Acronyms used:
- vRA = VMware vRealize Automation
- vRO = VMware vRealize Orchestrator
- vROPS = VMware vRealize Operations
I was hit with a shocking realization this past week. During a conversation with a VMware representative about automation and the success that we have found within it, he stated, “You know we could sell the cloud suite license to ten customers and probably two of them would use automation, and maybe one would be successful.”
I bypassed this statement and just moved on for the next couple days, but then a friend asked me how to create a blueprint on how to get started with vRA. I spent a huge amount of my time scrounging the internet for blogs to tell me how to do one thing or another, which is one of the ways I have helped our company be successful. Because of blogs, I found the answers I was looking for. I lost sight of what this blog was suppose to accomplish, which is to help others start. So… Let’s start.
You’ve installed vRA… Now What?
So with a fresh install of vRA, you now have a shell. Nothing is being managed, no domain users are able to login, and no machines are able to be built. It’s kinda a pointless stubb when its first deployed and needs someone to start the setup. During the installation you will stipulate the administrator password. This is your first login. Once you’re in, the screen you’re met with is kinda bleak.
Once your logged in, go to the “Administration” tab and select “Tenants”. You should be met with your default tenant for vRA, so, select it. From here, select “Local Users” and add a new user (Most will just name this account “Admin”).
After the account is created, go to “Administrators” and add your new account as “Tenant Administrators”, and “IaaS Administrators”. 
This will grant the needed access to start utilizing vRA. *BONUS POINTS*: you can configure your incoming and outgoing email servers here. Probably a good idea to do that too.
Fabric Groups are basically what allows resources to be consumed by vRA. It really doesn’t do anything until the Fabric Group is created. So lets do that… first thing to do is create your Fabric Group Endpoint(Basically what resources are to be consumed). Log Out of your “Administrator” account and log into the account you created above. Go to “Infrastructures -> Endpoints -> New ->vsphere”
Now you will see the needed information to create your endpoint. Please note the examples that VMware gives you before you start typing. Many gung-ho automation enthusiasts have lost hair because they didn’t look first. TAKE NOTE** The name you input here, SHOULD MATCH the name you install as your vcenter agent during installation of vRA. If you have forgot that, you can go on the agent box and look at the service. Most will dupe the name of the agent with the service. If it’s not you will get a message “The Vsphere agent does not exist or may not be running“. The correct inputs and test connection should show:
So click “OK”. Now that you have your endpoint we need to create a Fabric Group. On “Infrastructure -> Fabric Groups -> New” you should see your new vCenter ready to be managed:
Configure the name of the group, its administrators and select the resource to manage it. Now we have resources, we have tenant admins. We need users. “Administration ->Directory Management -> Directories -> New” This will allow you to create a new Domain to sync to vRA so user management at the base level is controlled in AD. Custom groups can still be utilized, but in a different way after is pulled in from AD. You can use this over LDAP, IWA, Or Local. You should see the following:
Input the Directory name, and the Sync Connector will default to Master node. Select your search attribute, and your Bind User information(Again Note the defaults VMware puts in the fields before you input your data, as it helps you). Test your connection and now you have a directory. To sync users, Go to the Directory and click “Sync Settings”. From here you will see config tabs for management of the users. Here is an example of syncing the domain users:
Now you have users, and resources. You probably want to give yourself God Rights in this environment(Doesn’t everyone?). From here, logout of your admin account and back in as the default “Administrator” account. Go back to “Tenants -> Default Tenant -> Administrators” Now that you synced yourself in the directory, and you should now be able to add your domain account as “IAAS”, and “Tenant Admins”. Here is an example of how it should look:
After you add your domain accounts here, log in now with your God-Mode Domain Credentials(The new Directory, or Domain, will be available on the login screen). After your in go to “Administration -> Users and Groups -> Search your username”
Select your username and go to the “Add roles to this user” window to the right. Go hog, you earned it.
Now you have god rights, you have all the roles your heart could wish for; you have an endpoint and resources. The next steps are Reservations, Network Profiles, and then Blueprints.
I’m going to try to get things out more often. Sickness has plagued my house, but I’d love to help at least one person learn how automation helps life.
