VCAP-CMA Deploy – Objective 1.4

Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.

The main goal for the whole of section 1 is to understand blueprint creation and modification in depth.

Objective 1.4 – Create and Manage Property Definitions/Groups and Component Profiles


Permissions: Need to be either a Tenant Administrator or a Fabric Administrator to be able to create & manage property definitions & groups.

So what is the use case for Property Definitions & Component Profiles? To make life easier for the requestor. At least that’s my view, see below for how to set these up.

Seeing as these are bundled together, I believe you’ll be set a scenario to simplify requesting a blueprint with different properties, it will then be up to you to choose the appropriate mechanism and deliver.

Property Definitions

Used to offer up all sorts of properties to the requestor. You can either use some of the pre-defined properties, available in the blueprints documentation listed above, or you can create your own property. When using your own property, it’s suggested you prefix them by your company name or other unique identifier.

The property I’ve used below, adds a field to the request form, when the requestor completes this the VM will be named as such.

First, create the property definition. This enables you to give the property a label which is what will show on the request form.


Then add the custom property to the machine on the blueprint.


Then finally on the request form it appears with the correct label. This machine will be spun up with this name (technically configured as the VM name in vCenter, I’m using a typical customisation specification which means it becomes the host name).


A Property Group is simply a collection of custom properties that can be added instead of individually adding each property. This would reduce human error and time to create the blueprint.

Component Profiles

New in vRA 7.3 is Component Profiles. These are used to provide a pre-defined set of sizes & images. This should both reduce blueprint sprawl & simplify the request.

  • Sizes: Offer a pre-defined set of VM sizes in terms of CPU, memory & storage. Think T-Shirt sizing
  • Images: Offer a pre-defined list of images that a blueprint can be based on. Handy for phasing in a newer version of an OS

Once added to a component of a blueprint, the relevant settings that these relate to are overridden and are no longer available to be configured. These are only available for vSphere machines.

These are created on Administration, Property Dictionary. The two options – image & size – are already created for you. Select one to edit & add the ValueSets you may want to offer.


VCAP-CMA Deploy – Objective 1.3

Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.

The main goal for the whole of section 1 is to understand blueprint creation and modification in depth.

Objective 1.3 – Import/Export blueprints

You may have noticed that blueprint import/export can’t be done directly from the GUI within vRA. You need to use either the API or Cloud Client. The API lends itself to automation quite well, but for manual processes I prefer the Cloud Client.

Key to this section, as it is for all in this exam, is to make sure that you understand the outcome required and you know how to get there. Take your time and don’t rush this part, there’s not enough time to re-work a question if you realise halfway through that you’ve gone down the wrong path.

First job is to download CloudClient from here. There is a great getting started post here, it’s a great blog in general which has really helped me along with vRA!

Once you’ve downloaded CloudClient, fire it up and log in.


Pull up a list of the available content, if you’ve got a lot of content you can add the –page parameter to go direct to the page with the relevant content on. As this is my lab, there’s not that many blueprints…


As you can see this all the content within your vRA installation. We’re just going to export a single blueprint.

If you see this error, check you have permission to the blueprint. Roles within vRA are still respected within CloudClient.


A successful export looks like this.


If you open the resulting zip file, you should see a collection of yaml files. These can be imported into another instance of vRA, or can be edited and imported back into the same instance. Great for any number of use cases – backup, moving content through a development pipeline, sharing content etc.

If you want to share the content or pick up templates to work from the VMware sample exchange is available here.

VCAP-CMA Deploy – Objective 1.1 & 1.2

Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.

The main goal for the whole of section 1 is to understand blueprint creation and modification in depth. As this is a practical, advanced level, exam I don’t expect to be given tasks in a direct manner. More that requirements will be given and it is down to you to interpret & fulfil these requirements.


Objective 1.1 – Create a blueprint for a given multi-tier application

The first part of this is to create a blueprint for a multi-tier application. As they’re testing you on the vRA aspects I don’t think too much knowledge outside of that will be tested. That being said I think you’ll need to be able to complete functions end-to-end.

Permissions: For blueprint creation, you’ll need to have a role with ‘architect’ in the title. Which role depends on which part of the blueprint you would be responsible for. In our case, we’ll be creating the whole blueprint so our user here will have membership of these roles:

  • Infrastructure Architect
  • Software Architect
  • XaaS Architect

Application Architect isn’t necessary – This grants permissions to assemble composite blueprints which Infrastructure & Software Architects also have.

If you’re adding software components to a VM as part of blueprint, it will need the guest agent installed. This can be downloaded from https://vra.fqdn/software. There is either a shell script for Linux or Powershell script for Windows guests.

In principle you could be asked to add any component from the list on the side, so it would pay to be familiar with all of these and the options required.

Standard process to create blueprint. Add machines as required, link to a network & add software components. Add the dependancies between the components as required. This is a simple 3 tier application to demonstrate this.


Objective 1.2 – Modify an existing blueprint to provision new network(s)

The next objective is to modify an existing blueprint to provision a new network. I can’t see anywhere else in the exam blueprint that mentions provisioning a new network profile, so we’ll cover this as well.

Permissions: Fabric Admin privileges are required to create & manage network profiles.

New network profiles are created under Infrastructure, Reservations, Network Profiles. There are three different types of network:

Name Description
External Pre-existing network configured within vSphere. These form the external part of the NAT & Routed networks. IPs can come from either vRA’s own IPAM, a third party IPAM or DHCP. NB: If using DHCP, the IP isn’t available to bind to within the blueprint.
NAT (NSX Required) On-demand created network to perform NAT behind an NSX ESG (Edge Services Gateway) of all machines within the blueprint. This can be configured as one-to-one or one-to-many.
Routed (NSX Required) On-demand created network used when all machines created within a blueprint are required to be accessible from an external network. Each newly created network will use the next available subnet. Connected to an existing DLR (Distributed Logical Router)

When creating the new network profile, select what type you’ll be creating and fill in the required fields. Not much to explain here, just need to understand the different types of network profile and what information is required for each one.

Once the network profile is created, if it is an external type, it will need to be ‘linked’ to a portgroup within the reservation.

When modifying the blueprint to change the network, if you’re changing an existing network of the same type (and all the blueprint machines need to be on the same network) you can simply change the network profile of that object on the canvas. Doing this updates all the machines that were already connected to the existing network.

Alternatively, you can add the new network as an additional object & update each machine you need to connect to the new network.

Need to be familiar with what information is required for each type of network when adding to the blueprint.


Exam Target – VCAP-CMA

While I’ve been writing up my notes from the VCP7-CMA, I’ve been plotting my next move. I have two directions of study at present, PKS & vRA. While the PKS stuff is fascinating, there’s not particularly a great amount of take up on this yet. So my intention is to move towards taking a VCAP on the CMA stream.

As I only picked up vRA fairly recently and have yet to see it in production, it makes sense (in my mind at least) to go for the Deploy first. It should reinforce the capabilities of the product for me which in turn will enable me to Design solutions based on it.

This time around I’m going to try to write up my study notes as I go rather than en masse at the end!

VCP7-CMA – Objective 4.1

Disclaimer: These are my notes from taking the 2V0-731 exam. If something doesn’t make sense, please feel free to reach out.

The goal of this objective is to understand catalogue creation & management.

Objective 4.1 – Manage the vRealize Automation Catalog

  • Create and configure the catalog service
  • Activate the catalog service
  • Add catalog items to the service
  • Specify users and groups for entitlements
  • Add and manage entitlement services
  • Add and manage catalog items
  • Add and manage actions
  • Activate entitlements


To create a catalogue service you need to be logged in as a tenant administrator. Go to Administration, Catalog Management, Services.

Once on this page click on the new button & complete the form to create your service. You can give it a name, an icon to appear on the catalog page, set contact information & define a change window. This change window doesn’t impact anything, it just shows the information to the user so they know that it could be unavailable at certain times.

Once created, the service can be activated/deactivated by highlighting in the list and choosing the context aware button in the menu bar.

Next to this button is the ‘Manage Catalog Items’ button – this is to add/remove catalog items to the service. Not forgetting you can only add published items.

To control who has access to this service, go to the Entitlements section and create an entitlement. You can make this into a draft status until you’re ready to make it active. This is part of a defined business group, which in turn controls the reservations the entitlement has access to and where workloads will be provisioned.

VCP7-CMA – Objective 3.4

Disclaimer: These are my notes from taking the 2V0-731 exam. If something doesn’t make sense, please feel free to reach out.

The goal of this objective is to understand basic troubleshooting.

Objective 3.4 – Troubleshoot Common vRealize Automation Installation & Configuration Errors

  • Perform a rollback installation on a minimal or enterprise deployment
    • Revert to pre-installation snapshots if available
  • Generate a vRealize Automation support bundle
  • Validate DNS configuration settings
  • Confirm time synchronisation
  • Confirm machine certificates
  • Validate credentials used to configure endpoints


Rollback installation at a high level:

  • Uninstall any components from add/remove programs on the IaaS server
  • Revert database to pre-installation state
  • Remove HTTPS binding from website
  • Check that these sites and app pools have gone:
    • Repository
    • WAPI
    • Vcac

Alternatively, you should be able to revert to the snapshots you took during the installation, you are prompted to take them 🙂

Support bundle is generated from the vRA appliance management interface, from Admin, Logs. There is a ‘Save Log Files’ button. This is jus the logs for the appliance you are logged into.


For the cluster logs – vRA Settings, Cluster, ‘Create Support Bundle’ button.


I believe the time piece this is referring to is on the same page. You have a list of hosts and the time offset between them. Once you hit an offset of 600 seconds or more you’ll start running into problems. In reality if NTP is working they shouldn’t be more than 5-7 seconds apart.

VCP7-CMA – Objective 3.2

Disclaimer: These are my notes from taking the 2V0-731 exam. If something doesn’t make sense, please feel free to reach out.

The goal of this objective is to understand how to deploy vRA.

Objective 3.2 – Install an Enterprise Deployment

  • Identify IaaS minimal deployment prerequisites
  • Validate environment readiness for a given design based on install type and size
  • Deploy and configure vRealize Automation Appliance OVF
  • Install using the installation wizard
    • Determine and select appropriate deployment based on size
    • Determine and select the appropriate servers for component installation
    • Prepare the environment for installation based on deployment size
    • Install IaaS Web components and model manager data
    • Install IaaS Manager server and DEM Orchestrator components
    • Install DEM Workers
    • Install Management Agents
  • Implement and manage CA signed certificates


An Enterprise deployment involves distributed components and load balancing to give both scalability and availability.

With a load balanced deployment, having multiple web server instances & vRA appliances active during installation can cause the deployment to fail.

For distributed site clusters latency of less than 5ms is required, with a minimum bandwidth of 1Gb/s.

The appliance database is automatically clustered. For the IaaS database, a dedicated SQL server is recommended. To configure for HA, AlwaysOn is not supported due to it’s dependancy on MSDTC, Windows failover clustering is supported. AlwaysOn with SQL Server 2016 is supported in vRA 7.2.x but the exam is based upon 7.0.x.

For maximum performance, configure the proxy agents in the same data centre as the endpoint. Locate the DEMs close to the Model Manager.

External vRO is recommended for multiple tenants if you need to ensure total isolation.

Each IaaS server requires a management agent to be installed. If the primary vRA appliance fails, these will all need to be reinstalled.

In principle a minimal deployment is only for development/testing/PoC, whereas the enterprise deployment is a full production ready environment.

Need to ensure familiarity with the various deployment sizes in the reference architecture.

Details around each components availability etc is below.


Component Availability Notes
vRA Appliance
  • DB automatically clustered (Manual promotion to master)
  • Active/active when configured behind load balancer
Model Manager
  • Active/Passive – configure two behind load balancer & stop the Windows service on one
IaaS Web
  • Active/Active – Configure behind load balancer
DEM Orchestrator
  • Configure as active/active, but the secondary monitors the primary for failure and responds accordingly
DEM Worker
  • Active/active. If a DEM-O detects failure it will reschedule workflows on another worker
Proxy Agent
  • Install both agents with the same name for high availability
  • If internal vRO is used, covered by vRA load balancer.
  • If external is used, need to configure behind load balancer
  • Windows failover clustering