Category Archives: Configuration

Running vRA 6.2 without Windows

After the release of vRA 6.2 I wanted to setup a small lab on my laptop. I really didn’t feel like creating a windows machine and getting SQL and AD up and running. So I tried running vRA 6.2 without windows.

If you leave windows out of the vRA installation you’ll still end up with a useable vRA environment. I’ll go into what’s working and what’s not in a minute. Let me explain how I build the environment first.

Building the Windows less vRA environment

Below is a brief description of the deployment of the vRA components I used. I left DNS out of this because I just used local hosts files. That works fine for a lab. Obviously I don’t recommend any of this in a production scenario.

The first thing you’ll need is an authentication source. In every installation I have seen this is Microsoft Active Directory. But vRA also supports open ldap so that’s the obvious way around AD. I used the turnkey openldap appliance. After download, just open it in VMware workstation, start it and answer the few questions the setup asks you. Then open a browser and go to the IP address for the ldap vm. After logging in your screen should look something like this:

openldap

To create a new user account navigate to the users ou and click “Create new entry here”, then select “Generic: User account” and fill out the form. If you’re really lazy you can just use the existing admin user as a user in vRA. I also tried using the LDAP groups in vRA but somehow that doesn’t work for me so I’m just using a single user account from the LDAP.

After the ldap is setup you need to deploy the vRA identity appliance. After it’s deployed just start it, answer the questions and then go to the configuration page. configure the identity appliance as you would normally do, just don’t configure any AD stuff.  Once the identity appliance is up and running you deploy and configure the vRA (vCAC) appliance. No special configuration here.

When everything is installed and configured you should be able to connect to you vRA instance through the url: https://<vra appliance ip>/vcac. Login using the administrator@vsphere.local account. On the tenant tab click “Add Tenant”.

add-tenant-gen

give the tenant a name and url and click “Submit and next”.

add-tenant-idstores

Now click “Add Identity store”

add-id-store

Connect to your ldap as shown above. The IP address is the IP address of the open LDAP appliance we deployed earlier.

After the Identity store is configured the next step is to add a Tenant admin.

tenant-admins

As you can see in the screenshot you’ll be unable to add any infrastructure administrators. This is because all IaaS functionality in vRA is delivered through the IaaS windows components which we did not install.

Now logout and go to the tenant url for the tenant you just created: https://<vra host>/vcac/org/<tenant url>. You should be able to login with the tenant administrator account you configured in the previous step.

 

What doesn’t work?

  • As I wrote above, LDAP groups don’t seem to work. I don’t know if this is a vRA issue or an issue with the turnkey openLDAP appliance. I’ll need to investigate this further.
  • Any IaaS feature. This includes:
    • Machine Blueprints
    • Machine Reclemation
    • Business Groups (although they are in the CAFE API but definitely not in the GUI)
    • Fabric Groups
    • Reservations / Reservation Policies
    • Actually the whole “Infrastructure” tab is not available.

tabs

What works?

  • All ASD features
  • The catalog
  • Approval policies
  • Tenants
  • Branding

adminscreen

Conclusion

Setting up vRA without any windows components is really easy. Mostly because you can skip all the IIS, vCAC manager, DEM and other stuff that comes with it. It also doesn’t require a lot of resources. For me it runs fine a my laptop (i7, 16GB RAM, SSD). You are only able to use the ASD part of vRA but that is actually pretty powerfull. You’ll just have to do without the IaaS stuff. That doesn’t mean you can’t deploy any virtual machines, you can actually deploy them using an ASD workflow.

By the way: I have a feeling the performance of vRA is a lot better without the IaaS parts. But I have no numbers to support this.

vCAC Blueprint Configuration

Below is the vCAC configuration workflow about configuring a Blueprint. This blogpost is the fifth in the vCAC configuration series.

The action blocks are actually clickable and will show you the matching parts of the VMware documentation in a popup window.

Go back to the configuration steps overview.

 

A couple of interesting vCAC documentation links about Blueprints:

 

vCAC Configuration – Reservation

This blogpost is the fourth in the vCAC configuration series.

Before a user can request a machine there need to be available resources, this resources are created with the Fabric groups. Within this fabric you can create a reservation.

A fabric administrator creates a reservation to allocate provisioning resources in the fabric group to a specific business group.

A virtual reservation allocates a share of the memory, CPU and storage resources on a particular compute resource for a business group to use.

A physical reservation is a set of physical machines reserved for a business group to use. Unprovisioned physical machines must be added to a physical reservation before being provisioned or imported, and cannot be removed until they are decommissioned and become unprovisioned.

A cloud reservation provides access to the provisioning services of a cloud service account, for Amazon AWS, or to a virtual datacenter, for vCloud Director, for a business group to use.

A business group can have multiple reservations on the same compute resource or different compute resources, or any number of physical reservations containing any number of physical machines.

A compute resource can also have multiple reservations for multiple business groups. In the case of virtual reservations, you can reserve more resources across several reservations than are physically present on the compute resource. For example, if a storage path has 100GB of storage available, a fabric administrator can create one reservation for 50GB of storage and another reservation using the same path for 60GB of storage. You can provision machines by using either reservation as long as sufficient resources are available on the storage host.

You can reserve physical machines only for a single business group. Because physical machines do not belong to fabric groups, all fabric administrators can manage all physical machines and reserve them for a particular business group.

Reservation

  • A reservation can only contain one policy.
  • A policy can be used on multiple reservations
  • Only one policy can be added to a blueprint

Go back to the configuration steps overview.

vCAC Business Group Configuration

This blogpost is the third in the vCAC configuration series and will focus on the configuration of the Business Groups.

A business group associates a set of services and resources to a set of users, often corresponding to a line of business, department, or other organizational unit. Business groups are managed on the Infrastructure tab but are used throughout the service catalog. Entitlements in the catalog are based on business groups. To request catalog items, a user must belong to at least one business group. A business group can have access to catalog items specific to that group and to catalog items that are shared between business groups in the same tenant. In IaaS, each business group has one or more reservations that determine on which compute resources the machines that this group requested can be provisioned. A business group must have at least one business group manager, who monitors the resource use for the group and often is an approver for catalog requests. In IaaS, group managers also create and manage machine blueprints for the groups they manage. Business groups can also contain support users, who can request and manage machines on behalf of other group members. Business group managers can also submit requests on behalf of their users. A user can be a member of more than one business group, and can have different roles in different groups.

Within a business group there are three different roles, that should be bound to Active Directory groups.

Business_Group_Roles

Below is the third workflow on the vCAC configuration about configuring the Business Groups. The action blocks are actually clickable and will show you the matching parts of the VMware documentation in a popup window.

Go back to the configuration steps overview.

vCAC Tenant Configuration

This blogpost is the second in the vCAC configuration series. With the second workflow on the vCAC configuration about configuring the Tenant, this workflow can be used to configure the default tenant.

The action blocks are actually clickable and will show you the matching parts of the VMware documentation in a popup window.

Go back to the configuration steps overview.

More information about working with Tenants, and how to create and configure them can be found here.

vCAC Configuration Steps

Installing vCloud Automation Center (vCAC) can be a challenging task. After doing several installations we found out that some people, just like us, struggle with the configuration.

A while ago I created some workflows which describe al the necessary steps in this configuration. I thought this would be nice to share with you, as a guideline in the configuration.

Each vCAC configuration step is clickable and will lead you to a separate blog post, with a flowchart and more information about this step.