Select Administration > Users & Groups > Custom Groups.
  2. Click the Add icon (green-plus).
    vra-roles3
  3. Enter a group name in the New Group Name text box.
    Custom group names cannot contain the combination of a semicolon (;) followed by an equal sign (=).
  4. (Optional) Enter a description in the New Group Description text box.
  5. Select one or more roles from the Add Roles to this Group list.
    The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
    vra-roles4
  6. Click Next.
  7. Add users and groups to create your custom group.
    vra-roles5

    1. Enter a user or group name in the Search box and press Enter.
      Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain.
    2. Select the user or group to add to your custom group.
  8. Click Add Finish.

Users who are currently logged in to the vRealize Automation console must log out and log back in to the vRealize Automation console before they can navigate to the pages to which they have been granted access.

 Source – Create a Custom Group

Quick note -Intel-v4 and HPE server’s compatibility

hewlett_packard_enterprise

Quick note about Intel-v4 and HPE server’s compatibility with ESXi –

I was surprised when I looked at the VMware HCL (VMware Compatibility Guide) for HPE servers with v4 processor, the version of ESXi 6 U1 was missing…

vmware-hcl

I contact HPE support and they told me that it is not supported, HPE skipped this version (6 U1) to version 6 U2.

This is also documented in the HPE SupportMatrix – look at the footprint notes –

  • 10Includes support for the Intel® Xeon® E5-2600-v4 Series (6.0 U2)
  • 15Includes support for the Intel® Xeon® processor E7-8800/4800 v4 (6.0 U2)
  • 16Includes support for the Intel® Xeon® processor E5-4600 v4 (6.0 U2)

 

Lesson learned – always check compatibility before the purchase, assume nothing.

My VMware VCP7-CMA Beta Exam Experience

vcp7-cma

Today I took the VCP7-CMA beta exam and I wanted to quickly share my experience with you. Obviously this tips are more general and will be relevant to the GA exam and probably to any certification exam (for my knowledge the beta ends this week).

About the beta exam – it’s tough! The exam consists of 175 (!) single and multiple choice questions covering all topics of the product (vRA 7). The time allowed is 210 minutes and for non-native English speakers countries there is an extra 30 minutes, so 240 minutes (4 hours) for 175 questions.

Let me say it straight – I don’t think I pass (there is no immediate results at beta exams). As a customer I tend to foucus on my company needs and use cases and not necessary using and gaining experience with other features of the product which is quite expected but not good enough for certification exams.

I had a feeling that I wasn’t ready for the exam but decided to try anyway, I figured it is a good experience and that I could learn what are my weak areas so I can improve for next time (and it was cheap… the exam cost 50$).

As expected, I was quite overwhelmed by the deep technical level some of the questions was, I knew that I have more to cover on XaaS, Roles, Reservations and Approval policies but I didn’t know how much…

I’m not telling you to learn this Objectives! I’m trying to emphasize that you need to map your weak areas, what is not on your day-to-day tasks? what you have never done? try to strengthen your knowledge and gain some experience on that areas.

From my weak objective list, you can see that in my environment I don’t use Approvals Policies (YET!) and that we are just starting to use XaaS. I didn’t know reservation as I expected – there is much more insight there then I know… Roles is a huge topic; I will try to write a post about roles soon.

Good luck!

Objective 2.1: Create and Manage Tenants

This is part of VCP7-CMA study guide – Objective 2.1: Create and Manage Tenants.

Official Blueprint-


Knowledge

  • Create a new tenant for a given design
  • Create, add, and manage local users
  • Configure administrative access and describe privilege level differences between roles
  • Determine the unique URL used to access the tenant

Tools


Create a new tenant for a given design

  1. Go to the  vRealize Automation console – https://vra-host/vcac
  2. Log in as a System Administrator (usually administrator@vsphere.local)
  3. Select Administrator  -> Tenatsimage001
  4. Click green-plus New.
  5. Fill this form –
    Name – Name for the new Tenant.
    URL name – this will be use to direct users directly to this tenant.
    For example, enter thesysadminlogs to create the URL https://vra-host.fqdn/vcac/org/thesysadminlogs.If you have a large environment with different tenant it will be very handy to use the Description and Contact email fields.

    image002

  6. Click Submit and Next (Please note – selecting Submit and Next will create the tenant and proceed to the Local Users tab)

Create, add, and manage local users

  1. There is 2 ways to get here –
    1. Part of the New Tenant wizard
    2. Edit Tenant from Administrator  -> Tenats and select Local Users.
  2. Click green-plus New.image003
  3. Enter First name, Last name, Email, User name and Password.
    image004
  4. Click OK and then Next.

Configure administrative access and describe privilege level differences between roles

  1. There is 2 ways to get here –
    1. Part of the New Tenant wizard
    2. Edit Tenant from Administrator  -> Tenats and select Administrators.
  2. There is 2 options – (The description is from the Foundations and Concepts document)
    1. Tenant administrators – Typically a line-of-business administrator, business manager, or IT administrator who is responsible for a tenant. Tenant administrators configure vRealize Automation for the needs of their organizations.
      They are responsible for user and group management, tenant branding and notifications, and business policies such as approvals and entitlements. They also track resource usage by all users within the tenant and initiate reclamation requests for virtual machines.
    2. IaaS administrators – IaaS administrators manage cloud, virtual, networking, and storage infrastructure at the system level, creating and managing endpoints and credentials, and monitoring IaaS logs. IaaS administrators organize infrastructure into tenant-level fabric groups, appointing the fabric administrators who are responsible for allocating resources within each tenant through reservations and reservation, storage, and networking policies.
  3. Enter the name of a user or group is the search field under the privilege you selected and press Enter or the search icon.

    image005

  4. Click Add.

Objective 3.2: Install an Enterprise Deployment

This is part of my VCP7-CMA study guide – Objective 3.2: Install an Enterprise Deployment.

Official Blueprint-


Knowledge

  • Identify IaaS enterprise deployment prerequisites
  • Validate environment readiness for given design based on install type and size
  • Confirm DNS configuration for servers and load balancers based on deployment type and size
  • Deploy and configure vRealize Automation Appliance OVF
  • Install using the installation wizard
    • Determine and select appropriate deployment based on size
    • Determine and select the appropriate servers for component installation
    • Prepare the environment for installation based on deployment size
    • Install IaaS Web components and model manager data
    • Install IaaS manager server and DEM Orchestrator components
    • Install DEM Workers
    • Install Management Agents
  • Implement and manage CA signed certificates

Tools


I would recommend to go thru the simple installation at least once and read the official documentation in addition to this blog posts.

Eric Shanks (The IT Hollow) – vRealize Automation 7 – Enterprise Install

Michael Rudloff (Open902.com) – vRealize Automation 7 – Enterprise Install

Objective 3.3: Install and Configure vRealize Business Standard for use with vRealize Automation

This is part of my VCP7-CMA study guide – Objective 3.3: Install and Configure vRealize Business Standard for use with vRealize Automation.

Official Blueprint-


Knowledge

  • Create and configure a vRealize Business tenant
  • Create a user based on defined credentials for vRealize Business in vRealize Automation
  • Select the credentials for the vRealize Business user
  • Configure vRealize Business to connect to vRealize Automation

Tools


Install vRealize Business Standard

  1. Deploy the OVF template and follow the wizard –2
  2. Customize Template –
    Currency – You cannot change the currency configuration after deploying!
    Enable Server –  Select the Enable Server option if this is going to be the vRealize Business for Cloud server, If you are deploying only a data collector for remote access then deselect this option.
    Networking – Make sure you expand the Networking Properties at the bottom of the page and configure the IP ,default gateway, netmask and DNS.8
  3. Go grab a cup of coffee and wait for the deployment to complete.

Configure vRealize Business Standard

  1. Log-in to the vRB console – https://vrb-fqdn-or-ip:5480
  2. Before registering with vRA we need to configure NTP.
    Navigate to Administrator > Time Settings.
  3. Configure the “Time Sync. Mode” to “Use Time Server” and write down the IP or DNS of your NTP server.1-NTP.JPG
  4. Now let’s register the vRealize Business with the vRealize Automation,
    go to vRealize Automation Tab,
    Hostname – IP or hostname of the vRealize Automation Appliance.
    SSO Default Tenant – this will be your default tenant name, usually – vsphere.local.
    SSO Admin User – only the user name of the administrator…
    SSO Admin Password – well… the admin user password.
    Accept “vRealize Automation” certificate – Yes please. if this is the first time you register this with vRA – you need this.2-vra-register
  5. After you click “Register” it will take a few moments – Make sure you see this green text – “Registered with vRealize Automation” and the SSO Status – “Connected to vRealize Automation”.3-vRA registered.JPG
  6. Next we need to configure vRealize Automation to use vRealize Business for Cloud and assign permissions.
  7. Log in to the vRealize Automation – https://vRA_hostname/vcac/org/tenant
  8. Go to Administration tab > Users & Groups and select Custom Groups.
  9. Select the user or group you want to add the vRB role
  10. From the “Add Roles to this Group” – select the required privileges.4-vRA-roles.JPGSome clarification from the official documentation (page 23 ) –

    • If the user has to perform all administration tasks such as managing connections, managing public cloud account, updating reference database, assign the Business Management Administrator role to a user who has the Tenant Administration role.
    • If the user has to view and update the cost information only, assign Business Management Administrator role.
    • If the user has to view the details but not update the information, assign Business Management Read only role.
    • If the user has to view the assigned tenant details, but not perform other administration, assign the Business Management Controller role.
  11. Click Update and Refresh the browser (log-out and log-in will do magic sometime…).
  12. The Business Managment tab is available in the vRA UI.5-vra-newtab
  13. Click the Business Managment tab and enter your license key.6-vrb-serial

Next will be to add the vCenter server to vRB, I think its out of the scope of the exam but here it is –

  1. Configure the vCenter in vRB.
    Go to Administration > Business Managment.8-vra
  2. Extend the vCenter Server and click the + sign
    Here you will add your “Resource” vCenter – where you are provision VMs from vRA.9
  3. When prompt – Select to Install the certificate.10.JPG
  4. Go back to Business Managment tab and click on the “Status” sign. Click “Update Now” under the vCenter data collection and wait for the data collection to run successfully.11.JPG
  5. Back to the Business Managment tab and you should see some data.12.JPG

VCP7-CMA Study Guide

I created this VCP7-CMA (2V0-731) study guide in order to help myself and anyone else studying towards VMware Certified Professional 7 – Cloud Management and Automation Exam  (currently – Beta).

This exam is focus on VMware vRealize® 7.x environment (Automation, Orchenstrator, Business) but you should have a good understanding of vSphere (VCP level) and some minimal knowldge of NSX and vCloud Air (as vRA Endpoints).

I will link to external blogs for most of the stuff for simplicity and speed, if you are the original writer and don’t want me to link to your blog – just write me (gilad.brown at gmail).

Official exam page

Official study tools (as suggested in the blueprint) –

Content:

Section 1 Create and Modify vRealize Automation Blueprints
Objective 1.1 Create, Modify and Publish Blueprints Based on a Given Design
Objective 1.2 Create and Manage XaaS Blueprints with Custom Resource Mappings
Section 2 Configure and Manage Tenants and Business Groups
Objective 2.1 Create and Manage Tenants
Objective 2.2 Create and Manage Directories
Objective 2.3 Create and Manage Business Groups
Objective 2.4 Manage User and Group Role Assignments
Section 3 Install and Configure vRealize Automation and Related Components
Objective 3.1 Install a Minimal Deployment
Objective 3.2 Install an Enterprise Deployment
Objective 3.3 Install and Configure vRealize Business Standard for use with vRealize Automation
Objective 3.4 Troubleshoot Common vRealize Automation Installation and Configuration Errors
Section 4 Configure and Manage the vRealize Automation Catalog
Objective 4.1 Manage the vRealize Automation Catalog
Objective 4.2 Create and Manage Approval Policies
Objective 4.3 Provision Resources from a vRealize Automation Catalog
Objective 4.4 Locate and Reclaim Resources Based on Provided Criteria
Objective 4.5 Manage Provisioned Resources
Section 5 Configure and Administer Fabric Groups and Endpoints
Objective 5.1 Create and Manage VMware Endpoints
Objective 5.2 Create and Manage Fabric Groups, Reservations and Network Profiles
Section 6 Extend a vRealize Automation Implementation
Objective 6.1 Configure vRealize Orchestrator for use with vRealize Automation
Objective 6.2 Create and Manage Event Broker Subscriptions
Objective 6.3 Configure Virtual Machine Lifecycle Automation
Objective 6.4 Install and Configure Plugins in vRealize Orchestrator
Objective 6.5 Modify and Run Basic vRealize Orchestrator Workflows

Additional materials –

  • The IT Hollow – Eric Shanks amazing blog, I have learned much of what I know about vRealize Automation from this blog.
  • VirtualJad – Another amazing blog by Jad El-Zein, lots of technical info about vRA, NSX and Automation.
  • Grant Orchard blog – blog focus on vRealize Automation.
  • VM to Cloud – Ryan Kelly blog, Automation and DevOps stuff.
  • VCP7-CMA (2V0-731) Practice Exam
  • HOL – VMware Hands On Labs
    • HOL-1721-USE-1 – vRealize Automation 7 Basics
    • HOL-1721-USE-2 – vRealize Automation 7 Advanced
    • HOL-1721-USE-3 – vRealize Automation Advanced Extensibility
    • HOL-1790-CHG-1 – vRealize Automation: Challenge Lab
    • HOL-1783-HBD-1 – VMware vCloud Air – Manage Your Cloud
    • HOL-1706-SDC-1 – Cloud Management Platform: Integrating the Parts
    • HOL-1706-SDC-6 – Guide to SDDC: VMware Validated Designs

I will try to update this page with more resources in the future so keep checking this page from time to time. Please comment or email me if you think I missed something.

Good luck with the exam!

Gilad

My conclusions from VMworld 2016

That year was my 1st VMworld,  I always wanted to go but was unable to because many different reasons. This year I promised to myself to attend VMworld and that’s how I found myself 8 hours after my sister wedding (Mazal Tov!) staring my 17 hours journey to Las Vegas.

Soon as you land at Las Vegas airport you will notice the vendors billboard, mostly Nutanix. And that’s it, VMworld is on!

The solution exchange is the place to be most of the time, there is also the session (which are great!) and the VMviliage that you should not miss, overall the conference is great, I loved the atmosphere, loved the ability to meet with all the partners and hear (and see) their offering. The sessions are really good, they are a great way to learn about products and new features.

After all the hype and buzz (isn’t that the same?…) I was disappointed that there was no new important announcements. I was looking for vSphere 6.5 RTM which had his beta ended few weeks ago. I guess it will be announce in VMworld Europe. Its looks like VMware is really struggling at innovating, except for NSX (which they acquired). VSAN is great, (I’m a happy customer) but there is lots of competitions in the HCI market. There is also EUC, Automation and Monitoring, but that’s out-of-scope for this post, I will leave that for a separate blog post…

Here are some tips or “lesson-learned” I got from this experience –

Don’t over-swag

Apparently “swag” is the word for free mostly branded gifts (I didn’t know that…). Usually it will be t-shirts, flash drives, stickers, phone charger etc. if you will be lucky you might win some of the raffles (I wasn’t lucky…) and bring home a very cool (and heavy) prize.

I had a really struggle packing for the flight back home, travel light!

Don’t over-schedule

As a VMworld newbie pre-arrival to the conference I was eager to schedule as much sessions as I could, in realty I didn’t attend most of them. This is not your typical day-to-day work schedule. Walking from one session to another is not easy, the conference area is big, very big! You will have to walk very far and will be attracted to other stuff in the way or meet people. Try to be focus, I found that the best for me is 2 sessions a day, remember that some of the sessions are recorder and you will be able to watch them in the comfort of your office/home.

Attend the breakfast at VMworld!

Don’t miss the breakfast at VMworld, not because of the food (which was very good this year!) but for socializing. I found that people are more chatty in the morning. I had some very interesting talks around the table over breakfast.

As lunch people are more busy getting to or from somewhere, busy with there phone, thing at work or home and generally – busier and less chatty.

Attend the VMworld party

This year bands was Capital Cities and Fall Out Boy, there was also a dance floor with 2 DJs. If didn’t feel like dancing or see the band there was also lots of other attraction, food and drinks. I wish the party didn’t had to end by 11PM. I had a great time at the party and meet with very nice people (I guess the alcohol make people more open to new connection… hmm…).

So, in sort – that was my VMworld 2016. Hope to see you in VMworld 2017.

Thanks for reading!