

Search This Blog

Saturday, August 25, 2018

vRealize Automation 7.x User Roles Overview

vRealize Automation 7.x User Roles Overview

Roles consist of a set of privileges that can be associated with users to determine what tasks they can perform. Based on their responsibilities, individuals might have one or more roles associated with their user account.

All user roles are assigned within the context of a specific tenant. However, some roles in the default tenant can manage system-wide configuration that applies to multiple tenants.

System-Wide Role Overview

System-wide roles are typically assigned to an IT system administrator. In some organizations, the IaaS administrator role might be the responsibility of a cloud administrator

System Administrator

The system administrator is typically the person who installs vRealize Automation and is responsible for ensuring its availability for other users. The system administrator creates tenants and manages system-wide configuration such as system defaults for branding and notification providers. This role is also responsible for monitoring system logs.

In a single-tenant deployment, the same person might also act as the tenant administrator.

IaaS Administrator

IaaS administrators manage cloud, virtual, networking, and storage infrastructure at the system level, creating and managing endpoints and credentials, and monitoring IaaS logs. IaaS administrators organize infrastructure into tenant-level fabric groups, appointing the fabric administrators who are responsible for allocating resources within each tenant through reservations and reservation, storage, and networking policies.

System-Wide Roles and Responsibilities

Users with system-wide roles manage configurations that can apply to multiple tenants. The system administrator is only present in the default tenant, but you can assign IaaS administrators to any tenant. 

How Assigned
System Administrator
  • Create tenants.
  • Configure tenant identity stores.
  • Assign IaaS administrator role.
  • Assign tenant administrator role.
  • Configure system default branding.
  • Configure system default notification providers.
  • Monitor system event logs, not including IaaS logs.
  • Configure the vRealize Orchestrator server for use with XaaS.
  • Create and manage (view, edit, and delete) reservations across tenants if also a fabric administrator.
Built-in administrator credentials are specified when configuring single sign-on.
IaaS Administrator
  • Configure IaaS features, global properties.
  • Create and manage fabric groups.
  • Create and manage endpoints.
  • Manage endpoint credentials.
  • Configure proxy agents.
  • Manage Amazon AWS instance types.
  • Monitor IaaS-specific logs.
  • Create and manage (view, edit, and delete) reservations across tenants if also a fabric administrator.
The system administrator designates the IaaS administrator when configuring a tenant.

Tenant Role Overview 

Tenant roles typically have responsibilities that are limited to a specific tenant and cannot affect other tenants in the system 

Tenant Role Overview
Tenant Administrator
Typically a line-of-business administrator, business manager, or IT administrator who is responsible for a tenant. Tenant administrators configure vRealize Automation for the needs of their organizations. They are responsible for user and group management, tenant branding and notifications, and business policies such as approvals and entitlements. They also track resource usage by all users within the tenant and initiate reclamation requests for virtual machines.
Fabric Administrator
Manages physical machines and compute resources assigned to their fabric groups and creates and manages the reservations and policies associated with those resources within the scope of their tenant. They also manage property groups, machine prefixes, and the property dictionary that are used across all tenants and business groups.
If you add the fabric administrator role to a system-wide role such as IaaS administrator or system administrator, the fabric administrator can create reservations for any tenant, not just their own.
Blueprint Architects
Umbrella term for the individuals who are responsible for creating blueprint components and assembling the blueprints that define catalog items for consumers to request from the service catalog. These roles are typically assigned to individuals in the IT department, such as architects or analysts.
Catalog Administrator
Creates and manages catalog services and manages the placement of catalog items into services.
Approval Administrator
Defines approval policies. These policies can be applied to catalog requests through entitlements that a tenant administrator or business group manager manage.
Any user of vRealize Automation, for example, a line manager, finance manager, or project manager, can be designated as an approver as part of an approval policy.
Business Group Manager
Manages one or more business groups. Typically a line manager or project manager. Business group managers entitlements for their groups in the service catalog. They can request and manage items on behalf of users in their groups.
Support User
A role in a business group. Support users can request and manage catalog items on behalf of other members of their groups.
Business User
Any user in the system can be a consumer of IT services. Users can request catalog items from the service catalog and manage their provisioned resources.
Health Consumer
Any user of vRealize Automation, for example, a line manager, finance manager, or project manager, can be designated as a Health Consumer with read-only privileges for Health Service reports.

Tenant Roles and Responsibilities in vRealize Automation

You can assign tenant roles to users in any tenant. The roles have responsibilities that are specific to that tenant.

Tenant Roles and Responsibilities

How Assigned
Tenant administrator
  • Customize tenant branding.
  • Manage tenant identity stores.
  • Manage user and group roles.
  • Create custom groups.
  • Manage notification providers.
  • Enable notification scenarios for tenant users.
  • Configure vRealize Orchestrator servers, plug-ins and workflows for XaaS.
  • Create and manage catalog services.
  • Manage catalog items.
  • Manage actions.
  • Create and manage entitlements.
  • Create and manage approval policies.
  • Monitor tenant machines and send reclamation requests.
The system administrator designates a tenant administrator when creating a tenant. Tenant administrators can assign the role to other users in their tenant at any time from the Administration tab.
Fabric administrator
  • Manage property groups.
  • Manage compute resources.
  • Manage network profiles.
  • Manage Amazon EBS volumes and key pairs.
  • Manage machine prefixes.
  • Manage property dictionary.
  • Create and manage reservations and reservation policies in their own tenant.
  • If this role is added to a user with IaaS administrator or system administrator privileges, the user can create and manage reservations and reservation policies in any tenant.
The IaaS administrator designates the fabric administrator when creating or editing fabric groups.
Application architect
To successfully add software components to the design canvas, you must also have business group member, business group administrator, or tenant administrator role access to the target catalog.
  • Assemble and manage composite blueprints.
Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.
Infrastructure architect
To successfully add software components to the design canvas, you must also have business group member, business group administrator, or tenant administrator role access to the target catalog.
  • Create and manage infrastructure blueprint components.
  • Assemble and manage composite blueprints.
Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.
XaaS architect
  • Define custom resource types.
  • Create and publish XaaS blueprints.
  • Create and manage resource mappings.
  • Create and publish resource actions.
Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.
Software architect
To successfully add software components to the design canvas, you must also have business group member, business group administrator, or tenant administrator role access to the target catalog.
  • Create and manage software blueprint components.
  • Assemble and manage composite blueprints.
Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.
Container architect
  • Add, edit, and remove container components in a blueprint by using options on the Design tab.
  • Add, edit, and remove container network components in a blueprint by using options on the Design tab.
Tenant administrators can assign this role to users and groups in their tenant at any time from the Administration tab.
Container administrator
Use all available options in the Containers tab, including the following tasks:
  • Configure container hosts, placements, and registries
  • Configure container network settings
  • Create container templates
Tenant administrators can assign this role to users and groups in their tenant at any time from the Administration tab.
Catalog administrator
  • Create and manage catalog services.
  • Manage catalog items.
  • Assign icons to actions.
Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.
Business group manager
  • Add and delete users within the business group.
  • Assign support user roles to users in the business group.
  • Create and manage entitlements for the business group.
  • Request and manage items on behalf of a user in the business group.
  • Assign approval policies for the business group.
  • Monitor resource usage in a business group.
  • Change machine owner.
The tenant administrator designates the business group manager when creating or editing business groups.
Shared access user
  • Use and run actions on the resources that other business group members deploy.
  • Cannot initiate a provisioning request.
The tenant administrator designates the shared access users when creating or editing business groups.
Approval administrator
  • Create and manage approval policies.
Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.
  • Approve service catalog requests, including provisioning requests or any resource actions.
The tenant administrator or approval administrator creates approval policies and designates the approvers for each policy.
Support user
  • Request and manage service catalog items on behalf of the other members of the business group
  • Change machine owner.
The tenant administrator designates the support user when creating or editing business groups.
Business user
  • Request service catalog items to which they are entitled.
  • Manage their provisioned resources.
The tenant administrator designates the business users who can consume IT services when creating or editing business groups.
Health Consumer
  • Can view test results.
  • Cannot configure, edit, or delete a test.
The IaaS administrator designates privilege to any role..
Security administrator
  • Create a message board whitelist.
Tenant administrators can assign this role to users in their tenant at any time from the Administration tab.

Wednesday, August 22, 2018

Install and Configure vRealize Suite Lifecycle Manager 1.2 part 2

 Install and Configure vRealize Suite Lifecycle Manager 1.2 part 2

I have described  about vRealize Suite Lifecycle Manager 1.2 installation in my Previous blog 

Now we are going to configure vRealize Suite Lifecycle Manager 1.2

Log In to vRealize Suite Lifecycle Manager

Log in to the vRealize Suite Lifecycle Manager UI to create and manage cloud environments with vRealize Suite Lifecycle Manager. 


 Use a supported Web browser to connect to your vRealize Suite Lifecycle Manager appliance by using the appliance's IP address.

https://IP address/vrlcm

2 Enter the administrator user name.
3 Enter the default administrator
password. vmware
4 Click Log 

If you are logging in to vRealize Suite Lifecycle Manager for the first time, reset the root password. Configure a new administrator password and other vRealize Suite Lifecycle Manager settings, such as and SSH settings and configuration drift interval. 
Configuring vRealize Suite Lifecycle Manager Common Settings
You can modify settings for vRealize Suite Lifecycle Manager, such as passwords, SSH settings, and configuration drift interval. 

The first time you view the common configuration page, you must provide data for all available settings to save any settings. 

Change vRealize Suite Lifecycle Manager Passwords 
 1 Click Settings and click the System Settings tab.
 2 Type new passwords for root, administrator, and SSH users.
vRealize Suite Lifecycle Manager enforces the following password requirements:  Between 8 and 16 characters long
·        At least one uppercase character
·        At least one lowercase character
·        At least one numerical digit
·        At least one special character
3 Click SAVE.
If you changed the administrator password, vRealize Suite Lifecycle Manager logs you out and displays the log in page. Log in with the new administrator password to continue using vRealize Suite Lifecycle Manager.

Change the Configuration Drift Interval
Set the interval of time vRealize Suite Lifecycle Manager uses to collect data for configuration drift reports.
1 Click Settings and click the System Settings tab.
2 Enter the Configuration Drift interval in hours.
3 Click SAVE.

Restart the vRealize Suite Lifecycle Manager Server
You can restart the vRealize Suite Lifecycle Manager server immediately or schedule weekly server restarts.
 1 Click Settings and click the System Settings tab.
2 To restart the server immediately, click RESTART SERVER.
3 To schedule a weekly server restart, select Schedule a restart and select the day of the week and time for the weekly restart.
4 Click SAVE.

Enable or Disable SSH on vRealize Suite Lifecycle Manager

You can enable SSH for troubleshooting purposes.
If content management is enabled, then SSH is enabled automatically and it cannot be disabled. Force disablement of SSH causes malfunction of Content Lifecycle Management functionality. As a best practice, disable SSH in a production environment, and activate it only to troubleshoot problems that you cannot resolve by other means. Leave it enabled only while needed for a specific purpose and in accordance with your organization's security policies.

1 Click Settings and click the System Settings tab.
2 Select SSH Enabled to enable SSH connections or deselect it to disable SSH connections.
3 Click SAVE.

Configure Product Binaries 
Select a Product Binary to use for each vRealize Suite product.
Prerequisites To use an Product Binary downloaded from My VMware, verify that you have registered with My VMware and registered My VMware services with vRealize Suite Lifecycle Manager. See Configure My VMware Settings.
 1 Click Settings and click the Product Binaries tab. 
2 Click Add Product Binaries
3 Select the location type.

Select either Local or NFS to map to a downloaded product binary with products dependent on the product binary location, or select My VMware to map to product binary downloaded from My VMware.
Note   To download product binaries from My VMware, click Product Binaries tab, and click the downloaded arrow under Actions for the Product Binary to download.

4 Enter the location of the Product Binary to use in the Base Location text box, and click Discover
5 Select the Product Binary file from the Product Binary list. 


6 Click Add. 

Add a VMware Identity Manager
You can add an existing VMware Identity Manager or deploy new VMware Identity Manager through vRealize Suite Lifecycle Manager.
Verify that you have an existing VMware Identity Manager version 2.9.2 or 3.2.0 as vRealize Suite Lifecycle Manager supports only these versions.

Click Settings and click the User Management tab
2 Under Authentication Source, select whether to add an existing identity manager or install a new identity manager

Add Existing Identity Manager
·        Click the vIDM Host name, username and password
·        Click ADD ACTIVE DIRECTORY at the bottom of the page and provide active directory details.
·        Enter the Active Directory Domain Name, Base DN, Bind DN username and password.
·        Enter the UserDN and Group DN
·        Select the Sync Nested Group Members option and enter the Suite
·        Click Submit.

Install New Identity Manager
·        Click ADD ACTIVE DIRECTORY at the bottom of the page and provide active directory details.
·        Select an existing data center or click + to add a new data center
·        Click Install.
·        Accept the EULA and provide the Infra and network details.
·        Enter host and IP details, and passwords for root and SSH user.
·        Click Submit and click SAVE to close the wizard.

Configure My VMware Settings
Enter your My VMware user name and password to enable vRealize Suite Lifecycle Manager to download product Binary through My VMware. You can also enter using the proxy server under MyVMware Settings. 
 Click Settings and click the My VMware tab

 2 Enter your My VMware user name and password, and click Submit. After registration, you can download all the required binaries
Enable or Disable Proxy Settings
If you are using a proxy server in your network, you must configure the proxy server in vRealize Suite Lifecycle Manager.

 Click Settings and click the My VMware tab

Toggle Configure Proxy to use a proxy server for vRealize Suite Lifecycle Manager, or deselect it to remove an existing proxy server. ( I do not have proxy server)

If you are enabling proxy, enter the server, port, user name, and password for the proxy server.

Click Submit.

Configure vRealize Suite Lifecycle Manager Logging 
You can configure the level of information vRealize Suite Lifecycle Manager collects in log files and the number of log files for vRealize Suite Lifecycle Manager to keep. 
Click Settings and click the Logs tab
In the Select Log Level drop-down menu, select the level of information vRealize Suite Lifecycle Manager collects in its log files
In the Select Log File Count drop-down menu, select the number of log files for vRealize Suite Lifecycle Manager to keep.

Click Update Log Level
Generate a New Wild Card Certificate
You can generate a new wild card certificate for vRealize Suite products that are deployed in vRealize Suite Lifecycle Manager 
Click Settings and click the Certificate tab.

Enter the Organization name and Unit name. For example, Organizaton name.
Enter the Domain Name and other fields. For example,

Update the certificate settings as necessary, and click Generate Certificate. For passphrase, <CertPassword>
vRealize Suite Lifecycle Manager generates a new Wild card certificate for the specific domain provided by the user.


Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0

Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0 In this post I am going to describe ...