HOWTO: Deploy the vRealize Orchestrator 6.x Appliance for vRealize Automation

This post is a part of a series of posts for preparation for the VCAP6-CMA Deploy exam.  For the full exam prep resources check here.

In this post we are covering the deployment and configuration of the External vRealize Orchestrator Appliance.

Prerequisite Steps

  • A fully deployed vRealize Automation implementation.

Overview

  1. Deploy the External vRealize Orchestrator Appliance.
  2. Configure NTP Time Servers on the vRealize Orchestrator Appliance.
  3. Configure Authentication to use vRealize Automation Component Registry.
  4. Import the vRealize Automation Plugin.
  5. Run the Add vCAC host Workflow.
  6. Run the Add the IaaS host of a vCAC host Workflow.
  7. Run the Install vCO customizations Workflow.
  8. Configure vRealize Automation to use an External Orchestrator
  9. Create an Orchestrator Endpoint in vRealize Automation.

Step by Step Instructions

Deploying the VMware vRealize Orchestrator Appliance

Note: For anyone who has deployed an OVF/OVA before (such as the vRealize Automation Identity Appliance or the vRealize Automation Appliance) the steps will look very familiar!

Within the VMware vSphere Web Client, right click and select Deploy OVF Template.

Click Browse, navigate to the location of the vRealize Orchestrator OVA, select it and then click Open and then click Next.

Enter the vRealize Orchestrator Appliance name into the the Name text field and then select the Datacentre or folder location to deploy the Appliance.

Click Next.

Select the appropriate cluster, host or resource pool and then click Next.

Click Next.

Click Accept and then Next.

Select the appropriate storage format and location and then click Next.

Choose the correct Port Group from the Destination Network dropdown and click Next.

Check the Enable SSH service in the appliance checkbox (this can be disabled later), enter the FQDN of the Identity Appliance into the Hostname text field, enter (then confirm) the vRO Configuration password in the Enter password and Confirm password text boxes and then enter (then confirm) the root password in the Enter password and Confirm password text boxes.

Click on Networking Properties to expand the options and scroll down to expose the new fields to complete.

Enter the Gateway IP Address into the Default Gateway text box, enter the domain into the Domain Name text box, enter the IP Address(es) of the DNS Server(s) into the DNS text box, enter the Appliance IP Address into the Network 1 IP Address text field and finally add the Netmask into the Network 1 Netmask text field.

Click Next.

Click Finish.

(The vRealize Orchestrator 6.x Appliance will now be deployed.)

Configure NTP Time Servers on the vRealize Orchestrator Appliance

Navigate to the vRealize Orchestrator VAMI interface (https://vro-appliance.fqdn:5480)

Enter root into the User name text box and the password set during the appliance deploy into the Password text box and click Login.

Click Admin.

Click Time Settings.

Click the Use Time Server Option, and enter the address of the NTP server into the Time Server text box and then click Save Settings.

Click Logout user root.

Configure Authentication to use vRealize Automation Component Registry.

Navigate to the vRealize Orchestrator Home Page (https://vro-appliance.fqdn:8281)

Click on Start Orchestrator Client, download and open the file.

Enter the FQDN of the vRO Appliance into the Host Name (https://vro-appliance.fqdn:8281) text box, enter vcoadmin into the User name and Password text box and click Login.

Click Ignore.

Navigate to Library > Configuration > Authentication and select the Cafe and run the Register Orchestrator in vRealize Automation component registry workflow.

Click Run.

Enter the FQDN of the vRealize Automation Appliance or Load Balancer (https://vra-appliance.fqdn/component-registry) and click Next.

Enter administrator@vsphere.local into the Single Sign-On administrator user text box and enter the password into the Single Sign-On administrator password text box and click Next.

Enter the vRealize Orchestrator Administrator group name into the text box and click Submit.

Click Next.

Click Next.

Select Yes and then Submit.

Click Next.

Select Yes and then click Submit.

Import the vRealize Automation vRO Plugin

Navigate to the vRealize Orchestrator Configurator Homepage (https://vro-appliance.fqdn:8283/vco-config).

Enter vmware into the Username text box and enter the password configured as part of the deployment process into the Password text box and then click Login.

Click Plug-ins.

Click Upload and install then navigate to the plugin and click Open.

Click I accept the terms of the License Agreement.

Click Apply Changes.

Click Startup Options.

Click Restart Service.

Note: If you have more than one vRO node you will need to install the same plugins on each node.

Run the Add vCAC host Workflow

As part of the configuration of vRO to use the vRA Component Registry, a vCAC host for the Default Tenant would have already been added.  This is using Per User Session authentication (which is where the currently logged in user credentials are used to run any workflows against the tenant). If you want to use Shared Session authentication (which is where a nominated “service” account runs all workflows for that vCAC host) then we need to add the vCAC host again for each Tenant.

Open the vRealize Orchestrator Client.

Enter the FQDN of the vRO Appliance into the Host Name (https://vro-appliance.fqdn:8281) text box, enter the credentials of a user with vRO Admin rights into the User name and Password text box and click Login.

Note: As part of the component registry workflow above we configured an AD Group to be the VRO Admins.

Click Ignore.

Click Workflows then navigate to Library > vCloud Automation Center > Configuration.

Select the Add a vCAC host workflow and click Start workflow…

Enter a unique identifier into the Host Name text box, the vRealize Orchestrator FQDN (either VIP for clustered or appliance for simple) into the Host URL text box, select Yes for Automatically install SSL certificates option.

Click Next.

Ensure that Share Session is selected from the Session mode drop down, enter the name of the Tenant into the Tenant text box, along with the authentication username of and the password into their respective text boxes.

Click Submit.

To confirm this has worked, click Inventory and then expand vCloud Automation Center and select the vCAC host you have just added to check it is Shared Session authentication.

These steps should be completed for all Tenants.

Run the Add the IaaS host of a vCAC host Workflow

Open the vRealize Orchestrator Client.

Enter the FQDN of the vRO Appliance into the Host Name (https://vro-appliance.fqdn:8281) text box, enter the credentials of a user with vRO Admin rights into the User name and Password text box and click Login.

Note: As part of the component registry workflow above we configured an AD Group to be the VRO Admins.

Click Ignore.

Click Workflows then navigate to Library > vCloud Automation Center > Configuration.

Select Add the IaaS host of a vCAC host and click Start Workflow…

Click Not Set.

Select the target tenant and click Select.

Click Next.

click Next.

Select Shared Session from the Session mode drop down, enter the user name and password of a user with Administrative privileges to the IaaS Manager Service.

Note: Do not use username@domain or domian\username notation, just enter the username.  In my homelab, I’m a vRO Service Account I have created.

Click Next.

Update the Domain for NTLM authentication text box to reflect the NETBIOS name of the domain for the previously specified user.

Click Submit.

Run the Install vCO customizations Workflow.

Open the vRealize Orchestrator Client.

Enter the FQDN of the vRO Appliance into the Host Name (https://vro-appliance.fqdn:8281) text box, enter the credentials of a user with vRO Admin rights into the User name and Password text box and click Login.

Note: As part of the component registry workflow above we configured an AD Group to be the VRO Admins.

Click Ignore.

Click Workflows then navigate to Library > vCloud Automation Center > Infrastructure Administration > Installation.

Select the Install vCO Customization workflow and click Start Workflow…

Click Not Set.

Select the target IaaS host and click Select.

Click Next.

Select which lifecycle stages you want to be able to add custom logic to (or leave as default = all selected), click Next.

Enter 1 into the Number of menu operations and their workflows text box and click Submit.

Configure vRealize Automation to use an External Orchestrator

In this section we’ll be configuring the external vRealize Orchestrator Appliance as the system wide Orchestrator instance.  If the embedded Orchestrator is configured you can also decide to leave that for the Default Tenant and override that configuration on a Tenant by Tenant basis.

Log into the VMware vRealize Automation Default Tenant as the System Administrator (administrator@vsphere.local).

Click Orchestrator Configuration > Server Configuration.

Select Use an external Orchestrator server option.

Enter a name for this Orchestrator instance into the Name text box, enter the FQDN of the vRealize Orchestrator into the Host text box, enter 8281 (default port) into the Port text box and then click Test Connection.

Click Update.

At the Delete Endpoints dialog, click OK.

Note: If needed you can also change the default folder for Orchestrator workflows by clicking Default Orchestrator Folder and changing the folder for each tenant.

Create an Orchestrator Endpoint in vRealize Automation

Log into the VMware vRealize Automation Default Tenant as the Infrastructure Administrator.

Click Infrastructure > Endpoints > Endpoints

Click New Endpoint > Orchestration > vCenter Orchestrator

Enter a name for the new Orchestrator Endpoint into the Name text box, enter https://vro-appliance.fqdn:8281/vco into the Address text box and then click

Click New Credentials.

Enter the friendly name for the credentials into the Name text box, the username (in name@domain format) into the User Name text box and the password  into the Password text box and click Save.

Note: The credentials you use should have Execute permissions for any vRealize Orchestrator workflows to call from IaaS.

Click OK.

Add the VMware.VCenterOrchestrator.Priority custom property with a priority of 1 (or whatever priority you wish to give) and click Save.

Click OK.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.