Automation: Getting started with vRealize Automation (Part 2)

In this part two, we have an endpoint with your vcenter, we have a fabric group to consume those resources, now that the infrastructure is prepped, it’s time for the squishy element….those dang humans.

In my previous post, we brought in AD, so users can be utilized from the domain to populate groups. These groups are critical to dividing your resources up, and allowing your users to consume it.

Business Groups

So now that users are a part of the solution, let’s divide them into groups called “Business Groups”. These groups have layered roles that will allow individual group management and resource management. Let’s go through that:

in vRA go to “Administration ->Business Groups” and the green “+ New” sign for new.Screen Shot 2019-06-28 at 7.20.33 PM

From here you will see the set for the group. You can include the name, Description, email for capacity alerts, and custom properties (if this business group ALWAYS has the same properties).Screen Shot 2019-06-28 at 7.23.44 PM

The next page will allow you to select the members of the group. This allows you to disect the group and allow layered rights as needed for the group. Here is a snippet from VMware about the rights:


Group manager role Can create entitlements and assign approval policies for the group.
Support role Can request and manage service catalog items on behalf of the other members of the business group.
Shared access role Can use and run actions on the resources that other business group members deploy.
User role Can request service catalog items to which they are entitled.

Now, create the roles as needed. Here is an example:Screen Shot 2019-06-28 at 7.28.23 PM

Click Next. You will see the settings for a custom name and AD group. Now you can set these dynamically in the blueprints, which is what I prefer, but if the AD OU is always the same for that group, AND the naming is a standard constant(always DC-APP-SRV*** for all servers) you can utilize these fields:Screen Shot 2019-06-28 at 7.30.56 PM

Now you’ve created a business group. It’s time to create reservations. Let’s start with the Reservation Policy.

Reservation Policy

The reservation policy is kind of like a tag. The policy is used in blueprints to simply label a Reservation to be utilized by the policy.  To create one, go to “Infrastructure -> Reservations -> Reservations policy” CLick the “+ New” to add a policy:Screen Shot 2019-06-28 at 7.34.24 PM

Now we have a group and policy, Let’s make our reservation and grant resources to the users.


Reservations are basically what they sound like. They reserve resources for the users to utilize. Once the resources defined in the reservation are exhausted the deployments fail stating “No Resources Available.” Pretty nifty for those that need to put a harness on sprawling server builds. To get to Reservations, Go to “Infrastructure -> Reservations -> Reservations” Click the Screen Shot 2019-06-28 at 7.40.07 PM to see the dropdown of possible endpoints. Of course we only have a center at this point, so select “vSphere(vCenter)” Here is an example of the first tab:Screen Shot 2019-06-28 at 7.43.38 PM

Now go to resources, and here you will see the actual resources in your vCenter. After you select your compute resource(Datacenter), You can set your quota, if you want a hard quota, the amount of Ram for the reservation, and the amount of storage and what storage cluster(I’m using VSAN) to use. Example:Screen Shot 2019-06-28 at 7.45.05 PM

The next tab is all about the network. Here you will set what VLANs are allowed to be used by the group, and also if you have an IPAM solution in a Network Profile, it can be selected here. I have another blog about Networking in vRA here. Here is an example with the VLAN and policy:Screen Shot 2019-06-28 at 7.48.46 PM

The last two tabs(Properties, Alerts) I don’t really use much myself. I can set the alert to notify at specific resource usage but, I don’t normally use them. Maybe I’m a horrible human being? meh…

So now the framework is all in place, you got resources, you got users, but next it’s time to get blueprints!

Automation: Getting started with vRealize Automation (Part 1)

Acronyms used:

  1. vRA = VMware vRealize Automation
  2. vRO = VMware vRealize Orchestrator
  3. vROPS = VMware vRealize Operations

I was hit with a shocking realization this past week. During a conversation with a VMware representative about automation and the success that we have found within it, he stated, “You know we could sell the cloud suite license to ten customers and probably two of them would use automation, and maybe one would be successful.”

I bypassed this statement and just moved on for the next couple days, but then a friend asked me how to create a blueprint on how to get started with vRA. I spent a huge amount of my time scrounging the internet for blogs to tell me how to do one thing or another, which is one of the ways I have helped our company be successful. Because of blogs, I found the answers I was looking for. I lost sight of what this blog was suppose to accomplish, which is to help others start. So… Let’s start.

You’ve installed vRA… Now What?

So with a fresh install of vRA, you now have a shell. Nothing is being managed, no domain users are able to login, and no machines are able to be built. It’s kinda a pointless stubb when its first deployed and needs someone to start the setup. During the installation you will stipulate the administrator password. This is your first login. Once you’re in, the screen you’re met with is kinda bleak.

Once your logged in, go to the “Administration” tab and select “Tenants”. You should be met with your default tenant for vRA, so, select it. From here, select “Local Users” and add a new user (Most will just name this account “Admin”).

Screen Shot 2019-06-22 at 7.58.55 AM
Pay no heed to the 2nd “Administration” Tab to the right, you shouldn’t see this.

After the account is created, go to “Administrators” and add your new account as “Tenant Administrators”, and “IaaS Administrators”. Screen Shot 2019-06-22 at 7.46.59 AMThis will grant the needed access to start utilizing vRA. *BONUS POINTS*: you can configure your incoming and outgoing email servers here. Probably a good idea to do that too.

Fabric Groups are basically what allows resources to be consumed by vRA. It really doesn’t do anything until the Fabric Group is created. So lets do that… first thing to do is create your Fabric Group Endpoint(Basically what resources are to be consumed). Log Out of your “Administrator” account and log into the account you created above. Go to “Infrastructures -> Endpoints -> New ->vsphere”

Screen Shot 2019-06-22 at 7.16.23 AM

Now you will see the needed information to create your endpoint. Please note the examples that VMware gives you before you start typing. Many gung-ho automation enthusiasts have lost hair because they didn’t look first. TAKE NOTE** The name you input here, SHOULD MATCH the name you install as your vcenter agent during installation of vRA. If you have forgot that, you can go on the agent box and look at the service. Most will dupe the name of the agent with the service. If it’s not you will get a message “The Vsphere agent does not exist or may not be running“. The correct inputs and test connection should show:

Screen Shot 2019-06-22 at 7.23.28 AM

So click “OK”. Now that you have your endpoint we need to create a Fabric Group. On “Infrastructure -> Fabric Groups -> New” you should see your new vCenter ready to be managed:Screen Shot 2019-06-22 at 7.27.32 AM

Configure the name of the group, its administrators and select the resource to manage it. Now we have resources, we have tenant admins. We need users. “Administration ->Directory Management -> Directories -> New” This will allow you to create a new Domain to sync to vRA so user management at the base level is controlled in AD. Custom groups can still be utilized, but in a different way after is pulled in from AD. You can use this over LDAP, IWA, Or Local. You should see the following:Screen Shot 2019-06-22 at 7.38.57 AM

Input the Directory name, and the Sync Connector will default to Master node. Select your search attribute, and your Bind User information(Again Note the defaults VMware puts in the fields before you input your data, as it helps you). Test your connection and now you have a directory. To sync users, Go to the Directory and click “Sync Settings”. From here you will see config tabs for management of the users. Here is an example of syncing the domain users:Screen Shot 2019-06-22 at 7.41.59 AM

Now you have users, and resources. You probably want to give yourself God Rights in this environment(Doesn’t everyone?). From here, logout of your admin account and back in as the default “Administrator” account. Go back to “Tenants -> Default Tenant -> Administrators” Now that you synced yourself in the directory, and you should now be able to add your domain account as “IAAS”, and “Tenant Admins”. Here is an example of how it should look:

Screen Shot 2019-06-22 at 7.46.59 AM
vcoadmins is a default built in “Custom Group” for vRO administration.

After you add your domain accounts here, log in now with your God-Mode Domain Credentials(The new Directory, or Domain, will be available on the login screen).  After your in go to “Administration -> Users and Groups -> Search your username”Screen Shot 2019-06-22 at 7.51.05 AM

Select your username and go to the “Add roles to this user” window to the right. Go hog, you earned it.Screen Shot 2019-06-22 at 7.55.39 AM

Now you have god rights, you have all the roles your heart could wish for; you have an endpoint and resources. The next steps are Reservations, Network Profiles, and then Blueprints.

I’m going to try to get things out more often. Sickness has plagued my house, but I’d love to help at least one person learn how automation helps life.

Terraform: The Noob Starts

Terraform. We’ve all heard the following phrase, or, if you haven’t, here ya go;

“Terraform has become the de-facto platform for infrastructure as code in the public cloud.”

Well, guess that means some old dogs need to learn new tricks.

What is Terraform?

The definition pulled straight from the source:

“HashiCorp Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.”

What this means, is you have a document that specifies the blueprint for the deployment, and you can copy-paste the needed preferences, (as well as adjust afterwards which is a total gas.) So upon reading this, it made me immediately want to get into it. Let’s be real, no one likes using the cloud client to migrate your blueprints…it’s just not enjoyable (If you enjoy it, why/how?). This is really something I wanted to look into. And well Then this happened.

WHAT IaC and with vRA…..



Idk what more needs to be said. Sounds cool, looks cool. Lets get to it…

Terraform Install

There are a lot of docs out there for installing Terraform. has some great links itself. Obviously their link for doing the install of linux and windows works well out of the box. But what about Mac? Well, my recent purchase of a Mac to prove to others that I wasn’t a normal windows snob, has driven me to extremes lately. Its just not the same, and WHY DON’T THE DANG WINDOWS CLOSE!

Anywho, I tried to follow the linux installation for Mac. Then I google’d how to get to the elusive /usr/ folder, then I realized I was an idiot, and installed Terraform. Then the path setting was the next thing. I’d set it and try… nope… try to reset it again and try… nope…. I only had about 10 minutes left then God opened the cloudy skies above…


For those that don’t use Homebrew, Here’s Cody De Arkland(anyone with De in the name = De Man).

For a guy that uses the term “dope” a lot. I dig it. So, I typed in “brew install terraform” after installing Homebrew (See link) and life was good again. Did a quick Terraform -version..

Image 5-8-19 at 7.17 PM

VOILA. Good times man… now to start with this whole Terraform configuration thing…