views

Search This Blog

Thursday, April 16, 2020

Set up vRealize Automation 8.1 Multi-tenancy



In this post we will learn how to  set up multi-organization tenancy for vRealize Automation 8.1using Lifecycle ManagervRealize Suite Lifecycle Manager.

vRealize Automation (vRA) 8.1, Vmware is offering support for dedicated infrastructure multitenancy.  This capability is enabled as a separate process in vRealize Suite Lifecycle Manager (LCM) once vRA is installed and configured.  There is no requirement to enable tenancy.  If tenancy is disabled, vRA 8.1 will operate exactly in the same way as 8.0 in terms of access and authorization.  Organisations can choose whether or not to enable tenancy based on the their need for the logical isolation provided by multi-tenancy














Enabling tenancy creates a new Provider organization.  The Provider Admin can create new tenants, add tenant admins, setup directory synchronization, and add users.  Tenant admins can also control directory synchronization for their tenant and will grant users access to services within their tenant.  Additionally, tenant admins will configure Policies, Governance, Cloud Zones, Profiles, access to content and provisioned resources; within their tenant.  A single shared SDDC or separate SDDCs can be used among tenants depending on available resources.  In addition to their other privileges, Provider Admins can also act as Tenant Admins.

Before enabling tenancy, there are a number of prerequisites.

The following is a high level description of the procedure to set up multi-tenancy for vRealize Automation including configuring DNS and certificates. 

Prerequisites
Install and configure Workspace ONE Accessversion 3.3.2.
Install and configure vRealize Suite Lifecycle Manager version 8.1

Procedure:

1- Create the required A and CNAME Type DNS records.























For single node deployments, the vRealize Automation FQDN points to the vRealize Automation appliance, and the Workspace ONE Access FQDN points to the Workspace ONE Access appliance.
For cluster deployments, both the Workspace ONE Access and vRealize Automation tenant-based FQDNs must point to their respective load balancers. Workspace ONE Access is configured with SSL Termination, so the certificate is applied on both the Workspace ONE Access cluster and load balancer. The vRealize Automation load balancer uses SSL passthrough, so the certificate is applied only on the vRealize Automation cluster.

2- Create or import the required multi-domain (SAN) certificates for both Workspace One 3.3.2 and vRA 8.1

You can create certificates in Lifecycle Manager using the Locker service that enables you to create certificates licenses, and passwords. Alternatively, you can use a CA server or some other mechanism to generate certificates. 

If you need to add or create additional tenants, you must recreate and apply your vRealize Automation and Workspace ONE Access tenants.









After you create your certificates, you can apply then with in Lifecycle Manager using the Lifecycle Operations feature. 












You must select the environment and product and then the Replace Certificate option on the righthand menu. 













Then you can select the product. When you replace a certificate, you must re-trust all associated products in your environment.














You must wait for the certificate to be applied and all services to restart before proceeding to the next step. (VIDM)





3- Apply the Workspace One SAN certificate on the Workspace ONE Access instance or cluster.





4- In vRealize Suite Lifecycle Manager 8.1, run the Enable Tenancy wizard to enable mult-tenancy and create an alias for the default master tenant.












5- Enabling tenancy requires that you create an alias for the provider organization master tenant or default tenant. After you enable tenancy, you can access Workspace ONE Access via the master tenant FQDN. 

















6- Apply the vRA SAN certificates on the vRealize Automation instance or cluster. 
You can apply SAN certificates through the Lifecycle Manager Lifecycle Operations service. You need to view the details of the environment and then select Replace Certificates on the right menu. You must wait for the certificate replacement task to complete before adding tenants. As part of certificate replacement, vRealize Automation services will restart. 


















7- In Lifecycle Manager, run the Add Tenants wizard to configure the desired tenants.




You add tenants using the Lifecycle Manager Tenant Management page located under Identity and Tenant Management. You can only add tenants for which you have previously configured certificates and DNS settings.
When creating a tenant, you must designate a tenant administrator














you can select the Active Directory connections for this tenant. 














You must also select product or product instance to which the tenant will be associated.











You need to run precheck validation to validate prerequisite.













Note - If you do not meet prerequisite then you will get error during precheck task . In my case DNS entry mapping was missing for VIDM and vRA.











Once Validation done then you need to click on create tenant















Now Time to monitor requests to get create new tenant for us.  









Tenant is created successfully and ready for test first time in vRA8.1








we are able to login on newly created  Tenant with Tenant administrator ID  :)











I hope you enjoy reading this blog as much as I enjoyed writing it. Feel free to share this on social media if it is worth sharing.

9 comments:

  1. Hi Randhir, thank you..
    You have explained very well and this is very useful.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. A delightful reading for anyone who loves reading blogs.
    alpinestars boots

    ReplyDelete
  5. It has been just unfathomably liberal with you to give straightforwardly what precisely numerous people would've promoted for an eBook to wind up making some money for their end, basically given that you could have attempted it in the occasion you needed.
    Business Management Software

    ReplyDelete
  6. This is such a great resource that you are providing and you give it away for free. I love seeing blog that understand the value of providing a quality resource for free. Employee Feedback

    ReplyDelete
  7. I admire this article for the well-researched content and excellent wording. I got so involved in this material that I couldn’t stop reading about vrealize. I am impressed with your work and skill. Thank you so much. oracle fusion scm online training

    ReplyDelete

Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0

Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0 In this post I am going to describe ...