VCAP6-CMA Deploy - Objective 1.3: Deploy and Manage vRealize Automation Center Infrastructure Components

VMware vRealize Automation VCAP6 VCAP6-CMA

Published on 28 January 2017 by Christopher Lewis. Words: 1054. Reading Time: 5 mins.

Objective Overview

Objective 1.3 - Deploy and Manage vRealize Automation Center Infrastructure Components

Implement DNS requirements for Load Balancer integration according to a deployment plan.
Install certificates on each relevant vRA component in standard and distributed model.
Configure SSO Identity Source for use with vRealize Automation.
Configure components using FQDN via CNAME definitions before load balancer is available.
Configure SMTP notifications.

Objective Prerequisites

None.

Objective Breakdown

Implement DNS requirements for Load Balancer integration according to a deployment plan

For this section, you will need to ensure that you have the appropriate DNS A Record(s) in place for all of the components and the Load Balanced VIPs. This includes both forward (name to IP) and reverse (IP to name) lookup.

I wont be covering the manual steps to create a DNS Forward or Reverse Lookup Zone here (there are plenty of posts on the internet that do this). However below is example PowerShell code I use to create this as part of a DNS configuration script to do this.

Creating an AD Integrated Reverse Lookup Zone for a VLAN

Add-DnsServerPrimaryZone -NetworkID "172.16.50.0/24" -ReplicationScope "Forest" -PassThru

Create a DNS A Record with automatic PTR Record

Add-DnsServerResourceRecordA -Name "<servername>" -ZoneName "<domain>" -IPv4Address "<ipaddress>" -CreatePtr`

For a Medium Distributed install you will need the following DNS A Record(s):

Servers

SSO Server 1 (this can be vSphere 5.5 SSO or vSphere PSC)
SSO Server 2 (this can be vSphere 5.5 SSO or vSphere PSC)
vRA Appliance 1 & vRA Appliance 2
vRA IaaS Server 1 & vRA IaaS Server 2
vRO Appliance 1 & vRO Appliance 2
(optional) vRA App Appliance 1
(optional) vRB Appliance 1

Virtual IPs

SSO VIP
vRA Appliance VIP
vRA Appliance DB VIP - for active/passive PostgreSQL database
vRA IaaS Web VIP
vRA IaaS Manager VIP
vRO VIP

For a Large Distributed install you will need the following DNS A Record(s):

Servers

SSO Server 1 (this can be vSphere 5.5 SSO or vSphere PSC)
SSO Server 2 (this can be vSphere 5.5 SSO or vSphere PSC)
vRA Appliance 1 & vRA Appliance 2
vRA IaaS Web Server 1 & vRA IaaS Web Server 2
vRA IaaS Manager Server 1 & vRA IaaS Manager Server 2
vRA IaaS DEM Server 1 & vRA IaaS DEM Server 2
vRA IaaS Agent Server 1 & vRA IaaS Agent Server 2
vRO Appliance 1 & vRO Appliance 2
(optional) vRA App Appliance 1
(optional) vRB Appliance 1

VIPs

SSO VIP
vRA Appliance VIP
vRA Appliance DB VIP - for active/passive PostgreSQL database
vRA IaaS Web VIP
vRA IaaS Manager VIP
vRO VIP

I haven’t covered the DNS requirements for a simple install as it doesn’t require Load Balancers and therefore falls outside this objective.

Install certificates on each relevant vRA component in standard and distributed model

I believe I have covered the use or installation of certificates as part of the deployment process within the other posts of this guide. Including the following posts:

HOWTO: Configure the VMware Identity Appliance for vRealize Automation 6.x [HOWTO]](/2017/01/10/howto-configure-the-vmware-identity-appliance-for-vrealize-automation-6-x/)
HOWTO: Configure the VMware vRealize Automation 6.x Appliance (Minimal Deployment)[HOWTO]](/2017/01/10/howto-configure-the-vmware-vrealize-automation-6-x-appliance-minimal-deployment/) and HOWTO: Configure the vRealize Automation 6.x Appliance(s) (Distributed Install) HOWTO
HOWTO: Install the VMware vRealize Automation 6.x IaaS Prerequisites HOWTO

Let us tackle the updating of certificates in Objective 3.2.

Configure SSO Identity Source for use with vRealize Automation

When talking about how to configure an Identity Source using the Identity Appliance, I believe I have covered this previously in my HOWTO: Configure the VMware Identity Appliance for vRealize Automation 6.x POST post.

I have covered SSO integration into the VMware vRealize Appliance in the HOWTO: Configure the VMware vRealize Automation 6.x Appliance (Minimal Deployment) POST and integration into a HA SSO solution in HOWTO: Configure the vRealize Automation 6.x Appliance(s) (Distributed Install) POST .

I have also covered configuring an Identity Store in VCAP6-CMA Deploy - Objective 2.1: Configure Tenant Properties POST .

Configure components using FQDN via CNAME definitions before load balancer is available

During the installation (and troubleshooting) of a vRealize Automation 6.x Distributed Install, it can be advisable to configure DNS CNAME Record(s) to help discount any Load Balancing issues. After all it is always the network right?

Therefore, rather than initially creating DNS A Record(s) for a Load Balancer with its own IP address you would create a DNS CNAME Record and point it to the Primary component in that tier, whether that be vRealize Automation Appliance, vRealize Automation IaaS Web Service, vRealize Automation IaaS Manager Service or vRealize Orchestrator. As an example, with the following Server DNS A Record(s)

Before the Load Balancer is active/deployed, you would create a DNS CNAME Record for the VIP address, as follows:

Giving you three DNS entries for you to start the build of vRealize Automation 6.x

Once the build is completed and the Load Balancer is in place and properly configured you would remove the DNS CNAME Records and replace them with DNS A Record(s) for the Load Balancer as below:

Configure SMTP notifications

The configuration of SMTP notification occurs in two main stages:

Configure the Default Tenant
Configure the Default Email Server
Configure the SMTP Notifications
Subscribe to Notifications

Configure the Default Tenant

The reason we need to configure the at least the Default Tenant is we need to be a Tenant Administrator to be able to activate SMTP Notification.

See VCAP6-CMA Deploy - Objective 2.1: Configure Tenant Properties [POST]](/2017/01/15/vcap6-cma-deploy-objective-2-1-configure-tenant-properties/)

Configure the Default Email Server (Inbound and Outbound)

See VCAP6-CMA Deploy - Objective 2.1: Configure Tenant Properties POST under Configure the Default Tenant

Configure the SMTP Notifications

Navigate to the vRealize Automation Tenant Portal where you want to configure Notifications

Note: I’m using the default tenant, so I go to https://vra.fqdn/vcac

Log into the portal using a user that has been assigned the Tenant Administrator role.

Click Administration > Notifications > Email Servers.

_Note: If there is a Global Email Server set, decide whether you want to use this or highlight the Email Server and click Override Global to change the setting for this Tenant. _

Click Scenarios.

Highlight any Scenario within the Notification Scenarios list and choose whether to keep it Activate or Suspend it.

Note: All scenarios are Active by default.

A user needs to Subscribe to Notifications, to do this log into vRealize Automation Portal.

Click Preferences.

Ensure that Email Notifications are enabled.

Published on 28 January 2017 by Christopher Lewis. Words: 1054. Reading Time: 5 mins.

Blog Categories: VMware Certification VCAP vRealize Automation