Вы находитесь на странице: 1из 135

Lab 1 - Installing Licenses and Configuring the Lab Environment

In this lab, you will perform the following tasks:

Log In to the Lab Environment

Verify vCenter Server, Hosts, & NSX Manager Licenses

License vRealize Log Insight and Configure vSphere Integration

Prepare to Deploy Agents

Install the vRealize Log Insight Agent on Critical Infrastructure Servers

License the vRealize Automation System

WARNING: We have seen some intermittent issues where NSX Manager Operating System
halts in a Boot process. For better experience and to prevent occurrence of the
issue, perform below steps after every login.

Open the NSX Manager console.

Verify if the boot process is completed or not. If the process is incomplete,


you can view the Press Enter to Continue message.

Press Enter to continue the boot process.

Task 1: Log In to the Lab Environment

You open a Remote Desktop Protocol connection to the lab environment. After logging
in, you are introduced to the applications used in the labs.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

After you are logged in to the student desktop, you do most of the work with
Internet Explorer and various Web consoles. Other systems might require the use of
either a third remote desktop connection from the student desktop to a lab system
or the use of PuTTY or similar utilities to make an SSH connection into a Linux-
based server.

Task 2: Verify vCenter Server, Hosts, & NSX Manager Licenses

You verify the license for the VMware vCenter Server® system, the VMware ESXi™
hosts, and the VMware NSX® Manager™ system.

Start the Internet Explorer browser and select vSphere Web Client from the
Infrastructure favorites menu.

If you see the There is a problem with this website’s security certificate
message, click Continue to this website (not recommended).

This lab environment uses self-signed certificates. Digital certificates should


be signed by a certificate authority (CA) that the system has a trust relationship
with. Self-signed certificates do not use a trusted CA. You will see warnings about
digital certificates frequently in this lab environment. Ignore these warnings.
Production systems should always use valid digital certificates that were issued by
a trusted CA.

Log in to vsphere.local domain administrator user name


administrator@vsphere.local and the password VMware1!.

In vSphere Web Client, click the Home icon and select Hosts and Clusters.

Confirm that the ESXi hosts are connected to SA Compute-01 and SA Management
cluster.

If the host state is Disconnected, reconnect the ESXi host.

In the left pane, expand the inventory.

If the ESXi hosts are disconnected, right-click each ESXi host and click
Connection > Connect.

In the Reconnect host window, click Yes.

Monitor the tasks in the Recent Tasks pane until all the ESXi hosts are
reconnected.

Confirm that the following virtual machines are running in the SA Management
cluster.

Border-ESG-0

Eng-DLR-0

Fin-DLR-0

NSX_Controller_GUID

RD-DLR-0

If any of these virtual machines are not running power on the virtual machine.

Verify the status of the NSX Controller.

In vSphere Web Client, click the Home icon and select Networking &
Security.

In the left pane, select Installation.

On the Management tab in the right pane, select the single controller that
appears in the lower table.

If the controller status does not show a green check mark, select Update
the Controller State from the Actions menu under NSX Manager.

If the controller status does not show a green check mark, wait for one
minute and repeat the update action.

Verify the status of NSX host Agent.

Click the Host Preparation tab.


If you see the installation status for the cluster “Not Ready” then select
individual clusters, click Actions and select Resolve.

Wait till green check mark appears in Installation status with the agent
version 6.2.0.

Note: Please verify the above information at every login.

Task 3: License vRealize Log Insight and Configure vSphere Integration

You license VMware vRealize® Log Insight™ and confirm that VMware vSphere®
integration is configured.

Integration for vSphere and VMware vRealize® Operations™ is included in the base
vRealize Log Insight system. The vRealize Log Insight server is designed to
integrate with vCenter Server systems and attached ESXi hosts. When you configure
vRealize Log Insight, it modifies the configuration of vCenter Server systems and
ESXi hosts. The modified configuration enables vCenter Server systems to send
Syslog events to a vRealize Log Insight server.

In Internet Explorer, open a new tab and select LogInsight - Web Console from
the vRA favorites menu.

If you see the There is a problem with this website’s security certificate
message, click Continue to this website (not recommended).

Log in to the Log Insight user name admin and the password VMware1!.

License the vRealize Log Insight system.

Licenses

Select Administration from the system drop-down menu, located in the top
menu bar, to the right of the user name.

In the left pane, select License.

In the right pane, click Add New License Key, enter the vRealize Log
Insight license key in the text box, and click Add License Key.

Click the delete icon (red x) to the right of the expired license.

Click Remove.

Configure vSphere integration in the Log Insight administration interface.

Select vSphere under Integration in the left pane of the vRealize Log
Insight administration UI.

vSphere should already be configured with the following settings:

Hostname: sa-vcsa-01.vclass.local

Username: administrator@vsphere.local

Password: VMware1!
Verify that Collect vCenter Server events, tasks, and alarms is selected.

Verify that ESXi hosts to send logs to Log Insight is selected.

Click Test Connection and verify that the test passes.

Click Save and click OK.

Keep Internet Explorer open and connected to the vRealize Log Insight
administration interface.

Task 4: Prepare to Deploy Agents

You download the vRealize Log Insight agent installer.

The construction and application of the agent script is a complex subject that is
beyond the scope of this training. The agent configuration script can be pieced
together using information provided in each content pack. The agent script that you
import was constructed by pasting relevant information from VMware vRealize®
Automation™, Microsoft Active Directory, and the Microsoft SQL Server content
packs.

Select Administration from the vRealize Log Insight system drop-down menu,
located in the top menu bar, to the right of your user name.

In the left pane, click Agents.

In the right pane, click Download Log Insight Agent Version 3.0.0.

Click the Windows MSI (32-bit/64-bit) link and click Save > Save As to save the
file in C:\Materials\Downloads.

Close the download panel.

Do not click Run.

Close the installers list.

Minimize the Internet Explorer browser.

Task 5: Install the vRealize Log Insight Agent on Critical Infrastructure Servers

You install the vRealize Log Insight agent on two critical Windows servers.
vRealize Log Insight can be integrated with every aspect of a deployed vRealize
Automation solution, including integration with authentication and database
servers, and vSphere assets.

You configure vSphere integration (the vRealize Log Insight server is already
receiving events) and upload content packs to extend vRealize Log Insight server
charting and analysis to other systems, including Active Directory servers,
Microsoft SQL Server hosts, and NSX for vSphere systems.

You complete integration of the Active Directory servers and Microsoft SQL Server
hosts by installing a vRealize Log Insight agent on each system. Integration with
most products and systems require the installation of a Windows or Linux agent. The
agent behavior is system dependent and further tuned using the agent configuration
script.

The installation of the Windows agent is simple and fast, taking no more than a
minute to complete.

Use the Remote Desktop Connection Manager in the taskbar to connect to the
DC.vclass.local server.

Double-click the Materials network drive shortcut on the desktop.

Open the Downloads directory.

Right-click the VMware-Log-Insight-Agent windows.msi installation package and


select Install.

Click Run to accept the security warning.

Select I accept the terms in the license agreement and click Next.

Confirm that the host is sa-loginsight-01.vclass.local and click Install.

Click Finish.

Log out of dc.vclass.local

Use the Remote Desktop Connection Manager to connect to the sa-SQLServer-01


server.

Double-click the Materials network drive shortcut on the desktop.

Open the Downloads directory.

Right click the VMware-Log-Insight-Agent windows.msi installation package and


select Install.

Click Run to accept the security warning.

Select I accept the terms in the license agreement and click Next.

Verify that the host is sa-loginsight-01.vclass.local and click Install.

Click Finish.

Log out of sa-SQLServer-01.

Minimize the Remote Desktop Connection Manager.

Return to the vRealize Log Insight Web console in Internet Explorer.

Click Hosts in the left panel.

This action refreshes the console.

Click Agents in the left panel.

Confirm that two agents are listed.

One agent should be connected to dc.vclass.local, and one agent should be


connected to sa-sqlserver-01.vclass.local.
Select Logout from the vRealize Log Insight Admin user drop-down menu.

In Internet Explorer, close the vRealize Log Insight tab.

Task 6: License the vRealize Automation System

You install a license key for vRealize Automation.

Licenses

In Internet Explorer, select vRA Appliance Console from the vRA favorites menu.

If you see the There is a problem with this website’s security certificate
message, click Continue to this website (not recommended).

Log in as root with a password of VMware1!.

Select Licensing.

Enter the new vRealize Automation license key.

Click Submit Key.

Click Logout user root.

In Internet Explorer, close the VMware vRealize Appliance tab.

Lab 2 - Requesting a Service

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Request a Service

Track the Request

Examine the Virtual Machine

Destroy the Virtual Machine

Track the Request

Task 1: Log In to vRealize Automation

Use Internet Explorer from the student desktop to log in to the VMware vRealize®
Automation™ system.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.
If you see the There is a problem with this website’s security certificate
message, click Continue to the website (not recommended).

Log in to vclass.local domain as End user account user name QA-User13 and the
password VMware1!.

Task 2: Request a Service

You request a service from vRealize Automation. vRealize Automation can provide
various kinds of services to users. The most common service is to deploy a virtual
machine. You ask vRealize Automation to deploy a Linux Web server.

Click the Catalog tab.

Click Request in the QA-DB service.


Click to enlarge

Enter a description as Test Deployment.

The description can help you track the purpose of this request.

Enter a reason for the request as Test.

This reason is a justification that would explain to an administrator why you


need a Web server. Most requests are automatically approved and do not require
manual intervention from administrators.

Click Submit.

Click OK.

Task 3: Track the Request

You track the requested service from vRealize Automation. Requests must go through
a process. You deploy and customize a virtual machine from a template through a
cloning operation in VMware vSphere®.

Click the Requests tab.

The request should be the top item in the list. An initial status of In
Progress should appear.

You will see many requests listed that have a Failed status. These requests
involve an Expire operation. Do not be concerned about these requests. These errors
are caused by a problem in an expiration date.

Select the QA-DB request.

Click View Details.

Examine the details of the request

Click the QA-DB virtual machine icon and examine the details.
Click to enlarge

Click the General tab and examine the configuration of the virtual machine.
Click the Storage tab and examine how many hard disks the virtual machine has.

Click OK.

Open a new tab on the Internet Explorer browser.

Select vSphere Web Client from the Infrastructure favorites menu.

If you see the There is a problem with this website’s security certificate
message, click Continue to the website (not recommended).

Log in as administrator@vsphere.local with the password VMware1!.

Click the Home icon and select VMs and Templates.

In the bottom-right corner of the Recent Tasks pane, click More Tasks.

Track the progress of the virtual machine as it is cloned, customized, and


powered on.

Click the refresh icon at the top center of VMware vSphere® Web Client
periodically until you see the Customize virtual machine guest OS task completed
message in the Recent Tasks pane.

Click the vRealize Automation tab in the Internet Explorer browser to return to
the vRealize Automation console.

Click the refresh icon at the bottom of the Requests pane until the status of
the request changes to Successful.

Task 4: Examine the Virtual Machine

The virtual machine is an item in vRealize Automation. After a request is complete,


you have a new item in the console.

Click the Items tab.

The request should be listed in the Deployments list with today’s date in the
Date Created column. The name of the item should begin with the text string QA-DB,
followed by an eight-digit number.

Select the item but do not open it (click to the right of the deployment name
to highlight the line).

Click View Details.

Examine the information and click Close in the lower right of the pane.

Expand the QA-DB-<xxxxxxxx> in the Deployments list.


Click to enlarge

Examine the components that are included with the item.

Record the name of the virtual machine that was deployed.

Click Machines in the left pane.

Select the virtual machine that you deployed.


Click View Details.

Click the Network tab.

Record the primary IP address that is assigned to the virtual machine.

Scroll down and click Close.

Task 5: Destroy the Virtual Machine

You order vRealize Automation to destroy the virtual machine. After an item is no
longer needed, you might be entitled to destroy it. Destroying unneeded items saves
resources.

Click the Items tab.

Click Deployments.

Click to the right of the deployment name to select the item that you deployed.

Verify that this is the item you deployed by checking the Date Created column.

The date shown for this item should match today’s date.

Make sure you have only selected the item you just deployed. Do not destroy any
deployment except the deployment you just created.

Click Actions.

Select Destroy.

Click Submit.

Click OK.

Task 6: Track the Request

You track the requested action from vRealize Automation. Actions such as Destroy
are requests and can be tracked like all other requests.

Track the request to destroy the virtual machine in vSphere Web Client and in
the vRealize Automation console.

When the virtual machine is powered off and deleted, log out of the vRealize
Automation console and vSphere Web Client.

Lab 3 - Exploring the vRealize Automation Architecture

In this lab, you will perform the following tasks:

Log In to vSphere Web Client

Examine vSphere

Examine Other Windows-Based Infrastructure Systems


Examine Other Linux-Based Infrastructure Systems

Task 1: Log In to vSphere Web Client

You use VMware vSphere® Web Client to examine the VMware vSphere® architecture that
will support VMware vRealize® Automation™.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vSphere Web Client from the Infrastructure favorites menu.

If you see a message indicating a problem with the website’s security


certificate, click Continue to this website.

The lab environment uses self-signed certificates. Digital certificates should


be signed by a certificate authority (CA) that the system has a trust relationship
with. Self-signed certificates do not use a trusted CA. You will see warnings about
digital certificates frequently in this lab environment. Ignore them. Production
systems should always use valid digital certificates that were issued by a trusted
CA.

Log in to the VMware vCenter Server™ as user administrator@vsphere.local with


the password VMware1!.

Task 2: Examine vSphere

You examine the vRealize Automation support infrastructure that was preconfigured
in vSphere.

Click the Home icon and select Hosts and Clusters.

Expand SA Datacenter.

You should see two vSphere clusters: SA Compute-01 and SA Management.

vRealize Automation should always have at least two clusters. The first cluster
is a management cluster.

Expand SA Management.

The management cluster is always used to support management systems. Normally,


this management cluster includes database servers, Web servers, email servers, and
any other system that is used to provide infrastructure support for vRealize
Automation. In the lab environment, the SA management cluster is used to provide
resources for VMware NSX® systems. These VMware NSX systems include edge services
gateways and distributed logical routers.

A production management cluster also hosts the following servers:

vRealize Automation appliance servers

VMware vRealize® Orchestrator™ servers


VMware vRealize® Log Insight™ server

VMware NSX® Manager™ server

VMware vRealize® Business™ for Cloud server

vRealize Automation infrastructure-as-a-service (IaaS) servers

Microsoft SQL Server database servers

Email servers

Network load-balancer servers

Most of these systems exist in the lab environment. But due to the limitations
of the lab environment, they are not hosted on the management cluster.

Expand SA Compute-01.

SA Compute-01 is the resource cluster. The resource cluster is where virtual


machines that are deployed by vRealize Automation are hosted. The best practice is
always to keep the management cluster and resource clusters separated. In a
production environment, virtual machines that are deployed by vRealize Automation
should never be deployed on the management cluster.

Click the Home icon and select VMs and Templates.

Expand SA Datacenter.

Expand the VRM folder.

The VRM folder is where vRealize Automation deploys virtual machines. Any
virtual machines in the VRM folder are managed by vRealize Automation. Do not use
vSphere Web Client to manage these machines unless a significant problem occurs in
vRealize Automation.

Scroll down and locate the templates.

The templates are not located in the VRM folder.

vRealize Automation uses virtual machine templates to provision machines with


cloning operations. Templates must be identified by vRealize Automation during a
data collection inventory. If you change a template name or create a new template,
you have to run a new data collection inventory before you can use the template.

Templates start as virtual machines. Each virtual machine is assigned a host


when it is created. For vRealize Automation to use a virtual machine template, the
template must be stored on storage that is visible to the associated vRealize
Automation fabric group. If a virtual machine is moved to a host and storage
combination that is not part of the fabric group, then any template from that
virtual machine will not be available to vRealize Automation, even if the shared
storage is part of the fabric. Both the host and the storage must be part of the
fabric in order for vRealize Automation to use them.

vRealize Automation can use virtual machine snapshots to create linked clones.
The requirement that both the host and the storage combination are part of the
fabric group is not a requirement for snapshots. As long as a snapshot is stored on
shared storage that is visible to the fabric group, which host the parent virtual
machine is assigned to does not matter.
The best practice for production environments is to use clones and templates
instead of snapshots and linked clones.

Click the Home icon and select Storage.

Expand SA Datacenter.

Select the SA-Shared-01 Remote datastore.

The SA-Shared-01 Remote datastore is the storage used by vRealize Automation


for virtual machine deployment. vRealize Automation can use any storage that is
part of a cluster (shared or local) for reservations.

Log out of vSphere web client.

Task 3: Examine Other Windows-Based Infrastructure Systems

You examine the other Windows-based infrastructure servers that will support
vRealize Automation in the lab environment.

Click the Remote Desktop Connection Manager icon on the taskbar of the Student-
A desktop.
Click to enlarge

The lab infrastructure is divided into two main categories: General


Infrastructure and Site-A Systems.

General Infrastructure contains the Windows domain controller. This system is


also the DNS server for vclass.local.

The Site-A Systems includes a SQL Server host and two IaaS servers.

The SQL Server system hosts databases for vRealize Automation (IaaS server) and
the VMware vCenter Server® system.

Two IaaS servers are included. The SA-IaaS-01 server is the IaaS server for
vRealize Automation. vRealize Automation IaaS runs on Windows servers. In the lab
architecture, this SA-IaaS-01server runs the IaaS Manager, the IaaS Web server, the
IaaS Distributed Execution Manager (DEM), and IaaS proxy agents. In a production
vRealize Automation environment, all of these IaaS components can be assigned to
individual servers.

The SA-IaaS-02 server is not used until the installation lab.

In a production environment, all of these servers (DC, iSCSI, SQL Server, and
IaaS) would be hosted on the management cluster.

Minimize the Remote Desktop Connection.

Task 4: Examine Other Linux-Based Infrastructure Systems

You examine the other Linux-based infrastructure servers that support vRealize
Automation in the lab environment.

Click the MTPuTTY icon on the taskbar of the Student-A desktop.


Click to enlarge
The MTPuTTY utility enables Windows systems to connect to Linux and UNIX
systems with SSH. MTPuTTY can connect to the following systems:

The VMware vCenter® Server Appliance™ instance (SA-VCSA-01)

Four VMware ESXi™ hosts (SA-ESXi-01, SA-ESXi-02, SA-ESXi-03, and SA-ESXi-


04)

The NSX Manager server

Two vRealize Automation appliances (sa-vRA-01 and sa-vRA-02)

vRealize Log Insight server

The sa-vRA-02 server is not used until the installation lab.

In a production environment, all of these servers (sa-vcsa-01, NSX Manager, sa-


vRA-01, sa-vRA-02, and vRealize Log Insight) would be hosted on the management
cluster.

Close the MTPuTTY window.

Lab 4 - Examining Roles in vRealize Automation

In this lab, you will perform the following tasks:

Explore the vRealize Automation UI for the IaaS Administrator Role

Explore the vRealize Automation UI for the Fabric Administrator Role

Explore the vRealize Automation UI for the Tenant Administrator Role

Explore the vRealize Automation UI for the Software Architect Role

Explore the vRealize Automation UI for the Catalog Administrator Role

Task 1: Explore the vRealize Automation UI for the IaaS Administrator Role

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system using the IaaS administrator role and explore the
components of the interface for this role.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Log in to vclass.local domain as IaaS administrator account user name QA-User08


and the password VMware1!.

If the domain vclass.local is not selected, the attempt to log in fails.

If the domain does not appear as vclass.local, click Sign in to a different


domain, select vclass.local from the drop-down menu, and click Next.
Click the Infrastructure tab.
Click to enlarge

In the left pane, select Endpoints > Endpoints.

In the left pane, select Fabric Groups.

In the Fabric Groups pane, verify that the Engr-FG fabric group appears in the
list.

Point to the Engr-FG fabric group and select Edit.


Click to enlarge

Enter QA-F in the Fabric administrators text box.

Click the search icon.

Select the QA-Fabric@vclass.local group.


Click to enlarge

The QA-Fabric@vclass.local group should now be listed as fabric administrators.

Click OK.

In the left pane, click <Infrastructure to return to the main Infrastructure


menu.

In the left pane, click Monitoring.

In the left pane, click Log.

In the Log Viewer pane, select Error from the Severity drop-down menu.
Click to enlarge

The logs are sorted according to the [Severity] Equals ‘Error’ type, which
appears at the bottom of the Log View pane.

From the Severity drop-down menu, select Information.

The logs are sorted according to the [Severity] Equals ‘Information’ type.

In the top-right corner, click Logout.

Task 2: Explore the vRealize Automation UI for the Fabric Administrator Role

You explore the vRealize Automation system using the fabric administrator role and
examine the various components of the interface for this role.

Select vRA Web Console - Eng Tenant from the vRA favorites menu and log in to
vclass.local domain as Fabric administrator account user name QA-User09 and the
password VMware1!.

Click the Infrastructure tab.

Examine the left pane.

Q. Is the option to select endpoints available?


ANSWER: No.

In the left pane, select Compute Resources > Compute Resources.

In the Compute Resources pane, point to SA-Compute-01.

Q. Is the option to view machines in the menu?

ANSWER: Yes.
Click to enlarge

In the Compute Resources pane, point to SA Compute-01 and select Edit.

Q. Is the Engr-FG fabric group visible?

ANSWER: Yes.
Click to enlarge

Click Cancel.

In the left pane, click <Infrastructure.

In the left pane, select Reservations > Reservations.

The QA-Res and RD-Res reservations are listed.

Click the Administration tab.

In the left pane, select Property Definitions.

Q. Are any property definitions listed?

ANSWER: No.

In the top-right corner, click Logout.

Task 3: Explore the vRealize Automation UI for the Tenant Administrator Role

You explore the vRealize Automation system using the tenant administrator role and
examine the various components of the interface for this role.

Select vRA Web Console - Eng Tenant from the vRA favorites menu and log in to
vclass.local domain as Tenant administrator account user name QA-User01 and the
password VMware1!.

Click the Administration tab.

In the left pane, select Users and Groups > Business Groups.

Two business groups should be listed in the Business Groups pane.

In the Business Groups pane, select the QA business group.

Click Edit.

Click the Members tab.

Q. Which vclass.local group is defined in the group manager role and in the
support role?

ANSWER: QA-BGSuper@vclass.local

Click Cancel.

In the left pane, click <Administration.

In the left pane, select Branding > Login Screen Branding.

Examine the branding configuration, but do not change the configuration.

In the left pane, select <Administration.

In the left pane, select Reclamation > Reclamation Requests.

Q. Are any reclamation requests listed?

Task 4: Explore the vRealize Automation UI for the Software Architect Role

You explore the vRealize Automation system using the software architect role and
examine the various components of the interface for this role.

Select vRA Web Console - Eng Tenant from the vRA favorites menu and log in to
vclass.local domain as Software Architect account user name QA-User05 and the
password VMware1!.

Q. Does an Infrastructure tab appear?

ANSWER: No.

Click the Design tab.

In the Blueprints pane, click New.


Click to enlarge

The New Blueprint window appears.


Click to enlarge

Click Cancel.

Click Logout.

Task 5: Explore the vRealize Automation UI for the Catalog Administrator Role

You explore the vRealize Automation system using the catalog administrator role and
examine the various components of the interface for this role.

Select vRA Web Console - Eng Tenant from the vRA favorites menu and log in to
vclass.local domain as Catalog administrator account user name QA-User03 and the
password VMware1!.

Click the Administration tab.

In the Services pane, select the QA-DB-Service service.


Click Edit.

Examine the service.

Q. Does the service have an active status?

ANSWER: Yes.

Click Cancel.

In the left pane, click Catalog Items.

In the Catalog Items pane, select the QA-DB item.

Click Configure.

The Configure Catalog Item pane appears. The status of the catalog item should
be Active.

Click Cancel.

In the left pane, click Actions.

In the Actions pane, select Power Off.

Click View Details.

The action to power off appears in the Actions list.

In the View Action pane, click the Entitlements tab.

On the Entitlements tab, click Close.

Click Logout.

Lab 5 - Exploring Tenant Configuration

In this lab, you will perform the following tasks:

Explore Tenant Configuration for the Eng Tenant

Task 1: Explore Tenant Configuration for the Eng Tenant

You explore the Eng tenant configuration from the default tenant.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Default Tenant from the vRA favorites menu.
Click to enlarge

From the Select the domain drop-down menu, select vsphere.local and click Next.

Log in to vsphere.local domain as vRealize Automation administrator account


user name administrator and the password VMware1!.

The Tenants pane appears.

Select the Eng tenant and click Edit.

Verify that the URL name is Eng.

Click the Local users tab.

Verify that eng-admin is listed as a local user.

Click the Administrators tab.

Verify that the QA-ITSuper group appears in the Tenant administrators pane.

Verify that the QA-IaaS group appears in the IaaS administrators pane.

Click Cancel.

Click Logout.

Lab 6 - Exploring the Endpoint Configuration

In this lab, you will perform the following tasks:

Explore the Endpoint Configuration

Task 1: Explore the Endpoint Configuration

You explore endpoint settings typically configured by an IaaS administrator. You


familiarize theself with the location of these settings for use in future labs.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.
Click to enlarge

The vRealize Automation login window appears.

Click Sign in to a different domain.

From the Select the domain drop-down menu, select vclass.local and click Next.

Log in to vclass.local domain as IaaS account user name QA-User01 and the
password VMware1!.

Click the Infrastructure tab.

In the left pane, select Endpoints > Credentials.

Q. What are the names of the credentials listed?

ANSWER: NSX, vCenter credentials.

In the left pane, select Endpoints.

Q. How many endpoints are configured?


ANSWER: Two.

Point at the vCenter endpoint and select Edit.

Click the Browse icon to the right of the Credentials text box.
Click to enlarge

Q. What are the names of the credentials shown?

ANSWER: Integrated, NSX, vCenter credentials.

Click Cancel.

Click Cancel.

Point to vCenter and select View Compute Resources from the menu.

In the Compute Resources pane, click SA-Compute-01.

Q. How many fabric groups appear?

ANSWER: One: Eng-FG.

Click the Configuration tab.

Q. Is a storage reservation policy assigned to SA-Shared-01 Remote?

ANSWER: No.

Click Cancel.

In the left pane, Click <Infrastructure.

In the left pane, select Endpoints > Fabric Groups.

Q. How many fabric groups appear?

ANSWER: One: Engr-FG.

Click Engr-FG.

Q. How many fabric administrators are assigned to the fabric group?

ANSWER: One.

Click Cancel.

Click Logout.

Lab 7 - Exploring the Fabric Configuration

In this lab, you will perform the following tasks:

Explore Fabric Configuration


Task 1: Explore Fabric Configuration

You explore settings typically configured by a fabric administrator, including


machine prefixes, network profiles, reservation policies, and reservations. You
familiarize theself with the location of these settings for use in future labs.

Select vRA Web Console - Eng Tenant from the vRA favorites menu in the Internet
Explorer browser.

Log in to vclass.local domain as Fabric administrator account user name QA-


User01 and the password VMware1!.

From the goal navigator, select Fabric Configuration > Create Machine Prefixes.
Click to enlarge
Click to enlarge

In the Machine Prefixes pane, verify that the QAWin and QALin machine prefixes
appear.

From the goal navigator, select Create Reservations.

In the left pane, select Network Profiles.

In the Network Profiles pane, click QA-Data-NP.

Verify that the DNS suffix and DNS search suffix appear as vclass.local.

Click the IP Ranges tab.

Q. How many IP addresses can be assigned using the range specified?

ANSWER: 101

Click Cancel.

In the left pane, click Reservation Policies.

Q. What is the name of the reservation policy?

ANSWER: Eng-RP

In the left pane, click Reservations.

In the Reservations pane, click QA-Res.

In the Edit Reservation - vSphere pane, verify that the Reservation policy
appears as Eng-RP.

Click the Resources tab.

Verify that SA-Shared-01 Remote is selected in the Storage pane.

Click the Network tab.

Verify that the QA-Data-NP network profile is assigned to a network path.

Click Cancel.

Click Logout.
Lab 8 - Exploring Business Group Configuration

In this lab, you will perform the following tasks:

Explore Business Group Configuration

Task 1: Explore Business Group Configuration

You explore business group configuration settings typically configured by a tenant


administrator. You familiarize theself with the location of these settings for use
in future labs.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Log in to vclass.local domain as IaaS administrator account user name QA-User01


and the password VMware1!.

Click the Administration tab.

In the left pane, select Users & Groups > Business Groups.

In the Business Groups pane, click QA.

Q. Which user is configured to receive manager emails?

ANSWER: qa-user10@vclass.local.

Click the Members tab.

Verify that the Group Manager role pane contains the QA-BGSuper group.

Click the Infrastructure tab.

Q. What is the default machine prefix?

ANSWER: QALin.

Click Cancel.

Q. What is the percentage of storage that is currently allocated to the RD


business group?

ANSWER: Zero.

Click Logout.

Lab 9 - Creating Tenants and Configuring Fabric

In this lab, you will perform the following tasks:

Create a Tenant and Assign Local User Tenant and IaaS Administrators

Sync Groups and Users and Assign Tenant and IaaS Administrators

Assign Tenant and IaaS Administrator Roles to the Fin Tenant


Create a Fabric Group and Assign Fabric Administrators

Create Machine Prefixes

Create Reservation Policies

Create Network Profiles

Create Business Groups

Create Reservations

Task 1: Create a Tenant and Assign Local User Tenant and IaaS Administrators

The first step to configuring a tenant is to name the new tenant, add it to VMware
vRealize® Automation™, and create the tenant-specific access URL. Next, you specify
local users who can access the tenant and can assign the tenant and IaaS
administrator roles to the newly created users.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Default Tenant from the vRA favorites menu.

From the Select the domain drop-down menu, click vsphere.local.

Click Next.

Log in to vsphere.local domain as vRealize Automation administrator account


user name administrator and the password VMware1!.

In the Tenants pane, click New.

In the Name text box, enter Fin.

In the Description text box, enter Finance departments in the company.

In the URL name text box, enter Fin.

In the Contact email text box, enter fin-ta01@vclass.local.


Click to enlarge

Click Submit and Next.

In the Local Users pane, click New.

In the User Details window, specify values for the new user.
Option Action

First name

Enter Alex

Last name
Enter Morgan

Email

Enter fin-admin@vclass.local

User name

Enter fin-admin@vsphere.local

Password

Enter VMware1!

Confirm password

Enter VMware1!

The resulting entry should look like the screenshot.


Click to enlarge

Click OK.

Verify that the local user Alex Morgan (fin-admin@vsphere.local) appears in the
Local Users pane.

Click Next.

In the Select users or groups to grant the Tenant administrator role text box,
enter fin-admin, press Enter, and select fin-admin@vsphere.local from the drop-down
menu of matching users.
Click to enlarge

In the Select users or groups to grant the IaaS administrator role text box,
enter fin-admin, press Enter, and select fin-admin@vsphere.local from the drop-down
menu of matching users.

Click Finish.

Click Logout.

Task 2: Sync Groups and Users and Assign Tenant and IaaS Administrators

You use the Directories Management feature to configure a link to Active Directory
to support user authentication and to select users and groups to sync with the
Directories Management directory. After configuration, you can edit the directory
to add additional users and groups.

Open a new tab in Internet Explorer.

In the address bar, enter https://sa-vra-


01.vclass.local/vcac/org/fin/vclass.local.
Press Ctrl+D.

The Add a Favorite dialog box appears.


Click to enlarge

In the Name text box, enter vRA Web Console - Fin Tenant.

From the Create in drop-down menu, select vRA.

Click Add.

Close the current tab.

Select vRA Web Console - Fin Tenant from the vRA favorites menu.

You must verify that the link is valid and opens to the Fin tenant.

Log in to vRealize Automation as user fin-admin@vsphere.local with the password


VMware1!.

Click the Administration tab.

In the left pane, select Branding > Login Screen Branding.

Under the Logo pane, click Upload.

In the Choose File to Upload dialog box, browse to C:\Materials\Graphics and


select Fin.png.

Click Open.

Scroll down and click Save.

In the left pane, select Header & Footer Branding.

Deselect the Use default check box.

Click Browse to change the Header Logo.

In the Choose File to Upload dialog box, browse to C:\Materials\Graphics and


select Fin.png.

Click Open.

Click Next.

Enter Copyright 2016 in the Copyright notice text box.

Click Finish.

Changing the branding of the current tenant might cause problems for Internet
Explorer. If you see an error message, close the Internet Explorer browser. Then
restart Internet Explorer and log back in to the Finance tenant.

Click the Administration tab.

In the left pane, select Directories Management > Directories.


Click Add Directory.
Click to enlarge

In the Directory Name text box, enter vclass.local.

Click Active Directory (Integrated Windows Authentication).


Click to enlarge

In the Domain Name text box, enter vclass.local.

In the Domain Admin Username text box, enter administrator.

In the Domain Admin Password text box, enter VMware1!.


Click to enlarge

In the Bind User UPN text box, enter administrator@vclass.local.

In the Bind DN Password text box, enter VMware1!.


Click to enlarge

Click Save & Next.


Click to enlarge

The Select the Domains pane appears after a few seconds. The vclass.local
domain should already be selected.

Click Next.

In the Map User Attributes pane, select Enter Custom Input from the drop-down
menu to the right of the manager attribute.
Click to enlarge

In the Enter Custom Input text box, enter Manager.

Click Next.

Click the green plus sign (+).


Click to enlarge

In the Specify the group DNs text box, enter ou=SL,dc=vclass,dc=local.

CAUTION: Do not include spaces in ou=SL,dc=vclass,dc=local.

Click Find Groups.


Click to enlarge

Click Select All.


Click to enlarge

Click the green plus sign to the right of the red X.


Click to enlarge

In the Specify the group DNs text box, enter ou=BL,dc=vclass,dc=local.

Click Find Groups.

Click Select All.

Click Next.
Click the green plus sign to the right of the Specify the user DNs title bar.

In the Specify the user DNs text box, enter ou=SL,dc=vclass,dc=local.

Click the green plus sign to the right of the red X.


Click to enlarge

In the Specify the user DNs text box, enter ou=BL,dc=vclass,dc=local.

Click Next.

Click Edit.

The Edit button is to the right of the Sync Frequency page option.
Click to enlarge

From the Sync Frequency drop-down menu, select Manually.


Click to enlarge

Click Save.

Click Sync Directory.


Click to enlarge

The sync operation takes about 15 to 20 seconds to complete.


Click to enlarge

In the Directories pane, click vclass.local.


Click to enlarge

Click Sync Settings.


Click to enlarge

Click the Groups tab.


Click to enlarge

Click the green plus sign.

The plus sign is to the right of the Specify the group DNs title bar.
Click to enlarge

In the Specify the group DNs text box, enter cn=users,dc=vclass,dc=local.

Click Find Groups.

Click Select.
Click to enlarge

From the Group DNs list, select the Domain Admins group and the Domain Users
group.
Click to enlarge

Click Save.

Click Save & Sync.

This operation takes a few seconds to complete.


Wait for the green confirmation box to disappear.

Click Logout.

Task 3: Assign Tenant and IaaS Administrator Roles to the Fin Tenant

You appoint tenant administrators and IaaS administrators from the identity stores
that you configured for the Fin tenant.

Select vRA Web Console - Default Tenant from the vRA favorites menu.
Click to enlarge

Log in to vsphere.local domain as administrator account user name administrator


and the password VMware1!.
Click to enlarge

In the Tenants pane, click Fin.


Click to enlarge

Click the Administrators tab.

In the Select users or groups to grant the Tenant administrator role text box,
enter BL-ITSuper, press Enter, and select BL-ITSuper@vclass.local from the drop-
down menu of matching users.

BL-ITSuper@vclass.local user appears in the list.


Click to enlarge

In the Select users or groups to grant the Tenant administrator role text box,
enter BL-TA, press Enter, and select BL-TA@vclass.local from the drop-down menu of
matching users.

In the Select users or groups to grant the Tenant administrator role text box,
enter SL-ITSuper, press Enter, and select SL-ITSuper@vclass.local from the drop-
down menu of matching users.

In the Select users or groups to grant the Tenant administrator role text box,
enter SL-TA, press Enter, and select SL-TA@vclass.local from the drop-down menu of
matching users.

In the Select users or groups to grant the IaaS administrator role text box,
enter BL-ITSuper, press Enter, and select BL-ITSuper@vclass.local from the drop-
down menu of matching users.

In the Select users or groups to grant the IaaS administrator role text box,
enter BL-IaaS, press Enter, and select BL-IaaS@vclass.local from the drop-down menu
of matching users.

In the Select users or groups to grant the IaaS administrator role text box,
enter SL-ITSuper, press Enter, and select SL-ITSuper@vclass.local from the drop-
down menu of matching users.

In the Select users or groups to grant the IaaS administrator role text box,
enter SL-IaaS, press Enter, and select SL-IaaS@vclass.local from the drop-down menu
of matching users.

Click Finish.
Click Logout.

Task 4: Create a Fabric Group and Assign Fabric Administrators

You create a fabric group for the Fin tenant and assign fabric administrators to
manage the resources in the fabric group.

Select vRA Web Console - Fin Tenant from the vRA favorites menu.

In the Finance login window, click Sign in to a different domain.

From the Select the domain drop-down menu, select vclass.local and click Next.

Log in to vclass.local domain as IaaS administrator account user name SL-User01


and the password VMware1!.

In the goal navigator, select Fabric Configuration > Create Fabric Groups.

The goal navigator opens on the left.


Click to enlarge

In the Fabric Groups pane, click New.

In the Name text box, enter Fin-FG.

In the Description text box, enter Finance fabric group.

In the Fabric administrators text box, enter BL-Fabric, press Enter, and select
BL-Fabric@vclass.local from the drop-down menu of matching users.

In the Fabric administrators text box, enter BL-ITSuper, press Enter, and
select BL-ITSuper@vclass.local from the drop-down menu of matching users.

In the Fabric administrators text box, enter SL-Fabric, press Enter, and select
SL-Fabric@vclass.local from the drop-down menu of matching users.

In the Fabric administrators text box, enter SL-ITSuper, press Enter, and
select SL-ITSuper@vclass.local from the drop-down menu of matching users.

In the Compute resource pane, select SA Compute-01.

Click OK.

Do not logout.

Task 5: Create Machine Prefixes

You log in to the vRealize Automation server as a fabric administrator and create
machine prefixes.

If you are not logged out from the previous session, go to step 5.

Select vRA Web Console - Fin Tenant from the vRA favorites menu.

Log in to vclass.local domain as Fabric administrator account user name SL-


User01 and the password VMware1!.
In the upper-left side of the window, click the Goal Navigator icon.

In the Goal Navigator pane, click Fabric Configuration.

Click Create Machine Prefixes.

NOTE: You might need to press F5 to see the option to create machine prefixes.

In the Machine Prefixes pane, click New.

In the Name text box, enter BLWin.

In the Number of Digits text box, enter 3.

In the Next Number text box, enter 3.

On the left side of the window, click the green save icon.
Click to enlarge

In the Machine Prefixes pane, click New.

In the Name text box, enter BLLin.

In the Number of Digits text box, enter 3.

In the Next Number text box, enter 3.

On left side of the window, click the green save icon.

In the Machine Prefixes pane, click New.

In the Name text box, enter SLWin.

In the Number of Digits text box, enter 3.

In the Next Number text box, enter 4.

On left side of the window, click the green save icon.

In the Machine Prefixes pane, click New.

In the Name text box, enter SLLin.

In the Number of Digits text box, enter 3.

In the Next Number text box, enter 4.

On left side of the window, click the green save icon.

Task 6: Create Reservation Policies

You create reservations policies for compute and storage.

In the Goal Navigator pane, click Create Reservations.

Click Reservation Policies.

In the Reservation Policies pane, click New.


In the Name text box, enter Fin-RP.

In the Description text box, enter Reservation Policy for the Finance Tenant.

Click OK.

Task 7: Create Network Profiles

You create a network policy to assign to blueprints.

Click Network Profiles.

In the Network Profiles pane, select New > External.

In the Name text box, enter BL-Application-NP.

In the Description text box, enter Network Profile for the existing BL-
Application network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.102.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter BL-Application-Range.

In the Description text box, enter IP Range for the BL-Application Network.

In the Starting IP address text box, enter 10.20.102.100.

In the Ending IP address text box, enter 10.20.102.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter BL-Data-NP.

In the Description text box, enter Network Profile for the existing BL-Data
network.

In the Subnet mask text box, enter 255.255.255.0.


In the Gateway text box, enter 10.20.103.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter BL-Data-Range.

In the Description text box, enter IP Range for the BL-Data Network.

In the Starting IP address text box, enter 10.20.103.100.

In the Ending IP address text box, enter 10.20.103.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter SL-Application-NP.

In the Description text box, enter Network Profile for the SL-Application
network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.100.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter SL-Application-Range.

In the Description text box, enter IP Range for the SL-Application Network.

In the Starting IP address text box, enter 10.20.100.100.

In the Ending IP address text box, enter 10.20.100.200.

Click OK.
The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter SL-Data-NP.

In the Description text box, enter Network Profile for the SL-Data network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.101.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter SL-Data-Range.

In the Description text box, enter IP Range for the SL-Data Network.

In the Starting IP address text box, enter 10.20.101.100.

In the Ending IP address text box, enter 10.20.101.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

Task 7: Create Network Profiles

You create a network policy to assign to blueprints.

Click Network Profiles.

In the Network Profiles pane, select New > External.

In the Name text box, enter BL-Application-NP.

In the Description text box, enter Network Profile for the existing BL-
Application network.

In the Subnet mask text box, enter 255.255.255.0.


In the Gateway text box, enter 10.20.102.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter BL-Application-Range.

In the Description text box, enter IP Range for the BL-Application Network.

In the Starting IP address text box, enter 10.20.102.100.

In the Ending IP address text box, enter 10.20.102.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter BL-Data-NP.

In the Description text box, enter Network Profile for the existing BL-Data
network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.103.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter BL-Data-Range.

In the Description text box, enter IP Range for the BL-Data Network.

In the Starting IP address text box, enter 10.20.103.100.

In the Ending IP address text box, enter 10.20.103.200.

Click OK.
The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter SL-Application-NP.

In the Description text box, enter Network Profile for the SL-Application
network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.100.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter SL-Application-Range.

In the Description text box, enter IP Range for the SL-Application Network.

In the Starting IP address text box, enter 10.20.100.100.

In the Ending IP address text box, enter 10.20.100.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter SL-Data-NP.

In the Description text box, enter Network Profile for the SL-Data network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.101.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.


Click the IP Ranges tab.

Click New.

In the Name text box, enter SL-Data-Range.

In the Description text box, enter IP Range for the SL-Data Network.

In the Starting IP address text box, enter 10.20.101.100.

In the Ending IP address text box, enter 10.20.101.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

Task 7: Create Network Profiles

You create a network policy to assign to blueprints.

Click Network Profiles.

In the Network Profiles pane, select New > External.

In the Name text box, enter BL-Application-NP.

In the Description text box, enter Network Profile for the existing BL-
Application network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.102.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter BL-Application-Range.

In the Description text box, enter IP Range for the BL-Application Network.

In the Starting IP address text box, enter 10.20.102.100.

In the Ending IP address text box, enter 10.20.102.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.


Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter BL-Data-NP.

In the Description text box, enter Network Profile for the existing BL-Data
network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.103.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter BL-Data-Range.

In the Description text box, enter IP Range for the BL-Data Network.

In the Starting IP address text box, enter 10.20.103.100.

In the Ending IP address text box, enter 10.20.103.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter SL-Application-NP.

In the Description text box, enter Network Profile for the SL-Application
network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.100.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.


Click the IP Ranges tab.

Click New.

In the Name text box, enter SL-Application-Range.

In the Description text box, enter IP Range for the SL-Application Network.

In the Starting IP address text box, enter 10.20.100.100.

In the Ending IP address text box, enter 10.20.100.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

In the Network Profiles pane, select New > External.

In the Name text box, enter SL-Data-NP.

In the Description text box, enter Network Profile for the SL-Data network.

In the Subnet mask text box, enter 255.255.255.0.

In the Gateway text box, enter 10.20.101.1.

In the Primary DNS text box, enter 172.20.14.1.

In the DNS Suffix text box, enter vclass.local.

In the DNS Search Suffix text box, enter vclass.local.

Click the IP Ranges tab.

Click New.

In the Name text box, enter SL-Data-Range.

In the Description text box, enter IP Range for the SL-Data Network.

In the Starting IP address text box, enter 10.20.101.100.

In the Ending IP address text box, enter 10.20.101.200.

Click OK.

The list of IP addresses is populated in the IP Addresses pane.

Click OK.

Verify that the external network appears in the Network Profiles pane.

Task 8: Create Business Groups


You create business groups for Sales and Billing. You also assign the business
group managers who monitor the resource use for the group and approve catalog
requests from users.

In the Goal Navigator, click Back to My Goals > Tenant Configuration > Create
Business Group and click New.

In the Name text box, enter Billing.

In the Description text box, enter Billing group for the Finance tenant.

In the Send manager emails to text box, enter BL-BGMGRs@vclass.local.

Click Next.

In the Group manager role text box, enter BL-BGMGRs, press Enter, and select
BL- BGMGRs@vclass.local from the drop-down menu of matching users.

In the Support role text box, enter BL-BGMGRs, press Enter, and select BL-
BGMGRs@vclass.local from the drop-down menu of matching users.

In the User role text box, enter BL-User, press Enter, and select BL-
User@vclass.local from the drop-down menu of matching users.

Click Next.

From the Default machine prefix drop-down menu, select BLWin.

In the Active Directory container text box, enter ou=BL,dc=vclass,dc=local.

Click Finish.

Verify that the business group appears on the Business Groups page.

Click New.

In the Name text box, enter Sales.

In the Description text box, enter Sales group for the Finance tenant.

In the Send manager emails to text box, enter SL-BGMGRs@vclass.local.

Click Next.

In the Group manager role text box, enter SL-BGMGRs, press Enter, and select
SL- BGMGRs@vclass.local from the drop-down menu of matching users.

In the Support role text box, enter SL-BGMGRs, press Enter, and select SL-
BGMGRs@vclass.local from the drop-down menu of matching users.

In the User role text box, enter SL-User, press Enter, and select SL-
User@vclass.local from the drop-down menu of matching users.

Click Next.

From the Default machine prefix drop-down menu, select SLWin.

In the Active Directory container text box, enter ou=SL,dc=vclass,dc=local.


Click Finish.

Verify that the business group appears on the Business Groups page.

Task 9: Create Reservations

You create a vRealize Automation reservation to allocate provisioning resources in


the fabric group to a specific business group.

Click the Infrastructure tab.

Click Reservations.

Select New > vSphere.

In the Name text box, enter BL-Res.

Verify that the tenant appears as Fin.

If the tenant is not Fin, select Fin from the drop-down menu.

From the Business group drop-down menu, select Billing.

From the Reservation policy drop-down menu, select Fin-RP.

In the Priority text box, enter 1.

Click the Resources tab.

From the Compute resource drop-down menu, select SA Compute-01 (vCenter).

In the This Reservation text box, enter 4.

This option is to the right of the Memory pane.

In the Storage Paths pane, select SA-Shared01 Remote.

In the This reservation reserved text box, enter 60.

In the Priority text box, enter 1.

Click OK.

These settings overcommit resources.

Click the Network tab.

In the Network pane, select vxw-dvs-40-virtualwire-10-sid-5009-BL-Data.

From the Network Profile drop-down menu to the right of the network path,
select BL-Data-NP.

In the Network pane, select vxw-dvs-40-virtualwire-9-sid-5008-BL-Application.

From the Network Profile drop-down menu to the right of the network path,
select BL-Application-NP.

Click OK.
In the Reservations pane, select New > vSphere.

In the Name text box, enter SL-Res.

Verify that the tenant appears as Fin.

If the tenant is not Fin, select Fin from the drop-down menu.

From the Business group drop-down menu, select Sales.

From the Reservation policy drop-down menu, select Fin-RP.

In the Priority text box, enter 1.

Click the Resources tab.

From the Compute resource drop-down menu, select SA Compute-01 (vCenter).

In the This Reservation text box, enter 4

This option is in the Memory pane.

In the Storage Paths pane, select the SA-Shared-01 Remote.

In the This reservation reserved text box, enter 60.

In the Priority text box, enter 1.

Click OK.

These settings overcommit resources.

Click the Network tab.

In the Network pane, select vxw-dvs-40-virtualwire-7-sid-5006-SL-Application.

From the Network Profile drop-down menu to the right of the network path,
select SL-Application-NP.

In the Network pane, select vxw-dvs-40-virtualwire-8-sid-5007-SL-Data.

From the Network Profile drop-down menu to the right of the network path,
select SL-Data-NP.

Click OK.

Verify that both reservations appear in the Reservations list.


Click to enlarge

Click Logout.

Lab 10 - Creating Blueprints for a Single Machine

In this lab, you will perform the following tasks:

Create a Blueprint for a Single Machine


Publish a Blueprint for a Single Machine

Task 1: Create a Blueprint for a Single Machine

You create a blueprint for use in machine provisioning.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Confirm that vclass.local is the selected domain.

Log in to vclass.local domain as Infrastructure administrator account user name


RD-User01 and the password VMware1!.

Click the Design tab.

Click Blueprints.

Click New.

The New Blueprint window appears.

In the Name text box, enter RD-AppSrvr.

The ID text box autopopulates.

In the Description text box, enter Linux Application Server for RD.

Click OK.

The design canvas appears.

From the Categories pane, drag the vSphere Machine component to the design
canvas.

The vSphere_Machine component configuration panel appears.

In the ID text box, enter RD-AppSrvr.

In the Description text box, enter Linux DB Server for RD.

From the Reservation Policy drop-down menu, select Eng-RP.

From the Machine prefix drop-down menu, select RDLin.

In the Instance column, enter 2 in the Maximum box.

Click the Build Information tab.

From the Action drop-down menu, select Clone.

Click the browse button next to Clone from.


Click to enlarge
Select Centos-Template and click OK.

In the Customization spec text box, enter Lin-Cust.

Click the Machine Resources tab.

In the Machine Resources tab, specify the resource values for the blueprint.
Option Action

CPUs

Enter 1 in the Minimum box and 2 in the Maximum box.

Memory (MB)

Enter 1024 in the Minimum box and 1056 in the Maximum box.

Storage (GB)

Enter 5 in the Minimum box and 7 in the Maximum box.

Click Save.

Click a blank space on the design canvas to close the vSphere machine dialog
box.

In the Categories pane, click Network & Security.

Drag the Existing Network component to the design canvas.

The Existing_Network_1 configuration panel opens.

Click the browse button next to Existing network,

Select RD-Data-NP.

Click OK.

Click a blank spot in the design canvas to close the Network dialog.

In the design canvas, click the vSphere Machine component.

The vSphere Machine component is selected and the Design information panel
appears.

Click the Network tab.

Click New.

From the Network drop-down menu, select RDDataNP.

Click OK.

You do not set an IP address.

Click Save.
Click Finish.

Task 2: Publish a Blueprint for a Single Machine

You publish the Linux blueprint so that you can configure it as catalog item or use
it as a blueprint component in the design canvas.

In the Blueprints pane, select RD-AppSrvr.

You must select the blueprint, not click its name. Clicking the name of a
blueprint opens the blueprint for editing.

Click Publish.

Verify that the status of the blueprint changes to Published.

Click Logout.

Lab 11 - Creating Blueprints with Multiple Machines

In this lab, you will perform the following tasks:

Create a Blueprint with One Machine

Create a Blueprint with Multiple Machines

Task 1: Create a Blueprint with One Machine

You create a blueprint for one virtual machine connected to an existing network.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Confirm that vclass.local is the selected domain.

Log in to vclass.local domain as Infrastructure administrator account user name


RD-User01 and the password VMware1!.

Click the Design tab.

Click Blueprints.

Click New.

The New Blueprint Window appears.

In the Name text box, enter RD-WebSrvr.

The ID text box autopopulates.

In the Description text box, enter Linux Web Server for RD.
Click OK.

The design canvas appears.

From the Categories pane, drag the vSphere Machine component to the design
canvas.

The vSphere_Machine component configuration panel appears.

In the ID text box, enter RD-WebSrvr.

In the Description text box, enter Linux Web Server for RD.

From the Reservation Policy drop-down menu, select ENG-RP.

From the Machine prefix drop-down menu, select RDLin.

In the Instance column, enter 2 in the Maximum box.

Click the Build Information tab.

From the Action drop-down menu, select Clone.

Click the browse button next to Clone from.


Click to enlarge

Select Centos-Template and click OK.

In the Customization spec text box, enter Lin-Cust.

Click the Machine Resources tab.

In the Machine Resources tab, specify the resource values for the blueprint.
Option Action

CPUs

Enter 1 in the Minimum box and 2 in the Maximum box.

Memory (MB)

Enter 1024 in the Minimum box and 1056 in the Maximum box.

Storage (GB)

Enter 5 in the Minimum box and 7 in the Maximum box.

Click Save.

Click a blank space on the design canvas to close the vSphere machine dialog
box.

In the Categories pane, click Network & Security.

Drag the Existing Network component to the design canvas.


The Existing_Network_1 configuration panel opens.

Click the browse button next to Existing network.

Select RD-Data-NP.

Click OK.

Click a blank space on the design canvas to close the network dialog box.

Click the vSphere Machine component.

The vSphere Machine component is selected and the design panel appears.

Click the Network tab.

Click New.

From the Network drop-down menu, select RDDataNP.

Click OK.

Do not set an IP address.

Click Save.

Click Finish.

In the Blueprints pane, select RD-WebSrvr.

Click Publish.

Verify that the status of the blueprint changes to Published.

Task 2: Create a Blueprint with Multiple Machines

You combine two blueprints with one machine each to create a blueprint with
multiple machines.

In the Blueprints pane, click New.

The New Blueprint window appears.

In the Name text box, enter RD-Multi Machine App.

In the Description text box, enter Web and DB Multi-Machine App for RD.

Click OK.

The design canvas appears.

In the Categories pane, click Blueprints.


Click to enlarge

Drag the RD-WebSrvr blueprint to the design canvas.

Depending on the screen resolution, you might need to decrease the


magnification to see more of the canvas.
Click to enlarge

In the ID text box, enter RDWebSrvr_Multi.

Click Save.

Click a clear spot on the design canvas to close the vSphere Machine dialog
box.

Drag the RD-AppSrvr blueprint to the design canvas.

In the ID text box, enter RDAppSrvr_Multi.

Click Save.

Click a clear spot on the design canvas to close the vSphere Machine dialog
box.

You can see the complete blueprint.

Click Finish.

In the Blueprints pane, select RD-Multi Machine App.

Click Publish.

Verify that the status of the blueprint changes to Published.

Click Logout.

Lab 12 - Adding Published Items to the Service Catalog

In this lab, you will perform the following tasks:

Create and Configure a Service

Create and Configure an Entitlement

Task 1: Create and Configure a Service

You create and configure a service for an existing blueprint.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Confirm that vclass.local is the selected domain.

Log in to vclass.local domain as Infrastructure administrator account user name


RD-User01 and the password VMware1!.

Click the Administration tab.


Select Catalog Management > Services.

Click New.

The New Service pane appears.

In the Name text box, enter RD-AppSrvr-Service.

On the right side of the Icon text box, click Browse.

In the Choose File to Upload dialog box, browse to the C:\Materials\Graphics.

Select Linux.png.

Click Open.

Confirm that Active is selected in the Status drop-down menu.

In the Owner text box, enter RD-BGMGRs, press Enter, and select RD-
BGMGRs@vclass.local from the list.

In the Support Team text box, enter RD-BGMGRs, press Enter, and select RD-
BGMGRs@vclass.local from the list.

Click OK.

In the left navigation pane, click Catalog Items.

In the Catalog Items pane, select RD-AppSrvr.

Click Configure.

Scroll down to see the Service drop-down menu.

From the Service drop-down menu, select RD-AppSrvr-Service.

Click Finish.

Task 2: Create and Configure an Entitlement

You create and configure an entitlement for the service that you configured.

In the left navigation pane, click Entitlements.

In the Entitlements pane, click New.

In the Name text box, enter RD-DBSrvr-Entl.

In the Description text box, enter Entitlement for RD Linux App Server.

From the Status drop-down menu, select Active.

In the Business Group drop-down menu, select RD.

In the Users & Groups text box, enter RD-User, press Enter, and select RD-
User@vclass.local from the list.

Click Next.
Click the green plus sign (+) next to Entitled Services.

In the Add Services dialog box, select RD-AppSrvr-Service.

Click OK.

Click the green plus sign next to Entitled Items.

In the Add Items dialog box, select RD-AppSrvr.

Click OK.

Click the green plus sign next to Entitled Actions.

In the Add Actions dialog box, select actions from the list.
Name Type

Create Snapshot

Virtual Machine

Delete Snapshot

Virtual Machine

Destroy

Virtual Machine

Register VDI

Virtual Machine

Revert To Snapshot

Virtual Machine

Unregister VDI

Virtual Machine

Click OK.

Click Finish.

Click the Catalog tab.

Verify that the RD-AppSrvr service appears in the service catalog.

Click Logout.

Lab: VMware vRealize Automation: Install, Configure, Manage [V7.0]


Time Remaining: 26 days

Lab 13 - Managing Virtual Machines

In this lab, you will perform the following tasks:

Request a Service on Behalf of an Employee

Modify a Virtual Machine’s Resource Settings

Create and Delete Snapshots

Task 1: Request a Service on Behalf of an Employee

You log in as a business group manager and request a new service to deploy a new
Linux database server virtual machine on behalf of one of the employees.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Confirm that vclass.local is the selected domain.

Log in to vclass.local domain as Business Group Manager account user name QA-
User02 and the password VMware1!.

Click the Catalog tab.

Click the red X to the right of the On behalf of text box.

In the On behalf of text box, enter QA-User13, press Enter, and select QA-
user13@vclass.local from the list.

In the All Service pane, click Request for the QA-DB service.

In the Description text box, enter On behalf of QA-user13@vclass.local.

In the Reason for request text box, enter QA-user13 database test.

Click Submit.

Click OK.

Click the Requests tab.

Click Refresh.
Click to enlarge

Monitor the status of the virtual machine request until Status changes to
Successful.

The deployment takes about 5 minutes. You might need to click Refresh
periodically.

Task 2: Modify a Virtual Machine’s Resource Settings

As a business group manager, you manage one of the employee’s machines by modifying
virtual machine settings and changing the power state of the machine.

Click the Items tab.

From the Owned by drop-down menu, select All Groups I Manage.


Click to enlarge

The virtual machine that you deployed in task 1 appears in the deployments
pane.

Select, but do not open, the deployment.

Click View Components.

In the left pane, click Machines.

In the Machines pane, select, but do not open, the virtual machine.

From the Actions drop-down menu, select Power Off.


Click to enlarge

Click Submit.

Click OK.

Click the refresh icon at the bottom of the right pane and monitor Status until
it changes to Off.

This operation takes about 1 minute to complete. You might need to click the
refresh icon periodically.

Select, but do not open, the virtual machine.

From the Actions drop-down menu, select Reconfigure.

The view changes to the Items tab and a New Request to Reconfigure a machine
pane appears.

In the General tab, modify the resource values for the blueprint.
Option Action

CPUs

Enter 2.

Memory (MB)

Enter 1040.

Click Submit.
Click OK.

Click the Requests tab.

Click the refresh icon until Status changes to Successful.

This operation takes about 4 minutes to complete. The reconfigure request is


shown at the top of the pane.

Click the Items tab.

Select, but do not open, the virtual machine.

From the Actions drop-down menu, select Power On.

Click Submit.

Click OK.

Click the refresh icon and monitor Status until it changes to On.

This operation takes about 1 minute to complete. You might need to click the
refresh icon periodically.

Task 3: Create and Delete Snapshots

As a business group manager, you manage one of the employee’s machines and create
and delete a snapshot.

Select, but do not open, the virtual machine.

From the Actions drop-down menu, select Create Snapshot.

The Create Snapshot dialog box appears.

In the Snapshot name text box, click the X to the right of the text box.

You might have to click the text box to make the X appear.

In the Snapshot name text box, enter Snapshot 001 before DB upgrade.

In the Snapshot description text box, enter QA-User13 upgrade of database.

Click Submit.

Click OK.

Click the Requests tab.

Click the refresh icon and monitor the request until Status changes to
Successful.

This operation takes about 1 minute to complete.You might need to click the
refresh icon periodically.

Click Items.

Select, but do not open, the virtual machine.


Click View Details.

The Item Details dialog box appears.

Click the Snapshots tab.

Record the snapshot name.

In the Actions pane, click Delete Snapshot.

Refresh the browser if Delete Snapshot option doesn't appear in the Actions
pane

The Delete Snapshot dialog box appears.

Click Select.

Select the current snapshot.

This snapshot is the snapshot whose name you recorded in step 14.

Click Select.

Verify that the snapshot appears in the Snapshot pane.

Click Submit.

Click OK.

Click the Request tab.

Click Refresh and monitor Status until it changes to Successful.

You might need to click the refresh icon periodically.

Click the Items tab.

The Item Details pane appears.

Click the Snapshots tab.

Verify that no snapshot is listed.

In the Actions pane, click Destroy.

Click Submit.

Click OK.

Click the Requests tab.

Click Refresh and monitor Status until it changes to Successful.

This operation takes about 2 minutes to complete.You might need to click the
refresh icon periodically.

Click the Items tab.


An error message reports that the virtual machine cannot be found.

Click Close.

You might have to scroll down on the screen to see the Close button.

Verify that no virtual machine appears in the Machines pane.

Click Logout.

Lab 14 - Creating Approval Policies

In this lab, you will perform the following tasks:

Create an Approval Policy

Test an Approval Policy

Process an Approval Policy

Task 1: Create an Approval Policy

You assign an approval policy administrator to the tenant. The approval policy
administrator creates approval policies for use in the tenant when a user requests
a virtual machine with more memory.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Confirm that the domain is set to vclass.local.

Log in to vclass.local domain as business group administrator account user name


QA-User02 and the password VMware1!.

Click the Administration tab.

Click Approval Policies.

Click New.

In the New Approval Policy dialog box, scroll down and select Service-Catalog-
Catalog Item Request-Virtual Machine.

Click OK.

In the Name text box, enter QA-MoreRAM.

In the Description text box, enter Approval needed for virtual machines with
more RAM.

From the Status drop-down menu, select Active.

On the Pre-Approval tab, click the green plus sign (+).


In the Name text box, enter More RAM requested than default of 1024MB.

In the Description text box, enter Any request for a virtual machine with more
RAM than 1024MB requires approval.

Under When is approval required?, click Required based on conditions.

From the Clause drop-down menu, select Memory (MB).

From the drop-down menu that appears to the right of the Memory (MB) text box,
select > (the greater-than sign).

From the Value drop-down menu, select Constant.

In the Value text box, enter 1024.

In the search box under Approvers, enter QA-BGSuper, press Enter, and select
QA-BGSuper@vclass.local from the search results.

Click OK.

Verify that the new level appears in the Pre-Approval pane.

Click OK.

In the left pane, click Catalog Management.

Click Entitlements.

Select, but do not open, QA-Data-Entitlement.

Click Edit.

Click the Items and Approvals tab.

Under Entitled Items, select Modify Policy from the drop-down menu to the right
of the QA-DB text box.

The Modify Policy dialog box appears.

Click Show all.

From the Apply this policy drop-down menu, select QA-MoreRAM [Service Catalog -
Catalog Item Request - Virtual Machine].

Click OK.

Click Finish.

Click Logout.

Task 2: Test an Approval Policy

You submit a request from the catalog as a user. You verify that the request enters
a pending state as a business group administrator and you approve the request.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.
Log in to vclass.local domain as no administrator roles account user name QA-
User13 and the password VMware1!.

Click the Catalog tab.

In the QA-DB pane, click Request.

In the Description text box, enter DB VM with 1054 MB.

In the Reason for request text box, enter DB required with larger memory
requirements.

In the left pane under the QA-DB blueprint, click the QA-DB virtual machine.
Click to enlarge

In the Memory (MB) box, click the up arrow to increase the value of memory to
1056.
Click to enlarge

Click Submit.

Click OK.

Click the Requests tab.

Verify that Status appears as Pending Approval.

If Status does not appear as Pending Approval, click Refresh.

Select, but do not open, the request.

Click View Details.

In the left request pane, click Pending under Approval Status.

Q. Who is the approver for this request listed on the left side of the pane?

ANSWER: QA-BGSuper

Click OK.

Click Logout.

Task 3: Process an Approval Policy

You log in as the assigned approver. You then process and approve a request for a
virtual machine with increased memory, according to the approval policy. Finally,
you log in as the user who requested the virtual machine with increased memory to
verify that the request is approved.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Log in to vclass.local domain as Business Group administrator account user name


QA-User02 and the password VMware1!.

Click the Inbox tab.


In the Approvals pane, verify that the request shown has a status of Active.

Click the number of the approval request (approval request number 1).

The number is a link that will open the request.

In the Approvals pane, verify that Requester matches the user that requested
the QA-DB blueprint.

Under Status Active, click View Request.

Click the QA-DB virtual machine in the left pane of the Request details dialog
box.

Q. Does the Memory (MB) value match the amount previously requested?

ANSWER: Yes.

Scroll down and click Close.

In the Justification text box, enter Approved, this machine requires increased
memory.

Click Approve.

Click Logout.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Log in to vclass.local domain as no administrator roles account user name QA-


User13 and the password VMware1!.

Click the Requests tab.

Click Refresh and monitor the status of the request until Status appears as
Successful.

This operation might take up to 3 minutes to complete. You might have to click
Refresh several times.

Ignore any Expire error messages. These messages relate to a expiration problem
that will be corrected in a later lab.

Select, but do not open, the request for more memory.

Click View Details.

In the Request Details pane, click Approved.

Verify that Approver matches the user that you used to approve the request and
click OK.

Click Logout.

Lab 15 - Creating Property Definitions

In this lab, you will perform the following tasks:


Log In to vRealize Automation

Create a Property Definition

Create Another Property Definition

Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Use Internet Explorer to select vRA Web Console - Eng Tenant from the vRA
favorites menu.

Log in to vclass.local domain as tenant administrator account user name QA-


User01 and the password VMware1!.

Task 2: Create a Property Definition

You create a property definition.

Click the Administration tab.

Click Property Dictionary.

Click Property Definitions.

Click New.

In the Name text box, enter VirtualMachine.Network0.NetworkProfileName.

Enter the name of the property definition exactly as specified. The name of the
property definition is used in blueprints and in VMware vRealize® Orchestrator™
workflows.

In the Label text box, enter Network Profile.

In the Description text box, enter Allow end users to select which network they
will connect to their virtual machine.

Do not set an Order index.

From the Datatype drop-down menu, select String.

From the Required drop-down menu, select Yes.

From the Display advice drop-down menu, select Dropdown.

Select Predefined values.

Click New in the Predefined values pane.

In the Name text box, enter QA Data Network.


In the Value text box, enter QA-Data-NP.

You must enter the value exactly as specified. The text that you enter in the
Value text box must match the name of a vRealize Automation network profile. The
value is case-sensitive.

Click OK.

Click New in the Predefined values pane.

In the Name text box, enter QA Application Network.

In the Value text box, enter QA-Application-NP.

Click OK.

Click New in the Predefined values pane.

In the Name text box, enter QA Production Network.

In the Value text box, enter Production-NP.

Click OK.

The new property definition should match the screenshot:


Click to enlarge

Click OK.

Task 3: Create Another Property Definition

You create a second property definition.

Click New.

In the Name text box, enter VirtualMachine.Admin.ThinProvision.

In the Label text box, enter Thin Provision.

In the Description text box, enter Allow end users to select the disk format of
their virtual machine.

Do not set an order index.

From the Datatype drop-down menu, select Boolean.

From the Display advice drop-down menu, select Yes/No.

The new custom property definition should match the screenshot:


Click to enlarge

Click OK.

Click <Administration to return to the main administration menu.

Do not logout.
Lab 16 - Creating a Property Group

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Create a Property Group

Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

If you are still logged in to vRealize Automation, skip to task 2.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Log in to vclass.local domain as Tenant administrator account user name QA-


User01 and the password VMware1!.

Task 2: Create a Property Group

You create a property group.

Click the Administration tab.

Click Property Dictionary.

Click Property Groups.

Click New.

In the Name text box, enter QA.VMProperties.

In the Description text box, enter Group together the custom properties that
users will need to deploy virtual machines.

Click New in the Properties pane.

In the Name text box, enter VirtualMachine.Network0.NetworkProfileName.

You must enter the name exactly as specified. The text that you enter in the
Name text box must match the name of an existing custom property. The name is case-
sensitive. Many custom property names also have periods in the names for
readability. These periods must be entered exactly as specified.

As you enter text, you see the names of similar custom properties appear below
the Name text box. Only properties defined in the property dictionary appear. This
feature helps you enter the name correctly. You can click the correct value and
press Enter to load it into the Name text box.

When you finish entering the name, press Enter.


Pressing Enter moves the cursor to the Value text box.

Do not enter a value in the Value text box and do not click OK.

Leave Overridable selected.

Select Show in Request.

Click OK.

Click New in the Properties pane.

In the Name text box, enter VirtualMachine.Admin.ThinProvision.

In the Value text box, enter Yes.

Select Show in Request.

The new property group should match the screenshot:


Click to enlarge

Click OK.

Click OK.

Click Logout.

Lab 17 - Deploying a Blueprint That Uses Custom Properties

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Create a Blueprint That Uses Custom Properties

Add a Service for the Blueprint

Add an Entitlement for the Blueprint

Test the Custom Property

Examine the Virtual Machine

Clean Up to Save Lab Resources

Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.
If a security certificate warning appears, click Continue to this website.

Log in to vclass.local domain as Infrastructure administrator account user name


QA-User01 and the password VMware1!.

Task 2: Create a Blueprint That Uses Custom Properties

You create a blueprint that uses custom properties.

Click the Design tab.

Select, but do not open, the QA-DB blueprint.

Click Copy.

In the Name text box, enter QA-DB-CustomProperty.

In the Description text box, enter Linux DB Server for QA that uses custom
properties.

Click OK.

Click the QA-DB virtual machine.

Click the Properties tab.

Click the Property Groups tab.

Click Add.

Select QA.VMProperties.

Click OK.

Click a clear area in the Design Canvas to close the virtual machine dialog
box.

Select the QADataNP network.

Click the red X to delete the QADataNP network.

Click Yes.

Click Save.

Click Finish.

Select, but do not open, the QA-DB-CustomProperty blueprint.

Click Publish.

Task 3: Add a Service for the Blueprint

You add a service for the new blueprint.

Click the Administration tab.


Click Catalog Management.

If the Administration pane shows Property Dictionary menu items, you must click
<Administration to see Catalog Management in the main Administration menu.

Click Services.

Click New.

In the Name text box, enter QA-General-Services.

In the Description text box, enter A collection of Linux virtual machines for
QA.

Click Browse and select the Linux.png icon from the C:\Materials\Graphics
directory.

Select Active in the Status drop-down menu.

In the Owner text box, enter QA-B and click the search icon.

Select QA-BGMGRs.

In the SupportTeam text box, enter QA-S and click the search icon.

Select QA-Support.

Click OK.

Select, but do not open, the QA-General-Services service.

Click Manage Catalog Items.

Click the New icon (+) next to Catalog Items.

Select the QA-DB-CustomProperty blueprint and click OK.

Click Close.

Task 4: Add an Entitlement for the Blueprint

You add an entitlement for the new blueprint.

Click Entitlements.

Click New.

In the Name text box, enter QA-General-Entitlement.

In the Description text box, enter Entitlements QA Users.

From the Status drop-down menu, select Active.

From the Business Group drop-down menu, select QA.

In the Users & Groups text box, enter QA-U and click the search icon.
Select QA-User.

Click Next.

Click the new icon (+) for Entitled Services.

Select QA-General-Services and click OK.

Click the new icon (+) for Entitled Items.

Select QA-DB-CustomProperty and click OK.

Click the new icon (+) for Entitled Actions.

Select the check box next to Name to select all actions.

Click OK.

Click Finish.

Task 5: Test the Custom Property

You deploy a blueprint and test the custom property.

Click the Catalog tab.

Click QA-General-Services.

In the QA-General-Services pane, click Request for the QA-DB-CustomProperty


service.

In the Description text box, enter Test of New custom properties.

Click QA-DB in the left pane.

A red asterisk next to QA-DB indicates that the item requires user input.

From the Network Profile drop-down menu, select QA Application network.

From the Thin Provision drop-down menu, select No.

Click Submit and click OK.

Click Requests and monitor the progress of the request until the status is
Successful.

You can click the refresh icon as needed.

Select the request.

Click View Details.

Click the Execution Information icon in the upper right corner of the pane.
Click to enlarge

You must wait until the execution is successful.

Record the name of the virtual machine that you created.


Task 6: Examine the Virtual Machine

You examine the virtual machine that you deployed.

Open a new tab in the Internet Explorer browser.

Select vSphere Web Client from the Infrastructure favorites menu and log in as
administrator@vsphere.local with the password VMware1!.

Click the Home icon and select VMs and Templates.

Expand SA Datacenter.

Expand the VRM folder.

Select the virtual machine.

Right-click the virtual machine and select Edit Settings.

Expand Hard disk 1.

The type of the hard disk should be Thick provision lazy zeroed because you
selected No on the custom property controlling thin disk provisioning in task 5.

Click Cancel.

Expand VM Hardware in the center pane and expand Network adapter 1.

The network that the virtual machine is connected to should be the QA-
Application network that you specified when you requested this virtual machine.

Task 7: Clean Up to Save Lab Resources

You destroy the virtual machine to save lab resources.

Click the vRealize Automation tab in Internet Explorer.

Click the Items tab.

Select, but do not open, the QA-DB-CustomProperty.

Select Destroy from the Actions drop-down menu.

Click Submit.

Click OK.

Click the Requests tab and monitor the progress of the request until the status
is Successful.

Log out of the vRealize Automation console.

Lab 18 - Adding VMware NSX Features to an Existing Blueprint

In this lab, you will perform the following tasks:


Log In to vRealize Automation

Create a Network Profile

Log In to vRealize Automation

Copy a Blueprint

Modify the Blueprint

Add a Service and an Entitlement for the Blueprint

Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Default Tenant from the vRA favorites menu.

Confirm that the domain is set to vclass.local.

Log in to vclass.local domain as Fabric administrator account user name RD-


User01 and the password VMware1!.

Task 2: Create a Network Profile

You create a network profile in the vRealize Automation default tenant. Before you
can add an on-demand network address translation network to a blueprint, you must
have a NAT network profile in the default tenant.

Click the Infrastructure tab.

Click Reservations.

Start Network Profiles.

Click New.

Select NAT.

In the Name text box, enter RD-NAT-NP.

In the Description text box, enter Network profile for on-demand NAT network in
the RD business group.

From the External network profile drop-down menu, select Production-NP.

From the NAT type drop-down menu, select One-to-Many.

In the Subnet mask text box, enter 255.255.255.0.


In the Gateway text box, enter 10.10.108.1.

Confirm that the configuration values are set.


Option Value

Primary DNS

172.20.11.10

DNS suffix

vclass.local

DNS search suffix

vclass.local

Click the IP Ranges tab.

Click New.

In the Name text box, enter RD-NAT-Range.

In the Starting IP address text box, enter 10.10.108.2.

In the Ending IP address text box, enter 10.10.108.50 and click OK.

Click OK.

Log out of the default tenant.

Task 3: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the vRealize
Automation system.

In Internet Explorer, select vRA Web Console - Eng Tenant from the vRA
favorites menu.

Select vclass.local and click Next.

Log in to vclass.local domain as Infrastructure administrator account user name


RD-User01 and the password VMware1!.

Task 4: Copy a Blueprint

You copy a blueprint in vRealize Automation. vRealize Automation blueprints can


combine virtual machine and network components. You copy a Linux database server
blueprint.

Click the Design tab.

Select, but do not open, the QA-DB blueprint.


If you open this blueprint instead of selecting it, click Cancel and discard
the changes.

The QA-DB blueprint remains selected.

Click Copy.

In the Name text box, enter RD-DB-On-Demand-NAT.

In the Description text box, enter Linux DB Server for RD.

Click the NSX Settings tab.

From the Transport zone drop-down menu, select Datacenter (vCenter).

From the Routed gateway reservation policy drop-down menu, select Eng-RP and
click OK.

The new RD-DB-On-Demand-NAT blueprint opens.

Task 5: Modify the Blueprint

You remove the existing network from this blueprint and add VMware NSX® on-demand
NAT network.

In the design canvas, select the QADataNP network.

Click the red delete icon to delete the network.

Click Yes to confirm the deletion.

In the Categories panel, click Network & Security.

In the Categories panel, select On-Demand NAT Network and drag it to the design
canvas.

In the Name text box, enter RD-On-Demand-NAT.

Click Parent Network profile.

Select the RD-NAT-NP network profile.

Click OK.

Click the DHCP tab.

In the IP range start text box, enter 10.10.108.60.

In the IP range end text box, enter 10.10.108.80.

Click Save.

Click a blank spot in the design canvas to close the network dialog box.

In the design canvas, select the QA-DB virtual machine.

Click the General tab.


Enter RD-DB in the ID text box.

Select the RDLin machine prefix in the Machine prefix drop-down menu.

Click the Network tab.

Click New.

From the Network drop-down menu, select RDNATNP.

From the Assignment Type drop-down menu, select DHCP.

Click OK.

Click Save.

Click Finish.

Select the RD-DB-On-Demand-NAT blueprint and click Publish.

Task 6: Add a Service and an Entitlement for the Blueprint

You add a service and an entitlement to enable users to deploy virtual machines and
on-demand networks from their catalog.

Click the Administration tab.

Click Catalog Management.

Click Services.

Click New.

In the Name text box, enter RD-On-Demand-NAT-Service.

In the Description text box, enter Linux VM with on-demand NAT network
connected to the Production network.

Click Browse and select the Linux.png graphic icon from the
C:\Materials\Graphics directory.

Confirm that Active is selected in the Status drop-down menu.

In the Owner text box, enter RD-B and click the search icon.

Select RD-BGMGRs.

In the Support Team text box, enter RD-S and click the search icon.

Select RD-Support.

Click OK.

Select the RD-On-Demand-NAT-Service.

Click Manage Catalog Items.

Click the new Catalog Items icon (+).


Select the RD-DB-On-Demand-NAT blueprint and click OK.

Click Entitlements.

Click New.

In the Name text box, enter Entitlements for RD-Users.

In the Description text box, enter Entitlements for RD-Users.

From the Status drop-down menu, select Active.

From the Business Group drop-down menu, select RD.

In the Users & Groups text box, enter RD-U and click the search icon.

Select RD-User.

Click Next.

Click the plus icon to add an entitled service.

Select RD-On-Demand-NAT-Service and click OK.

Click the plus icon to add an entitled item.

Select RD-DB-On-Demand-NAT and click OK.

Click the plus icon to add entitled actions.

Select the check box next to Name to select all actions.

Click OK.

Click Finish.

Lab 19 - Deploying a Virtual Machine That Includes VMware NSX Features

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Request a Service

Track the Request

Examine the Virtual Machine and On-Demand NAT Network

Destroy the Deployment to Save Lab Resources

Track the Request

Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.
If you are still logged in to the vRealize Automation console, skip to task 2.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

If a security certificate warning appears, click Continue to this website.

Log in to vclass.local domain with RD-User group account user name RD-User01
and the password VMware1!.

Task 2: Request a Service

You request a service that has an on-demand NAT network included.

Click the Catalog tab.

Click Request in the RD-DB-On-Demand-NAT service.

Enter a description as Test for VMware NSX Features.

The description can help you track the purpose of this request.

Enter a reason for the request.

This reason is a justification that would explain to an administrator why you


need this server and network. Most requests are automatically approved and do not
require manual intervention from administrators.

Click Submit and click OK.

Task 3: Track the Request

You track the requested service from vRealize Automation.

Click the Requests tab.

The request should be the top item in the list. An initial status of In
Progress should be displayed.

Select the request.

Click View Details.

Examine the details of the request and click OK.

If you do not have an Internet Explorer tab open with the VMware vSphere® Web
Client, then open a tab.

Open a new tab on the Internet Explorer browser.

Select vSphere Web Client from the Infrastructure favorites menu and log in
as administrator@vsphere.local with the password VMware1!.
Click the Home icon and select VMs and Templates.

In the bottom-right corner of the Recent Tasks pane, click More Tasks.

Track the progress of changes to the network architecture.

Track the progress of the virtual machine as it is cloned, customized, and


powered on.

Click the refresh icon at the top center of vSphere Web Client periodically
until you see the Customize virtual machine guest OS task complete message in the
Recent Tasks pane.

Click the Home icon and select Networking & Security.

Select NSX Edges.

Select the new VMware NSX® Edge™ device.

The name should include RDDBOnDemandNAT.

Double-click the new NSX Edge device.

Do not change any of the settings on the new NSX Edge device.

Click the Manage tab.

Click the DHCP tab and examine the DHCP settings.

The Start IP should be set to 10.10.108.60. and the End IP should be set to
10.10.108.80.

Click the Home icon and select VMs and Templates.

Open a remote console to the virtual machine that you just deployed.

Log in with user root and a password of VMware1!.

Use ifconfig -a command to confirm that this virtual machine has an IP address
from the DHCP range of 10.10.108.60 to 10.10.108.80.

Enter the command ping 172.20.10.10.

The ping command should be successful.

Press Ctrl+C to stop the ping command.

Close the remote console.

Click the vRealize Automation tab in the Internet Explorer browser to return to
the vRealize Automation console.

Click the refresh icon at the bottom of the Requests pane until the status of
the request changes to Successful.

Task 4: Examine the Virtual Machine and On-Demand NAT Network


The virtual machine and on-demand network are an item in vRealize Automation.

Click the Items tab.

The request should be the bottom item in the Deployments list. The name of the
item should begin with the text string RD-DB-On-Demand-NAT, followed by an eight-
digit number.

Select the item.

Click View Details.

Examine the information and click Close in the lower right of the pane.

In the Deployments list to the left of the RD-DB-On-Demand-NAT item is an


expansion icon.

Expand the RD-DB-On-Demand-NAT item.

Examine the components that are included with the item.

The components should include an NSX Edge device and a VMware NSX® network.

Reduce the deployment item to a single line.

Task 5: Destroy the Deployment to Save Lab Resources

You order vRealize Automation to destroy the virtual machine and on-demand network.

Click the Items tab.

The request should be the bottom item in the Deployments list. The name of the
item should begin with the text string RD-DB-On-Demand-NAT, followed by an eight-
digit number.

Select the deployment item.

Click Actions.

Select Destroy.

Click Submit.

Click OK.

This Destroy action powers off and destroys all of the items included in this
deployment. Destroyed items include the virtual machine, the new NSX Edge device,
and the new distributed port group on the SA Production network.

Task 6: Track the Request

You track the requested action from vRealize Automation. Actions such as Destroy
can be tracked like requests.

Using what you have learned, track the request to destroy the virtual machine
in vSphere Web Client and in the vRealize Automation console.
When the virtual machine is powered off and deleted, log out of the vRealize
Automation console and vSphere Web Client.

Lab 20 - Adding a VMware NSX On-Demand Routed Network to a Blueprint

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Create a Network Profile for the Transport Network

Create a Network Profile for the Routed On-Demand Network

Modify the RD Business Group Reservation

Copy a Blueprint

Modify the Blueprint

Add a Service and an Entitlement for the Blueprint

Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Default Tenant from the vRA favorites menu.

If a security certificate warning appears, click Continue to this website.

Log in to vclass.local domain as Member of RD-User account user name RD-User01


and the password VMware1!.

Task 2: Create a Network Profile for the Transport Network

You create a network profile in the vRealize Automation default tenant. Before you
can add an on-demand routed network to a blueprint, you must have a network profile
in the default tenant for the transport network that the on-demand network will
connect to.

Click the Infrastructure tab.

Select Reservations in the left navigation pane.

Select Network Profiles in the left navigation pane.

Click New.

Select External.

In the Name text box, enter RD-Transport-NP.


Enter Network profile for the RD transport network in the Description text box.

Enter 255.255.255.0 in the Subnet mask text box.

Enter 172.20.16.1 in the Gateway text box.

Enter 172.20.16.1 in the Primary DNS text box.

Enter vclass.local in the DNS suffix text box.

Enter vclass.local in the DNS search suffix text box.

Click OK.

Task 3: Create a Network Profile for the Routed On-Demand Network

You create a network profile in the vRealize Automation default tenant. Before you
can add an on-demand routed network to a blueprint, you must have a routed network
profile in the default tenant.

Click New to create a new network profile.

Select Routed.

In the Name text box, enter RD-Routed-NP.

In the Description text box, enter Network profile for on-demand Routed network
in the RD business group.

From the External network profile drop-down menu, select RD-Transport-NP.

In the Subnet mask text box, enter 255.255.255.0.

In the Range Subnet mask text box, enter 255.255.255.128.

In the Base IP text box, enter 10.10.110.1.

Confirm that the configuration values are set.


Option Value

Primary DNS

172.20.16.1

DNS suffix

vclass.local

DNS search suffix

vclass.local

Click the IP Ranges tab.


Click New.

In the Name text box, enter RD-Routed-Range-1.

In the Starting IP address text box, enter 10.10.110.1.

In the Ending IP address text box, enter 10.10.110.126 and click OK.

Click New.

In the Name text box, enter RD-Routed-Range-2.

In the Starting IP address text box, enter 10.10.110.129.

In the Ending IP address text box, enter 10.10.110.254 and click OK.

Click OK.

Task 4: Modify the RD Business Group Reservation

You modify the reservation for the RD business group. The network profile for the
transport network and the routed network must be identified in the reservation
before you can use them.

Click Reservations.

Click RD-Res.

Click the Network tab.

Scroll down and locate the network path named vxw-dvs-40-virtualwire-variable


number and SID-RD-Transport. Select this network path.

Use the Network Profile drop-down menu to select the RD-Transport-NP network
profile.
Click to enlarge

Scroll down to the Routed gateways pane.

Select the RD-DLR gateway.

Use the Network Path drop-down menu to select the RD-Transport-Interface


network path.

Use the Network Profile drop-down menu to select the RD-Transport-NP network
profile.
Click to enlarge

Click OK.

Click Logout.

Task 5: Copy a Blueprint

You copy a blueprint in vRealize Automation. vRealize Automation blueprints can


combine virtual machine and network components. You copy a Linux database server
blueprint.
Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Log in to vclass.local domain as Infrastructure administrator account user name


RD-User01 and the password VMware1!.

Click the Design tab.

Select the QA-DB blueprint.

If you open this blueprint instead of selecting it, click Cancel and discard
the changes.

The QA-DB blueprint remains selected.

Click Copy.

In the Name text box, enter RD-DB-On-Demand-Routed.

In the Description text box, enter Linux DB server for RD.

Click the NSX Settings tab.

From the Transport zone drop-down menu, select Datacenter (vCenter).

From the Routed gateway reservation policy drop-down menu, select Eng-RP and
click OK.

The new RD-DB-On-Demand-NAT blueprint should open.

Task 6: Modify the Blueprint

You remove the existing network from this blueprint and add a VMware NSX® on-demand
NAT network.

In the design canvas, select the QADataNP network.

Click the red X icon to delete the network.


Click to enlarge

Click Yes to confirm the deletion.

In the Categories panel, click Network & Security.

In the Categories panel, select an On-Demand Routed Network and drag it to the
design canvas.

In the Name text box, enter RD-On-Demand-Routed.

Click the Parent Network profile browse button.

Select RD-Routed-NP.

Click OK.

Click Save.

Click a blank space on the design canvas to close the network dialog box.
In the design canvas, select the QA-DB virtual machine.

Click the General tab.

Enter RD-DB in the ID text box.

Select RDLin in the Machine prefix drop-down menu.

Click the Network tab.

Click New.

From the Network drop-down menu, select RDRoutedNP.

From the Assignment Type drop-down menu, select Static IP.

Click OK.

Click Save.

Click Finish.

Select the RD-DB-On-Demand-Routed blueprint and click Publish.

Task 7: Add a Service and an Entitlement for the Blueprint

You add a service and an entitlement to enable users to deploy virtual machines and
on-demand networks from their catalog.

Click the Administration tab.

Click Catalog Management.

Click Services.

Click New.

In the Name text box, enter RD-On-Demand-Routed-Service.

In the Description text box, enter Linux VM with on-demand Routed network.

Click Browse and select the Linux.png graphic icon from the
C:\Materials\Graphics directory.

Verify that the Status drop-down menu has Active selected.

In the Owner text box, enter RD-B and click the search icon.

Select RD-BGMGRs.

In the Support Team text box, enter RD-S and click the search icon.

Select RD-Support.

Click OK.

Select the RD-On-Demand-Routed-Service.


Click Manage Catalog Items.

Click the add new Catalog items icon (+).

Select the RD-DB-On-Demand-Routed blueprint and click OK.

Click Close.

Click Entitlements.

Click New.

In the Name text box, enter RD-On-Demand-Routed-Entitlement.

In the Description text box, enter Entitlement for Linux VM with on-demand
routed network.

From the Status drop-down menu, select Active.

From the Business Group drop-down menu, select RD.

In the Users & Groups text box, enter RD-U and click the search icon.

Select RD-User.

Click Next.

Click the plus icon to add an entitled service.

Select RD-On-Demand-Routed-Service and click OK.

Click the plus icon to add an entitled item.

Select RD-DB-On-Demand-Routed and click OK.

Click the plus icon to add entitled actions.

Select the check box next to Name to select all actions.

Click OK.

Click Finish.

Lab 21 - Deploying a Virtual Machine That Includes a VMware NSX On-Demand Routed
Network

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Request a Service

Track the Request

Examine the Virtual Machine

Destroy the Deployment


Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

If you are already logged in to the vRealize Automation console, skip to task
2.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Start Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

If a security certificate warning appears, click Continue to this website.

Log in to vclass.local domain as member of RD-User account user name RD-User01


and the password VMware1!.

Task 2: Request a Service

You request a service that has an on-demand Routed network included.

Click the Catalog tab.

Click Request in the RD-DB-On-Demand-Routed-Service.

Enter a description as VM for OD routed network.

The description can help you track the purpose of this request.

Enter a reason for the request.

This reason is a justification that would explain to an administrator why you


need this server and network. Most requests are automatically approved and do not
require manual intervention from administrators.

Click Submit and click OK.

Task 3: Track the Request

You track the requested service from vRealize Automation.

Click the Requests tab.

The request should be the top item in the list. An initial status of In
Progress should be displayed.

Click the refresh icon at the bottom of the Requests pane until the status of
the request changes to Successful.

Task 4: Examine the Virtual Machine


You examine the virtual machine that you deployed.

Open a new tab in the Internet Explorer browser.

Select vSphere Web Client from the Infrastructure favorites menu and log in as
administrator@vsphere.local with the password VMware1!.

Click the Home icon and select VMs and Templates.

Expand the VRM folder.

Select the Virtual machine that you deployed in task 2.

Expand Network adapter 1 in the VM Hardware pane.

The network that the virtual machine is connected to should be a long name that
contains the string RDRoutedNP
Click to enlarge

Examine the summary of the virtual machine. You should see a hardware address
that is in the 10.10.110.0/24 network.

Click Launch Remote Console.

Log in to the virtual machine with the root user name and a password of
VMware1!.

Enter the following command.

ping 172.20.11.10

The ping command should be successful

Press Ctrl + C to stop the ping.

Close the remote console.

Task 5: Destroy the Deployment

You order vRealize Automation to destroy the virtual machine and on-demand network.

Click the Items tab.

The request should be listed in the Deployments list. The name of the item
should begin with the text string RD-DB-On-Demand-Routed, followed by an eight-
digit number.

Select the item.

Click Actions.

Select Destroy.

Click Submit.

Click OK.
Lab 22 - Creating Software Blueprints

In this lab, you will perform the following tasks:

Prepare the Linux Template

Install the vRealize Automation Agents

Modify the vRealize Automation Agent Configuration for Red Hat

Create a Software Components Blueprint

Create a Combined Blueprint

Add a Service

Add an Entitlement

Task 1: Prepare the Linux Template

You prepare a template to use with a combined blueprint for applications in VMware
vRealize® Automation™.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Use Internet Explorer to start VMware vSphere® Web Client from the
Infrastructure favorites menu and Log in as user administrator@vsphere.local and
the password VMware1!.

In vSphere Web Client, Click VMs and Templates.

Select the Centos-Temp-Noguest template.

Convert the template to a virtual machine hosted on the SA Compute-01 cluster.

Right click Centos-Temp-Noguest template and select Convert to Virtual


Machine.

In Select a compute resource pane, select SA-Compute-01.

Click Next and click Finish

Power on the Centos-Temp-Noguest virtual machine.

After the Centos-Temp-Noguest virtual machine starts up, open a remote console.

Log in as root with the VMware1! password.

At this point you would use the yum install –y Red_Hat_package_name command to
install the following packages:

openssh

wget

perl
telnet

nc

In the lab environment this Linux template already has these packages
installed.

Run the command.

nano /etc/sysconfig/selinux

Confirm that the SELINUX= entry is set to SELINUX=disabled.

Press Ctrl+X to exit.

If you made changes to the file, enter Y to save the changes.

Task 2: Install the vRealize Automation Agents

You install the vRealize Automation agents.

Download the guest agent prepare script from the vRealize Automation appliance.

wget https://sa-vra-
01.vclass.local:5480/service/software/download/prepare_vra_template.sh --no-check-
certificate

The command must be entered on a single line. The command is case-sensitive.

Make the script executable.

chmod +x prepare_vra_template.sh

Run the script.

./prepare_vra_template.sh

Press Enter to accept the default of a VMware vSphere® cloud provider.

Enter sa-vra-01.vclass.local as the Host name of the vRealize Appliance.

Enter sa-IaaS-01.vclass.local as the Host name of the Manager Service Server.

Enter n to disable certificate checking.

Press Enter to accept the default of a 300-second timeout.

Enter y to install Java.

Enter y to start the installation.

The Installation Completed Successfully message should appear. If the message


does not appear, repeat from step 2 through to 9.

Task 3: Modify the vRealize Automation Agent Configuration for Red Hat

You modify the vRealize Automation agent configuration to support CentOS, which is
a Red Hat version of the Linux operating system.

Customize the agent script for the CentOS operating system.

nano /opt/vmware-appdirector/agent-bootstrap/vmware_vra_software_agent

Use the down arrow key to scroll until you locate the following lines.

# Source init.d function library

if [ -f /etc/rc.d/init.d/functions ]; then

. /etc/rc.d/init.d/functions

elif [ -f /etc/init.d/functions ]; then

. /etc/init.d/functions

fi

Press Ctrl+K on each line to delete the line.

Press Ctrl+X to exit and save the file.

Delete the symbolic link and replace it with the new agent.

rm /etc/init.d/vmware_vra_software_agent

Replace it with the new agent.

cp /opt/vmware-appdirector/agent-bootstrap/vmware_vra_software_agent
/etc/init.d/vmware_vra_software_agent

You must enter th cp command on a single line. What looks like a slash (/)
followed by a carriage return is /etc/init.d/vmware_vra_software_agent.
Click to enlarge

Close the remote console.

Right-click the Centos-Temp-Noguest virtual machine and select Power > Shutdown
Guest OS and click Yes when prompted.

Wait for the virtual machine to shut down.

Convert the virtual machine back into a template.

Right-click the Centos-Temp-Noguest virtual machine and select Template >


Convert to Template.

Click Yes to Confirm Convert.

Do not change the name of the template. The name of the template must remain
Centos-Temp-Noguest. This template name is registered in the vRealize Automation
inventory. If you change the name, you will have to rerun data collection on the
vSphere inventory.

Task 4: Create a Software Components Blueprint


You create a software components blueprint to install the Apache Web server.

Open a new tab in internet explorer and select vRA Web Console - Eng Tenant
from the vRA favorites menu.

Log in to vclass.local domain as Software architect account user name QA-User02


and the password VMware1!.

Click the Design tab.

Select Software Components.

Click the New icon to create a new component blueprint.

Enter Apache Web Server in the Name text box.

Enter This is an Apache Web server for CentOS Linux machines in the Description
text box.

Confirm that Machine is selected from the Container drop-down menu.

Click Next.

Do not add any custom properties.

Click Next.

Confirm that Bash is selected from all four ScriptType drop-down menus.

Click Click here to edit for the Install action.

Enter the script for the Install action.

#!/bin/bash

yum install -y httpd

The script should take two lines and look exactly like the script in the
screenshot.
Click to enlarge

Click OK.

The script appears like a single line, but the script is still two lines.

Do not enter a script for the Configure action.

Enter the script for the Start action.

#!/bin/bash

/bin/systemctl start httpd.service

Click OK.

Enter the script for the Uninstall action.

#!/bin/bash
yum remove -y httpd

Click OK.

When you finish entering all three scripts, the Actions pane should look like
the screenshot.
Click to enlarge

Scripts are unique to each operating system. In Windows systems, you use batch
command scripts and Windows PowerShell scripts. In some versions of Linux, the
scripts are bash commands, but the commands might vary. For example, in Ubuntu
Linux systems you use apt-get install -y apache2 to install the Apache Web server
instead of yum install -y httpd. The best practice is to always have a unique
software blueprint for each operating system, even if you are installing exactly
the same software.

Click Next.

Click Finish.

Select the Apache Web Server blueprint.

Click Publish.

Log out of the Eng tenant.

Task 5: Create a Combined Blueprint

You create a software components blueprint to install the Apache Web server.

In the internet explorer, select vRA Web Console - Eng Tenant from the vRA
favorites menu

Log in to vclass.local domain as Infrastructure architect account user name QA-


User01 and the password VMware1!.

The infrastructure architect can use software component blueprints created by


the software architect in the same tenant.

Click the Design tab.

Select Blueprints.

Click New to create a blueprint.

Enter QA-Apache-Web-Server in the Name text box.

Click the NSX Settings tab.

Select Datacenter (vCenter) from the Transport zone drop-down menu.

Select Eng-RP from the Routed gateway reservation policy drop-down menu.

Click OK.

Use what you learned in previous labs to create a vSphere machine


blueprint.
Refer Lab 11 Task 1.
Option Action

Existing Network

Select ProductionNP

vSphere Machine ID

Enter QA-Apache-Web-Server

Reservation Policy

Select Eng-RP

Machine prefix

Select QALin

Build Information Action

Select Clone

Clone from

Select Centos-Temp-Noguest

Customization Spec

Enter Lin-Cust

Network

Select ProductionNP

Network Assignment Type

Select Static IP

Network Address

Leave blank. The static IP address is assigned from the IP pool.

Click Save when the machine blueprint is configured.

Do not click Finish.

The blueprint should look like the blueprint in the screenshot.


Click to enlarge
Select Software Components in the left pane.

Drag the Apache Web Server component into the QA-Apache-Web-Server machine.

Click Save.

The combined blueprint should look like the blueprint in the screenshot.
Click to enlarge

Click Finish.

Select QA-Apache-Web-Server and select Publish.

Task 6: Add a Service

You create a service for the Apache Web server.

Click the Administration tab.

Select Catalog Management.

Select Services.

Add a service.

Refer Lab 12 Task 1


Option Action

Name

Enter QA-Apache-Web-Server-Service

Description

Enter Apache Web Server on CentOS for QA

Icon

Browse to C:\materials\graphics\vCAC6IconPack\OperatingSystems\centos-logo-
200.png

Status

Select Active

Owner

Enter QA-BGSuper

Support Team
Enter QA-Support

Click OK.

Select QA-Apache-Web-Server-Service and click Manage Catalog Items.

Add the QA-Apache-Web-Server blueprint service.

Do not add the Apache Web Server software service.

Click OK.

Task 7: Add an Entitlement

You create an entitlement for the Apache Web server.

Select Entitlements.

Add an entitlement.

Refer Lab 12 Task 2


Option Action

Name

Enter QA-Apache-Web-Server-Entitlement

Description

Enter Apache Web server on CentOS for QA

Status

Select Active

Business Group

Select QA

Users & Groups

Enter QA-User

Entitled Services

Click QA-Apache-Web-Server-Service

Entitled Items

Click QA-Apache-Web-Server
Entitled Actions

Click All actions

Click Finish.

Do not log out of vRealize Automation.

Lab 23 - Deploying Applications

In this lab, you will perform the following tasks:

Request the Service

Test the Web Server

Uninstall the Web Server

Verify the Uninstallation of the Web Server

Task 1: Request the Service

You deploy a Web server by requesting a service from VMware vRealize® Automation™.

If you are not logged in, log in to the vRealize Automation console.

Use Internet Explorer on the student desktop and select vRA Web Console -
Eng Tenant from the vRA favorites menu

Log in to vclass.local domain as Infrastructure architect account user name


QA-User01 and the password VMware1!.

Click the Catalog tab.

Select the QA-Apache-Web-Server service and click Request.

Enter Apache Web Server in the Description text box.

Click Submit.

Click OK.

Monitor the progress of the request in Requests tab.

When the request is successful and a State changed to On message appears in the
Audit Log, go to task 2.

Task 2: Test the Web Server

You test the Web server.

Click the Requests tab.

Select the most recent request.


The item should be QA-Apache-Web-Server.

Click View Details.

Click the Execution information icon.


Click to enlarge

View the Details column to determine the name of the created virtual machine.
Click to enlarge

Switch to vSphere Web Client.

Go to VMs and Templates.

Select the Web server virtual machine.

Determine the IP address that is assigned to the virtual machine.


Click to enlarge

Open a new tab in Internet Explorer.

Enter the http://IP_address URL.

The test Web page of the new Web server should appear.
Click to enlarge

Do not close the tab.

Task 3: Uninstall the Web Server

You uninstall the Web server while leaving the virtual machine intact.

Switch to the vRealize Automation Web console for the Eng tenant.

If you are not still logged in as QA-User01 with the password VMware1!, log
back in.

Click the Items tab.

Expand the QA-Apache-Web-Server deployment until you can see the Apache Web
Server component.
Click to enlarge

Select Apache Web Server.

Click Actions.

Select Destroy.

Click Submit.
Click to enlarge

Click OK.

Monitor the request until you see a status of Successful.

Task 4: Verify the Uninstallation of the Web Server


You verify that the Web server software was uninstalled while leaving the virtual
machine intact.

Switch to the tab on Internet Explorer where you tested the Web server’s
default page in task 2.

Refresh the browser tab.

The default Web page should no longer be available.

Switch to vSphere Web Client.

Verify that the virtual machine still exists and is still running.

Open a remote console to the virtual machine.

Log in as root with the VMware1! password.

Run the service httpd status command to verify the uninstallation of the http
daemon.

You should see four status entries:

Starting the Apache HTTP Server

Started the Apache HTTP Server

Stopping the Apache HTTP Server

Stopped the Apache HTTP Server

You should also see a message that indicates that the httpd service is not
found ( Reason: No such file or directory) and that the httpd service is inactive
(dead).

Close the remote console.

Use what you have already learned to destroy the QA-Apache-Web-Server


deployment in vRealize Automation to conserve resources.

Do not destroy any deployment except the QA-Apache-Web-Server deployment.

Lab 24 - Monitoring Resources

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Analyze Resources Allocated in Reservations

Analyze IP Resources Allocated in Network Profiles

Examine Events and Logs

Examine System Event Logs


Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

If you are already logged in to the vRealize Automation console in the Eng
tenant, log out.

Use Internet Explorer and select vRA Web Console - Default Tenant from the vRA
favorites menu.

Log in to vclass.local domain as Fabric administrator account user name QA-


User01 and the password VMware1!.

Task 2: Analyze Resources Allocated in Reservations

You analyze the amount of resources that are already allocated in reservations.

Click the Infrastructure tab.

Click Reservations.

Click Reservations.

If resources are not available, requests will fail. To fulfill the request, the
assigned reservation must have enough machines, quota, memory, and storage
available to process the request.

Examine the listed reservations.

Q. How much storage is available in the QA-Res reservation?

ANSWER: Answers vary.

Q. How much memory is allocated in the QA-Res reservation?

ANSWER: Answers vary.

Task 3: Analyze IP Resources Allocated in Network Profiles

You analyze the amount of unallocated IP addresses in a network profile.

Click Network Profiles.

If resources are not available, requests will fail. If a machine in a blueprint


is connected to a network and a static IP address is required, then the network
profile used by the blueprint must have IP addresses available in the IP ranges
that have been assigned.

Double-click the QA-Data-NP network profile.

This action opens the network profile in editing mode.

CAUTION: Do not make changes to the profile.

Click IP Ranges.
Examine the listed IP addresses.

Q. How many IP addresses are allocated?

ANSWER: Answers vary.

Q. Are IP addresses available?

ANSWER: Answers vary.

If a machine managed by vRealize Automation is destroyed and it has a static IP


address assigned to it, that IP address is returned to the IP range address pool.
However, it takes time for the IP address to be returned to an unallocated status.

Task 4: Examine Events and Logs

You examine various types of events and logs.

Click <Infrastructure.

Click Recent Events.

The QA-User01 account is a member of the tenant administrator, infrastructure


architect, IaaS administrator, and fabric administrator roles. Any one of these
roles entitles this user to view the Recent Events pane. The events currently in
the Recent Events pane are mainly events of information-level severity that were
generated by specific requests made by the QA-User01 user. If you are logged in as
a different user who is entitled to view the Recent Events pane, you will not see
some of these events.

Click Monitoring.

The monitoring panes (Audit Log, DEM Status, Log, and Workflow History) are
available only to users who are assigned the IaaS administrator role.

Click Workflow History.

Workflow History includes information from various types of workflows, such as


IaaS workflows and VMware vRealize® Orchestrator™ workflows.

From the Multiple Attempts drop-down menu, select Yes.

Q. Did any workflows have multiple attempts?

ANSWER: Answers vary.

From the Multiple Attempts drop-down menu, select No.

In the Result Details text box, enter Workflow failed.

Examine the workflows that failed.

Click the filter icon.

From the Filter drop-down menu, select Save as.

In the Name text box, enter Workflow failed and click Save.
From the Filter drop-down menu, select Clear.

From the Result drop-down menu, select Stopped.

Q. Were any workflows stopped?

ANSWER: Answers vary.

In the left pane, click Log.

The Log Viewer pane includes log information of various types from multiple
sources, including Distributed Execution Manager (DEM) workers, agents, vRealize
Orchestrator, and various vRealize Automation subsystems. This information is some
of the most comprehensive and valuable information for troubleshooting
configuration and communications problems in vRealize Automation.

Click DEM Status.

DEM status includes information on scheduled and currently executing DEM


workflows.

Click Audit Log.

The audit log in the Audit Log Viewer pane provides details about the status of
managed virtual machines and activities performed on these machines during
reconfiguration. The log includes information about machine provisioning,
reclamation, and reconfigure actions.

Task 5: Examine System Event Logs

You use the system administrator role to analyze vRealize Automation system-level
events.

Start Internet Explorer on the student desktop and select vRA Web Console -
Default Tenant from the vRA favorites menu.

Click Sign in from different domain.

Select vsphere.local and click Next.

Log in to vsphere.local domain as default administrator account user name


administrator and the password VMware1!.

Click the Administration tab.

Click Event Logs.

Examine the event logs.

Select any event and click View Details.

The system administrator event logs cover high-level events in the vRealize
Automation system. Only users with system administrator-level authority can examine
these events.

Click OK.

Log out of the default tenant.


Lab 25 - Reclaiming Resources

In this lab, you will perform the following tasks:

Log In to vRealize Automation

Find Machines to Reclaim

Respond to a Reclamation Request

Examine User Responses to Reclamation Requests

Modify the Machine Lease Period

Destroy a Machine

Task 1: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

Use Internet Explorer on the student desktop and select vRA Web Console - Eng
Tenant from the vRA favorites menu.

Verify that vclass.local domain is selected

Log in to vclass.local domain as tenant administrator account user name QA-


User01 and the password VMware1!.

Task 2: Find Machines to Reclaim

You find a machine to reclaim and request reclamation.

Click the Administration tab.

Click Reclamation.

Click Tenant Machines.

Examine the machines listed for the Eng tenant.

Click the expansion icon (double down arrow) in the upper-right part of the
pane to display the advanced search options.

Enter 13 in the Owner name contains text box.

Click the search icon in the bottom-right part of the pane.

Select the machines owned by QA-User13.

Click Reclaim Virtual Machine.

Q. Why can you not reclaim QALin003?

ANSWER: The machine has expired but is not scheduled to be destroyed yet.
Deselect all machines.

Select QALin006.

Click Reclaim Virtual Machine.

Enter 1 in the New lease length (days) text box.

Enter 1 in the Wait before forcing lease (days) text box.

Enter We are low on resources. Are you using this? in the reason for Request
text box.

Click Submit.

Click Close.

Click Logout.

Task 3: Respond to a Reclamation Request

You respond to a reclamation request.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

If a security certificate warning appears, click Continue to this website.

Log in to vclass.local domain as user account name QA-User13 and the password
VMware1!.

Click Inbox.

Click Reclamation Requests.

In the right pane, click on the number of the reclamation request to open it.

Click Item In Use.

Click Logout.

Task 4: Examine User Responses to Reclamation Requests

You examine a user’s response to the reclamation request.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

Log in to vclass.local domain as user account name QA-User01 and the password
VMware1!.

Click the Administration tab.

Click Reclamation.

Click Reclamation Requests.

Examine the response to the reclamation request.


Click Logout.

Task 5: Modify the Machine Lease Period

You modify a machine lease.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

If a security certificate warning appears, click Continue to this website.

Log in to vclass.local domain as Business manager administrator account user


name QA-User02 and the password VMware1!.

The business manager of a business group has the power to modify the leases of
deployed machines and to destroy deployed machines.

Click the Items tab.

Click Deployments.

From the Owned by drop-down menu, select QA.

In the Search text box, enter 13.

Click the search icon.

Select a deployment owned by QA-user13 that never expires.

From the Actions drop-down menu, select Change Lease.

Select today’s date as the expiration date.

Select the current time as the expiration time.

Click Submit and click OK.

Task 6: Destroy a Machine

You destroy a machine in the business group.

Click the Items tab.

Click Deployments.

From the Owned by drop-down menu, select QA.

Select a machine.

The machine must have the following characteristics:

It is owned by QA-User13.

The expiration date is in the past.

The destroyed date is in the future.


From the Actions drop-down menu, select Destroy.

Click Submit.

Click OK.

Click Logout.

Lab 26 - Using vRealize Orchestrator

In this lab, you will perform the following tasks:

Configure Windows PowerShell on the Domain Controller

Configure vRealize Orchestrator for Windows PowerShell

Create a vRealize Orchestrator Workflow

Add a Schema, Parameters, and Scripting to the Workflow

Add a Workflow Element to the vRealize Orchestrator Workflow

Configure Binding for the Invoke a Windows PowerShell Workflow Element

Test the vRealize Orchestrator Workflow

Log In to vRealize Automation

Add the vRealize Orchestrator Workflow to an XaaS Blueprint

Test the vRealize Orchestrator Workflow from the XaaS Blueprint

Task 1: Configure Windows PowerShell on the Domain Controller

You configure Windows PowerShell settings on the domain controller. The domain
controller is also the local DNS server.

Start the Remote Desktop Connection Manager from the shortcut on the taskbar.

Double-click the DC (vclass.local) item in the left pane.

Click the Windows Start button on the taskbar of dc.vclass.local.

Under Windows System, select Command Prompt.

At the command prompt on dc.vclass.local, run the command to switch winrm to


basic authentication.

winrm set winrm/config/service/auth @{Basic=”true”}

The Windows Remote Management (WinRM) service is a SOAP-based protocol that is


used by VMware vRealize® Orchestrator™ to send Windows PowerShell commands to a
Windows server. The command enables vRealize Orchestrator to authenticate with
basic authentication.

WinRM should respond to the command with a list of authentication settings,


including Basic = true.
Switch to unencrypted communication.

winrm set winrm/config/service @{AllowUnencrypted="true"}

Unencrypted communication means that vRealize Orchestrator can use the HTTP
protocol instead of the HTTPS protocol while communicating with the Windows
PowerShell host. Encrypted communication requires an exchange of valid digital
certificates.

WinRM should respond to the command with a list of configuration settings,


including AllowUnencrypted = true.

Close the Command Prompt window.

Click the Windows PowerShell icon on the taskbar of dc.vclass.local.

Enable vRealize Orchestrator to remotely execute Windows PowerShell commands.

set-executionpolicy bypass

Enter Y.

A bypass execution policy in Windows PowerShell enables vRealize Orchestrator


to send commands to this Windows server without scripts being signed by digital
certificates. This configuration is acceptable for lab or test environments.
Production systems should always use valid digital certificates that are signed by
trusted certificate authorities.

Close the Windows PowerShell window.

Minimize the remote desktop application, but remain logged in to the


dc.vclass.local server.

Task 2: Configure vRealize Orchestrator for Windows PowerShell

You add a Windows PowerShell host to the configuration of vRealize Orchestrator.

Double-click the Orchestrator Client shortcut on the Student-a-01 desktop.

The shortcut is on the desktop. If you have any other applications open, for
example, Internet Explorer, you will have to minimize those applications first.

Click Continue to proceed with an untrusted connection.

Log in to vRealize Orchestrator with the administrator@vsphere.local user


account with the password VMware1!.

Verify that Run is selected from the VMware vRealize Orchestrator mode drop-
down menu.

This selection puts vRealize Orchestrator in the correct mode of operation.

In the left pane, click the WorkFlows tab.


Click to enlarge

Expand Library > PowerShell > Configuration and select Add a PowerShell host.
In the top of the right pane, click the Start workflow icon (green triangle).

Enter DomainController in the Name text box.

Enter dc.vclass.local in the Host / IP text box.

Enter 5985 in the Port text box.

Click Next.

Leave the Host Type drop-down menus set to their default selections.
Option Default Selection

PowerShell remote host type

WinRM

Transport protocol

HTTP

Authentication

Basic

Click Next.

Leave Shared Session selected in the Session mode drop-down menu.

Enter administrator@vclass.local in the User name text box.

Enter VMware1! in the Password text box.

Click Submit.

When the workflow runs successfully, you should see a green check mark in the
left pane next to Add a PowerShell host. If you do not see a green check mark,
repeat the steps 6 through to 17.

Task 3: Create a vRealize Orchestrator Workflow

You create a vRealize Orchestrator workflow to add a DNS host record to a DNS
domain.

Select Design from the vRealize Orchestrator mode drop-down menu.

Right-click administrator@sa-vra-01.vclass.local in the left pane and select


Add folder.

Enter vRA Custom Workflows in the Folder name text box and click OK.

Right-click the vRA Custom Workflows folder in the left pane and select New
Workflow.

Enter Add DNS-Host in the Workflow name text box and click OK.
Click the Inputs tab.

Click the Add parameter icon (right arrow) under Parameters.

Click arg_in_0.

Enter hostName in the Choose attribute name text box and click OK.

Use camel case for all parameter and attribute names in vRealize Orchestrator.

In vRealize Orchestrator, scripting items such as parameters and attributes are


given names spelled in camel case. In a camel-case string, the first word is always
lowercase. In a multiword string, the second and subsequent words begin with a
capital letter. For example, a parameter that is a host name is written in the form
hostName, not HostName or hostname.

To use the supplied script later in this lab, you must use the precise name
that is specified for each parameter. The name is case-sensitive. If you do not use
the precise name provided, the workflow does not work.

Enter Name of new host in DNS in the Description text box.

Repeat steps 7 through 10 to add the ipAddress and zoneName parameters.

Enter a description of IP address of new host in DNS and DNS zone name for
the ipAddress and zoneName parameters.

In the VMware vRealize® Automation™ UI, most panels have an OK button which
must be clicked to save changes. In vRealize Orchestrator, the UI does not have an
OK or Finish button on many windows. After you make changes or enter new parameters
and attributes, you can click another tab without losing the work.

Click the General tab.

In the bottom pane, click the Add attribute (A+) icon.

You have to scroll down to the bottom of the window to see the Attributes
panel.
Click to enlarge

Click att0 and change the attribute name to cmdletName.

Click OK.

Enter Add-DnsServerResourceRecordA in the Value text box of cmdletName.

The value of the Windows PowerShell cmdletName attribute is case-sensitive and


must appear in this precise form. You must include the capital “A” at the end of
the value for the cmdletName attribute. You will add a DNS A record type.

Add a second attribute with the name pshellCommand.

Do not assign a value to pshellCommand.

Task 4: Add a Schema, Parameters, and Scripting to the Workflow

You add a schema, parameters, and scripting to the workflow.


Click the Schema tab.

Drag a scriptable task from the left pane to the center of the new workflow in
the right pane, placing the scriptable task element between the green start element
and the end element.
Click to enlarge

Click the scriptable task.

Click the Edit icon (pencil).

The VMware vRealize Orchestrator window opens for the scriptable task.

Enter Build Command in the Name text box.

Click the IN tab in the VMware vRealize Orchestrator scriptable task window.

Click the Bind to workflow parameter/attribute icon.


Click to enlarge

Select the items to bind.

Select hostName.

Select ipAddress.

Select zoneName.

Select cmdletName.
Click to enlarge

Click Select.

Click the OUT tab.

Click the Bind to workflow parameter/attribute icon.

Select the pshellCommand item to bind.

Click Select.

Click the Visual Binding tab.

Verify that the visual binding looks like the screenshot.


Click to enlarge

Click Scripting.

Do not enter a script at this time.

The objective is to create a command that is a single string. The use of single
and double quotation marks with variables should produce a command string that
looks like the model.

Add-DnsServerResourceRecordA -Name "hostName" -ZoneName "zoneName" -CreatePtr


-IPv4Address "ipAddress"

Assume, for example, that the input parameters have the following values:
hostname = "QALin007"

zoneName = "vclass.local"

ipAddress = "172.20.11.192"

The command that goes to Windows PowerShell looks like the following example:

Add-DnsServerResourceRecordA -Name "QALin007" -ZoneName "vclass.local"


-CreatePtr -Ipv4Address "172.20.11.192"

Instead of trying to enter this complicated script, you will copy and paste it
in the following steps.

Click Close.

Leave the vRealize Orchestrator client open.

Click the File Explorer icon on the taskbar of the student A desktop.

Go to C:\Materials\Powershell.

Double-click the PowerShell-String.txt file.

Click Edit.

Click Select All.

Press Ctrl+C.

Close the Notepad window.

Click the vRealize Orchestrator client icon on the student A desktop


taskbar to return to the vRealize Orchestrator client.

Select the Build Command icon in the schema.

Click the Edit icon (pencil).

The Scripting tab should be open.

Click in the right pane.

Press Ctrl+V to paste the script.

Variables and parameters appear in purple. String items appear in green. the
script should look like the example.

pshellCommand = cmdletName +' -Name "' + hostName + '" -ZoneName "' + zoneName
+ '" -CreatePtr -IPv4Address "'+ipAddress+'"'

Click Close.

Click Save.

Leave the vRealize Orchestrator client open.


Task 5: Add a Workflow Element to the vRealize Orchestrator Workflow

You add a workflow element to the vRealize Orchestrator workflow.

Drag a workflow element from the left pane to the schema, placing the workflow
element between the Build Command icon and the End workflow element.

Enter powershell in the Search box.

Double-click Invoke a PowerShell script.


Click to enlarge

Click Setup on the question, Do you want to add the activity’s parameters as
input/output to the current workflow?.

Before you add values in this pane it is a good idea to increase the size of
the window. Carefully move the mouse to the bottom-right corner and click the
corner. Then grab the corner and drag to the lower right to increase the size of
the window.

Select Value for the host parameter.


Click to enlarge

Click Input value.


Click to enlarge

Expand PowerShell in the left pane of the Select (PowerShell:PowerShellHost)


window.

Select DomainController in the left pane of the Select


(PowerShell:PowerShellHost) window.

Click Select.

Click Promote.

Leave the vRealize Orchestrator client open.

Task 6: Configure Binding for the Invoke a Windows PowerShell Workflow Element

You configure binding to properly handle input and output parameters in the new
workflow element.

Point to Invoke a PowerShell and click the Edit icon (pencil).

Click the Visual Binding tab.

Point to the line that connects script in the In Parameters pane to script in
the center pane.

Click the red X to remove the binding.

Drag pshellCommand in the In Attributes pane to the script string in the center
pane.

The visual binding should look like the screenshot.


Click to enlarge
Click Close.

Click the Validate icon (check mark) above the right pane.

An error message indicates that you have an unused parameter.

Click Delete parameter in the Quick fix action column.

The Workflow is valid message should appear.

Click Close.

Click Save and Close.

Click Increase version.

Leave the vRealize Orchestrator client open.

Task 7: Test the vRealize Orchestrator Workflow

You test the vRealize Orchestrator workflow.

Click the Remote Desktop Connection Manager icon on the student A desktop
taskbar.

Click the Start button on the dc.vclass.local desktop and select Administrative
Tools.

Double-click DNS.

Expand Forward Lookup Zones.

In the left pane, select vclass.local.

In the right pane, click the Name column to sort the host records by name.

Scroll down the list of records and confirm that no Host (A) record for a host
named QALin777 exists.

Click the vRealize Orchestrator client icon on the student A desktop taskbar.

Select Run from the Realize Orchestrator mode drop-down menu.

In the left pane, select the Add DNS-Host workflow in the vRA Custom Workflows
folder.

Click the Start Workflow icon above the right pane.

Use the parameters to test the new vRealize Orchestrator workflow.


Option Action

Name of new host in DNS

Enter QALin777

IP address of new host in DNS


Enter 172.20.11.57

DNS Zone name

Enter vclass.local

Click Submit.

The workflow takes a few seconds to run. The end element (target) should turn
green.

Click the Remote Desktop Connection Manager icon on the student A desktop
taskbar.

Click the vclass.local forward lookup zone.

Click the refresh icon in the DNS Manager window.

Examine the vclass.local forward lookup zone and confirm that a Host (A) record
for QALin777 with an IP address of 172.20.11.57 exists.

Task 8: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the vRealize
Automation system.

Minimize the Remote Desktop Connection and vRealize Orchestrator.

Use Internet Explorer on the student desktop and select vRA Web Console - Eng
Tenant from the vRA favorites menu.

Log in to vclass.local domain as XaaS administrator account user name QA-User01


and the password VMware1!.

Task 9: Add the vRealize Orchestrator Workflow to an XaaS Blueprint

You add the vRealize Orchestrator workflow to an anything-as-a-service (XaaS)


blueprint. vRealize Orchestrator, combined with Windows PowerShell, can automate a
wide variety of IT operations.

Click the Design tab.

Click XaaS.

Click XaaS Blueprints.

Click the New (+) icon.

Expand Orchestrator.

Expand vRA Custom Workflows.

Select Add DNS-Host.

Click Next.
Enter This blueprint will add a DNS Host (A) record to the DNS server running
on dc.vclass.local in the Description text box.

Enter 1.0.0 in the Version text box.

Click Next.

Click Next.

Click Finish.

Use what you learned in previous labs to complete the tasks.

Refer Lab 11 and Lab 12

Publish the Add DNS-Host blueprint.

Create an Add DNS-Host service.

Add the Add DNS-Host blueprint catalog item to the Add DNS-Host service.

Create an Add DNS-Host entitlement.

Task 10: Test the vRealize Orchestrator Workflow from the XaaS Blueprint

You test the vRealize Orchestrator workflow by requesting an XaaS blueprint


service.

Click the Catalog tab.

Click Request in Add DNS-Host.

Enter Test of DNS Workflow in the Description text box.

Click Next.

Use the parameters to test the vRealize Orchestrator workflow.


Option Action

Name of new host in DNS

Enter QALin888

IP address of new host in DNS

Enter 172.20.11.58

DNS Zone name

Enter vclass.local

Click Submit.

Click OK.
Track the request status and wait for its successful completion.

Click the Remote Desktop Connection Manager icon on the student A desktop
taskbar.

Click the vclass.local forward lookup zone.

Click the refresh icon in the DNS Manager window.

Examine the vclass.local forward lookup zone and confirm that a Host (A) record
for QALin888 with an IP address of 172.20.11.58 exists.

Close the DNS Manager window on the dc.vclass.local desktop.

Close the Administrative Tools window on the dc.vclass.local desktop.

Press Alt+F4 and log out of dc.vclass.local.

Close the Remote Desktop Connection Manager.

Log out of vRealize Automation.

Lab 27 - Examining Blueprints

In this lab, you will perform the following tasks:

Install vRealize CloudClient

Use vRealize CloudClient to Export a Blueprint

Examine the Blueprint

Task 1: Install vRealize CloudClient

You install vRealize CloudClient on the student A desktop.

Log in to the Student-a-01 desktop as user vclass\administrator with the


password VMware1!.

Click the Windows Explorer shortcut on the desktop taskbar to open Windows
Explorer.

Browse to C:\Materials\Downloads\VMware.

Right-click cloudclient-4.0.0-3343843-dist.zip and select Extract All.

Enter C:\Materials\ in the destination folder.

Click Extract.

Right-click the cloudclient-4.0.0-3343843 folder and select Rename.

Enter cloudclient.

Click the command prompt icon on the taskbar to open a Command Prompt window.
Enter cd c:\materials\cloudclient\bin.

Click the C:\ icon in the upper-left corner of the Command Prompt window to
change the properties of the Command Prompt window.
Click to enlarge

Select Properties.

Click the Layout tab.

Set the Window size width to 140 and click OK.

Enter cloudclient.bat.

Press the spacebar multiple times to scroll through the license agreement.

Enter Y.

The screen should look like the screenshot.


Click to enlarge

Leave vRealize CloudClient running for the next task.

Task 2: Use vRealize CloudClient to Export a Blueprint

You use vRealize CloudClient to export a blueprint.

Enter the commands to use vRealize CloudClient to log in to VMware vRealize®


Automation™ with qa-user01 (a tenant administrator for the Eng tenant).

Cloudclient:

vra login userpass --tenant Eng

vRA Server (IP or hostname):

sa-vra-01.vclass.local

vRA username:

qa-user01@vclass.local

vRA Password for qa-user-01@vclass.local:

VMware1!

The screen should look like the screenshot.


Click to enlarge

Enter vra content list command to list all of the blueprints.


Click to enlarge

You might need to widen the Command Prompt window to clearly see the ID string
for each blueprint. If a width of 140 is not wide enough, try 160 or 180. You can
use the up arrow to repeat the vra content list command.

Locate the QA-DB blueprint in the name column (third column).


Click to enlarge
Identify the corresponding contentID in the second column.
Click to enlarge

Record the contentID of the QA-DB blueprint.

The contentID of the QA-DB blueprint should be QADB.

Identify the contentTypeID.


Click to enlarge

The contentTypeID of the QA-DB blueprint should be composite-blueprint.

Enter vra content export --content-id blueprintID --type type --path


c:\materials\cloudclient.

For example:

vra content export --content-id QADB --type composite-blueprint --path


c:\materials\cloudclient
Click to enlarge

Enter exit to log out of vRealize CloudClient.

Close the Command Prompt window.

Task 3: Examine the Blueprint

You examine the exported blueprint.

Click the Windows Explorer icon on the taskbar of the student A desktop.

Browse to c:\materials\cloudclient.

Right-click the QADB-composite-blueprint.zip file and select Extract All.

Click Extract.

Right-click the metadata.yaml file and select Open with.

Click More options.

Scroll down and select WordPad.

Examine the high-level YAML code.

Close WordPad.

In Windows Explorer, double-click composite-blueprint to open the subdirectory.

Right-click QADB.yaml and select Open with.

Select WordPad.

Examine the YAML code for the blueprint.

Q. Which template is used to create the QA-DB virtual machine?


ANSWER: Centos-Template

Q. Which network profile is connected to the QA-DB virtual machine?

ANSWER: QA-Data-NP

Q. Which workflow is used to provision the QA-DB virtual machine?

ANSWER: CloneWorkflow

Close WordPad.

Close Windows Explorer.

Lab 28 - Using XaaS for Day-2 Operations

In this lab, you will perform the following tasks:

Log In to vRealize Orchestrator

Create a Workflow

Log In to vRealize Automation

Copy a Blueprint

Add the Blueprint to an Existing Service and Entitlement

Create a XaaS Resource Action

Configure Target Criteria for the XaaS Resource Action

Configure the Form for the XaaS Resource Action

Add the Resource Action to an Existing Entitlement

Deploy a New Virtual Machine

Test the Resource Action

Verify the Resource Action

Clean Up for the Next Lab

Task 1: Log In to vRealize Orchestrator

You use the vRealize Orchestrator Client shortcut from the student desktop to log
in to the VMware vRealize® Orchestrator™ system.

Double-click the Orchestrator Client shortcut on the student-a desktop.

Click Continue to proceed with an untrusted connection.

Wait for the login screen to appear.

Log in to vRealize Orchestrator with the administrator@vsphere.local user


account with the password VMware1!.
Use the VMware vRealize Orchestrator mode drop-down menu to switch vRealize
Orchestrator to Design mode.

Task 2: Create a Workflow

You create a workflow to add a disk drive and more memory to a provisioned virtual
machine.

Click the Workflows tab in the left pane.

Expand the vRA ICM Class Workflows folder in the left pane.

Right-click the Copy of Day-2-Bigger-VM workflow and select Duplicate workflow.

Enter XaaS Day-2-Bigger-VM in the New workflow name text box.

Click vRA ICM Class Workflows in the Workflow folder box.

Enter vRA Custom in the Search box.

Double-click vRA Custom Workflows.

Do not copy the version history.

Select No.

Click Submit.

Minimize the vRealize Orchestrator client.

Task 3: Log In to vRealize Automation

You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system.

Switch back to Internet Explorer.

Select vRA Web Console - Eng Tenant from the vRA favorites menu.

If a security certificate warning appears, click Continue to this website.

Log in to vclass.local domain as XaaS administrator account user name QA-User01


and the password VMware1!.

Task 4: Copy a Blueprint

You copy an existing blueprint for use in day-2 operations.

You use Internet Explorer from the student desktop to log in to the vRealize
Automation system.

Click Design.

Select, but do not open, the QA-DB blueprint.


Click Copy.

Enter QA-DB-Day-2 in the Name text box.

Click OK.

Click Save.

Click Finish.

Select, but do not open, the QA-DB-Day-2 blueprint.

Click Publish.

Task 5: Add the Blueprint to an Existing Service and Entitlement

You add the blueprint to an existing service and an entitlement.

Click the Administration tab.

Click Catalog Management.

Click Services.

Select, but do not open, the QA-General-Services.

Click Manage Catalog Items.

Click the green plus (+) to add a new catalog item to this service.

Select QA-DB-Day-2.

Click OK.

Click Close.

Click Entitlements.

Click QA-General-Entitlement.

Click Items & Approvals.

Click Entitled Items +.

Select QA-DB-Day-2 and click OK.

Click Finish.

Task 6: Create a XaaS Resource Action

You create a XaaS resource action.

Click Design.

Click XaaS.

Click Resource Actions.


Click New.

Select Orchestrator > vRA Custom Workflows > XaaS Day-2-Bigger-VM.

Examine the Input parameters pane.

The input parameters here match the input parameters in the vRealize
Orchestrator workflow.

Click Next.

Verify that IaaS VC VirtualMachine is selected for the Resource type and vm for
Input parameter drop-down menu.

Click Next.

Enter Add a second disk drive and change the RAM setting on the virtual machine
in the Description text box.

Enter 1.0.0 in the Version text box.

Task 7: Configure Target Criteria for the XaaS Resource Action

You configure the target criteria for the XaaS resource action. This controls which
blueprints can use this action.

Select Available based on conditions for the Target criteria.

Click Clause... in the drop-down menu.

Select Blueprint name.

Select Contains in the drop-down menu.

Select Constant in the Value drop-down menu.

Enter Day-2 in the text box.

Click Next.

Task 8: Configure the Form for the XaaS Resource Action

You configure the form for the XaaS resource action. The form is used to guide end
users on the selection of appropriate values.

In the center pane, click inside the Disk index box.

In the right pane, scroll down and select Value... in the Default value box.

Select Constant.

Enter 1 in the text box.

Click the Constraints tab.

Select Constant in the visible box and select No from the drop-down menu.
Click Apply

In the center pane, click Search in the Disk persistence mode box.

In the right pane scroll down and select Value... in the Default value box.

Select Constant.

Enter independent_persistent in the text box.

Click the Constraints tab.

Click Constant in the Visible drop-down menu.

Select No.

Click Apply.

In the center pane, click inside the SCSI controller bus number box.

In the right pane, scroll down and select Value... in the Default value box.

Select Constant.

Enter 0 in the text box.

Click the Constraints tab.

Click Constant in the Visible drop-down menu.

Select No.

Click Apply.

Click Finish.

Task 9: Add the Resource Action to an Existing Entitlement

You add the resource action to an existing entitlement.

Select, but do not open, the XaaS Day-2-Bigger-VM resource action.

Click Publish.

Click the Administration tab.

Click Catalog Management.

Click Entitlements.

Click QA-General-Entitlement.

Click the Items & Approvals tab.

Click Entitled Actions +.

Select XaaS Day-2-Bigger-VM and click OK.


Click Finish.

Task 10: Deploy a New Virtual Machine

You deploy a new virtual machine to test the new resource action.

Click the Catalog tab.

Click QA-General-Services.

In the QA-General-Services pane, click Request for the QA-DB-Day-2 service.

In the Description text box, enter Test of new resource action.

Click Submit.

Click OK.

Click the Requests tab.

Wait for the status of the request to change from In Progress to Successful.

Task 11: Test the Resource Action

You test the resource action.

Click the Items tab.

Expand the QA-DB-Day-2 deployment.

Select the virtual machine.

Select XaaS Day-2-Bigger-VM from the Actions drop-down menu.

Enter Larger VM in the Description text box

Enter I need an additional 10 GB drive and RAM to be set to 2 GB in the Reasons


text box.

Click Next.

Click Select+ in the Datastore in which to put the virtual disk file box.

Expand https://sa-vcsa-01.vclass.local:443/sdk > Datacenters > SA Datacenter >


datastore and select the SA-Shared-01 Remote check box.

Click Select.

Enter 10 in the Disk size (in GB) text box.

Enter 2048 in the Memory size in MB text box.

Click Submit.

Click OK.
Click the Requests tab.

Wait for the status of the request to change from In Progress to Successful.

Task 12: Verify the Resource Action

You examine the virtual machine you just changed.

If closed, open a new tab and select vSphere Web Client from Infrastructure
drop-down menu and log in with user name administrator@vsphere.local and the
password VMware1!.

Click the Home icon and select VMs and Templates.

Expand the VRM folder.

Select the virtual machine.

Verify that you have a second hard disk of size 10 GB and that the RAM is now
set to 2048 MB.

Task 13: Clean Up for the Next Lab

You destroy the virtual machine you just requested to save resources.

Return to the vRealize Automation console.

Click the Items tab.

Select the most recent deployment.

Use the Actions drop-down menu to select Destroy.

Click Submit and click OK.

Lab 29 - Controlling the Lifecycle of a Machine

In this lab, you will perform the following tasks:

Log In to vRealize Orchestrator

Create a Workflow

Configure Input Parameters & Attributes for Workflow

Create the Examine Payload Scriptable Task

Verify a Property Definition

Verify a Property Group

Modify a Blueprint

Add Blueprint to a Service and Add an Entitlement

Create a Subscription
Add Conditions to the Subscription

Select a Workflow and Details for the Subscription

Test the Subscription and Workflow

Examine the Log in vRealize Orchestrator

Task 1: Log In to vRealize Orchestrator

You use the VMware vRealize® Orchestrator™ client shortcut from the student desktop
to log in to the vRealize Orchestrator system.

Minimize the Remote Desktop Connection.

Double-click the vRealize Orchestrator Client shortcut on the student-a


desktop.
Click to enlarge

To see the vRealize Orchestrator shortcut on the desktop, you might have to
minimize other items such as Internet Explorer.

Click Continue to proceed with an untrusted connection and wait for the login
window to appear.

Log in to vRealize Orchestrator with the administrator@vsphere.local user


account with the password VMware1!.

Verify that Run is selected from the VMware vRealize Orchestrator drop-down
menu.
Click to enlarge

Task 2: Create a Workflow

You create a workflow to add a virtual machine to the DNS server.

Select Design from the VMware vRealize Orchestrator drop-down menu.

Expand the vRA ICM Class Workflows folder in the left pane.

Right-click the Copy of Add DNS Host workflow and select Duplicate workflow.

You must right-click the name of the workflow to produce a menu.

Enter EBS Add DNS-Host in the New workflow name text box.

Click vRA ICM Class Workflows under the Workflow folder.

Enter vRA Custom in the search box.

Double-click the vRA Custom Workflows folder.

Click No to not copy the version history.

Click Submit.
Verify that the EBS Add DNS-Host workflow is selected in the left pane and
click the edit icon (pencil) above the right pane.

Click the General tab.

If the value for the host attribute for PowerShell:PowerShellHost is Not Found,
set the PowerShell host.
Click to enlarge

Click Not found in the Value column.

Expand PowerShell.

Select DomainController.

Click Select.

Click Save and close.

Click Increase version.

Task 3: Configure Input Parameters & Attributes for Workflow

You configure input parameters and attributes for the workflow to use it with the
event broker service.

Click the edit icon (pencil) in the right pane to edit the workflow.

Click the Inputs tab.

Select the hostName parameter by clicking to the right of the parameter name.

Clicking the parameter name opens a dialog box that enables you to change the
name. Do not change the name of these parameters.

If you accidentally open the attribute name dialog box, click Cancel.

Click the Move as attribute (A+) icon.


Click to enlarge

This operation converts the hostName parameter from an input parameter to a


general attribute. Input parameters are expected to have a value passed into
vRealize Orchestrator when the workflow starts. General attributes are general
purpose variables that can be used throughout the workflow, but which do not need
to have an input value when the workflow starts.

Select the ipAddress parameter.

Click the Move as attribute (A+) icon.

Select the zoneName parameter.

Click the Move as attribute (A+) icon.

Click the Add parameter (right arrow +) icon.

Click arg_in_0.
Enter payload in the Attribute name text box and click OK.

Click string.

Enter properties in the Filter text box and click Accept.

This action converts the new payload input parameter from a string type
variable to a properties type variable. vRealize Automation requires a single input
parameter of a properties type to pass an array of custom properties from the event
broker service to vRealize Orchestrator when the workflow is called by the vRealize
Automation event broker subscription. The input parameter can have any name. In
this workflow, you use the name payload. There should only be one properties type
variable defined as an input parameter in a workflow that is called by the event
broker service.

Click the General tab.

Enter vclass.local in the Value text box of the zoneName parameter.

Click Save.

You will see a message about errors. Ignore it. Those errors will be resolved
in the next task.

Task 4: Create the Examine Payload Scriptable Task

You modify the new workflow to use it with the event broker service by adding a new
scriptable task.

Click the Schema tab.

Drag a scriptable task from the left pane into the workflow and place it
between the start arrow and the Build Command scriptable task.
Click to enlarge

Point to the new scriptable task and click the pencil icon to open the task for
editing.

Click the Info tab.

Enter Examine Payload in the Name text box.

Click the IN tab.

Click the Bind to workflow parameter/attribute icon.


Click to enlarge

Select payload.

Select hostName.

Select ipAddress.

Click Select.

Click the Out tab.

Click the Bind to workflow parameter/attribute icon.


Select hostName.

Select ipAddress.

Click Select.

Click the Visual Binding tab.

the visual binding should look like the screenshot.


Click to enlarge

Click Close.

The script must be entered exactly as shown. Use the text file on the student
desktop in C:\Materials\CutAndPaste\Lab24-LifecycleEBS.txt. You can copy and paste
the script from the text file into the Scripting pane.

Here is a copy of the script in the workflow.

var machine = payload.get("machine");

vCACVMProperties = machine.get("properties") ;

NetworkName=vCACVMProperties.get("VirtualMachine.Network0.Name");

System.debug("Network name is "+NetworkName);

var
networkProfile=vCACVMProperties.get("VirtualMachine.Network0.NetworkProfileName");

ipAddress=vCACVMProperties.get("VirtualMachine.Network0.Address");

hostName=machine.get("name");

System.debug("Profile Name is "+networkProfile);

System.debug("Network Address is " + ipAddress);

System.debug("Host name is " + hostName);

You must open the C:\Materials\CutAndPaste\Lab24-LifecycleEBS.txt file and copy


the entire script in to clipboard. You can start the selection with var machine =
payload.get("machine"); and select to the end of the file.

Return to the vRealize Orchestrator client.

Open the Examine Payload item for editing.

Click the Scripting tab.

Paste the script in the Scripting pane.

Click Close.

Click Validate.

The workflow should report that it is valid.


Click Close.

Click Save and close.

Click Increase version.

Minimize vRealize Orchestrator.

Task 5: Verify a Property Definition

You verify the configuration of a property definition.

Switch back to Internet Explorer and select vRA Web Console - Eng Tenant from
the vRA favorites menu.

Log in to vclass.local domain as tenant administrator account user name QA-


User01 and the password VMware1!.

Click Administration.

Click Property Dictionary.

Click Property Definitions.

Verify that you have a VirtualMachine.Network0.NetworkProfileName property


definition that matches this property:
Click to enlarge

Click Cancel.

Task 6: Verify a Property Group

You verify the configuration of an existing property group.

Click Property Groups.

Verify that you have an existing QA.VMProperties group that matches this group:
Click to enlarge

Click Cancel.

Task 7: Modify a Blueprint

You modify a blueprint to add DNS information to the DNS server after the virtual
machine is provisioned.

Click Design.

Select, but do not open, the QA-DB blueprint.

Click Copy.

Enter QA-DB-Add-DNS in the Name text box.

Click OK.
Click the QA-DB virtual machine.

Click the Properties tab.

Click the Property Groups tab.

Click Add.

Select QA.VMProperties.

Click OK.

Click the Custom Properties tab.

Click New.

Enter
Extensibility.Lifecycle.Properties.VMPSMasterWorkflow32.MachineProvisioned in the
Name text box.

Enter the name of the property exactly as specified. You can use the text file
on the student desktop in C:\Materials\CutAndPaste\Lab24-LifecycleEBS.txt. You can
copy and paste the text string in the Name text box.

Enter a value of * in the Value text box.

This action passes all of the custom properties to this blueprint during the
VMPSMasterWorkflow32 workflow Machine Provisioned event.

Click OK.

Click Save.

Click any clear space in the design canvas to close the virtual machine in the
blueprint.

Click the QADataNP network in the blueprint.

Click the delete icon (red x) for the QADataNP network.

Click Yes.

This change leaves the blueprint with no network. The network is selected when
the service is requested.

Click Save.

Click Finish.

Select, but do not open, the QA-DB-Add-DNS blueprint.

Click Publish.

Task 8: Add Blueprint to a Service and Add an Entitlement

You add the blueprint to a service and add an entitlement.

Click the Administration tab.


Click <Administration to return to the main Administration pane.

Click Catalog Management.

Click Services.

Select, but do not open, the QA-General-Services.

Click Manage Catalog Items.

Click Catalog Items + to add a new catalog item to this service.

Select QA-DB-Add-DNS.

Click OK.

Click Close.

Click Entitlements.

Click QA-General-Entitlement.

Click Items & Approvals.

Click Entitled Items +.

Select QA-DB-Add-DNS and click OK.

Click Finish.

Task 9: Create a Subscription

You create a subscription to run the vRealize Orchestrator workflow after the
virtual machine is provisioned.

Click <Administration.

This action returns you from Catalog Management to the main Administration tab.

Click Events.

Click Subscriptions.

Click New.

Select Machine provisioning.

Click Next.

Task 10: Add Conditions to the Subscription

You add conditions to control the subscription.

Select Run based on conditions.

Select All of the following from the Clause drop-down menu.


Click Clause.

Select Data > Lifecycle state > Lifecycle state name from the Clause drop-down
menu.
Click to enlarge

Select Equals from the new drop-down menu.

Select Constant from the new drop-down menu.


Click to enlarge

Select VMPSMasterWorkflow32.MachineProvisioned from the bottom drop-down menu.

This operation should create a logical condition that is equivalent to Data >
Lifecycle state name equals VMPSMasterWorkflow32.MachineProvisioned.

Click Add expression.

From the Clause drop-down menu, select Data >Lifecycle state > State phase.

Select Equals from the new drop-down menu.

Select Constant from the new drop-down menu.

Select POST from the bottom drop-down menu.

Click Add expression.

Select Data > Blueprint name from the Clause drop-down menu.

Select Contains from the new drop-down menu.

Select Constant from the new drop-down menu.

Enter Add-DNS in the text box.

The condition should look like the screenshot.


Click to enlarge

Click Next.

Task 11: Select a Workflow and Details for the Subscription

You select a workflow and the details for the subscription.

Select the Orchestrator > vRA Custom Workflows > EBS Add DNS-Host workflow.

Click Next.

Select the Blocking check box.

Enter 5 in the Timeout (min) text box.

Click Finish.

Select, but do not open, the EBS Add DNS-Host subscription.


Click Publish.

Task 12: Test the Subscription and Workflow

You test the subscription and workflow.

Click the Catalog tab.

Click QA-General-Services.

In the QA-General-Services pane, click Request for the QA-DB-Add-DNS service.

In the Description text box, enter Test of new subscription.

Click QA-DB.

From the Network Profile drop-down menu, select QA Data network.

Click Submit.

Click OK.

Click the Requests tab and wait for the status of the request to change from In
Progress to Successful.

Select the request and click View Details.

Click the Execution Information icon.


Click to enlarge

Record the name of the virtual machine that was deployed.

Click the Remote Desktop Connection Manager icon and return to the session with
DC.vclass.local.

Click the refresh icon on the DNS Manager task bar.

Expand Forward Lookup Zone > vclass.local.

Verify that an entry is present for the virtual machine and that it has an
address listed in the 10.10.103.0 subnet.

Close the Remote Desktop Connection manager.

Task 13: Examine the Log in vRealize Orchestrator

You examine the vRealize Orchestrator workflow log.

Return to the vRealize Orchestrator client.

Select Run from the VMware vRealize Orchestrator menu.

In the left pane, expand vRA Custom Workflows > EBS Add DNS-Host.

Select the EBS Add DNS-Host entry with the green check mark that indicates the
most recent completion of this workflow.
You might need to click the refresh icon in the vRealize Orchestrator client.

In the right pane, click the Logs tab.

Select the Debug log from the drop-down menu.

You should see output that reports the information that the script dumped using
the System.debug commands. The report should be similar to the screenshot.
Click to enlarge

Exit the vRealize Orchestrator client.

Lab 30 - Installing vRealize Automation

In this lab, you will perform the following tasks:

Shut Down the vRealize Automation IaaS Server

Shut Down the vRealize Automation Appliance

Start the vRealize Automation Installation Wizard

Install the Management Agent

Start the Prerequisite Checker

Generate Security Certificates

Validate the Installation Settings and Prerequisites

Complete the Installation

Run the Initial Setup

Answer the Manual User Action Request

Examine the New Configuration

Task 1: Shut Down the vRealize Automation IaaS Server

You shut down the VMware vRealize® Automation™ Information-as-a-Service (IaaS)


server. When the vRealize Automation IaaS server is shut down, no interference is
caused by this server when you install a new configuration of vRealize Automation
using a different vRealize Information IaaS server.

Log out of the vRealize Automation Web console.

Shut down Internet Explorer by closing all tabs.

Click the Remote Desktop Manager shortcut on the Student-A desktop taskbar.

Double-click the sa-IaaS-01 server.

You must connect to sa-IaaS-01. Do not connect to sa-IaaS-02.

When the Remote Desktop Manager completes the login, click the desktop of the
sa-IaaS-01 server.
Press Alt+F4.

Select Shut down from the drop-down menu and click OK.

Click Yes.

Minimize, but do not close, the Remote Desktop Manager.

Task 2: Shut Down the vRealize Automation Appliance

You shut down the vRealize Automation appliance. When the vRealize Automation
appliance is shut down, no interference is caused by this server when you install a
new configuration of vRealize Automation.

Click the MTPuTTY shortcut on the Student-A desktop taskbar.

Double-click the sa-vRA-01 item in the left pane.

You must connect to sa-vRA-01. Do not connect to sa-vRA-02.

Enter shutdown -h now command.

Close the MTPuTTY application.

Task 3: Start the vRealize Automation Installation Wizard

You start the vRealize Automation installation wizard.

Return to the Remote Desktop Manager application on the Student-A desktop.

Double-click the sa-IaaS-02 - Logon as a Service server.

You must connect to sa-IaaS-02 - Logon as a Service. Do not connect to sa-IaaS-


01 or to sa-IaaS-02.
Click to enlarge

Examine the information on the desktop to verify that you are logged in to the
sa-IaaS-02 server with the User Name vra.service.
Click to enlarge

Click the Windows Start button on the sa-Iaas-02 server.

Click the Internet Explorer browser shortcut.

Connect to https://sa-vra-02.vclass.local:5480.

Maximize the Internet Explorer pane to full screen.

Click Continue to this website (not recommended).

Log in with the root account and the password VMware1!.

The first time anyone connects to the vRealize Automation appliance on port
5480, the installation wizard starts. As long as you have the prerequisites done on
IaaS, SQL Server, and Active Directory (including the creation and configuration of
the service account), the wizard steps you through the process.
Verify that the installation wizard is running. You should see this screen:
Click to enlarge

Click Next.

Select the I accept the terms of this agreement check box to accept the license
agreement.

Click Next.

Leave the default Minimal deployment clicked and click Next.

Task 4: Install the Management Agent

You install the vRealize Automation management agent on the vRealize Automation
IaaS server.

Click vCAC-IaaSManagementAgent-Setup.msi.

Click Continue to this website (not recommended).

Click Save.

Click Run.

Click Next to start the vRealize Automation management agent installation.

Select the I accept the terms of this agreement check box to accept the license
agreement and click Next.

Click Next to keep the default destination folder.

Enter https://sa-vra-02.vclass.local:5480 in the vRA appliance address text


box.

Enter root in the Root username text box.

Enter VMware1! in the Password text box.

Click Load to load the SHA1 fingerprint.

A best practice is to confirm the SHA1 fingerprint before proceeding. To save


time in this lab, you will not confirm the fingerprint.

Select the I confirm the fingerprint matches the Management Site Service SSL
certificate check box.

Click Next.

Enter the password VMware1! for the VCLASS\vra.service user account and click
Next.

Click Install.

Click Yes to allow the management agent setup program to change the server.

Wait for the installation of the management agent to complete and click Finish.
Close the current Internet Explorer tab (labeled Certificate Error Navigation)
and return to the VMware vRealize Appliance tab.

This action should return you to the Installation Prerequisites page of the
vRealize Automation Installation wizard.
Click to enlarge

Click the Use Time Server radio button.

Enter the address 172.20.11.10 in the Time Server text box.

This address uses the vclass.local domain controller as the local network time
server.

Click Next.

Task 5: Start the Prerequisite Checker

You start the vRealize Automation installation wizard prerequisite checker.

Click Run to execute the prerequisite checker and wait for the host to trigger
the prerequisite check.

Click Run. Do not click Next. If you click Next instead of Run you will skip
the prerequisite checker.

The prerequisite checker will start. You might have to wait for five minutes
before you see changes.

When you see the status OK with a green check mark, click Next.

Enter sa-vra-02.vclass.local in the vRealize Address text box and click Next.

Enter VMware1! in the Administrator password text box.

Enter VMware1! in the Confirm password text box.

The password that you enter becomes the password of the vRealize Automation
system administration account in the default vsphere.local tenant. This password
should be entered carefully and recorded.

Click Next.

Enter sa-iaas-02.vclass.local in the IaaS Web Address text box.

Enter vclass\administrator in the Username text box.

You must enter the account in the form domain-name\user-name. Do not use a
simple user name (with no domain). Do not enter the user name in the form user-
name@domain-name.

Failure to enter the user name in the correct format results in an installation
failure.

Enter VMware1! in the Password text box.

Enter VMware1! in the Security Passphrase text box.


Enter VMware1! in the Confirm Passphrase text box.

The database security passphrase must be carefully entered and recorded. You
cannot recover the database security passphrase if you lose it.

Click Next.

Enter sa-sqlserver-01.vclass.local in the Server name text box.

Enter vratwo in the Database name text box.

Do not use the default database name vra. A vra database already exists on this
SQL Server instance that was used in the earlier installation. You must create a
database for the this lab.

Accept the other defaults and click Next.

Accept the defaults for the Distributed Execution Managers and click Next.

Enter vcsa-endpoint in the Endpoint text box.

The name that you use for the VMware vCenter Server® endpoint is critical.
Record the endpoint name. In several other places in vRealize Automation, you must
know the name that you assigned to the vCenter Server endpoint. The default
endpoint name is vCenter. But if you use multiple vCenter Server endpoints, each
endpoint must have a unique name.

Accept the other defaults for the agents and click Next.

Task 6: Generate Security Certificates

You generate SSL security certificates for vRealize Automation.

Keep the default selection of Generate Certificate for the vRealize appliance
certificate.

Enter VMware in the Organization text box.

Enter VMware Education in the Organization Unit text box.

Enter +1 as country code in the Country Code text box.

Click Save Generated Certificate.

The wizard generates a security certificate and changes the Certificate Action
selection from Generate Certificate to Keep Existing. Keep the default of the new
selection of Keep Existing.

Wait for the server to generate a security certificate and click Next.

Keep the default Generate Certificate selection for the Web certificate.

Enter VMware in the Organization text box.

Enter VMware Education in the Organization Unit text box.

Enter +1 as country code in the Country Code text box.


Click Save Generated Certificate.

The wizard will generate a security certificate and change the Certificate
Action selection from Generate Certificate to Keep Existing. Keep the default of
the new selection of Keep Existing.

Wait for the server to generate a security certificate and click Next.

Click Next to accept the default Manager Service Certificate.

Task 7: Validate the Installation Settings and Prerequisites

You validate the installation settings and prerequisites.

Click Validate.

The validation process can take up to 30 minutes. The progress bar does not
show smooth progress. Periods of no activity are followed by jumps of 10 to 30
percent. You should see the first progress update within 10 minutes.

If the Validation is in progress message is visible, you do not need to click


the Validate button a second time.

Do not leave the session. If you are not present to respond when the validation
process finishes, the installation wizard can time out.

When the validation process completes and all items are listed with a green
check mark and the Succeeded status, click Next.

Click Next to skip the Create Snapshots message.

Click Install to begin the actual installation process.

Task 8: Complete the Installation

You complete the installation.

A GetEval Licenses powershell shortcut is present on the Student-A desktop

When the installation process completes, click Next.

The installation process should take less time than the prerequisite checks,
but it can still take up to 45 minutes. You must use the scroll bar to monitor the
progress of the final steps in the installation.

Enter the new license key in the New License Key text box and click Submit Key.

Licenses

Click Next.

Deselect the Enable Customer Experience Improvement Program check box and click
Next.

Enter VMware1! in the Password text box to set the password for the
configurationadmin account.
Enter VMware1! in the Confirm password text box.

Click Create Initial Content and wait for the initial content configuration to
complete.

You are not required to use the Create Initial Content wizard for a successful
installation. You will use the Create Initial Content wizard in this lab to
demonstrate its capabilities.

Click Next.

Click Finish.

Close the Remote Desktop Connection Manager application.

Task 9: Run the Initial Setup

You use the configurationadmin account to run the initial setup.

Click the Internet Explorer shortcut on the Student-A desktop taskbar.

Use the vRA > Install Lab > vRA Web Console (vRA-02) - Default Tenant to
connect to https://sa-vra-02.vclass.local/vcac.

Click Continue to this website (not recommended).

Log in as user account configurationadmin with the password VMware1!.

Click the Catalog tab.

Click Request in the vSphere Initial Setup service.

Select No from the Do you want to use the current tenant? drop-down menu.

Select Yes from the Do you want to create a new tenant? drop-down menu.

Enter VMware1! in the System tenant administrator password text box.

Use the scroll bar to scroll down.

Enter Production in the Tenant name text box.

Enter a first name of the choice in the First name text box.

Enter a last name of the choice in the Last name text box.

Enter the email address prod-admin@vclass.local in the Email address text box.

Enter the user name prod-admin in the Username text box.

Enter the password VMware1! in the Password text box and click Next.

Enter vcsa-endpoint in the Endpoint name text box.

This endpoint name must match the endpoint defined in the proxy agent. The
default endpoint name is vCenter, but this name can be changed to any name by
manually installing the proxy agent. In task 5, you should have used an endpoint
name of vcsa-endpoint.

Enter sa-vcsa-01.vclass.local in the Endpoint host text box.

Enter SA Compute-01 in the Endpoint compute resource text box.

Enter administrator@vsphere.local in the Username text box.

Enter VMware1! in the Password text box.

Click Submit and click OK.

Task 10: Answer the Manual User Action Request

You answer the manual user action request to complete the initial setup.

Click the Inbox tab.

Click Manual User Action.

Use the refresh icon to periodically check for a new manual user action to
appear.

A new manual user action should appear in 5 to 15 minutes.


Click to enlarge

Click the number 1 to open the manual user action.

Select Centos-Template.

Select Win8-Template.

Scroll down and select SA-Shared-01 Remote from the Select reservation storage
drop-down menu.

From the Select reservation resource pool drop-down menu, select <None>.

From the Select reservation network drop-down menu, select pg-SA Production.

To see pg-SA Production, you might have to select a different network and then
click the Select reservation network drop-down menu a second time.

Click Submit.

Click the Requests tab and monitor the progress of the request.

When the request is Successful, log out of the default tenant.

Log out of the configurationadmin user account.

Task 11: Examine the New Configuration

You examine the initial setup that was created for you by the initial setup
workflow.

Click the Internet Explorer shortcut on the Student-A desktop taskbar.


Use the vRA > Install Lab > vRA Web Console - Production Tenant to connect to
https://sa-vra-02.vclass.local/vcac.

The login screen has no option to sign in to a different domain because the new
Production tenant is not yet connected to any other directory. Only the local
directory vsphere.local is available.

Log in as user account prod-admin with the password VMware1!.

Click the Design tab.

Q. Which blueprints are already defined?

ANSWER: Clone_Centos-Template and Clone_Win8-Template.

Click the Administration tab and select Catalog Management > Catalog Items.

Q. Which services are offered?

ANSWER: Clone_Centos-Template and Clone_Win8-Template.

Click the Infrastructure tab.

Select Reservations > Reservations.

Click Reservation InitContent[Production][SA Compute-01] to examine the default


reservation.

Q. What storage resource do you have?

ANSWER: SA-Shared-01 Remote.

Q. What network path is available?

ANSWER: pg-SA Production.

Q. Do you have any network profiles configured?

ANSWER: No.

Module 2 - vRealize Automation Overview