lab overview - hol-1721-use-1
TRANSCRIPT
Table of ContentsLab Overview - HOL-1721-USE-1 - vRealize Automation 7: Basics ....................................2
Lab Guidance .......................................................................................................... 3Module 1 - What Can vRealize Automation 7 Do For You? (30 minutes)............................9
Introduction........................................................................................................... 10Self Service Catalog Familiarization ...................................................................... 11Interact with Deployed VMs .................................................................................. 22Using Approval Policies ......................................................................................... 30VM Lifecycle Management .................................................................................... 45Conclusion............................................................................................................. 49
Module 2 - Introduction to Administration (30 minutes).................................................. 51Introduction........................................................................................................... 52Configure Administrator Accounts......................................................................... 53Tenant Administration ........................................................................................... 62Infrastructure as a Service Administration ............................................................ 72Conclusion............................................................................................................. 84
Module 3 - Basic Service Authoring (45 minutes) ........................................................... 87Introduction........................................................................................................... 88Creating a New Service......................................................................................... 89Creating a Basic Blueprint..................................................................................... 98Conclusion........................................................................................................... 121
Module 4 - Policy Based Lifecycle Management and Governance (30 minutes)............124Introduction......................................................................................................... 125Lease Management............................................................................................. 126Create and Apply an Approval Policy .................................................................. 142Conclusion........................................................................................................... 164
HOL-1721-USE-1
Page 1HOL-1721-USE-1
Lab Overview -HOL-1721-USE-1 -
vRealize Automation 7:Basics
HOL-1721-USE-1
Page 2HOL-1721-USE-1
Lab GuidanceNote: It will take more than 90 minutes to complete this lab. You shouldexpect to only finish 2-3 of the modules during your time. The modules areindependent of each other so you can start at the beginning of any moduleand proceed from there. You can use the Table of Contents to access anymodule of your choosing.
The Table of Contents can be accessed in the upper right-hand corner of theLab Manual.
This introductory lab demonstrates the features of vRealize Automation and is a greatplace to start to begin learning about the powerful capabilities and features of thesolution.
Lab Module List:
• Module 1 - What can vRA 7 Do for You?(30 minutes) (Beginner) Explore thebenefits of vRealize Automation. Putting governance and policy based automationaround your business processes can dramatically reduce IT delivery overhead andtime to market. Learn how vRealize Automation can help transform your business.
• Module 2 - Introduction to Administration(30 minutes) (Beginner) Explorethe basic administrative functions of vRealize Automation. You will learn how tocreate a tenant, build administrative user accounts, connect to a domain, and setup vSphere infrastructure for automation.
• Module 3 - Basic Service Authoring(45 minutes) (Beginner) Design your firstbasic service in vRealize Automation to see how a Blueprint is built. You will thenexplore the provisioning and lifecycle management of your newly created VM.
• Module 4 - Policy Based Lifecycle Management and Governance (30minutes) (Beginner) Learn how to use Entitlements to control access to CatalogItems. Then, use Approval Policies to configure business-aligned controls to addfurther governance.
Lab Captains:
• HOL-SDC-1721-USE-1 - Chris Vallee, Healthcare Architect, USA
This lab manual can be downloaded from the Hands-on Labs Document site found here:
http://docs.hol.vmware.com
This lab may be available in other languages. To set your language preference and havea localized manual deployed with your lab, you may utilize this document to help guideyou through the process:
http://docs.hol.vmware.com/announcements/nee-default-language.pdf
HOL-1721-USE-1
Page 3HOL-1721-USE-1
Introduction to the Scenario
Rainpole Systems is an electronics manufacturer located in Palo Alto, CA. Rainpoledesigns and manufactures electronic devices for use in everything from aircraftinstrumentation to home automation. Given the diversity of their product set, Rainpoleneeds to develop cloud-based IT services to support the increasing demands of thebusiness units and their developers.
Rainpole Systems is planning to use vRealize Automation to automate and streamlinedevelopment of their custom developed eCommerce application. Rainpole is justbeginning their journey into automating the deployment and management ofdevelopment resources. By providing a self service catalog to the developers, they willbe able to offer Infrastructure as a Service (IaaS) to the organization while puttingpolicies and governance in place that will allow them to manage the lifecycle of theresources.
You will take on the roles of a Rainpole Cloud Administrator, a Rainpole Developer and aDevelopment Manager in this exciting lab exercise to experience how VMware andvRealize Automation can help make these goals a reality.
HOL-1721-USE-1
Page 4HOL-1721-USE-1
Location of the Main Console
1. The area in the RED box contains the Main Console. The Lab Manual is on the tabto the Right of the Main Console.
2. A particular lab may have additional consoles found on separate tabs in the upperleft. You will be directed to open another specific console if needed.
3. Your lab starts with 90 minutes on the timer. The lab can not be saved. All yourwork must be done during the lab session. But you can click the EXTEND toincrease your time. If you are at a VMware event, you can extend your lab timetwice, for up to 30 minutes. Each click gives you an additional 15 minutes.Outside of VMware events, you can extend your lab time up to 9 hours and 30
minutes. Each click gives you an additional hour.
Activation Prompt or Watermark
When you first start your lab, you may notice a watermark on the desktop indicatingthat Windows is not activated.
One of the major benefits of virtualization is that virtual machines can be moved andrun on any platform. The Hands-on Labs utilizes this benefit and we are able to run thelabs out of multiple datacenters. However, these datacenters may not have identicalprocessors, which triggers a Microsoft activation check through the Internet.
Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoftlicensing requirements. The lab that you are using is a self-contained pod and does nothave full access to the Internet, which is required for Windows to verify the activation.
HOL-1721-USE-1
Page 5HOL-1721-USE-1
Without full access to the Internet, this automated process fails and you see thiswatermark.
This cosmetic issue has no effect on your lab.
Alternate Methods of Keyboard Data Entry
During this module, you will input text into the Main Console. Besides directly typing itin, there are two very helpful methods of entering data which make it easier to entercomplex data.
Click and Drag Lab Manual Content Into Console ActiveWindow
You can also click and drag text and Command Line Interface (CLI) commands directlyfrom the Lab Manual into the active window in the Main Console.
Accessing the Online International Keyboard
You can also use the Online International Keyboard found in the Main Console.
<div class="player-unavailable"><h1 class="message">An error occurred.</h1><div class="submessage"><ahref="http://www.youtube.com/watch?v=xS07n6GzGuo" target="_blank">Try watching this video on www.youtube.com</a>, or enableJavaScript if it is disabled in your browser.</div></div>
HOL-1721-USE-1
Page 6HOL-1721-USE-1
1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.
Click once in active console window
In this example, you will use the Online Keyboard to enter the "@" sign used in emailaddresses. The "@" sign is Shift-2 on US keyboard layouts.
1. Click once in the active console window.2. Click on the Shift key.
Click on the @ key
1. Click on the "@" key.
Notice the @ sign entered in the active console window.
HOL-1721-USE-1
Page 7HOL-1721-USE-1
Look at the lower right portion of the screen
Please check to see that your lab is finished all the startup routines and is ready for youto start. If you see anything other than "Ready", please wait a few minutes. If after 5minutes you lab has not changed to "Ready", please ask for assistance.
HOL-1721-USE-1
Page 8HOL-1721-USE-1
Module 1 - What CanvRealize Automation 7 Do
For You? (30 minutes)
HOL-1721-USE-1
Page 9HOL-1721-USE-1
IntroductionModule 1 is an Introduction to Self-Service in vRealize Automation. It is intended toprovide you with an overview of some of the major features of vRealize Automation thatenable users to deploy, configure and interact with virtual machines. In this module youwill first assume the role of a user in the development group. In this role you will deploya VM from the service catalog and manage its lifecycle through the use of a "lease". Youwill also interact with a VM through vRealize Automation, adding capacity and accessingthe VM console. You will then follow a request as it moves through the process of beingapproved by various administrators within the organization.
This Module contains the following lessons:
• Introduction• Self Service Catalog Familiarization• Interact with Deployed VMs• Using Approval Policies• VM Lifecycle Management
HOL-1721-USE-1
Page 10HOL-1721-USE-1
Self Service Catalog FamiliarizationIn this first lesson, you will assume the role of a Development User. In the past, youhave had to request new resources from IT and wait for them to be provided or evenhad to configure and build your own. Your company, Rainpole, has recently invested inthe VMware vRealize Suite as the basis for a new private cloud infrastructure. vRealizeSuite contains a number of technologies that enable IT to deliver services on-demand,at the speed of business. One of those technologies, vRealize Automation, will provideyou with a self-service portal through which you can request and interact with virtualmachines. Your IT department says that this will allow you get the resources you need,when you need them, and not have to wait days or weeks for the request to be fulfilled.
Ready to learn more about how this works? Let's go!
Open a Web Browser
From the desktop, open the Google Chrome web browser. You may use another browserif you wish but this manual will be using Google Chrome.
HOL-1721-USE-1
Page 11HOL-1721-USE-1
Log In
1. Click on the vRealize Automation bookmark. (You may receive the error "HTTPStatus 404 - /vcac" or "503 Service Unavailable" which might indicate that the labhas not fully started yet. If you see this message, please check the watermark onthe desktop and ensure that the "Lab Status" is "Ready". If the status is "Ready"and refreshing the page does not display the login prompt, please requestassistance, or restart this lab.)
2. Log in with the following credentials:
Username: devuser
Password: VMware1!
3. Click Sign in
HOL-1721-USE-1
Page 12HOL-1721-USE-1
Self Service Portal
The self service portal is the starting point to all of the services your organization offersyou. From here, you can see that by accessing the tabs at the top of the screen you can:
1. Review your home page.2. Request additional services.3. Review existing services4. Track your submitted or saved requests5. Check your inbox for approval requests, action items, and reclamaition requests.
HOL-1721-USE-1
Page 13HOL-1721-USE-1
Home Tab
When you first log in, you will be on the Home tab. This is the basic user dashboard.Itcontains portlets that show a variety of information.
1. My Open Requests displays any active or pending requests belonging to thelogged in user.
2. My Items is a portlet that lists the deployed objects owned by this user.3. My Inbox contains any notices that are relevant to the user.4. Calendar of Events allows the user to quickly identify when important events,
such as leases expiring, are coming up.
Begin a New Request
Lets request a new virtual machine.
1. Start by clicking the Catalog tab.
HOL-1721-USE-1
Page 14HOL-1721-USE-1
Service Types
To start, you are brought to the "All Services" category. We will first be focusing onInfrastructure as a Service (IaaS) provisioning.
Click the service called Infrastructure
The user, DevUser, has been given access to several Blueprints. Each Blueprintrepresents a separate machine that the user can request and manage. The Blueprintdescribes the entire lifecycle for the request.
Let's choose a Blueprint from the list of Infrastructure services.
2. Select: Request on the CentOS 6.6 catalog item.
*Note: Initial screens for the request form may take a minute to populate due to thestartup of services and reduced resource allocation for lab VMs . Subsequentinfrastructure tasks should be noticeably faster.
Complete the New Request Form
The New Request form provides you with some options to fill out which will determinethe number of deployments you wish to request, as well as the configurationparameters for your new Virtual Machine(s).
1. Provide a Description for this deployment.2. Enter a Reason for request. This field can be used to inform approvers of your
request as to why you have requested this blueprint. Approvers and ApprovalPolicies will be covered in more detail in later modules.
3. To configure the VM that will be deployed in this blueprint, select the CentOS_6.6item.
HOL-1721-USE-1
Page 15HOL-1721-USE-1
Note: Please do not change the Deployments field. Requesting multiple deploymentscan cause performance issues with your lab, and the request will take an excessiveamount of time to deploy.
HOL-1721-USE-1
Page 16HOL-1721-USE-1
Configuring the Virtual Machine
This service will default to a single instance of the VM with 1 CPU, 512 MB Memory,and 10 GB Storage.
1. Verify that the VM configuration settings are correct, and provide a description forthe machine if desired.
2. Review the disk configuration for the VM by clicking on the Storage tab.
Configuring the Virtual Machine (Cont.)
Review the storage configuration for the VM and ensure that drive 0 has a capacity of10GB. Here you can add additional disks to the system, but the default will be sufficientfor your needs in this case.
Now that you have verified the VM's configuration, you are ready to submit yourrequest.
1. Click the Submit button.
HOL-1721-USE-1
Page 17HOL-1721-USE-1
*Note: You will notice that you also have the option to Save your request so that youcan finish working on it later if you are unable to complete a request at that time.
HOL-1721-USE-1
Page 18HOL-1721-USE-1
Request Submitted
You have just submitted your first request in vRealize Automation! You will now followyour submission through the rest of the deployment process.
1. Click OK to proceed, and return to the Service Catalog page.2. Once there, select the Requests tab to check on the status of your request.
Verify that the message "The request has been submitted successfully" before movingon. If you receive an error, verify that the Lab Status is "Ready" and try submitting therequest again.
HOL-1721-USE-1
Page 19HOL-1721-USE-1
Review Your Request
This tab will show you the request state as it moves through the provisioning process.
1. Press the Refresh Data button to refresh the status.2. Monitor the progress until the Status changes to Successful. You may have to
click Refresh Data several times before the request has completed. (This couldtake a few minutes to complete)
HOL-1721-USE-1
Page 20HOL-1721-USE-1
Items Tab
Once the request has been completed we'll be able to view the new virtual machineunder Items.
1. Click the Items tab within the portal2. Expand the CentOS 6.6-<UID> item to see the VM that was deployed, and note
the ExternalDefaultNetwork item that was deployed along with the VM.
Blueprints can be made up of multiple components, including other VMs, networking,application, and storage configurations. You will explore basic service authoring inModule 3 of this lab.
HOL-1721-USE-1
Page 21HOL-1721-USE-1
Interact with Deployed VMsNow that you have deployed a Virtual Machine using the vRealize Automation Self-Service Catalog, you will explore the entitlements that have been assigned to DevUserwhich allow you to interact with your VM.
Entitlement Policies
Entitlement policies control ongoing management functions each user is allowed toperform against their machines. Ongoing management functions include the followingoperations:
• Connecting to the VM through platform tools like RDP and SSH or connectionbrokers like Citrix XenDesktop
• Power management• Reprovisioning• Reconfiguring of resources (e.g. add/remove/modify CPU, memory, storage,
network)• Lease extension• Archiving and reactivation• Lease management• Destroy/deprovisioning• Any custom command or orchestrated task which the administrator has added
Depending upon the entitlement policies, users can also modify policies of public cloudmachines. Examples are elastic block storage, elastic load balancers, and securitygroups.
HOL-1721-USE-1
Page 22HOL-1721-USE-1
Reviewing Your Entitlements
To see which actions you are currently entitled to:
1. Click on the Items tab to view your currently deployed items2. Click on the Machines section to see your VMs3. Select dev-xx row (where xx is the number assigned to your VM) Note: Do not
click on the name of the VM.4. Click the Actions drop-down menu
The Actions menu lists all of the actions you are currently entitled to on this VM. As youcan see there are quite a few options assigned to DevUser ranging from poweroperations, to snapshots, and lifecycle options.
Accessing Your VM
In this case you would like to access the console of the VM and validate that SSHservices are running so that you can access the VM via SSH.
1. Select dev-xx row (where xx is the number assigned to your VM)2. Click the Actions drop-down menu3. Select Connect to Remote Console
Note: You may see the Pop-up Blocked message in the upper right hand corner of thebrowser. If you see this message:
1. Click on the warning2. Select Always allow pop-ups from https://vra-01a.corp.local3. Click OK
HOL-1721-USE-1
Page 23HOL-1721-USE-1
4. Repeat the steps above in order to open the Remote Console
HOL-1721-USE-1
Page 24HOL-1721-USE-1
Log In to the Remote Console
When you first launch the console, the screen may be blank as the VM has put thedisplay to sleep. Click inside the window to activate the blue box, and press any key todisplay the login prompt. Log in to the console using the following credentials:
1. dev-001 login: root2. password: VMware1! (Note: nothing will be displayed on the console while the
password is being entered, press enter to submit)
Verify That the SSH Services are Running
Once logged in, you will run a command and verify that the SSH service is online.
1. Run the command service sshd status (press enter to submit the command)2. Verify that the output of the command is openssh-daemon (pid xxxx) is
running... is displayed
If the output of the command reads openssh-daemon is stopped run the followingcommand
• service sshd start
HOL-1721-USE-1
Page 25HOL-1721-USE-1
This should start the service and allow you to move forward.
HOL-1721-USE-1
Page 26HOL-1721-USE-1
Determine the IP Address of your VM
Since you would like to connect to this VM via SSH, you will need to determine the IPaddress of the VM you deployed.
1. Run the command ifconfig (press enter to submit the command)2. Find the inet addr value in the eth1 block of the output of the command. This is
the IP address of this VM.
Please make note of the as your IP address may not be the same as this example.
HOL-1721-USE-1
Page 27HOL-1721-USE-1
Connect to Your VM via SSH
You will use the PuTTY tool to establish an SSH connection to your VM.
1. Click on the PuTTY icon on the taskbar2. Enter the IP address you noted from the previous step in the Host Name (or IP
address) field in the PuTTY Configuration window3. Click Open to begin the session4. Click Yes to accept the security alert (not shown)
Log in to the VM
1. Log in as root2. A public key may have already been configured for this VM, so entering a
password may not be necessary
Now that you have connected via SSH you are able to interact with the VM as you wish.Feel free to explore the VM and run any commands you may know.
HOL-1721-USE-1
Page 28HOL-1721-USE-1
Note: If public key authentication is not available, the password for the root account isVMware1!
HOL-1721-USE-1
Page 29HOL-1721-USE-1
Using Approval PoliciesApproval policies are very flexible, and may be configured with one or more conditionallevels of approval. For example, a VM requested with a standard configuration mayrequire no approval. A VM that deviates from that standard may require an IT manager’sapproval. A non-standard VM that also exceeds a specific cost threshold may require theIT manager’s approval, but also that of the Finance department.The approval triggerscan be based on specific attributes of the request or the requested item, such asnumber of CPUs, memory, etc. The creation and configuration of these policies will beexplored in later modules.
HOL-1721-USE-1
Page 30HOL-1721-USE-1
Requesting a Larger Deployment
While developing your application on the VM you deployed previously, you determinethat you may need additional resources in order to get the best performance for theapplication. Create a new request in vRealize Automation for a larger VM:
1. Click the Catalog tab at the top of the screen (not shown)2. Select the Infrastructure service from the list on the left (not shown)3. Locate the CentOS 6.6 item and click Request (not shown)4. Increase the Lease Duration from 5 to 30 days (not shown)5. Select the CentOS_6.6 VM item6. Increase the # CPUs from 1 to 27. Enter “Approval Policy Test” under Description8. Click Submit9. Click OK when the successful submission dialog appears (not shown)
While a request is pending approval, the workflow will pause until the approver(s) takeaction.
To see your pending request, click on the Requests tab and look for the item with astatus of Pending Approval. This VM request must be approved by the DevelopmentManager due to the additional CPUs, followed by the CFO due to the extended lease andassociated higher costs.
HOL-1721-USE-1
Page 31HOL-1721-USE-1
Approving a Request via E-Mail
The request you just submitted has sent an email to the Development Manager ofRainpole Systems, requesting approval of the increased CPU count on your new server.Here we will explore how an approval is handled via e-mail.
Open the E-mail Client for Dev User
From Google Chrome, open Webmail by;
1. Select the New Tab icon to open a new browser tab.2. Clicking on the Admin folder in the bookmark bar.3. Click on Roundcube Webmail.
Log in to Webmail
Log in to the Dev User e-mail to verify that your request has been submitted.
1. Username: [email protected]
HOL-1721-USE-1
Page 32HOL-1721-USE-1
2. Password: VMware1!3. Select Login
HOL-1721-USE-1
Page 33HOL-1721-USE-1
View Dev User's Pending Request
You may see several new e-mails. Locate the one titled Your Request #xx For"CentOS 6.6 has been submitted" which is most recent. It should be the firstmessage in the list.
1. In the bottom pane, you will see the details of your new request displayed.
Note: You may have to refresh the Mail UI.
HOL-1721-USE-1
Page 34HOL-1721-USE-1
Log Out of the Dev User's Mailbox
Select "Logout" located at the top right hand corner of the Mail client UI.
HOL-1721-USE-1
Page 35HOL-1721-USE-1
Open the E-mail Client for Dev Manager
From Google Chrome, open Webmail by (these steps are only necessary if you haveclosed the previously opened tab);
1. Select the "+" to open a new browser tab.2. Clicking on the Admin folder.3. Click on Roundcube Webmail.
HOL-1721-USE-1
Page 36HOL-1721-USE-1
Log in to Webmail
Log in to email using [email protected]
1. Enter the password VMware1!2. Select Login
View Approval Request as Dev Manager
HOL-1721-USE-1
Page 37HOL-1721-USE-1
View approval request as Dev Manager
Next, you will approve the request as the Dev Manager
1. Click on the Inbox under the Dev Manager mailbox2. Locate the e-mail with the subject line beginning Action Needed: Request for
CentOS 6.6 - it should be the first message in the list3. View the e-mail in the lower pane, requesting action for the request4. Scroll down to the bottom of the e-mail and click on Approve
Send Approval E-Mail as Dev Manager
After clicking on Approve in the e-mail you received, a new message will appear.
HOL-1721-USE-1
Page 38HOL-1721-USE-1
1. Verify that you are sending From the [email protected] account byselecting it from the dropdown. Do not modify the subject line.
2. Type Approve in the text field.3. Click Send
Logout of the Dev Manager's mail box
1. Select Logout located at the top right hand corner of the Mail client UI.
Approving a Service Request via the Self-Service Portal
Now you will log in to the vRealize Automation Portal as the Rainpole CFO to finalize theapprovals.
HOL-1721-USE-1
Page 39HOL-1721-USE-1
Log Out of vRealize Automation Portal
First, return to Google Chrome and select the vRealize Automation tab. Then log out ofthe vRealize Automation portal.
1. Click Logout2. Click Go back to login page
Log in to the vRealize Automation Portal as the CFO
Log in to the vRealize Automation Portal.
1. Username: cfo2. Password: VMware1!3. Press the Sign in button
Review your Pending Approvals as CFO
1. Click on the Inbox tab2. Click on the number for the Approval line item to open the request
HOL-1721-USE-1
Page 40HOL-1721-USE-1
Note that if you do not see the Approval line item yet, the e-mail approval from theprevious step may not have been processed yet. Click the Refresh button at thebottom until you see the line item appear.
HOL-1721-USE-1
Page 41HOL-1721-USE-1
Process an Approval via the vRealize Automation Portal
The details of the approval provide you with a Justification field for providinginformation to the requestor as to why their request was approved or rejected, and theapprover also has the ability to modify the number of CPUs that are to be given to therequestor. In this case we will go ahead and approve this request.
1. Provide a Justification for the approval2. Click Approve to allow the request to move forward
HOL-1721-USE-1
Page 42HOL-1721-USE-1
Log out of the vRealize Automation Portal
Now that you have approved the request, you must log back in to the portal asDevUser to see the status of your request.
1. Click Logout2. Click Go back to login page
Log Back in as Dev User
1. Username: devuser2. Password: VMware1!3. Click Sign in
HOL-1721-USE-1
Page 43HOL-1721-USE-1
View the Approved Request
1. Click on the Requests tab.2. You will see your request is now In Progress or Successful
HOL-1721-USE-1
Page 44HOL-1721-USE-1
VM Lifecycle ManagementVMware vRealize Automation provides your organization with the ability to very closelymanage the lifecycle of the components that are deployed from the self-service catalog.VMs and other components are subject to lease times, expiry periods, and destructiondates. Managing the lifecycle of these objects allows organizations to manage theircapacity more effectively and ensure that waste minimized in their environments. In thislesson you will review the major components of lifecycle management, and what theymean to your deployments.
Lease Management
After deploying the CentOS 6.6 catalog item, you notice that the lease time you've beenprovided is insufficient for your project's requirements. You will need to request moretime on the lease in order to complete your project. Here you will learn how to extendthe lease using the Resource Actions.
1. If you are not currently viewing the Items tab, navigate to the Items tab at thetop of the page.
Extending the Lease
1. Select the row for the new CentOS 6.6-<UID> deployment2. Click the Actions drop-down button in the toolbar3. From the list that appears, select Change Lease
HOL-1721-USE-1
Page 45HOL-1721-USE-1
Change Lease Properties
A new window will appear asking for parameters around the Lease Extension. Completethe form as follows:
1. Expiration Date: Set to: 1st of next calendar month (using US date format -mm/dd/yyyy)
2. Enter 12:00am in the time field3. Select Submit
HOL-1721-USE-1
Page 46HOL-1721-USE-1
Action Submitted
Tenant Administrators define Entitlements to determine what end users like DevUserare able to do with their machines. Some users may only be able to connect to theirmachine while other users, like developers, may be given more control and allowed toperform actions such as reboots, reconfigurations, or even snapshots. Approvals can berequired selectively to these actions based on group. As there is not currently anapproval policy defined for this resource action and user, the lease change will takeeffect immediately. We'll explore configuring approval policies in another module.
1. Click OK to return to the Items Tab
You can click View Details on the menu bar for the new machine to verify the newlease date.
Lease Expiration
When a deployment's lease expires, it can remain in an archived state for an amount oftime determined by your organization. During that time you can request to have thedeployment unarchived, and redeployed. Once the archival period has ended thedeployment will be destroyed. Organizations use this feature to ensure that capacity isutilized efficiently and to avoid having idle resources taking up space in theenvironment.
Reclamation Requests
If an administrator determines that one of your deployments might be a candidate forreclamation before your lease expires, they can send you a Reclamation Requestwhich will be found in the Inbox tab in the vRealize Automation portal. The requestspecifies a new lease length in days, the amount of time given for a machine owner’sresponse, and which machines to target for reclamation.
HOL-1721-USE-1
Page 47HOL-1721-USE-1
Cleaning Up
If you plan to continue on to other modules in this lab, please follow the belowsteps to ensure there are enough available resources. If you do not plan to do othermodules in this lab, you may stop now.
Destroying Provisioned VMs
To ensure that enough resources are available for the next modules in the lab, we mustclean up the VMs which we have provisioned. To do so:
1. Click the Items tab at the top of the screen2. Select the row for the newly provisioned VM so that it is highlighted.3. Select the Action Menu from the menu bar4. Select Destroy5. Click Submit on the dialog which is displayed (not shown)6. Click OK on the Request Submission dialog (not shown)
Repeat these steps for the second VM.
HOL-1721-USE-1
Page 48HOL-1721-USE-1
ConclusionYou've just been introduced to some of the ways that VMware vRealizeAutomation can provide automated infrastructure delivery, governance andlifecycle management. You learned how to consume infrastructure resourcesfrom the self-service portal, manage the lifecycle of your deployments, andsaw how governance can be put in place to manage requests via approvalpolicies. In the upcoming modules you will learn about the administrativefunctions behind the scenes of what you just covered, as well as how to buildyour own services, and approval policies.
HOL-1721-USE-1
Page 49HOL-1721-USE-1
You've finished Module 1
Congratulations on completing Module 1.
If you are looking for additional information on VMware vRealize Automation, try one ofthese:
• Visit https://www.vmware.com/products/vrealize-automation/• Or use your smart device to scan the QRC Code.
Proceed to any module below which interests you most.
• Module 1 - What Can vRealize Automation 7 Do For You?(30 minutes)(Basic) Explore the benefits of vRealize Automation. Putting governance andpolicy based automation around your business processes can dramatically reduceIT delivery overhead and time to market. Learn how vRealize Automation can helptransform your business.
• Module 2 - Intro to Administration(30 minutes) (Basic) Explore the basicadministrative functions of vRealize Automation. You will learn how to create atenant, build administrative user accounts, connect to a domain, and set upvSphere infrastructure for automation.
• Module 3 - Basic Service Authoring(45 minutes) (Basic) Design your firstbasic service in vRealize Automation to see how a Blueprint is built. You will thenexplore provisioning and lifecycle management of your newly created VM.
• Module 4 - Policy Based Lifecycle Management and Governance(30minutes) (Basic) Learn how to use Entitlements to control access to CatalogItems. Then, use Approval Policies to configure business-aligned controls to addfurther governance.
HOL-1721-USE-1
Page 50HOL-1721-USE-1
Module 2 - Introduction toAdministration (30
minutes)
HOL-1721-USE-1
Page 51HOL-1721-USE-1
IntroductionNow that you're familiar with the vRealize Automation user interface, you'll learn how toadminister the self service experience by becoming a Cloud Administrator. You will thencreate an Infrastructure as a Service (IaaS) Administrator, and a TenantAdministratorwhere you will learn about the basic functionality of each role. As an IaaSAdministrator you will learn how endpoints are configured to communicate with vSphereinfrastructure and automate the tasks and requests that are submitted via the self-service portal. As a Tenant Administrator you will learn how to manage Business Groups,the Self-Service Portal, and how to apply your company's branding to the portal.
This Module contains the following lessons:
• Configure Administrator Accounts• Tenant Administration• Infrastructure as a Service Administration
HOL-1721-USE-1
Page 52HOL-1721-USE-1
Configure Administrator AccountsVMware vRealize Automation uses two distinct types of administrator accounts to divideup the administrative tasks required to manage the infrastructure endpoints, computeresource reservations, users, groups, and policies that need to be put in place. Thesetwo accounts are known as the IaaS Administrator and the Tenant Administrator.Here you will configure these administrator accounts and assign them to thevsphere.local tenant.
Open Chrome Browser from Windows Quick Launch TaskBar
1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.
HOL-1721-USE-1
Page 53HOL-1721-USE-1
Log In
In order to configure the administrator accounts, you will need to log in to thevsphere.local domain.
1. Click on the vRealize Automation bookmark2. Click Sign in to a different domain
HOL-1721-USE-1
Page 54HOL-1721-USE-1
Select Domain
You will need to log in to the vsphere.local domain to gain access to the Tenantconfiguration portal.
1. Click the drop-down menu to display the list of domains2. Select the vsphere.local domain3. Click Next
HOL-1721-USE-1
Page 55HOL-1721-USE-1
Log In
1. Log in with the following credentials:
Username: administrator
Password: VMware1!
3. Click Sign in
HOL-1721-USE-1
Page 56HOL-1721-USE-1
Default Tenant Administrator Portal
The Default Tenant Administrator Portal allows you to create and manage tenants,configure default branding, set up email servers for notifications, view event logs, andconfigure the server itself. You will be managing the vsphere.local tenant andassigning new administrators.
1. Click on the vsphere.local tenant name
HOL-1721-USE-1
Page 57HOL-1721-USE-1
Configure the Tenant administrator
1. Select the Administrators tab2. Type devmgr in the search field and press the enter key3. Select the Development Manager ([email protected]) result
Selecting the account will assign devmgr as a Tenant Administrator for this tenant. Youwill now need to assign an IaaS Administrator.
HOL-1721-USE-1
Page 58HOL-1721-USE-1
Configure the IaaS Administrator
1. Type itmgr in the IaaS Administrators search field and press the enter key2. Select the IT Manager ([email protected]) result
Selecting the account will assign itmgr as an IaaS Administrator for this tenant.
3. Click Finish to submit the changes you've made to the vsphere.local tenant.
HOL-1721-USE-1
Page 59HOL-1721-USE-1
Log Out
Log out of the Default Tenant Administrator portal.
1. Click Logout2. Click Go back to login page (not shown)
Change Domains
Before proceeding to the next section, please make sure you have set the domainsetting back to corp.local.
1. Click Sign in to a different domain
HOL-1721-USE-1
Page 60HOL-1721-USE-1
Select Domain
You will need to log in to the corp.local domain to gain access to the Tenantconfiguration portal.
1. Click the drop-down menu to display the list of domains2. Select the corp.local domain3. Click Next
HOL-1721-USE-1
Page 61HOL-1721-USE-1
Tenant AdministrationIn this section you will become familiar with the role that the Tenant Administrator playsin vRealize Automation. A Tenant Administrator is responsible for the governance,policies, and entitlements that you explored in the previous module. Here you will learnhow these are configured and review some existing settings. The actual configuration ofthese policies and entitlements will be covered in a later module.
Log In
Log in as the devmgr user, which has now been assigned the Tenant Administrator role.
1. Log in with the following credentials
Username: devmgr
Password: VMware1!
2. Click Sign in
Tenant Administrator Portal
The Tenant Administrator Portal shows you some tabs which you might recognize fromthe previous module, but it also includes two new tabs.
HOL-1721-USE-1
Page 62HOL-1721-USE-1
1. Administration - This tab contains all of the administrative functions that areavailable to you as the Tenant Administrator.
2. Infrastructure - Allows you to review recent events that have occurred on yourtenant's infrastructure.
HOL-1721-USE-1
Page 63HOL-1721-USE-1
Administration Tab
1. Click the Administration tab
You have a number of administrative functions available. Take a moment to review whateach function provides:
• Approval Policies - Create and manage approval policies.• Directories Management - Connect to and manage authentication sources like
Microsoft Active Directory, LDAP, and VMware Horizon.• Users and Groups - Manage users, directory groups, and Business Groups.• Catalog Management - Service, Catalog Items, Actions, and Entitlements can
be configured here.• Property Dictionary - You can use the propertydictionary to define new custom
property definitions and property groups.• Reclamation - Underutilized machines within the tenant can be identified and
reclaimed.• Branding - Allows you to change the look and feel of vRealize Automation by
adjusting the color scheme, and logos.• Notifications - Enable and disable alert scenarios which will be sent via e-mail
(e.g. Request Submitted or Request Pending Approval).• Events - Review event logs generated within the tenant.• vRO Configuration - Manage vRealize Orchestrator Endpoints, and configure
either an internal or external instance of vRealize Orchestrator for use by vRealizeAutomation.
• Artifact Management - Configure a connection to your Artifactory server andfile repository.
Feel free to click through any of these options to see what has already been configuredbefore moving on.
HOL-1721-USE-1
Page 64HOL-1721-USE-1
HOL-1721-USE-1
Page 65HOL-1721-USE-1
Customize Your Tenant
Your company, Rainpole Inc., would like you to customize the vRealize Automation portalso that it matches your company's branding.
1. Select the Branding option (not shown)2. Select Header & Footer Branding3. Click the Use default checkbox
HOL-1721-USE-1
Page 66HOL-1721-USE-1
Import the Rainpole Inc. Logo
1. Click the Browse button next to the Header Logo field (not shown)2. Navigate to C:\hol\HOL-1721-USE-13. Select the rainpole-transparent.png image file4. Click Open to import the image
HOL-1721-USE-1
Page 67HOL-1721-USE-1
Change the Background Color
Due to the resolution on the Main Console, you may need to scroll to the right in orderto modify the product name and background color.
1. In the Product name field type Rainpole Inc. Self-Service Portal2. Change the Background hex color field to 20c5763. Press the enter key to update the preview4. Click Finish to apply your changes
HOL-1721-USE-1
Page 68HOL-1721-USE-1
Branding Applied
Now that you've applied your branding to the portal, you will want to customize thelogin screen as well.
HOL-1721-USE-1
Page 69HOL-1721-USE-1
Customize the Login Screen
1. Select the Login Screen Branding option2. Scroll down until you have the Logo pane fully in view3. Click Upload4. Navigate to C:\hol\HOL-1721-USE-1 (not shown)5. Select the rainpole-transparent.png image file (not shown)6. Click Open to upload the image (not shown)
HOL-1721-USE-1
Page 70HOL-1721-USE-1
Change the Color Scheme
1. Scroll to the bottom of the pane2. In the Background color field enter #20c5763. In the Masthead color field enter #20a5004. Click Save to submit your changes
You should see a message that reads Branding successfully updated.
Logout
To review the changes you've just made to the login screen:
1. Click Logout2. Click Return to login page (not shown)
HOL-1721-USE-1
Page 71HOL-1721-USE-1
Infrastructure as a ServiceAdministrationThe IaaS Administrator is responsible for maintaining the endpoints which provision theresources requested by the consumers of the self-service catalog. They are alsoresponsible for authoring, and maintaining the services and blueprints that are offeredup in the catalog. Here you will assume the role of the IaaS Administrator and review theprivileges assigned to this user.
Log In
Log in as the itmgr user, which you assigned the IaaS Administrator role earlier in themodule.
1. Log in using the following credentials:
Username: itmgr
Password: VMware1!
2. Click Sign in
HOL-1721-USE-1
Page 72HOL-1721-USE-1
IaaS Administrator Portal
The IaaS Administrator portal contains much fewer tabs than the Tenant Administrator,and is focused primarily on managing the infrastructure.
HOL-1721-USE-1
Page 73HOL-1721-USE-1
Infrastructure Tab
As the IaaS Administrator you are responsible for managing and maintaining theinfrastructure and endpoints that the services your users request will deploy to.
1. Click on the Infrastructure tab
Review the options available to you here:
• Recent Events - Any recent deployments or changes to the infrastructure will bedisplayed here.
• Endpoints - Configure and manage public and private cloud endpoints.• Administration - Manage AWS instance types, and Global Settings.• Monitoring - Review logs and view the status of Distributed Execution Managers.
Endpoints
You create the endpoints that allow vRealize Automation to communicate with yourinfrastructure. Depending on your machine provisioning needs, the procedure to createan endpoint differs. An endpoint can be configured to communicate with vSphere,vCloud Air, NSX, Hyper-V, KVM, Amazon Cloud Services, and many others. This flexibilityallows your organization to deploy your workloads wherever you determine to be bestfor your company's needs.
HOL-1721-USE-1
Page 74HOL-1721-USE-1
1. Select the Endpoints option (Click twice to display the list of Endpoints)
Rainpole Inc. is currently deploying to vSphere infrastructure via the vCenter endpoint,and is also leveraging the vRO Embedded endpoint to make calls to vRealizeOrchestrator for running complex workflows during service deployments.
2. Hover over the vCenter endpoint and click on Edit
HOL-1721-USE-1
Page 75HOL-1721-USE-1
Examine the vCenter Endpoint
This vSphere endpoint is configured to talk directly to vCenter Server. This allowsvRealize Automation to gather data on the vSphere infrastructure, create reservations,and deploy resources to your ESXi hosts. This endpoint is also configured tocommunicate with NSX. Integration with NSX will enable your services to leverage thenetworking and security features provided by NSX when deploying catalog items. Forexample, a VM can be automatically configured with networking information, firewallpolicies, and security policies when it is deployed.
1. Click Cancel as we do not want to modify the endpoint at this time
Fabric Groups
As an IaaS administrator you can organize virtualization compute resources and cloudendpoints into fabricgroups by type and intent. One or more fabric administratorsmanage the resources in each fabricgroup.
HOL-1721-USE-1
Page 76HOL-1721-USE-1
Fabric administrators are responsible for creating reservations on the compute resourcesin their groups to allocate fabric to specific business groups. Fabricgroups are created ina specific tenant, but their resources can be made available to users who belong tobusiness groups in all tenants. To manage the Fabric Groups:
1. Click on Fabric Groups2. Hover over Development Fabric Group and click on Edit
HOL-1721-USE-1
Page 77HOL-1721-USE-1
Manage a Fabric Group
Here you can see the details of this Fabric Group.
1. Fabric administrators are listed here. These users are able to "carve up" thecompute resources and assign them to Business Groups as necessary.
2. The Compute resources available to this Fabric Group can be seen here.3. Click Cancel as we do not wish to modify the Fabric Group at this time.
HOL-1721-USE-1
Page 78HOL-1721-USE-1
Monitoring Infrastructure Activity
Now that your endpoints are configured, you may need to check on the status of theendpoints and other services within vRealize Automation. Return to the Infrastructuremenu:
1. Click < Infrastructure at the top of the menu (not shown)2. Click Monitoring to display the Monitoring menu
HOL-1721-USE-1
Page 79HOL-1721-USE-1
Audit Log
1. Click Audit Log
The auditlog provides details about the status of managed virtual machines andactivities performed on these machines during reconfiguration. The log includesinformation about machine provisioning, vCloud Networking and Security, reclamation,and reconfigure actions.
DEM Status
1. Click DEM Status
A Distributed Execution Manager (DEM) runs the business logic of custom models,interacting with the database and with external databases and systems as required.
Each DEM instance acts in either a Worker role or in an Orchestrator role. The Workerrole is responsible for running workflows. The Orchestrator role is responsible formonitoring DEM Worker instances, preprocessing workflows to run, and schedulingworkflows.
The DEM Orchestrator performs these specific tasks;
HOL-1721-USE-1
Page 80HOL-1721-USE-1
• Monitors the status of DEM Workers and ensures that if a Worker instance stopsor loses its connection to the Model Manager, its workflows are put back in thequeue for another DEM Worker to pick up.
• Manages scheduled workflows by creating new workflow instances at thescheduled time.
• Ensures that only one instance of a particular scheduled workflow is running at agiven time.
• Preprocesses workflows before they are run, including checking preconditions forworkflows, used in the implementation of the RunOneOnly feature, and creatingthe workflow execution history.
HOL-1721-USE-1
Page 81HOL-1721-USE-1
Log
1. Click Log
The Log Viewer shows general system status logs. These logs will include informationalmessages from the various services within vRealize Automation, along with errors andwarnings that may help in troubleshooting issues with vRealize Automation.
HOL-1721-USE-1
Page 82HOL-1721-USE-1
Workflow History
1. Click Workflow History2. Select a Workflow from the workflow column and view its details
This view displays workflow history and optionally, you may open a specific workflow todisplay its execution details.
Log Out
Now that you're familiar with the functions available to the Infrastructure Administrator,you can log out of this user.
1. Click Logout
HOL-1721-USE-1
Page 83HOL-1721-USE-1
ConclusionNow that you've gained a basic understanding of the IaaS and InfrastructureAdministrator roles, and what their functions are you should be able to create andmanage a tenant, assign administrator roles, create business groups, connect endpointsto infrastructure, and customize the vRealize Automation interface.
HOL-1721-USE-1
Page 84HOL-1721-USE-1
You've finished Module 2
Congratulations on completing Module 2.
If you are looking for additional information on managing VMware vRealize Automation,try one of these:
• Visit http://vmw.re/1VRstpZ• Or use your smart device to scan the QRC Code.
Proceed to any module below which interests you most.
• Module 1 - What Can vRealize Automation 7 Do For You?(30 minutes)(Basic) Explore the benefits of vRealize Automation. Putting governance andpolicy based automation around your business processes can dramatically reduceIT delivery overhead and time to market. Learn how vRealize Automation can helptransform your business.
• Module 2 - Intro to Administration(30 minutes) (Basic) Explore the basicadministrative functions of vRealize Automation. You will learn how to create atenant, build administrative user accounts, connect to a domain, and set upvSphere infrastructure for automation.
• Module 3 - Basic Service Authoring(45 minutes) (Basic) Design your firstbasic service in vRealize Automation to see how a Blueprint is built. You will thenexplore provisioning and lifecycle management of your newly created VM.
• Module 4 - Policy Based Lifecycle Management and Governance(30minutes) (Basic) Learn how to use Entitlements to control access to CatalogItems. Then, use Approval Policies to configure business-aligned controls to addfurther governance.
HOL-1721-USE-1
Page 85HOL-1721-USE-1
How to End Lab
To end your lab click on the END button.
HOL-1721-USE-1
Page 86HOL-1721-USE-1
Module 3 - Basic ServiceAuthoring (45 minutes)
HOL-1721-USE-1
Page 87HOL-1721-USE-1
IntroductionIn this module you will assume the role of a Cloud Administrator learn how to create newservices, build and publish basic blueprints, and assign those blueprints to serviceswhich can be consumed by your organization. This module will take roughly 45 minutesto complete. If you need additional time to complete this lab, you may click the Extendbutton at the top of the Hands On Labs interface.
This Module contains the following lessons:
• Creating a New Service• Creating a Basic Blueprint
HOL-1721-USE-1
Page 88HOL-1721-USE-1
Creating a New ServiceServices are used to organize catalog items into related offerings to make it easier forservice catalog users to browse for the catalog items they need.
For example, catalog offerings can be organized into Infrastructure Services, ApplicationServices, and Desktop Services.
A tenant administrator or catalog administrator can specify information about theservice such as the service hours, support team, and change window. Although thecatalog does not enforce service-level agreements on services, this information isavailable to business users browsing the service catalog.
Your IT Director has requested a new Service that will hold Rainpole Inc. internalapplications. In this lesson you will create a new service and assign it to the appropriatebusiness group.
Open Chrome Browser from Windows Quick Launch TaskBar
1. Click on the Chrome Icon on the Windows Quick Launch Task Bar.
HOL-1721-USE-1
Page 89HOL-1721-USE-1
Log In
1. Log in using the following credentials
Username: cloudadmin
Password: VMware1!
2. Click Sign in
HOL-1721-USE-1
Page 90HOL-1721-USE-1
Administration Tab
1. Navigate to the Administration tab2. Select Catalog Management (not shown)3. Select Services4. Click New to begin creating a new Service
HOL-1721-USE-1
Page 91HOL-1721-USE-1
New Service
1. In the Name field type Rainpole Apps2. In the Description field type Rainpole Inc. Applications3. Click the Browse... button next to the Icon field to import the Rainpole Inc. logo.
HOL-1721-USE-1
Page 92HOL-1721-USE-1
Adding a Logo
1. Navigate to C:\hol\HOL-1271-USE-12. Select the rainpole-transparent.png file3. Click Open to import the logo to your new service
HOL-1721-USE-1
Page 93HOL-1721-USE-1
Complete the Service Configuration
Review the settings for your new service. You do not need to modify any of the otheroptions, but you can see that vRealize Automation allows you the ability set active hoursfor the service, specify an owner, support team, and a change window for catalogmaintenance.
Click OK to create the new service.
HOL-1721-USE-1
Page 94HOL-1721-USE-1
Configure Entitlement
Now that you've created the service, you need to entitle the service to the appropriateBusiness Group(s).
• Click on the Entitlements option.
HOL-1721-USE-1
Page 95HOL-1721-USE-1
Edit the Development Services Entitlement
Entitlements determine which users and groups can request specific catalog items orperform specific actions. Entitlements are specific to a business group.
1. Select the Development Services entitlement.2. Click Edit
HOL-1721-USE-1
Page 96HOL-1721-USE-1
Edit Entitlement
Add the Rainpole Apps service to the Entitled Services in the Development ServicesEntitlement.
1. Select the Items & Approvals tab2. Enter Rainpole in the search field and press the enter key3. Click on the Rainpole Apps search result to add the service4. Click Finish to submit your changes
Next Steps
Now that you've created the Rainpole Apps service and entitled it to your developers,you will need to add some content for them to consume. In the upcoming sections youwill create a basic blueprint, which you will publish to your new service.
HOL-1721-USE-1
Page 97HOL-1721-USE-1
Creating a Basic BlueprintLet's begin by creating a very basic Converged Blueprint.
Click on the Design Tab
1. Click on the Design tab at the top. This will bring you to the Blueprint Designarea
In the menu on the left, you can see three options - Blueprints, Software Components,and XaaS. The Design tab is where you will create and manage all three types ofobjects. A Blueprint is a complete deployment - IaaS, Platform as a Service (PaaS), andso on. Software Components and XaaS are consumed by the Blueprints - and XaaS canbe exposed independently as a published catalog item.
Notice that there are already several Blueprints present in the environment. Let's reviewthe most basic one, which you will use in the next steps.
2. Click on the CentOS 6.6 Blueprint
HOL-1721-USE-1
Page 98HOL-1721-USE-1
Welcome to the Design Canvas!
Welcome to the Blueprint Design Canvas!
Here, you can see a very basic IaaS blueprint that deploys a simple vSphere VM runningCentOS 6.6. This VM is attached to an external network.
Notice the Categories (1) in the upper left corner. Here you can select from theavailable types of resources that can be consumed on the Canvas, including differentpublic and private cloud VMs, Software Components such as web servers, databases,and custom applications, NSX components like Load Balancers, Security Groups andNetworks, and even entire Blueprints which can be consumed as a sub-component ofthis parent Blueprint. Feel free to explore these Categories, but do not make anychanges to the Blueprint.
When you are ready to move on, click on the CentOS_6.6 vSphere Machine (2) tobring up its properties dialog below the canvas.
Review Machine Blueprint Settings
Now that the properties dialog is open for the CentOS_6.6 VM, you can see theconfiguration that dictates how it is being deployed. If you are familiar with vRealizeAutomation 6, these settings will be familiar to you.
HOL-1721-USE-1
Page 99HOL-1721-USE-1
1. Click on the Build Information tab.2. Click on the dropdown next to Clone from snapshot:3. Notice that there is now an option for "Use current snapshot" - this option will
simplify the job of updating blueprints if additional snapshots are taken of atemplate VM in a vSphere environment.
4. Click Cancel. If you are prompted to discard your changes, click Yes
Create a new Blueprint
Now that you are back at the list of Blueprints, let's create a new Blueprint. You'll startby creating a very basic IaaS blueprint that can provision raw vSphere VMs, then addmanaged Software Components and finally add the complex NSX integrations.
1. Click on +New
HOL-1721-USE-1
Page 100HOL-1721-USE-1
Enter Blueprint Properties - General
1. Enter Rainpole Wordpress Environment for the name. Note that the ID ispopulated automatically. This field cannot contain spaces or special characters -leave the automatically generated ID here
2. Enter a Description. In this example, we used "Create a Multi-Tier WordpressEnvironment for Rainpole Development"
3. Change the Archive to 5 days4. Click OK
HOL-1721-USE-1
Page 101HOL-1721-USE-1
Add vSphere Machine to Blueprint
You are now back at the Design Canvas, but this time it's blank.
1. Start by selecting vSphere Machine at the bottom of the Machine TypesCategory. Click and drag the vSphere Machine icon to the Design Canvas
2. Click on the Down Arrow to temporarily close the configuration dialog that popsup
HOL-1721-USE-1
Page 102HOL-1721-USE-1
Add Existing Network to Blueprint
1. Change to the Network & Security category on the left2. Select an Existing Network. Click and drag the Existing Network icon to the
Design Canvas3. Click on the ... icon to select an Existing Network. Choose the External Default
Network Profile from the dialog that pops up and click OK (not pictured)4. Click on the Down Arrow to close the configuration dialog
HOL-1721-USE-1
Page 103HOL-1721-USE-1
Check Your Work So Far
Take a moment to check your work so far. Your Design Canvas should look like theabove. Depending on where you dropped the Network on the canvas it might be abovethe VM.
Notice that the vSphere Machine isn't yet linked to the network? You'll fix that in thenext step.
1. Click on the vSphere Machine again to bring up the configuration dialog.
HOL-1721-USE-1
Page 104HOL-1721-USE-1
Enter vSphere Machine Parameters - General
Now you need to configure the vSphere Machine to be deployed.
1. Set the ID field to rainpole-wp-web - this will allow you to easily identify thissystem type as a Rainpole Wordpress Web Server later on
2. Select dev- as the Machine Prefix
Enter vSphere Machine Parameters - Build Information
Continue by configuring the Build Information
1. Click on the Build Information tab2. Select a Blueprint Type of Server. This should be the default.3. Select Linked Clone as the Action. The Provisioning Workflow should
automatically set to CloneWorkflow4. Click on the ... button next to Clone from: to select a VM to clone from. Select
the linux-base-01a VM and click OK (not pictured)5. Click on the dropdown for Clone from snapshot and ensure the Application
Authoring Snap is selected. This snapshot has the necessary setup in place for
HOL-1721-USE-1
Page 105HOL-1721-USE-1
software installation and configuration. If you select a different snapshot, yourBlueprint will not work.
6. Enter CentOS for your Customization spec. Note that this field is CaSeSeNsItIvE! Enter exactly the text you see here with no additional spaces, etc.
HOL-1721-USE-1
Page 106HOL-1721-USE-1
Enter vSphere Machine Parameters - Network
Now let's get that vSphere Machine linked to the network.
1. Click on the Network tab2. Click on the +New button to add a new Network connection3. Select the dropdown for Network and choose ExternalDefaultNetwork4. Click OK5. Click the Down Arrow to close the Configuration Panel again. You should see
that the VM is now linked to the Network
Add a Second vSphere Machine to Blueprint
Now you need to add another vSphere Machine to this Blueprint, to act as a databaseserver for the environment.
1. Start by selecting the Machine TypesCategory at the left2. Select the vSphere Machine at the bottom of the Machine Types Category.
Click and drag the vSphere Machine icon to the Design Canvas. Drag the newmachine so that it is just to the left of the one you've already configured (this isjust to keep the screen visually organized and has no impact on functionality)
3. Click on the General tab
HOL-1721-USE-1
Page 107HOL-1721-USE-1
4. Enter an ID of rainpole-wp-db - this will help you easily identify this as aRainpole Wordpress DB Server later
5. Select a Machine Prefix of dev-
HOL-1721-USE-1
Page 108HOL-1721-USE-1
Configure Machine Parameters - Build Information
Continue by configuring the Build Information. This should all be the same as theprevious server.
1. Click on the Build Information tab2. Select a Blueprint Type of Server. This should be the default.3. Select Linked Clone as as the Action. The Provisioning Workflow should
automatically set to CloneWorkflow4. Click on the ... button to select a VM to clone from. Select the linux-base-01a
VM and click OK (not pictured)5. Click on the dropdown for Clone from snapshot and ensure the Application
Authoring Snap is selected. This snapshot has the necessary setup in place forsoftware installation and configuration. If you select a different snapshot, yourBlueprint will not work.
6. Enter CentOS for your Customization spec. Note that this field is CaSeSeNsItIvE! Enter exactly the text you see here with no additional spaces, etc.
Configure Machine Parameters - Network
Now let's get that vSphere Machine linked to the network.
HOL-1721-USE-1
Page 109HOL-1721-USE-1
1. Click on the Network tab2. Click on the +New button to add a new Network connection3. Select the dropdown for Network and choose DefaultExternalNetwork4. Click OK5. Click Finish to save the Blueprint and close the Design Canvas
HOL-1721-USE-1
Page 110HOL-1721-USE-1
Publish New Blueprint
Now that the Blueprint is created, it needs to be published and added to the vRealizeAutomation Catalog
1. Select the Rainpole Wordpress Environment which you just created. Becareful not to click on the blue text of the name, as that will bring you back intoDesign mode
2. Click the Publish button3. The Status will change from Draft to Published
HOL-1721-USE-1
Page 111HOL-1721-USE-1
Entitle New Blueprint
Now that your new Blueprint is created and published, it needs to be added to anEntitlement so it will show up in the vRealize Automation Catalog. This vRealizeAutomation environment already has some service-based entitlements configured, soyou simply need to add the new Blueprint to an existing Service.
1. Click on the Administration tab2. Click Catalog Management from the menu at the left (not pictured)3. Click Catalog Items from the menu at the left4. Scroll down and click the Rainpole Wordpress Environment service from the
list (click on the blue text to enter configuration mode)
HOL-1721-USE-1
Page 112HOL-1721-USE-1
Select Service
Scroll down to the bottom of the Catalog Item configuration
1. Select Rainpole Apps as your Service2. Click OK
Initial Blueprint Configuration Complete
You've just created your first Blueprint! This is a simple two-tier IaaS Blueprint thatcontains two very basic Linux servers. You will now review the Rainpole Apps serviceyou created, and deploy your new blueprint.
HOL-1721-USE-1
Page 113HOL-1721-USE-1
Switch to DevUser
1. Click Logout to log out of the cloudadmin account.2. Click Go back to login page (not shown)
Log Back in as Dev User
1. Username: devuser2. Password: VMware1!3. Click Sign in
HOL-1721-USE-1
Page 114HOL-1721-USE-1
Request Your New Blueprint
1. Navigate to the Catalog tab2. Select the new Rainpole Apps service3. Click Request on the Rainpole Wordpress Environment blueprint
HOL-1721-USE-1
Page 115HOL-1721-USE-1
New Request
Note that the two VMs rainpole-wp-db and rainpole-wp-web that you added to theblueprint are listed below.
1. Click Submit to request the new deployment.
HOL-1721-USE-1
Page 116HOL-1721-USE-1
Request Submitted
You will now follow your request through the rest of the deployment process.
1. Click OK to proceed, and return to the Service Catalog page.2. Once there, select the Requests tab to check on the status of your request.
Verify that the message "The request has been submitted successfully" before movingon. If you receive an error, verify that the Lab Status is "Ready" and try submitting therequest again.
HOL-1721-USE-1
Page 117HOL-1721-USE-1
Review Your Request
This tab will show you the request state as it moves through the provisioning process.Deploying this blueprint may take a few minutes.
1. Press the Refresh Data button to refresh the status.2. Monitor the progress until the Status changes to Successful. You may have to
click Refresh Data several times before the request has completed.
HOL-1721-USE-1
Page 118HOL-1721-USE-1
View Your Deployment
Now that the request has been successfully submitted, you'll take a look at the itemsthat were deployed.
1. Navigate to the Items tab2. Expand the Rainpole Wordpress Environment-<UID> item to see the VMs
that were deployed.
Cleaning Up
This concludes Basic Blueprint Authoring. If you plan to continue on to othermodules in this lab, please follow the below steps to ensure there are enoughavailable resources. If you do not plan to do other modules in this lab, you may stopnow.
Destroying Provisioned VMs
To ensure that enough resources are available for the next modules in the lab, we mustclean up the VMs which we have provisioned. To do so:
1. Click the Items tab at the top of the screen2. Select the row for the newly provisioned VM so that it is highlighted.3. Select the Action Menu from the menu bar
HOL-1721-USE-1
Page 119HOL-1721-USE-1
4. Select Destroy5. Click Submit on the dialog which is displayed (not shown)6. Click OK on the Request Submission dialog (not shown)
Repeat these steps for any other deployments you may have requested previously.
HOL-1721-USE-1
Page 120HOL-1721-USE-1
ConclusionNow that you've created your first blueprint, you understand how to use thedesign canvas, configure default settings for blueprint items, publish ablueprint and entitle it by assigning it to a service. In the next module you willlearn how to apply policies and governance to blueprints and catalog items.
HOL-1721-USE-1
Page 121HOL-1721-USE-1
You've finished Module 3
Congratulations on completing Module 3.
If you are looking for additional information on authoring services VMware vRealizeAutomation, try one of these:
• Visit http://bit.ly/29CorNa• Or use your smart device to scan the QRC Code.
Proceed to any module below which interests you most.
• Module 1 - What Can vRealize Automation 7 Do For You?(30 minutes)(Basic) Explore the benefits of vRealize Automation. Putting governance andpolicy based automation around your business processes can dramatically reduceIT delivery overhead and time to market. Learn how vRealize Automation can helptransform your business.
• Module 2 - Intro to Administration(30 minutes) (Basic) Explore the basicadministrative functions of vRealize Automation. You will learn how to create atenant, build administrative user accounts, connect to a domain, and set upvSphere infrastructure for automation.
• Module 3 - Basic Service Authoring(45 minutes) (Basic) Design your firstbasic service in vRealize Automation to see how a Blueprint is built. You will thenexplore provisioning and lifecycle management of your newly created VM.
• Module 4 - Policy Based Lifecycle Management and Governance(30minutes) (Basic) Learn how to use Entitlements to control access to CatalogItems. Then, use Approval Policies to configure business-aligned controls to addfurther governance.
HOL-1721-USE-1
Page 122HOL-1721-USE-1
How to End Lab
To end your lab click on the END button.
HOL-1721-USE-1
Page 123HOL-1721-USE-1
Module 4 - Policy BasedLifecycle Managementand Governance (30
minutes)
HOL-1721-USE-1
Page 124HOL-1721-USE-1
IntroductionIn this module you will assume the role of a Cloud Administrator and explore puttingpolicies and governance in place to manage the lifecycle of the VMs managed byvRealize Automation. This module will take roughly 30 minutes to complete. If you needadditional time to complete this lab, you may click the Extend button at the top of theHands On Labs interface.
This Module contains the following lessons:
• Lease Management• Create and Apply an Approval Policy
HOL-1721-USE-1
Page 125HOL-1721-USE-1
Lease ManagementA blueprint can optionally define a lease duration for machines provisioned from thatblueprint.
If a blueprint does not specify a lease period, machines are provisioned from thatblueprint with no expiration date. If a blueprint specifies a single value for leaseduration, machines are provisioned from that blueprint with an expiration date based onthe blueprint lease duration. The expiration date is calculated from the time of therequest, not from when the machine is provisioned.
If a blueprint specifies a range of possible lease durations, a user can select the desiredlease duration within that range when submitting the machine request. Machinerequests can be subject to approval based on the requested lease duration.
When a machine lease expires, the machine is powered off. When the archive periodexpires, the machine is destroyed. You can reactivate an archived machine by settingthe expiration date to a date in the future to extend its lease, and powering it back on.
You can send notification emails to alert machine owners and business group managersthat a machine's lease is about to expire and again when the lease expires. Users canbe entitled to request a leaseextension at any time before it expires. A business groupmanager or support user can also change the expiration date for a machine after it isprovisioned.
Open a Web Browser
From the desktop, open the Google Chrome web browser. You may use another browserif you wish but this manual will be using Google Chrome.
HOL-1721-USE-1
Page 126HOL-1721-USE-1
Log In
1. Log in using the following credentials
Username: cloudadmin
Password: VMware1!
2. Click Sign in
HOL-1721-USE-1
Page 127HOL-1721-USE-1
Configure Blueprint
Leases and archive times are configured within the blueprints that are deployed byvRealize Automation. In order to change the default lease and archive period you mustedit the blueprint.
1. Navigate to the Design tab2. Select the CentOS 6.6 blueprint3. Click Edit
HOL-1721-USE-1
Page 128HOL-1721-USE-1
Blueprint Properties
The developers at Rainpole Inc. have requested that their initial lease time be extended,and they would also like to have more time to recover the VM should their lease expire.
1. Click the Configure icon (gear)2. Change the Archive (days) field to 153. Increase the Lease (days) field to 104. Click OK5. Click Finish
The archive period will allow the developers to redeploy a blueprint and restore thestate it was in when the lease expired. Once the archive period expires, the deploymentis destroyed.
Switch to DevUser
1. Click Logout to log out of the cloudadmin account.2. Click Go back to login page (not shown)
HOL-1721-USE-1
Page 129HOL-1721-USE-1
Log Back in as Dev User
1. Username: devuser2. Password: VMware1!3. Click Sign in
Begin a New Request
Verify your changes by requesting the blueprint from the Catalog.
1. Navigate to the Catalog tab.
HOL-1721-USE-1
Page 130HOL-1721-USE-1
Service Types
1. Select the Infrastructure service.2. Select: Request on the CentOS 6.6 catalog item.
HOL-1721-USE-1
Page 131HOL-1721-USE-1
Review Lease Settings
1. Note that the default Lease days is 10.2. Click Submit
HOL-1721-USE-1
Page 132HOL-1721-USE-1
Request Submitted
You will now follow your request through the rest of the deployment process.
1. Click OK to proceed, and return to the Service Catalog page.2. Once there, select the Requests tab to check on the status of your request.
Verify that the message "The request has been submitted successfully" before movingon. If you receive an error, verify that the Lab Status is "Ready" and try submitting therequest again.
HOL-1721-USE-1
Page 133HOL-1721-USE-1
Review Your Request
This tab will show you the request state as it moves through the provisioning process.The deployment may take a few minutes to complete.
1. Press the Refresh Data button to refresh the status.2. Monitor the progress until the Status changes to Successful. You may have to
click Refresh Data several times before the request has completed.
HOL-1721-USE-1
Page 134HOL-1721-USE-1
Lease Information
Once the request has been completed we'll be able to view the new virtual machineunder Items.
1. Click the Items tab within the portal2. Expand the CentOS 6.6-<UID> item to see the VM that was deployed3. Note that the deployment will expire 10 days from now, and will be destroyed 15
days after that
HOL-1721-USE-1
Page 135HOL-1721-USE-1
Expiring a Lease
When a lease expires, all of the VMs will be powered off and any other resourcesassociated with the deployment will be expired as well.
1. Select the CentOS 6.6-<UID> row. Be careful not to click on the blue text as thiswill take you to the details for the deployment.
2. Click Actions3. Select Expire4. Click Submit (not shown)5. Click OK (not shown)
HOL-1721-USE-1
Page 136HOL-1721-USE-1
Lease Expired
Now that the lease has expired, you will see the Expires column update to today's dateand time. The Destroyed column should show a date 16 days after.
1. You may need to click the Refresh icon a few times for the new dates and timesto appear
HOL-1721-USE-1
Page 137HOL-1721-USE-1
Examine Expired Items
1. Expand the CentOS 6.6-<UID> item2. Select the dev-xx VM
HOL-1721-USE-1
Page 138HOL-1721-USE-1
VM Status
This VM has expired, but the state it was in when the lease expired has been archived.Our only option is to Destroy the VM from this view, but the owner of this VM canmodify the lease and restore the VM back to its previous state.
1. Scroll to the bottom of the pane2. Click Close (not shown)
HOL-1721-USE-1
Page 139HOL-1721-USE-1
Extending the Lease
1. Select the row for the new CentOS 6.6-<UID> deployment. Be careful not toclick on the blue text as this will take you to the details for the deployment.
2. Click the Actions drop-down button in the toolbar3. From the list that appears, select Change Lease
Change Lease Properties
A new window will appear asking for parameters around the Lease Extension. Completethe form as follows:
1. Expiration Date: Set to: 1st of next calendar month (using US date format -mm/dd/yyyy)
2. Enter 12:00am in the time field3. Select Submit4. Click OK (not pictured)
HOL-1721-USE-1
Page 140HOL-1721-USE-1
Lease Restored
Note the new Expires date and Destroyed date. The owner of this deployment willnow have access to their VMs and no data will have been lost.
Log Out
1. Click Logout2. Click Return to login screen (not shown)
HOL-1721-USE-1
Page 141HOL-1721-USE-1
Create and Apply an Approval PolicyAn approval policy is used to govern whether a service catalog user needs approvalfrom someone in your organization to provision items in your environment.
A tenant administrator or approval administrator can create approval policies. Thepolicies can be for pre-provisioning or post-provisioning. If a pre-approval is configured,then the request must be approved before the request is provisioned. If it is apost-approval, the request must be approved before the provisioned item is released tothe requesting user.
The policies are applied to items in an entitlement. You can apply them to services,catalog items, catalog item components, or actions that require an approver to approveor reject a provisioning request.
When a service catalog user requests an item that includes one or more approvalpolicies, the approval request is sent to the approvers. If approved, the request movesforward. If rejected, the request is canceled and the service catalog user is notifiedregarding the rejection.
HOL-1721-USE-1
Page 142HOL-1721-USE-1
Log In
1. Log in using the following credentials
Username: cloudadmin
Password: VMware1!
2. Click Sign in
HOL-1721-USE-1
Page 143HOL-1721-USE-1
Manage Approval Policies
The IT management at Rainpole Inc. have stipulated that any requests asking for morethan 1 CPU, must be approved by the IT Manager. You will use vRealize Automation toput this policy in place.
1. Navigate to the Administration tab2. Select Approval Policies3. Click New
HOL-1721-USE-1
Page 144HOL-1721-USE-1
Select Approval Policy Type
You will need to apply this policy to the VMs being deployed within a catalog itemrequest.
1. Scroll down until you see Service Catalog - Catalog Item Request - VirtualMachine
2. Select the Service Catalog - Catalog Item Request - Virtual Machine row3. Click OK
HOL-1721-USE-1
Page 145HOL-1721-USE-1
Approval Policy Configuration
1. Enter VM Memory Approval in the Name field2. Change the Status from Draft to Active3. Click the green + to add a new approval level to this policy
HOL-1721-USE-1
Page 146HOL-1721-USE-1
Pre-Approval Level
1. Enter MemoryExceeds 1024 in the Name field2. Select Required based on conditions3. Select Memory (MB) from the Clause drop-down menu4. Select > from the next drop-down menu that appears5. Enter 1024 in the field provided in the Value drop-down
HOL-1721-USE-1
Page 147HOL-1721-USE-1
Pre-Approval Level (cont.)
1. Scroll to the right2. Select Specific users and groups under Approvers3. Type itmgr in the search bar and press enter4. Select IT Manager ([email protected]) (not shown)5. Select Anyone can approve6. Click OK (you may need to scroll down in order to see the button)
HOL-1721-USE-1
Page 148HOL-1721-USE-1
Finalize The Policy
Click OK to finalize your new approval policy.
HOL-1721-USE-1
Page 149HOL-1721-USE-1
Apply The Approval Policy
The approval policy you've just created needs to be directly applied to a catalog item.
1. Navigate to Catalog Management
HOL-1721-USE-1
Page 150HOL-1721-USE-1
Change Entitlements
1. Select Entitlements2. Click on Development
HOL-1721-USE-1
Page 151HOL-1721-USE-1
Items and Approvals
1. Navigate to the Items & Approvals tab2. Add a new Entitled Item by clicking on the green +
HOL-1721-USE-1
Page 152HOL-1721-USE-1
Choose Item and Apply Policy
1. Select the Windows Server 2012 item2. Click Show all to show available Approval Policies3. Select VM Memory Approval [Service Catalog - Catalog Item Request -
Virtual Machine] from the drop-down menu4. Click OK5. Click Finish (not shown)
HOL-1721-USE-1
Page 153HOL-1721-USE-1
Log Out
Now that the Approval Policy has been applied to the catalog item, log out of thecloudadmin user so you can test the new policy.
1. Click Logout2. Click Go back to login page (not shown)
Log in as Dev User
1. Username: devuser2. Password: VMware1!3. Click Sign in
HOL-1721-USE-1
Page 154HOL-1721-USE-1
Request Blueprint
1. Navigate to the Catalog tab2. Select Infrastructure3. Click Request on the Windows Server 2012 blueprint
HOL-1721-USE-1
Page 155HOL-1721-USE-1
New Request
1. In the Description field type Memory approval policy test2. In the Reason for request field type Testing new approval policy3. Select the Windows2012 VM item
HOL-1721-USE-1
Page 156HOL-1721-USE-1
Change Memory Values
1. Change the Memory (MB) value to 20482. Click Submit3. Click OK (not shown)
HOL-1721-USE-1
Page 157HOL-1721-USE-1
Review Request
1. Navigate to the Requests tab2. Note that the request is now Pending Approval. Your view may look different
depending on the number of modules you've completed during this session.
Log Out
1. Click Logout2. Click Return to the login page (not shown)
HOL-1721-USE-1
Page 158HOL-1721-USE-1
Log in as IT Manager
1. Username: itmgr2. Password: VMware1!3. Click Sign in
HOL-1721-USE-1
Page 159HOL-1721-USE-1
Check Inbox
1. Navigate to the Inbox tab2. Click the Approval Number for the new request
HOL-1721-USE-1
Page 160HOL-1721-USE-1
Approve the Request
1. In the Justification field type Approved2. Click Approve
Log Out
1. Click Logout2. Click Return to the login page (not shown)
Log in as Dev User
1. Username: devuser2. Password: VMware1!
HOL-1721-USE-1
Page 161HOL-1721-USE-1
3. Click Sign in
HOL-1721-USE-1
Page 162HOL-1721-USE-1
Review Request
1. Navigate to the Requests tab2. Refresh the status using the Refresh button at the bottom3. Note that the request status is now Successful (you may need to repeat step 2 a
few times before the status changes)
HOL-1721-USE-1
Page 163HOL-1721-USE-1
ConclusionCongratulations! You've completed HOL-1721-USE1! You should now have abasic understanding of how to consume, create, and manage the self-serviceportal in VMware vRealize Automation. In this last module you exploredputting controls in place that allow your organization to tightly manage theresources that are provisioned, and manage their lifecycles.
HOL-1721-USE-1
Page 164HOL-1721-USE-1
You've finished Module 4
Congratulations on completing Module 4.
If you are looking for additional information on policy based governance and lifecyclemanagement in VMware vRealize Automation, try one of these:
• Visit http://bit.ly/29GBU6m• Or use your smart device to scan the QRC Code.
Proceed to any module below which interests you most.
• Module 1 - What Can vRealize Automation 7 Do For You?(30 minutes)(Basic) Explore the benefits of vRealize Automation. Putting governance andpolicy based automation around your business processes can dramatically reduceIT delivery overhead and time to market. Learn how vRealize Automation can helptransform your business.
• Module 2 - Intro to Administration(30 minutes) (Basic) Explore the basicadministrative functions of vRealize Automation. You will learn how to create atenant, build administrative user accounts, connect to a domain, and set upvSphere infrastructure for automation.
• Module 3 - Basic Service Authoring(45 minutes) (Basic) Design your firstbasic service in vRealize Automation to see how a Blueprint is built. You will thenexplore provisioning and lifecycle management of your newly created VM.
• Module 4 - Policy Based Lifecycle Management and Governance(30minutes) (Basic) Learn how to use Entitlements to control access to CatalogItems. Then, use Approval Policies to configure business-aligned controls to addfurther governance.
HOL-1721-USE-1
Page 165HOL-1721-USE-1
How to End Lab
To end your lab click on the END button.
HOL-1721-USE-1
Page 166HOL-1721-USE-1
ConclusionThank you for participating in the VMware Hands-on Labs. Be sure to visithttp://hol.vmware.com/ to continue your lab experience online.
Lab SKU: HOL-1721-USE-1
Version: 20161024-101354
HOL-1721-USE-1
Page 167HOL-1721-USE-1