VCP7-CMA – Objective 3.1
Disclaimer: These are my notes from taking the 2V0-731 exam. If something doesn’t make sense, please feel free to reach out.
The goal of this objective is to understand how to deploy vRA.
Objective 3.1 – Install a Minimal Deployment
- Identify IaaS minimal deployment prerequisites
- Validate environment readiness for a given design based on install type
- Deploy and configure vRealize Automation Appliance OVF
- Install using the installation wizard
- Install manually, remediating IaaS prerequisites and install all IaaS components
- Install Management Agent(s) at the appropriate time
- Implement and manage CA signed certificates
References
These are the key inbound ports required for vRA, for more information check the documentation listed in the references.
| Port Number(s) | Usage |
|---|---|
| TCP 4369, 5671, 5672, 25672 | RabbitMQ Messaging |
| TCP 5488, 5489 | Internally used - vRA Updates |
| TCP 8230, 8230, 8281, 8283 | Internal vRO |
| TCP 8443 | Identity Manager Administration |
| TCP 8444 | VMware Remote Console |
| TCP 8494 | Internal service cluster sync |
| TCP 9300 - 9400 | Identity Manager auditing |
| TCP 40002, 40003 | vIDM cluster sync |
These are the key outbound ports required for vRA, for more information check the documentation listed in the references.
| Port Number(s) | Usage |
|---|---|
| TCP 443 | IaaS Manager & infrastructure endpoint, vRA software service, Identity Manager server, View connection server |
| TCP 445 | ThinApp repo for Identity Manager |
| TCP 902 | ESXi network file copy and VMware Remote Console |
| TCP 8281 | External vRO |
| TCP 8494 | Container service cluster sync |
Install the vRA appliance as a usual appliance deployment. Once deployed the IaaS installer files are available at https://vra.fqdn/installer. Also available on that page are:
- IaaS Management Agent
- IaaS Installer
- DB Install Scripts
- Agent Files (Windows & Linux)
- PE Builder
- VM Templates prep
- vRealize Automation Designer
The Windows server pre-requisites are:
- All on the same domain
- Hardware:
- 2 vCPUs
- 8GB memory
- 40GB free disk space
- SQL might require more
- Not supported on VMware Workstation
- .NET framework 3.5 **and **4.5.2
- Appropriate version of Powershell
- If installing multiple IaaS components – install them all in the same location
- TLS is required. vRA 7.3 supports TLS 1.2
- DTC service
Automated Installation
The installation wizard that is run from the vRA appliance runs a pre-requisite check which should validate all components. Time synchronisation is important, can use either NTP or host time to synchronise. If using host time, ensure host is using reliable NTP source.
The installation wizard from the vRA appliance takes you through the full installation. After it has run the pre-requisite check on the IaaS components you can attempt to ‘fix’ any gaps. I find this to actually be quite reliable but there is an option of a retry if it’s not successful. I typically manually fix anything the automated wizard fails on, then run the re-check.
Once the wizard is satisfied that all the pre-requisites are complete, it will move on to the full installation & configuration of vRA. Before starting this process it will prompt you to take snapshots of all servers involved.
Manual Installation
Make sure pre-requisites are installed on IaaS box(es):
- IIS
- WPA
- .NET 3.5 **and **4.5.2
- Java 1.7+ (64 bit)
- Configure Windows Authentication within IIS
- This can be a pain, needs to be configured on the default site. If it already appears to be correct – unconfigure and re-configure.
- Secondary logon service needs to be running for the duration of the installation
- Disable authentication loopback check
These are the IIS installation options, essentially the default install plus ASP.NET 3.5 & ASP.NET 4.6.
And this is the required DTC Configuration:
Then log on to the vRA appliance administrative page. Go through each tab and make changes as appropriate to your environment. Start with hostname, then certificate, I find it useful to wait a few minutes before completing the remaining configuration to allow services to restart.