Requirements and prerequisites for vRealize Automation 7.4 Installation

In this blog  I am going to highlights  requirement for vRealize Automation 7.4 Installation .

General Preparation

There are several deployment-wide considerations to be aware of before installing vRealize Automation.

For more about high-level environment requirements, including supported operating system and browser versions, see the vRealize Automation Support Matrix

User Web Browsers

Multiple browser windows and tabs are not supported. vRealize Automation supports one session per user.

VMware Remote Consoles provisioned on vSphere support only a subset of vRealize Automation supported browsers.

Third Party Software

All third-party software should have the latest vendor patches. Third party software includes Microsoft Windows and SQL Server.

Time Synchronization

All vRealize Automation appliances and IaaS Windows servers must synchronize to the same time source. You may use only one of the following sources. Do not mix time sources.

·        The vRealize Automation appliance host

·        One external network time protocol (NTP) server

To use the vRealize Automation appliance host, you must run NTP on the ESXi host. For more about timekeeping, see VMware Knowledge Base article 1318.

You select the time source on the Installation Prerequisites page of the Installation Wizard.

Accounts and Passwords

There are several user accounts and passwords that you might need to create or plan settings for, before installing vRealize Automation.

IaaS Service Account

IaaS installs several Windows services that must run under a single user account.

·        The account must be a domain user.

·        The account does not need to be a domain administrator, but must have local administrator permission, before installation, on all IaaS Windows servers.

·        The account password cannot contain a double quotation mark ( " ) character.

·        The Management Agent installer for IaaS Windows servers prompts you for the account credentials.

·        The account must have Log on as a service permission, which lets the Manager Service start and generate log files.

·        The account must have dbo permission on the IaaS database.

If you use the installer to create the database, add the account login to SQL Server before installation. The installer grants the dbo permission after it creates the database.

·        If you use the installer to create the database, in SQL, add the sysadmin role to the account before installation.

The sysadmin role is not required if you choose to use a pre-existing empty database.

IIS Application Pool Identity

The account you use as the IIS application pool identity for the Model Manager Web service must have Log on as batch job permission.

IaaS Database Credentials

You can let the vRealize Automation installer create the database, or you can create it separately using SQL Server. When the vRealize Automation installer creates the database, the following requirements apply.

·        For the vRealize Automation installer, if you select Windows Authentication, the account that runs the Management Agent on the primary IaaS Web server must have the sysadmin role in SQL to create and alter the size of the database.

·        For the vRealize Automation installer, even if you do not select Windows Authentication, the account that runs the Management Agent on the primary IaaS Web server must have the sysadmin role in SQL because the credentials are used at runtime.

·        If you separately create the database, the Windows user or SQL user credentials that you provide only need dbo permission on the database.

IaaS Database Security Passphrase

The database security passphrase generates an encryption key that protects data in the IaaS SQL database. You specify the security passphrase on the IaaS Host page of the Installation Wizard.

·        Plan to use the same database security passphrase across the entire installation so that each component has the same encryption key.

·        Record the passphrase, because you need the passphrase to restore the database if there is a failure or to add components after initial installation.

·        The database security passphrase cannot contain a double quotation mark ( " ) character. The passphrase is accepted when you create it but causes the installation to fail.

vSphere Endpoints

If you plan to provision to a vSphere endpoint, you need a domain or local account with enough permission to perform operations on the target. The account also needs the appropriate level of permission configured in vRealize Orchestrator.

vRealize Automation Administrator Password

After installation, the vRealize Automation administrator password logs you in to the default tenant. You specify the administrator password on the Single Sign-On page of the Installation Wizard.

The vRealize Automation administrator password cannot contain a trailing equals ( = ) character. The password is accepted when you create it but results in errors later, when you perform operations such as saving endpoints.

Host Names and IP Addresses

vRealize Automation requires that you name the hosts in your installation according to certain requirements.

·        All vRealize Automation machines in your installation must be able to resolve each other by fully qualified domain name (FQDN).

While performing the installation, always enter the complete FQDN when identifying or selecting a vRealize Automation machine. Do not enter IP addresses or short machine names.

·        In addition to the FQDN requirement, Windows machines that host the Model Manager Web service, Manager Service, and Microsoft SQL Server database must be able to resolve each other by Windows Internet Name Service (WINS) name.

Configure your Domain Name System (DNS) to resolve these short WINS host names.

·        Preplan domain and machine naming so that vRealize Automation machine names begin with letters (a–z, A–Z), end with letters or digits (0–9), and have only letters, digits, or hyphens ( - ) in the middle. The underscore character ( _ ) must not appear in the host name or anywhere in the FQDN.

For more information about allowable names, review the host name specifications from the Internet Engineering Task Force. See www.ietf.org.

·        In general, you should expect to keep the host names and FQDNs that you planned for vRealize Automation systems. Changing a host name is not always possible. When a change is possible, it might be a complicated procedure.

·        A best practice is to reserve and use static IP addresses for all vRealize Automation appliances and IaaS Windows servers. vRealize Automation supports DHCP, but static IP addresses are recommended for long-term deployments such as production environments.

o   You apply an IP address to the vRealize Automation appliance during OVF or OVA deployment.

o   For the IaaS Windows servers, you follow the usual operating system process. Set the IP address before installing vRealize Automation IaaS.

Latency and Bandwidth

vRealize Automation supports multiple site, distributed installation, but data transmission speed and volume must meet minimum prerequisites.

vRealize Automation needs an environment of 5 ms or lower network latency, and 1 GB or higher bandwidth, among the following components.

·        vRealize Automation appliance

·        IaaS Web server

·        IaaS Model Manager host

·        IaaS Manager Service host

·        IaaS SQL Server database

·        IaaS DEM Orchestrator

The following component might work at a higher latency site, but the practice is not recommended.

·        IaaS DEM Worker

You may install the following component at the site of the endpoint with which it communicates.

·        IaaS Proxy Agent

vRealize Automation Appliance

Most vRealize Automation appliance requirements are preconfigured in the OVF or OVA that you deploy. The same requirements apply to standalone, master, or replica vRealize Automation appliances.

The minimum virtual machine hardware on which you can deploy is Version 7, or ESX/ESXi 4.x or later. See VMware Knowledge Base article 2007240. Because of the hardware resource demand, do not deploy on VMware Workstation.

After deployment, you might use vSphere to adjust vRealize Automation appliance hardware settings to meet Active Directory requirements. See the following table.

vRealize Automation Appliance Port

IaaS Windows Servers

All Windows servers that host IaaS components must meet certain requirements. Address requirements before you run the vRealize Automation Installation Wizard or the standard Windows-based installer.

Place all IaaS Windows servers on the same domain. Do not use Work groups.

·        Each server needs the following minimum hardware.

o   2 CPUs

o   8 GB memory

o   40 GB disk storage

A server that hosts the SQL database together with IaaS components might need additional hardware.

·        Because of the hardware resource demand, do not deploy on VMware Workstation.

·        Install Microsoft .NET Framework 3.5.

·        Install Microsoft .NET Framework 4.5.2 or later.

A copy of .NET is available from any vRealize Automation appliance:

https://vrealize-automation-appliance-fqdn:5480/installer/

If you use Internet Explorer for the download, verify that Enhanced Security Configuration is disabled. Navigate to res://iesetup.dll/SoftAdmin.htm on the Windows server.

·        Install Microsoft PowerShell 2.0, 3.0, or 4.0, based on your version of Windows.

Note that some vRealize Automation upgrades or migrations might require an older or newer PowerShell version, in addition to the one that you are currently running.

·        If you install more than one IaaS component on the same Windows server, plan to install them to the same installation folder. Do not use different paths.

·        IaaS servers use TLS for authentication, which is enabled by default on some Windows servers.

Some sites disable TLS for security reasons, but you must leave at least one TLS protocol enabled. This version of vRealize Automation supports TLS 1.2.

·        Enable the Distributed Transaction Coordinator (DTC) service. IaaS uses DTC for database transactions and actions such as workflow creation.

Notes.

If you clone a machine to make an IaaS Windows server, install DTC on the clone after cloning. If you clone a machine that already has DTC, its unique identifier is copied to the clone, which causes communication to fail. See Error in Manager Service Communication.

• Also enable DTC on the server that hosts the SQL database, if it is separate from IaaS. For more about DTC enablement, see VMware Knowledge Base article 2038943.

• Verify that the Secondary Log On service is running. If desired, you may stop the service after installation is complete.IaaS Windows Server Ports

IaaS Web Server 

A Windows server that hosts the Web component must meet additional requirements, in addition to those for all IaaS Windows servers.

The requirements are the same, whether or not the Web component hosts the Model Manager.

Configure Java.

1-Install 64-bit Java 1.8 update 161 or later. Do not use 32-bit. 
The JRE is enough. You do not need the full JDK.


2-Set the JAVA_HOME environment variable to the Java installation folder. 


3-Verify that %JAVA_HOME%\bin\java.exe is available. 


Configure Internet Information Services (IIS) according to the following table. 

You need IIS 7.5 for Windows 2008 variants, IIS 8 for Windows 2012, IIS 8.5 for Windows 2012 R2, and IIS 10 for Windows 2016. 

In addition to the configuration settings, avoid hosting additional Web sites in IIS. vRealize Automation sets the binding on its communication port to all unassigned IP addresses, making no additional bindings possible. The default vRealize Automation communication port is 443. 

IaaS Manager Service Host Internet Information Services

IaaS Manager Service Host 

A Windows server that hosts the Manager Service component must meet additional requirements, in addition to those for all IaaS Windows servers. 

The requirements are the same, whether the Manager Service host is a primary or backup.

1-No firewalls can exist between a Manager Service host and DEM host. For port information, see IaaS Windows Server Ports. 

2-The Manager Service host must be able to resolve the NETBIOS name of the SQL Server database host. If it cannot resolve the NETBIOS name, add the SQL Server NETBIOS name to the Manager Service machine /etc/hosts file.

IaaS SQL Server Host 

A Windows server that hosts the IaaS SQL database must meet certain requirements.

Your SQL Server can reside on one of your IaaS Windows servers, or on a separate host. When hosted together with IaaS components, these requirements are in addition to those for all IaaS Windows servers.

1- This release of vRealize Automation does not support the default SQL Server 2016 130 compatibility mode. If you separately create an empty SQL Server 2016 database for use with IaaS, use 100 or 120 compatibility mode.

If you create the database through the vRealize Automation installer, compatibility is already configured.

2- AlwaysOn Availability Group (AAG) is only supported with SQL Server 2016 Enterprise. When you use AAG, you specify the AAG listener FQDN as the SQL Server host.

3- When hosted together with IaaS components, configure Java.

• Install 64-bit Java 1.8 update 161 or later. Do not use 32-bit.

The JRE is enough. You do not need the full JDK.

• Set the JAVA_HOME environment variable to the Java installation folder.

• Verify that %JAVA_HOME%\bin\java.exe is available.

4- Use a supported SQL Server version from the vRealize Automation Support Matrix.

5- Enable TCP/IP protocol for SQL Server

6- SQL Server includes a model database that is the template for all databases created on the SQL instance. For IaaS to install correctly, do not change the model database size.

7- Usually, the server needs more hardware than the minimums described in IaaS Windows Servers.

For more information, see vRealize Automation Hardware Specifications and Capacity Maximums.

8- Before running the vRealize Automation installer, you need to identify accounts and add permissions in SQL. See Accounts and Passwords

IaaS Distributed Execution Manager Host 

Windows server that hosts the Distributed Execution Manager (DEM) Orchestrator or Worker component must meet additional requirements, in addition to those for all IaaS Windows servers. 

No firewalls can exist between a DEM host and Manager Service host. For port information, see  IaaS Windows Server Ports.  

 

DEM Workers might have additional requirements depending on the provisioning resources with which they interact.

A vRealize Automation IaaS DEM Worker that communicates with Amazon Web Services (AWS) must meet additional requirements, in addition to those for all IaaS Windows servers and DEMs in general. DEM Workers with Amazon Web Services

A vRealize Automation IaaS DEM Worker that communicates with and collects data from Openstack or PowerVC must meet additional requirements, in addition to those for all IaaS Windows servers and DEMs in general. DEM Workers with Openstack or PowerVC

A vRealize Automation IaaS DEM Worker that communicates with and collects data from Red Hat Enterprise Virtualization (RHEV) must meet additional requirements, in addition to those for all IaaS Windows servers and DEMs in general. DEM Workers with Red Hat Enterprise Virtualization

A vRealize Automation IaaS DEM Worker that manages virtual machines through System Center Virtual Machine Manager (SCVMM) must meet additional requirements, in addition to those for all IaaS Windows servers and DEMs in general.DEM Workers with SCVMM

Certificates

vRealize Automation uses SSL certificates for secure communication among IaaS components and instances of the vRealize Automation appliance. The appliances and the Windows installation machines exchange these certificates to establish a trusted connection. You can obtain certificates from an internal or external certificate authority, or generate self-signed certificates during the deployment process for each component

 Certificates Information

Thanks!!!!!!!