Objective 2.2: Create and Manage Directories

This is part of my VCP7-CMA study guide – Objective 2.2: Create and Manage Directories.

Official Blueprint-


Knowledge

  • Create and manage LDAP directory for Active Directory in vRealize Automation
  • Create and manage Windows Integrated Authentication Directory in vRealize Automation
  • Determine and configure appropriate user and directory binding details
  • Evaluate directory synchronization health and troubleshoot issues

Tools


In vRealize 7.x VMware replaced the underlying identity management system from vCenter SSO to VMware Identity Manager (vIDM), vIDM is integrated to the vRA 7.x appliance and is easy to scale with the addition of another vRA appliance.

Continue reading

Objective 2.4: Manage User and Group Role Assignments

This is part of VCP7-CMA study guide – Objective 2.4: Manage User and Group Role Assignments.

Official Blueprint-


Knowledge

  • Explain the roles available to vRealize Automation and vRealize Business
  • Assign roles to individual users for a given design
  • Assign roles to directory groups for a given design
  • Create vRealize Automation custom groups and assign roles

Tools


Explain the roles available to vRealize Automation and vRealize Business

Assign roles to individual users for a given design

See “Assign roles to directory groups for a given design”.

Assign roles to directory groups for a given design

Prerequisites

Log in to the vRealize Automation console as a tenant administrator.

Procedure

  1. Select Administration > Users & Groups > Directory Users & Groups.
  2. Enter a user or group name in the Search box and press Enter.Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain.
  3. Click the name of the user or group to which you want to assign roles.
    vra-roles1
  4. Select one or more roles from the Add Roles to this User (or Group, the process is the same) list.The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
    vra-roles2
  5. (Optional) Click Next to view more information about the user or group.
  6. Click Update Finish.

Users who are currently logged in to the vRealize Automation console must log out and log back in to the vRealize Automation console before they can navigate to the pages to which they have been granted access.

 Source – Assign Roles to Directory Users or Groups

Create vRealize Automation custom groups and assign roles

Tenant administrators can create custom groups by combining other custom groups, identity store groups, and individual identity store users.
You can assign roles to your custom group, but it is not necessary in all cases. For example, you can create a custom group called Machine Specification Approvers, to use for all machine pre-approvals. You can also create custom groups to map to your business groups so that you can manage all groups in one place. In those cases, you do not need to assign roles.

Prerequisites

Log in to the vRealize Automation console as a tenant administrator.

Procedure

  1. Select Administration > Users & Groups > Custom Groups.
  2. Click the Add icon (green-plus).
    vra-roles3
  3. Enter a group name in the New Group Name text box.
    Custom group names cannot contain the combination of a semicolon (;) followed by an equal sign (=).
  4. (Optional) Enter a description in the New Group Description text box.
  5. Select one or more roles from the Add Roles to this Group list.
    The Authorities Granted by Selected Roles list indicates the specific authorities you are granting.
    vra-roles4
  6. Click Next.
  7. Add users and groups to create your custom group.
    vra-roles5

    1. Enter a user or group name in the Search box and press Enter.
      Do not use an at sign (@), backslash (\), or slash (/) in a name. You can optimize your search by typing the entire user or group name in the form user@domain.
    2. Select the user or group to add to your custom group.
  8. Click Add Finish.

Users who are currently logged in to the vRealize Automation console must log out and log back in to the vRealize Automation console before they can navigate to the pages to which they have been granted access.

 Source – Create a Custom Group

Objective 2.1: Create and Manage Tenants

This is part of VCP7-CMA study guide – Objective 2.1: Create and Manage Tenants.

Official Blueprint-


Knowledge

  • Create a new tenant for a given design
  • Create, add, and manage local users
  • Configure administrative access and describe privilege level differences between roles
  • Determine the unique URL used to access the tenant

Tools


Create a new tenant for a given design

  1. Go to the  vRealize Automation console – https://vra-host/vcac
  2. Log in as a System Administrator (usually administrator@vsphere.local)
  3. Select Administrator  -> Tenatsimage001
  4. Click green-plus New.
  5. Fill this form –
    Name – Name for the new Tenant.
    URL name – this will be use to direct users directly to this tenant.
    For example, enter thesysadminlogs to create the URL https://vra-host.fqdn/vcac/org/thesysadminlogs.If you have a large environment with different tenant it will be very handy to use the Description and Contact email fields.

    image002

  6. Click Submit and Next (Please note – selecting Submit and Next will create the tenant and proceed to the Local Users tab)

Create, add, and manage local users

  1. There is 2 ways to get here –
    1. Part of the New Tenant wizard
    2. Edit Tenant from Administrator  -> Tenats and select Local Users.
  2. Click green-plus New.image003
  3. Enter First name, Last name, Email, User name and Password.
    image004
  4. Click OK and then Next.

Configure administrative access and describe privilege level differences between roles

  1. There is 2 ways to get here –
    1. Part of the New Tenant wizard
    2. Edit Tenant from Administrator  -> Tenats and select Administrators.
  2. There is 2 options – (The description is from the Foundations and Concepts document)
    1. Tenant administrators – Typically a line-of-business administrator, business manager, or IT administrator who is responsible for a tenant. Tenant administrators configure vRealize Automation for the needs of their organizations.
      They are responsible for user and group management, tenant branding and notifications, and business policies such as approvals and entitlements. They also track resource usage by all users within the tenant and initiate reclamation requests for virtual machines.
    2. IaaS administrators – IaaS administrators manage cloud, virtual, networking, and storage infrastructure at the system level, creating and managing endpoints and credentials, and monitoring IaaS logs. IaaS administrators organize infrastructure into tenant-level fabric groups, appointing the fabric administrators who are responsible for allocating resources within each tenant through reservations and reservation, storage, and networking policies.
  3. Enter the name of a user or group is the search field under the privilege you selected and press Enter or the search icon.

    image005

  4. Click Add.

Objective 3.2: Install an Enterprise Deployment

This is part of my VCP7-CMA study guide – Objective 3.2: Install an Enterprise Deployment.

Official Blueprint-


Knowledge

  • Identify IaaS enterprise deployment prerequisites
  • Validate environment readiness for given design based on install type and size
  • Confirm DNS configuration for servers and load balancers based on deployment type and size
  • Deploy and configure vRealize Automation Appliance OVF
  • Install using the installation wizard
    • Determine and select appropriate deployment based on size
    • Determine and select the appropriate servers for component installation
    • Prepare the environment for installation based on deployment size
    • Install IaaS Web components and model manager data
    • Install IaaS manager server and DEM Orchestrator components
    • Install DEM Workers
    • Install Management Agents
  • Implement and manage CA signed certificates

Tools


I would recommend to go thru the simple installation at least once and read the official documentation in addition to this blog posts.

Eric Shanks (The IT Hollow) – vRealize Automation 7 – Enterprise Install

Michael Rudloff (Open902.com) – vRealize Automation 7 – Enterprise Install

Objective 3.3: Install and Configure vRealize Business Standard for use with vRealize Automation

This is part of my VCP7-CMA study guide – Objective 3.3: Install and Configure vRealize Business Standard for use with vRealize Automation.

Official Blueprint-


Knowledge

  • Create and configure a vRealize Business tenant
  • Create a user based on defined credentials for vRealize Business in vRealize Automation
  • Select the credentials for the vRealize Business user
  • Configure vRealize Business to connect to vRealize Automation

Tools


Install vRealize Business Standard

  1. Deploy the OVF template and follow the wizard –2
  2. Customize Template –
    Currency – You cannot change the currency configuration after deploying!
    Enable Server –  Select the Enable Server option if this is going to be the vRealize Business for Cloud server, If you are deploying only a data collector for remote access then deselect this option.
    Networking – Make sure you expand the Networking Properties at the bottom of the page and configure the IP ,default gateway, netmask and DNS.8
  3. Go grab a cup of coffee and wait for the deployment to complete.

Configure vRealize Business Standard

  1. Log-in to the vRB console – https://vrb-fqdn-or-ip:5480
  2. Before registering with vRA we need to configure NTP.
    Navigate to Administrator > Time Settings.
  3. Configure the “Time Sync. Mode” to “Use Time Server” and write down the IP or DNS of your NTP server.1-NTP.JPG
  4. Now let’s register the vRealize Business with the vRealize Automation,
    go to vRealize Automation Tab,
    Hostname – IP or hostname of the vRealize Automation Appliance.
    SSO Default Tenant – this will be your default tenant name, usually – vsphere.local.
    SSO Admin User – only the user name of the administrator…
    SSO Admin Password – well… the admin user password.
    Accept “vRealize Automation” certificate – Yes please. if this is the first time you register this with vRA – you need this.2-vra-register
  5. After you click “Register” it will take a few moments – Make sure you see this green text – “Registered with vRealize Automation” and the SSO Status – “Connected to vRealize Automation”.3-vRA registered.JPG
  6. Next we need to configure vRealize Automation to use vRealize Business for Cloud and assign permissions.
  7. Log in to the vRealize Automation – https://vRA_hostname/vcac/org/tenant
  8. Go to Administration tab > Users & Groups and select Custom Groups.
  9. Select the user or group you want to add the vRB role
  10. From the “Add Roles to this Group” – select the required privileges.4-vRA-roles.JPGSome clarification from the official documentation (page 23 ) –

    • If the user has to perform all administration tasks such as managing connections, managing public cloud account, updating reference database, assign the Business Management Administrator role to a user who has the Tenant Administration role.
    • If the user has to view and update the cost information only, assign Business Management Administrator role.
    • If the user has to view the details but not update the information, assign Business Management Read only role.
    • If the user has to view the assigned tenant details, but not perform other administration, assign the Business Management Controller role.
  11. Click Update and Refresh the browser (log-out and log-in will do magic sometime…).
  12. The Business Managment tab is available in the vRA UI.5-vra-newtab
  13. Click the Business Managment tab and enter your license key.6-vrb-serial

Next will be to add the vCenter server to vRB, I think its out of the scope of the exam but here it is –

  1. Configure the vCenter in vRB.
    Go to Administration > Business Managment.8-vra
  2. Extend the vCenter Server and click the + sign
    Here you will add your “Resource” vCenter – where you are provision VMs from vRA.9
  3. When prompt – Select to Install the certificate.10.JPG
  4. Go back to Business Managment tab and click on the “Status” sign. Click “Update Now” under the vCenter data collection and wait for the data collection to run successfully.11.JPG
  5. Back to the Business Managment tab and you should see some data.12.JPG

VCP7-CMA Study Guide

I created this VCP7-CMA (2V0-731) study guide in order to help myself and anyone else studying towards VMware Certified Professional 7 – Cloud Management and Automation Exam  (currently – Beta).

This exam is focus on VMware vRealize® 7.x environment (Automation, Orchenstrator, Business) but you should have a good understanding of vSphere (VCP level) and some minimal knowldge of NSX and vCloud Air (as vRA Endpoints).

I will link to external blogs for most of the stuff for simplicity and speed, if you are the original writer and don’t want me to link to your blog – just write me (gilad.brown at gmail).

Official exam page

Official study tools (as suggested in the blueprint) –

Content:

Section 1 Create and Modify vRealize Automation Blueprints
Objective 1.1 Create, Modify and Publish Blueprints Based on a Given Design
Objective 1.2 Create and Manage XaaS Blueprints with Custom Resource Mappings
Section 2 Configure and Manage Tenants and Business Groups
Objective 2.1 Create and Manage Tenants
Objective 2.2 Create and Manage Directories
Objective 2.3 Create and Manage Business Groups
Objective 2.4 Manage User and Group Role Assignments
Section 3 Install and Configure vRealize Automation and Related Components
Objective 3.1 Install a Minimal Deployment
Objective 3.2 Install an Enterprise Deployment
Objective 3.3 Install and Configure vRealize Business Standard for use with vRealize Automation
Objective 3.4 Troubleshoot Common vRealize Automation Installation and Configuration Errors
Section 4 Configure and Manage the vRealize Automation Catalog
Objective 4.1 Manage the vRealize Automation Catalog
Objective 4.2 Create and Manage Approval Policies
Objective 4.3 Provision Resources from a vRealize Automation Catalog
Objective 4.4 Locate and Reclaim Resources Based on Provided Criteria
Objective 4.5 Manage Provisioned Resources
Section 5 Configure and Administer Fabric Groups and Endpoints
Objective 5.1 Create and Manage VMware Endpoints
Objective 5.2 Create and Manage Fabric Groups, Reservations and Network Profiles
Section 6 Extend a vRealize Automation Implementation
Objective 6.1 Configure vRealize Orchestrator for use with vRealize Automation
Objective 6.2 Create and Manage Event Broker Subscriptions
Objective 6.3 Configure Virtual Machine Lifecycle Automation
Objective 6.4 Install and Configure Plugins in vRealize Orchestrator
Objective 6.5 Modify and Run Basic vRealize Orchestrator Workflows

Additional materials –

  • The IT Hollow – Eric Shanks amazing blog, I have learned much of what I know about vRealize Automation from this blog.
  • VirtualJad – Another amazing blog by Jad El-Zein, lots of technical info about vRA, NSX and Automation.
  • Grant Orchard blog – blog focus on vRealize Automation.
  • VM to Cloud – Ryan Kelly blog, Automation and DevOps stuff.
  • VCP7-CMA (2V0-731) Practice Exam
  • HOL – VMware Hands On Labs
    • HOL-1721-USE-1 – vRealize Automation 7 Basics
    • HOL-1721-USE-2 – vRealize Automation 7 Advanced
    • HOL-1721-USE-3 – vRealize Automation Advanced Extensibility
    • HOL-1790-CHG-1 – vRealize Automation: Challenge Lab
    • HOL-1783-HBD-1 – VMware vCloud Air – Manage Your Cloud
    • HOL-1706-SDC-1 – Cloud Management Platform: Integrating the Parts
    • HOL-1706-SDC-6 – Guide to SDDC: VMware Validated Designs

I will try to update this page with more resources in the future so keep checking this page from time to time. Please comment or email me if you think I missed something.

Good luck with the exam!

Gilad