VCAP-CMA Deploy – Objective 7.2

Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.

The main goal for this objective is the initial installation & configuration of vRB in line with vRA.

Objective 7.2 – Integrate vRealize Business with vRealize Automation

References

Pretty simple objective this one.

Once you’ve deployed the vRB appliance, browse to the vRB VAMI page, on the Register tab complete the details of the vRA appliance and hit register.

Unregistered_vRB

Once you’ve registered the appliance successfully, you see the red text at the top & the SSO status change.

Registered_vRB

Once this is done, login to vRA. You’ll notice that there are a few extra roles, once these have been granted you’ll see the Business Management tab and the Business Management section with the Administration tab.

The latter is the place to start as this is vRB data collection is configured. You’ll need to configure vRB to point to the required endpoints. In my case, a vCenter and NSX manager.

All done!

 

VCAP-CMA Deploy – Objective 7.1

Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.

The main goal for this objective is scaling vRealize Automation

Objective 7.1 – Scale vRealize Automation components to a highly-available configuration

References

There are a few ways to scaling a vRA installation. The simplest of which involves installing IaaS components on your Windows servers & using the VAMI to add another vRA node to the cluster.

The automatable alternatives are vra-command and the API. They’re detailed really well in a blog post series (part 2 & part 3) from the Cloud Management BU over at VMware.

For this post (based on my assumptions about the exam) we’ll be using the manual method. Let’s say we’ve got any environment setup like the below:

Minimal_Deployment_Diagram

Later down the line, we want to make this setup resilient, looking like the below:

Minimal_Resilient_Deployment_Diagram

Firstly we’ll need to deploy another vRA appliance and another two Windows servers.

vRA Appliance

Browse to the active appliance’s VAMI and open the cluster page to confirm the component parts of your existing cluster.

Cluster_Status_Before

You can see the current status of the node is not in cluster mode and the three boxes that are part of the environment currently.

On the new vRA appliance’s VAMI page, log in and cancel the setup wizard. Browse to the cluster page, confirm the node is not part of a cluster. Fill in the details of the active node and hit the Join Cluster button. You’ll be asked to verify the certificate if you’re using self-signed certs.

Once complete, you can check that both nodes are visible on the cluster tab, messaging tab and on the database tab.

IaaS Nodes

Little bit more complicated for the IaaS nodes as you’ll need to satisfy the pre-requisites manually. I’m only covering this for one of the two boxes I’m adding, but the process is the same for each. Log into the IaaS box and download the IaaS installer from one of the vRA appliances. Run this, connect to a vRA box, select the IaaS role and run the pre-requisite checker. This will very quickly highlight if you’ve missed any of the pre-requisites! Assuming this passes, continue through the install. Once it’s finished, add the server to your load balanced server pool and all done!

VCAP-CMA Deploy – Objective 6.2

Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.

The main goal for the whole of section 6 is to understand the tenant administration required.

Objective 6.2 – Add additional tenants and/or business groups to existing ones

References

This should be a fairly quick objective to cover off.

Add additional tenants

Creating additional tenants is done by logging in as a System Administrator to the default tenant. From the Tenants tab, hit the new button to be presented with a fairly self explanatory form:

New_Tenant

Once you’ve completed this page and hit the next button, you’ll be asked to create any local users that you need. I typically create the bare minimum, to be used to configure Active Directory authentication. Once that is done, keep it as a Break Glass type password.

Then add the user(s) you’ve just created to the appropriate group(s) – IaaS Administrators or Tenant Administrators.

Add new business groups

Logged in as a tenant administrator, go to Administration, Users & Groups, Business Groups. Hit the new button (surprise!) and fill in the first page of the form. On the next page, you need to add users to each role. For a definition of what each group does, hover over the i button. You can also check out my post from the VCP for what permissions each group gets here. Once that is done, you can allocate a default machine prefix and an Active Directory container if required.

 

VCAP-CMA Deploy – Objective 6.1

Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.

The main goal for the whole of section 6 is to understand the tenant administration required.

Objective 6.1 – Manage Authentication Configuration to meet Business Requirements

References

There is plenty that can be said about authentication within vRA, but for the exam I think this will focus around adding & configuring an LDAP source for users & groups, probably Active Directory.

Key point to remember if you want to configure your tenant to use Active Directory, the default tenant will need to be configured first. I don’t know why this is, I should check it out.

There are three modes you can configure your vRA instance to communicate with Active Directory.

  • Active Directory over LDAP
  • Active Directory (Integrated Windows Authentication)
  • OpenLDAP

The difference between these is reasonably obvious. As for a use case – The AD (IWA) option should be used with multi-domain & multi-forest environments.

Let’s assume that’s done and we’ve got a newly created tenant. The requirements are that authentication should be done from Active Directory and that you should use integrated windows authentication.

Browse to Administration, Directories…

Add_Directory

Select Active directory IWA and fill out the page that follows. All fairly straightforward. After you’ve clicked Save & Next you’ll be asked to select the domains you want to use. In my lab that’s just the one, but if you’ve child domains, trust relationships etc. there will be multiple here (assuming you’ve got access to them with the bind account you’ve specified).

Once you get this far, you’ll e asked for the Distinguished Name of an OU where the groups (and then the users) are located ready for synchronisation. I typically don’t bother with the users as they’re synchronised if they’re a member of the group.

Once all the details are configured, you’ll get a review page which displays the number of groups & users that will be synchronised.