VCAP-CMA Deploy – Objective 6.1
Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.
The main goal for the whole of section 6 is to understand the tenant administration required.
Objective 6.1 – Manage Authentication Configuration to meet Business Requirements
References
- Configuring vRealize Automation
- Identity Management in vRealize Automation 7
- My study guide for the VCP-CMA – Objectives 2.2, 2.3 & 2.4
There is plenty that can be said about authentication within vRA, but for the exam I think this will focus around adding & configuring an LDAP source for users & groups, probably Active Directory.
Key point to remember if you want to configure your tenant to use Active Directory, the default tenant will need to be configured first. I don’t know why this is, I should check it out.
There are three modes you can configure your vRA instance to communicate with Active Directory.
- Active Directory over LDAP
- Active Directory (Integrated Windows Authentication)
- OpenLDAP
The difference between these is reasonably obvious. As for a use case – The AD (IWA) option should be used with multi-domain & multi-forest environments.
Let’s assume that’s done and we’ve got a newly created tenant. The requirements are that authentication should be done from Active Directory and that you should use integrated windows authentication.
Browse to Administration, Directories…
Select Active directory IWA and fill out the page that follows. All fairly straightforward. After you’ve clicked Save & Next you’ll be asked to select the domains you want to use. In my lab that’s just the one, but if you’ve child domains, trust relationships etc. there will be multiple here (assuming you’ve got access to them with the bind account you’ve specified).
Once you get this far, you’ll e asked for the Distinguished Name of an OU where the groups (and then the users) are located ready for synchronisation. I typically don’t bother with the users as they’re synchronised if they’re a member of the group.
Once all the details are configured, you’ll get a review page which displays the number of groups & users that will be synchronised.