Configure vRealize Automation 7.3 appliance

From Notes_Wiki

Home > VMWare platform > vRealize Automation or VMWare Cloud > Configure vRealize Automation 7.3 appliance

  1. Open vra portal in web browser (eg and click on "vRealize Automation console"
  2. Login as configurationadmin (Created during - create initial content) page
    1. Go to Infrastructure -> Endpoints and add a Virtual -> vSphere (vCenter) endpoint.
    2. Give Name as vCenter. This must match exactly as name given during vra deployment on Agents page.
    3. Example adddress for vcenter is
    4. Give vcenter username administrator@vsphere.local and password.
    5. Click "Test connection".
    6. On Security alert click ok to accept certificate.
    7. After successful test click ok to add endpoint.
    1. Go to Infrastructure -> Fabric Groups.
    2. Create "New Fabric Group". Give desired name eg fabricgroup1 and select configurationadmin as fabric administrator. Click ok to create fabricgroup. Wait for 4-5 minutes and again open created fabric group as edit. Clusters should appear. Select clusters to be managed by vra and click ok.
  5. AD/LDAP INTEGRATION (Optionally)
    1. If you want users and groups to come from AD go to Administrtion -> Directories Management -> Directories.
    2. Choose "Add Directory -> Active Directory over LDAP/IWA".
    3. Use values as follows:
      On "Add directory page":
      Directory Name
      Desired (eg
      Rest all can be left as it is. Typical defaults are:
      "Active Directory over LDAP"
      Sync Connector
      Authentication - Do you want this Connector to also perform authentication?
      Directory Search Attribute
      Base DN
      Desired (Eg cn=users,dc=rnd,dc=com)
      Bind DN
      Desried (Eg cn=administrator,cn=users,dc=rnd,dc=com)
      Bind DN Password
      1. Then click "Test connection to test connection"
      2. If connection is successful click "Save & Next"
    4. On "Select the Domains" page select appropriate domains and click next
    5. On "Map User Attributes" page change only displayName to name. Leave all others as it is and click next.
    6. On "Select the groups (users) you want to sync page:
    7. Click "+" on top right corner.
      1. Type the base DN (eg dc=rnd,dc=com) to find groups to sync by clicking "Find groups" button. The number of groups found would be shown.
      2. We can select all of them or a selected of them to sync. Eg we can select Administrators, Domain Admins, Users and Domain Users.
      3. Click save and click next.
        (To search group dn "dsquery group -name "groupname" can be used on cmd on ad server. To list all groups just use "dsquery group").
    8. On "Select the users you want to sync page":
      1. Leave administrator as it is. Give dn of all AD users to sync.
      2. Member of the selected groups need to be added explicitly. To find dn of users on AD server use: dsquery user dc=rnd,dc=com -name "User readable name"
        (Eg dsquery user dc=example,dc=com -name "firstname lastname"). To list all users use "dsquery user" on AD server. The output might get limited to first 100 users.
      3. Click next once all DNs are added
    9. On "Review page" verify number of users and groups are being reflected. If numbers are different click "Sync Directory". After a file sync would finish and the latest number of users and groups synced would be shown.
    1. Once AD users are added some of them can be made IAAS and tenant administrator. For that login as administrator and add desried AD users as IAAS or Tenant administrator for vsphere.local tenant.
    1. Go to Infrastructure –> Administration –> Machine Prefixes.
    2. Add a new machine-prefix with desired name (eg gbbrnd), number of digits (eg 3) and next number (eg 1).
    3. Finally click green right check button to save.
    1. Go to Administration -> Users and groups -> Business Group.
    2. Add a new business group with desired name (Eg rndbg1), manager email id (eg and click next.
    3. Add various group managers (Can manage BG users), support users (Can request items on behalf of other users), shared access role (Can access resources deployed by other users) and user.
    4. After adding various users into various roles click next.
      Remember to add configurationadmin as Manager for this businessgroup.
    5. Select "Machine Prefix" created earlier
    6. Click "Finish" to complete creating Business Group.
    1. Go to Infrastructure –> Reservations -> Reservations.
    2. Click New -> vSphere (vCenter) to add new reservation.
    3. Choose appropriate values such as:
      • Under General:
      Business group
      Enable this reservation
      • Under Resources:
      Compute Resource
      Machine quota
      Leave unlimited
      Desried number (We can give large number than current memory for overprovision)
      Select only storages that are available to entire cluster selected under compute resource.
      Do not select Local datastores. Give reservation. The value can be larger than current total for overprovision/future use also.
      Resource Pool
      Leave blank
      • Under Network:
      Select Networks that allowed as part of this BG. If network profile is not created so far then option wont appear for selecting network profile for the selected networks. In this case the networks must have external DHCP for IP address assignment and vra will not manage the IPs for the corresponding networks. This is useful when migrating from one stack to VMWare and we want to keep the IPs same. In BlueField deployments we can create network profiles and let vra manage the IPs for us.
    4. Leave properties and alerts as it is. Click ok to complete creating the reservation.
    1. Go to Administration tab –> Catalog Management –> Services.
    2. Create a new service with desired name (Eg Suse). Other optional items can also be selected. Click ok to create service.
    1. By default even Tenant and IAAS administrators have limited options and cannot access Design page to create Blueprints. To give various users "Super administrator" permissions go to Administration -> Users and Groups -> Custom Groups.
    2. Create New group with desired name (Eg super administrator) and select desired roles (Eg all) and click next.
    3. Add various tenant and IAAS administrator or other desired users to this group and click ok.
    4. Do not forget to add "configurationadmin" to this group else configurationadmin also wont be able to publish blueprints.

This is enough as part of one time configuration. Now opertionally create Blueprints, Entitlements, Add blueprints to existing or new services and deploy some blueprints.


Home > VMWare platform > vRealize Automation or VMWare Cloud > Configure vRealize Automation 7.3 appliance