Lab

Lab 1 - Installing Licenses and Configuring the Lab Environment
In this lab, you will perform the following tasks:
Log In to the Lab Environment
Verify vCenter Server, Hosts, & NSX Manager Licenses
License vRealize Log Insight and Configure vSphere Integration
Prepare to Deploy Agents
Install the vRealize Log Insight Agent on Critical Infrastructure Servers
License the vRealize Automation System
WARNING: We have seen some intermittent issues where NSX Manager Operating System
halts in a Boot process. For better experience and to prevent occurrence of the
issue, perform below steps after every login.
Open the NSX Manager console.
Verify if the boot process is completed or not. If the process is incomplete,

you can view the Press Enter to Continue message.
Press Enter to continue the boot process.
Task 1: Log In to the Lab Environment
You open a Remote Desktop Protocol connection to the lab environment. After logging
in, you are introduced to the applications used in the labs.
Log in to the Student-a-01 desktop as user vclass\administrator with the

password VMware1!.
After you are logged in to the student desktop, you do most of the work with
Internet Explorer and various Web consoles. Other systems might require the use of
either a third remote desktop connection from the student desktop to a lab system
or the use of PuTTY or similar utilities to make an SSH connection into a Linux-
based server.
Task 2: Verify vCenter Server, Hosts, & NSX Manager Licenses
You verify the license for the VMware vCenter Server® system, the VMware ESXi™
hosts, and the VMware NSX® Manager™ system.
Start the Internet Explorer browser and select vSphere Web Client from the
Infrastructure favorites menu.
If you see the There is a problem with this website’s security certificate
message, click Continue to this website (not recommended).
This lab environment uses self-signed certificates. Digital certificates should

be signed by a certificate authority (CA) that the system has a trust relationship
with. Self-signed certificates do not use a trusted CA. You will see warnings about
digital certificates frequently in this lab environment. Ignore these warnings.
Production systems should always use valid digital certificates that were issued by
a trusted CA.
Log in to vsphere.local domain administrator user name

administrator@vsphere.local and the password VMware1!.
In vSphere Web Client, click the Home icon and select Hosts and Clusters.
Confirm that the ESXi hosts are connected to SA Compute-01 and SA Management
cluster.
If the host state is Disconnected, reconnect the ESXi host.
In the left pane, expand the inventory.
If the ESXi hosts are disconnected, right-click each ESXi host and click
Connection > Connect.
In the Reconnect host window, click Yes.
Monitor the tasks in the Recent Tasks pane until all the ESXi hosts are
reconnected.
Confirm that the following virtual machines are running in the SA Management
cluster.
Border-ESG-0
Eng-DLR-0
Fin-DLR-0
NSX_Controller_GUID
RD-DLR-0
If any of these virtual machines are not running power on the virtual machine.
Verify the status of the NSX Controller.
In vSphere Web Client, click the Home icon and select Networking &
Security.
In the left pane, select Installation.
On the Management tab in the right pane, select the single controller that
appears in the lower table.
If the controller status does not show a green check mark, select Update
the Controller State from the Actions menu under NSX Manager.
If the controller status does not show a green check mark, wait for one
minute and repeat the update action.
Verify the status of NSX host Agent.
Click the Host Preparation tab.

If you see the installation status for the cluster “Not Ready” then select
individual clusters, click Actions and select Resolve.
Wait till green check mark appears in Installation status with the agent
version 6.2.0.
Note: Please verify the above information at every login.
Task 3: License vRealize Log Insight and Configure vSphere Integration
You license VMware vRealize® Log Insight™ and confirm that VMware vSphere®
integration is configured.
Integration for vSphere and VMware vRealize® Operations™ is included in the base
vRealize Log Insight system. The vRealize Log Insight server is designed to
integrate with vCenter Server systems and attached ESXi hosts. When you configure
vRealize Log Insight, it modifies the configuration of vCenter Server systems and
ESXi hosts. The modified configuration enables vCenter Server systems to send
Syslog events to a vRealize Log Insight server.
In Internet Explorer, open a new tab and select LogInsight - Web Console from
the vRA favorites menu.
Log in to the Log Insight user name admin and the password VMware1!.
License the vRealize Log Insight system.
Licenses
Select Administration from the system drop-down menu, located in the top
menu bar, to the right of the user name.
In the left pane, select License.
In the right pane, click Add New License Key, enter the vRealize Log
Insight license key in the text box, and click Add License Key.
Click the delete icon (red x) to the right of the expired license.
Click Remove.
Configure vSphere integration in the Log Insight administration interface.
Select vSphere under Integration in the left pane of the vRealize Log
Insight administration UI.
vSphere should already be configured with the following settings:
Hostname: sa-vcsa-01.vclass.local
Username: administrator@vsphere.local
Password: VMware1!
Verify that Collect vCenter Server events, tasks, and alarms is selected.
Verify that ESXi hosts to send logs to Log Insight is selected.
Click Test Connection and verify that the test passes.
Click Save and click OK.
Keep Internet Explorer open and connected to the vRealize Log Insight
administration interface.
Task 4: Prepare to Deploy Agents
You download the vRealize Log Insight agent installer.
The construction and application of the agent script is a complex subject that is
beyond the scope of this training. The agent configuration script can be pieced
together using information provided in each content pack. The agent script that you
import was constructed by pasting relevant information from VMware vRealize®
Automation™, Microsoft Active Directory, and the Microsoft SQL Server content
packs.
Select Administration from the vRealize Log Insight system drop-down menu,
located in the top menu bar, to the right of your user name.
In the left pane, click Agents.
In the right pane, click Download Log Insight Agent Version 3.0.0.
Click the Windows MSI (32-bit/64-bit) link and click Save > Save As to save the
file in C:\Materials\Downloads.
Close the download panel.
Do not click Run.
Close the installers list.
Minimize the Internet Explorer browser.
Task 5: Install the vRealize Log Insight Agent on Critical Infrastructure Servers
You install the vRealize Log Insight agent on two critical Windows servers.
vRealize Log Insight can be integrated with every aspect of a deployed vRealize
Automation solution, including integration with authentication and database
servers, and vSphere assets.
You configure vSphere integration (the vRealize Log Insight server is already
receiving events) and upload content packs to extend vRealize Log Insight server
charting and analysis to other systems, including Active Directory servers,
Microsoft SQL Server hosts, and NSX for vSphere systems.
You complete integration of the Active Directory servers and Microsoft SQL Server
hosts by installing a vRealize Log Insight agent on each system. Integration with
most products and systems require the installation of a Windows or Linux agent. The
agent behavior is system dependent and further tuned using the agent configuration
script.
The installation of the Windows agent is simple and fast, taking no more than a
minute to complete.
Use the Remote Desktop Connection Manager in the taskbar to connect to the
DC.vclass.local server.
Double-click the Materials network drive shortcut on the desktop.
Open the Downloads directory.
Right-click the VMware-Log-Insight-Agent windows.msi installation package and

select Install.
Click Run to accept the security warning.
Select I accept the terms in the license agreement and click Next.
Confirm that the host is sa-loginsight-01.vclass.local and click Install.
Click Finish.
Log out of dc.vclass.local
Use the Remote Desktop Connection Manager to connect to the sa-SQLServer-01

server.
Double-click the Materials network drive shortcut on the desktop.
Open the Downloads directory.
Right click the VMware-Log-Insight-Agent windows.msi installation package and

select Install.
Click Run to accept the security warning.
Select I accept the terms in the license agreement and click Next.
Verify that the host is sa-loginsight-01.vclass.local and click Install.
Click Finish.
Log out of sa-SQLServer-01.
Minimize the Remote Desktop Connection Manager.
Return to the vRealize Log Insight Web console in Internet Explorer.
Click Hosts in the left panel.
This action refreshes the console.
Click Agents in the left panel.
Confirm that two agents are listed.
One agent should be connected to dc.vclass.local, and one agent should be

connected to sa-sqlserver-01.vclass.local.
Select Logout from the vRealize Log Insight Admin user drop-down menu.
In Internet Explorer, close the vRealize Log Insight tab.
Task 6: License the vRealize Automation System
You install a license key for vRealize Automation.
Licenses
In Internet Explorer, select vRA Appliance Console from the vRA favorites menu.
Log in as root with a password of VMware1!.
Select Licensing.
Enter the new vRealize Automation license key.
Click Submit Key.
Click Logout user root.
In Internet Explorer, close the VMware vRealize Appliance tab.
Lab 2 - Requesting a Service
Log In to vRealize Automation
Request a Service
Track the Request
Examine the Virtual Machine
Destroy the Virtual Machine
Track the Request
Task 1: Log In to vRealize Automation
Use Internet Explorer from the student desktop to log in to the VMware vRealize®
Automation™ system.

password VMware1!.
Start Internet Explorer.
Select vRA Web Console - Eng Tenant from the vRA favorites menu.
message, click Continue to the website (not recommended).
Log in to vclass.local domain as End user account user name QA-User13 and the
password VMware1!.
Task 2: Request a Service
You request a service from vRealize Automation. vRealize Automation can provide
various kinds of services to users. The most common service is to deploy a virtual
machine. You ask vRealize Automation to deploy a Linux Web server.
Click the Catalog tab.
Click Request in the QA-DB service.

Click to enlarge
Enter a description as Test Deployment.
The description can help you track the purpose of this request.
Enter a reason for the request as Test.
This reason is a justification that would explain to an administrator why you

need a Web server. Most requests are automatically approved and do not require
manual intervention from administrators.
Click Submit.
Click OK.
Task 3: Track the Request
You track the requested service from vRealize Automation. Requests must go through
a process. You deploy and customize a virtual machine from a template through a
cloning operation in VMware vSphere®.
Click the Requests tab.
The request should be the top item in the list. An initial status of In
Progress should appear.
You will see many requests listed that have a Failed status. These requests
involve an Expire operation. Do not be concerned about these requests. These errors
are caused by a problem in an expiration date.
Select the QA-DB request.
Click View Details.
Examine the details of the request
Click the QA-DB virtual machine icon and examine the details.
Click to enlarge
Click the General tab and examine the configuration of the virtual machine.
Click the Storage tab and examine how many hard disks the virtual machine has.
Click OK.
Open a new tab on the Internet Explorer browser.
Select vSphere Web Client from the Infrastructure favorites menu.
message, click Continue to the website (not recommended).
Log in as administrator@vsphere.local with the password VMware1!.
Click the Home icon and select VMs and Templates.
In the bottom-right corner of the Recent Tasks pane, click More Tasks.
Track the progress of the virtual machine as it is cloned, customized, and

powered on.
Click the refresh icon at the top center of VMware vSphere® Web Client
periodically until you see the Customize virtual machine guest OS task completed
message in the Recent Tasks pane.
Click the vRealize Automation tab in the Internet Explorer browser to return to
the vRealize Automation console.
Click the refresh icon at the bottom of the Requests pane until the status of
the request changes to Successful.
Task 4: Examine the Virtual Machine
The virtual machine is an item in vRealize Automation. After a request is complete,

you have a new item in the console.
Click the Items tab.
The request should be listed in the Deployments list with today’s date in the
Date Created column. The name of the item should begin with the text string QA-DB,
followed by an eight-digit number.
Select the item but do not open it (click to the right of the deployment name
to highlight the line).
Click View Details.
Examine the information and click Close in the lower right of the pane.
Expand the QA-DB-<xxxxxxxx> in the Deployments list.

Click to enlarge
Examine the components that are included with the item.
Record the name of the virtual machine that was deployed.
Click Machines in the left pane.
Select the virtual machine that you deployed.

Click View Details.
Click the Network tab.
Record the primary IP address that is assigned to the virtual machine.
Scroll down and click Close.
Task 5: Destroy the Virtual Machine
You order vRealize Automation to destroy the virtual machine. After an item is no
longer needed, you might be entitled to destroy it. Destroying unneeded items saves
resources.
Click Deployments.
Click to the right of the deployment name to select the item that you deployed.
Verify that this is the item you deployed by checking the Date Created column.
The date shown for this item should match today’s date.
Make sure you have only selected the item you just deployed. Do not destroy any
deployment except the deployment you just created.
Click Actions.
Select Destroy.
Click Submit.
Click OK.
You track the requested action from vRealize Automation. Actions such as Destroy
are requests and can be tracked like all other requests.
Track the request to destroy the virtual machine in vSphere Web Client and in
When the virtual machine is powered off and deleted, log out of the vRealize
Automation console and vSphere Web Client.
Lab 3 - Exploring the vRealize Automation Architecture
Log In to vSphere Web Client
Examine vSphere
Examine Other Windows-Based Infrastructure Systems

Examine Other Linux-Based Infrastructure Systems
Task 1: Log In to vSphere Web Client
You use VMware vSphere® Web Client to examine the VMware vSphere® architecture that
will support VMware vRealize® Automation™.

password VMware1!.
Select vSphere Web Client from the Infrastructure favorites menu.
If you see a message indicating a problem with the website’s security

certificate, click Continue to this website.
The lab environment uses self-signed certificates. Digital certificates should

be signed by a certificate authority (CA) that the system has a trust relationship
with. Self-signed certificates do not use a trusted CA. You will see warnings about
digital certificates frequently in this lab environment. Ignore them. Production
systems should always use valid digital certificates that were issued by a trusted
CA.
Log in to the VMware vCenter Server™ as user administrator@vsphere.local with

the password VMware1!.
Task 2: Examine vSphere
You examine the vRealize Automation support infrastructure that was preconfigured
in vSphere.
Click the Home icon and select Hosts and Clusters.
Expand SA Datacenter.
You should see two vSphere clusters: SA Compute-01 and SA Management.
vRealize Automation should always have at least two clusters. The first cluster
is a management cluster.
Expand SA Management.
The management cluster is always used to support management systems. Normally,

this management cluster includes database servers, Web servers, email servers, and
any other system that is used to provide infrastructure support for vRealize
Automation. In the lab environment, the SA management cluster is used to provide
resources for VMware NSX® systems. These VMware NSX systems include edge services
gateways and distributed logical routers.
A production management cluster also hosts the following servers:
vRealize Automation appliance servers
VMware vRealize® Orchestrator™ servers

VMware vRealize® Log Insight™ server
VMware NSX® Manager™ server
VMware vRealize® Business™ for Cloud server
vRealize Automation infrastructure-as-a-service (IaaS) servers
Microsoft SQL Server database servers
Email servers
Network load-balancer servers
Most of these systems exist in the lab environment. But due to the limitations
of the lab environment, they are not hosted on the management cluster.
Expand SA Compute-01.
SA Compute-01 is the resource cluster. The resource cluster is where virtual

machines that are deployed by vRealize Automation are hosted. The best practice is
always to keep the management cluster and resource clusters separated. In a
production environment, virtual machines that are deployed by vRealize Automation
should never be deployed on the management cluster.
Expand the VRM folder.
The VRM folder is where vRealize Automation deploys virtual machines. Any
virtual machines in the VRM folder are managed by vRealize Automation. Do not use
vSphere Web Client to manage these machines unless a significant problem occurs in
vRealize Automation.
Scroll down and locate the templates.
The templates are not located in the VRM folder.
vRealize Automation uses virtual machine templates to provision machines with

cloning operations. Templates must be identified by vRealize Automation during a
data collection inventory. If you change a template name or create a new template,
you have to run a new data collection inventory before you can use the template.
Templates start as virtual machines. Each virtual machine is assigned a host

when it is created. For vRealize Automation to use a virtual machine template, the
template must be stored on storage that is visible to the associated vRealize
Automation fabric group. If a virtual machine is moved to a host and storage
combination that is not part of the fabric group, then any template from that
virtual machine will not be available to vRealize Automation, even if the shared
storage is part of the fabric. Both the host and the storage must be part of the
fabric in order for vRealize Automation to use them.
vRealize Automation can use virtual machine snapshots to create linked clones.
The requirement that both the host and the storage combination are part of the
fabric group is not a requirement for snapshots. As long as a snapshot is stored on
shared storage that is visible to the fabric group, which host the parent virtual
machine is assigned to does not matter.
The best practice for production environments is to use clones and templates
instead of snapshots and linked clones.
Click the Home icon and select Storage.
Select the SA-Shared-01 Remote datastore.
The SA-Shared-01 Remote datastore is the storage used by vRealize Automation

for virtual machine deployment. vRealize Automation can use any storage that is
part of a cluster (shared or local) for reservations.
Log out of vSphere web client.
Task 3: Examine Other Windows-Based Infrastructure Systems
You examine the other Windows-based infrastructure servers that will support
vRealize Automation in the lab environment.
Click the Remote Desktop Connection Manager icon on the taskbar of the Student-
A desktop.
Click to enlarge
The lab infrastructure is divided into two main categories: General

Infrastructure and Site-A Systems.
General Infrastructure contains the Windows domain controller. This system is

also the DNS server for vclass.local.
The Site-A Systems includes a SQL Server host and two IaaS servers.
The SQL Server system hosts databases for vRealize Automation (IaaS server) and
the VMware vCenter Server® system.
Two IaaS servers are included. The SA-IaaS-01 server is the IaaS server for
vRealize Automation. vRealize Automation IaaS runs on Windows servers. In the lab
architecture, this SA-IaaS-01server runs the IaaS Manager, the IaaS Web server, the
IaaS Distributed Execution Manager (DEM), and IaaS proxy agents. In a production
vRealize Automation environment, all of these IaaS components can be assigned to
individual servers.
The SA-IaaS-02 server is not used until the installation lab.
In a production environment, all of these servers (DC, iSCSI, SQL Server, and
IaaS) would be hosted on the management cluster.
Minimize the Remote Desktop Connection.
Task 4: Examine Other Linux-Based Infrastructure Systems
You examine the other Linux-based infrastructure servers that support vRealize
Automation in the lab environment.
Click the MTPuTTY icon on the taskbar of the Student-A desktop.

Click to enlarge
The MTPuTTY utility enables Windows systems to connect to Linux and UNIX
systems with SSH. MTPuTTY can connect to the following systems:
The VMware vCenter® Server Appliance™ instance (SA-VCSA-01)
Four VMware ESXi™ hosts (SA-ESXi-01, SA-ESXi-02, SA-ESXi-03, and SA-ESXi-

04)
The NSX Manager server
Two vRealize Automation appliances (sa-vRA-01 and sa-vRA-02)
vRealize Log Insight server
The sa-vRA-02 server is not used until the installation lab.
In a production environment, all of these servers (sa-vcsa-01, NSX Manager, sa-

vRA-01, sa-vRA-02, and vRealize Log Insight) would be hosted on the management
cluster.
Close the MTPuTTY window.
Lab 4 - Examining Roles in vRealize Automation
Explore the vRealize Automation UI for the IaaS Administrator Role
Explore the vRealize Automation UI for the Fabric Administrator Role
Explore the vRealize Automation UI for the Tenant Administrator Role
Explore the vRealize Automation UI for the Software Architect Role
Explore the vRealize Automation UI for the Catalog Administrator Role
Task 1: Explore the vRealize Automation UI for the IaaS Administrator Role
You use Internet Explorer from the student desktop to log in to the VMware
vRealize® Automation™ system using the IaaS administrator role and explore the
components of the interface for this role.

password VMware1!.
Log in to vclass.local domain as IaaS administrator account user name QA-User08

and the password VMware1!.
If the domain vclass.local is not selected, the attempt to log in fails.
If the domain does not appear as vclass.local, click Sign in to a different

domain, select vclass.local from the drop-down menu, and click Next.
Click the Infrastructure tab.
Click to enlarge
In the left pane, select Endpoints > Endpoints.
In the left pane, select Fabric Groups.
In the Fabric Groups pane, verify that the Engr-FG fabric group appears in the
list.
Point to the Engr-FG fabric group and select Edit.

Click to enlarge
Enter QA-F in the Fabric administrators text box.
Click the search icon.
Select the QA-Fabric@vclass.local group.

Click to enlarge
The QA-Fabric@vclass.local group should now be listed as fabric administrators.
Click OK.
In the left pane, click <Infrastructure to return to the main Infrastructure

menu.
In the left pane, click Monitoring.
In the left pane, click Log.
In the Log Viewer pane, select Error from the Severity drop-down menu.
Click to enlarge
The logs are sorted according to the [Severity] Equals ‘Error’ type, which
appears at the bottom of the Log View pane.
From the Severity drop-down menu, select Information.
The logs are sorted according to the [Severity] Equals ‘Information’ type.
In the top-right corner, click Logout.
Task 2: Explore the vRealize Automation UI for the Fabric Administrator Role
You explore the vRealize Automation system using the fabric administrator role and
examine the various components of the interface for this role.
Select vRA Web Console - Eng Tenant from the vRA favorites menu and log in to
vclass.local domain as Fabric administrator account user name QA-User09 and the
password VMware1!.
Examine the left pane.
Q. Is the option to select endpoints available?

ANSWER: No.
In the left pane, select Compute Resources > Compute Resources.
In the Compute Resources pane, point to SA-Compute-01.
Q. Is the option to view machines in the menu?
ANSWER: Yes.
Click to enlarge
In the Compute Resources pane, point to SA Compute-01 and select Edit.
Q. Is the Engr-FG fabric group visible?
ANSWER: Yes.
Click to enlarge
Click Cancel.
In the left pane, click <Infrastructure.
In the left pane, select Reservations > Reservations.
The QA-Res and RD-Res reservations are listed.
Click the Administration tab.
In the left pane, select Property Definitions.
Q. Are any property definitions listed?
ANSWER: No.
In the top-right corner, click Logout.
Task 3: Explore the vRealize Automation UI for the Tenant Administrator Role
You explore the vRealize Automation system using the tenant administrator role and
vclass.local domain as Tenant administrator account user name QA-User01 and the
password VMware1!.
In the left pane, select Users and Groups > Business Groups.
Two business groups should be listed in the Business Groups pane.
In the Business Groups pane, select the QA business group.
Click Edit.
Click the Members tab.
Q. Which vclass.local group is defined in the group manager role and in the
support role?
ANSWER: QA-BGSuper@vclass.local
Click Cancel.
In the left pane, click <Administration.
In the left pane, select Branding > Login Screen Branding.
Examine the branding configuration, but do not change the configuration.
In the left pane, select <Administration.
In the left pane, select Reclamation > Reclamation Requests.
Q. Are any reclamation requests listed?
Task 4: Explore the vRealize Automation UI for the Software Architect Role
You explore the vRealize Automation system using the software architect role and
vclass.local domain as Software Architect account user name QA-User05 and the
password VMware1!.
Q. Does an Infrastructure tab appear?
ANSWER: No.
Click the Design tab.
In the Blueprints pane, click New.

Click to enlarge
The New Blueprint window appears.

Click to enlarge
Click Cancel.
Click Logout.
Task 5: Explore the vRealize Automation UI for the Catalog Administrator Role
You explore the vRealize Automation system using the catalog administrator role and
vclass.local domain as Catalog administrator account user name QA-User03 and the
password VMware1!.
In the Services pane, select the QA-DB-Service service.

Click Edit.
Examine the service.
Q. Does the service have an active status?
ANSWER: Yes.
Click Cancel.
In the left pane, click Catalog Items.
In the Catalog Items pane, select the QA-DB item.
Click Configure.
The Configure Catalog Item pane appears. The status of the catalog item should
be Active.
Click Cancel.
In the left pane, click Actions.
In the Actions pane, select Power Off.
Click View Details.
The action to power off appears in the Actions list.
In the View Action pane, click the Entitlements tab.
On the Entitlements tab, click Close.
Click Logout.
Lab 5 - Exploring Tenant Configuration
Explore Tenant Configuration for the Eng Tenant
Task 1: Explore Tenant Configuration for the Eng Tenant
You explore the Eng tenant configuration from the default tenant.

password VMware1!.
Select vRA Web Console - Default Tenant from the vRA favorites menu.
Click to enlarge
From the Select the domain drop-down menu, select vsphere.local and click Next.
Log in to vsphere.local domain as vRealize Automation administrator account

user name administrator and the password VMware1!.
The Tenants pane appears.
Select the Eng tenant and click Edit.
Verify that the URL name is Eng.
Click the Local users tab.
Verify that eng-admin is listed as a local user.
Click the Administrators tab.
Verify that the QA-ITSuper group appears in the Tenant administrators pane.
Verify that the QA-IaaS group appears in the IaaS administrators pane.
Click Cancel.
Click Logout.
Lab 6 - Exploring the Endpoint Configuration
Explore the Endpoint Configuration
Task 1: Explore the Endpoint Configuration
You explore endpoint settings typically configured by an IaaS administrator. You

familiarize theself with the location of these settings for use in future labs.
Click to enlarge
The vRealize Automation login window appears.
Click Sign in to a different domain.
From the Select the domain drop-down menu, select vclass.local and click Next.
Log in to vclass.local domain as IaaS account user name QA-User01 and the
password VMware1!.
In the left pane, select Endpoints > Credentials.
Q. What are the names of the credentials listed?
ANSWER: NSX, vCenter credentials.
In the left pane, select Endpoints.
Q. How many endpoints are configured?

ANSWER: Two.
Point at the vCenter endpoint and select Edit.
Click the Browse icon to the right of the Credentials text box.
Click to enlarge
Q. What are the names of the credentials shown?
ANSWER: Integrated, NSX, vCenter credentials.
Click Cancel.
Click Cancel.
Point to vCenter and select View Compute Resources from the menu.
In the Compute Resources pane, click SA-Compute-01.
Q. How many fabric groups appear?
ANSWER: One: Eng-FG.
Click the Configuration tab.
Q. Is a storage reservation policy assigned to SA-Shared-01 Remote?
ANSWER: No.
Click Cancel.
In the left pane, Click <Infrastructure.
In the left pane, select Endpoints > Fabric Groups.
Q. How many fabric groups appear?
ANSWER: One: Engr-FG.
Click Engr-FG.
Q. How many fabric administrators are assigned to the fabric group?
ANSWER: One.
Click Cancel.
Click Logout.
Lab 7 - Exploring the Fabric Configuration
Explore Fabric Configuration

Task 1: Explore Fabric Configuration
You explore settings typically configured by a fabric administrator, including

machine prefixes, network profiles, reservation policies, and reservations. You
familiarize theself with the location of these settings for use in future labs.
Select vRA Web Console - Eng Tenant from the vRA favorites menu in the Internet
Explorer browser.
Log in to vclass.local domain as Fabric administrator account user name QA-

User01 and the password VMware1!.
From the goal navigator, select Fabric Configuration > Create Machine Prefixes.
Click to enlarge
Click to enlarge
In the Machine Prefixes pane, verify that the QAWin and QALin machine prefixes
appear.
From the goal navigator, select Create Reservations.
In the left pane, select Network Profiles.
In the Network Profiles pane, click QA-Data-NP.
Verify that the DNS suffix and DNS search suffix appear as vclass.local.
Click the IP Ranges tab.
Q. How many IP addresses can be assigned using the range specified?
ANSWER: 101
Click Cancel.
In the left pane, click Reservation Policies.
Q. What is the name of the reservation policy?
ANSWER: Eng-RP
In the left pane, click Reservations.
In the Reservations pane, click QA-Res.
In the Edit Reservation - vSphere pane, verify that the Reservation policy
appears as Eng-RP.
Click the Resources tab.
Verify that SA-Shared-01 Remote is selected in the Storage pane.
Verify that the QA-Data-NP network profile is assigned to a network path.
Click Cancel.
Click Logout.
Lab 8 - Exploring Business Group Configuration
Explore Business Group Configuration
Task 1: Explore Business Group Configuration
You explore business group configuration settings typically configured by a tenant

administrator. You familiarize theself with the location of these settings for use
in future labs.
Log in to vclass.local domain as IaaS administrator account user name QA-User01

In the left pane, select Users & Groups > Business Groups.
In the Business Groups pane, click QA.
Q. Which user is configured to receive manager emails?
ANSWER: qa-user10@vclass.local.
Click the Members tab.
Verify that the Group Manager role pane contains the QA-BGSuper group.
Q. What is the default machine prefix?
ANSWER: QALin.
Click Cancel.
Q. What is the percentage of storage that is currently allocated to the RD

business group?
ANSWER: Zero.
Click Logout.
Lab 9 - Creating Tenants and Configuring Fabric
Create a Tenant and Assign Local User Tenant and IaaS Administrators
Sync Groups and Users and Assign Tenant and IaaS Administrators
Assign Tenant and IaaS Administrator Roles to the Fin Tenant

Create a Fabric Group and Assign Fabric Administrators
Create Machine Prefixes
Create Reservation Policies
Create Network Profiles
Create Business Groups
Create Reservations
Task 1: Create a Tenant and Assign Local User Tenant and IaaS Administrators
The first step to configuring a tenant is to name the new tenant, add it to VMware
vRealize® Automation™, and create the tenant-specific access URL. Next, you specify
local users who can access the tenant and can assign the tenant and IaaS
administrator roles to the newly created users.

password VMware1!.
From the Select the domain drop-down menu, click vsphere.local.
Click Next.
Log in to vsphere.local domain as vRealize Automation administrator account

user name administrator and the password VMware1!.
In the Tenants pane, click New.
In the Name text box, enter Fin.
In the Description text box, enter Finance departments in the company.
In the URL name text box, enter Fin.
In the Contact email text box, enter fin-ta01@vclass.local.

Click to enlarge
Click Submit and Next.
In the Local Users pane, click New.
In the User Details window, specify values for the new user.
Option Action
First name
Enter Alex
Last name
Enter Morgan
Email
Enter fin-admin@vclass.local
User name
Enter fin-admin@vsphere.local
Password
Enter VMware1!
Confirm password
Enter VMware1!
The resulting entry should look like the screenshot.

Click to enlarge
Click OK.
Verify that the local user Alex Morgan (fin-admin@vsphere.local) appears in the
Local Users pane.
Click Next.
In the Select users or groups to grant the Tenant administrator role text box,
enter fin-admin, press Enter, and select fin-admin@vsphere.local from the drop-down
menu of matching users.
Click to enlarge
In the Select users or groups to grant the IaaS administrator role text box,
enter fin-admin, press Enter, and select fin-admin@vsphere.local from the drop-down
menu of matching users.
Click Finish.
Click Logout.
Task 2: Sync Groups and Users and Assign Tenant and IaaS Administrators
You use the Directories Management feature to configure a link to Active Directory
to support user authentication and to select users and groups to sync with the
Directories Management directory. After configuration, you can edit the directory
to add additional users and groups.
Open a new tab in Internet Explorer.
In the address bar, enter https://sa-vra-

01.vclass.local/vcac/org/fin/vclass.local.
Press Ctrl+D.
The Add a Favorite dialog box appears.

Click to enlarge
In the Name text box, enter vRA Web Console - Fin Tenant.
From the Create in drop-down menu, select vRA.
Click Add.
Close the current tab.
Select vRA Web Console - Fin Tenant from the vRA favorites menu.
You must verify that the link is valid and opens to the Fin tenant.
Log in to vRealize Automation as user fin-admin@vsphere.local with the password

VMware1!.
In the left pane, select Branding > Login Screen Branding.
Under the Logo pane, click Upload.
In the Choose File to Upload dialog box, browse to C:\Materials\Graphics and

select Fin.png.
Click Open.
Scroll down and click Save.
In the left pane, select Header & Footer Branding.
Deselect the Use default check box.
Click Browse to change the Header Logo.
In the Choose File to Upload dialog box, browse to C:\Materials\Graphics and

select Fin.png.
Click Open.
Click Next.
Enter Copyright 2016 in the Copyright notice text box.
Click Finish.
Changing the branding of the current tenant might cause problems for Internet
Explorer. If you see an error message, close the Internet Explorer browser. Then
restart Internet Explorer and log back in to the Finance tenant.
In the left pane, select Directories Management > Directories.

Click Add Directory.
Click to enlarge
In the Directory Name text box, enter vclass.local.
Click Active Directory (Integrated Windows Authentication).

Click to enlarge
In the Domain Name text box, enter vclass.local.
In the Domain Admin Username text box, enter administrator.
In the Domain Admin Password text box, enter VMware1!.

Click to enlarge
In the Bind User UPN text box, enter administrator@vclass.local.
In the Bind DN Password text box, enter VMware1!.

Click to enlarge
Click Save & Next.

Click to enlarge
The Select the Domains pane appears after a few seconds. The vclass.local
domain should already be selected.
Click Next.
In the Map User Attributes pane, select Enter Custom Input from the drop-down
menu to the right of the manager attribute.
Click to enlarge
In the Enter Custom Input text box, enter Manager.
Click Next.
Click the green plus sign (+).

Click to enlarge
In the Specify the group DNs text box, enter ou=SL,dc=vclass,dc=local.
CAUTION: Do not include spaces in ou=SL,dc=vclass,dc=local.
Click Find Groups.

Click to enlarge
Click Select All.

Click to enlarge
Click the green plus sign to the right of the red X.

Click to enlarge
In the Specify the group DNs text box, enter ou=BL,dc=vclass,dc=local.
Click Find Groups.
Click Select All.
Click Next.
Click the green plus sign to the right of the Specify the user DNs title bar.
In the Specify the user DNs text box, enter ou=SL,dc=vclass,dc=local.
Click the green plus sign to the right of the red X.

Click to enlarge
In the Specify the user DNs text box, enter ou=BL,dc=vclass,dc=local.
Click Next.
Click Edit.
The Edit button is to the right of the Sync Frequency page option.
Click to enlarge
From the Sync Frequency drop-down menu, select Manually.

Click to enlarge
Click Save.
Click Sync Directory.

Click to enlarge
The sync operation takes about 15 to 20 seconds to complete.

Click to enlarge
In the Directories pane, click vclass.local.

Click to enlarge
Click Sync Settings.

Click to enlarge
Click the Groups tab.

Click to enlarge
Click the green plus sign.
The plus sign is to the right of the Specify the group DNs title bar.
Click to enlarge
In the Specify the group DNs text box, enter cn=users,dc=vclass,dc=local.
Click Find Groups.
Click Select.
Click to enlarge
From the Group DNs list, select the Domain Admins group and the Domain Users
group.
Click to enlarge
Click Save.
Click Save & Sync.
This operation takes a few seconds to complete.

Wait for the green confirmation box to disappear.
Click Logout.
Task 3: Assign Tenant and IaaS Administrator Roles to the Fin Tenant
You appoint tenant administrators and IaaS administrators from the identity stores
that you configured for the Fin tenant.
Click to enlarge
Log in to vsphere.local domain as administrator account user name administrator

Click to enlarge
In the Tenants pane, click Fin.

Click to enlarge
Click the Administrators tab.
enter BL-ITSuper, press Enter, and select BL-ITSuper@vclass.local from the drop-
down menu of matching users.
BL-ITSuper@vclass.local user appears in the list.

Click to enlarge
enter BL-TA, press Enter, and select BL-TA@vclass.local from the drop-down menu of
matching users.
enter SL-ITSuper, press Enter, and select SL-ITSuper@vclass.local from the drop-
enter SL-TA, press Enter, and select SL-TA@vclass.local from the drop-down menu of
matching users.
enter BL-ITSuper, press Enter, and select BL-ITSuper@vclass.local from the drop-
enter BL-IaaS, press Enter, and select BL-IaaS@vclass.local from the drop-down menu
of matching users.
enter SL-ITSuper, press Enter, and select SL-ITSuper@vclass.local from the drop-
enter SL-IaaS, press Enter, and select SL-IaaS@vclass.local from the drop-down menu
of matching users.
Click Finish.
Click Logout.
Task 4: Create a Fabric Group and Assign Fabric Administrators
You create a fabric group for the Fin tenant and assign fabric administrators to
manage the resources in the fabric group.
In the Finance login window, click Sign in to a different domain.
From the Select the domain drop-down menu, select vclass.local and click Next.
Log in to vclass.local domain as IaaS administrator account user name SL-User01

In the goal navigator, select Fabric Configuration > Create Fabric Groups.
The goal navigator opens on the left.

Click to enlarge
In the Fabric Groups pane, click New.
In the Name text box, enter Fin-FG.
In the Description text box, enter Finance fabric group.
In the Fabric administrators text box, enter BL-Fabric, press Enter, and select
BL-Fabric@vclass.local from the drop-down menu of matching users.
In the Fabric administrators text box, enter BL-ITSuper, press Enter, and
select BL-ITSuper@vclass.local from the drop-down menu of matching users.
In the Fabric administrators text box, enter SL-Fabric, press Enter, and select
SL-Fabric@vclass.local from the drop-down menu of matching users.
In the Fabric administrators text box, enter SL-ITSuper, press Enter, and
select SL-ITSuper@vclass.local from the drop-down menu of matching users.
In the Compute resource pane, select SA Compute-01.
Click OK.
Do not logout.
Task 5: Create Machine Prefixes
You log in to the vRealize Automation server as a fabric administrator and create
machine prefixes.
If you are not logged out from the previous session, go to step 5.
Log in to vclass.local domain as Fabric administrator account user name SL-

In the upper-left side of the window, click the Goal Navigator icon.
In the Goal Navigator pane, click Fabric Configuration.
Click Create Machine Prefixes.
NOTE: You might need to press F5 to see the option to create machine prefixes.
In the Machine Prefixes pane, click New.
In the Name text box, enter BLWin.
In the Number of Digits text box, enter 3.
In the Next Number text box, enter 3.
On the left side of the window, click the green save icon.
Click to enlarge
In the Name text box, enter BLLin.
On left side of the window, click the green save icon.
In the Name text box, enter SLWin.
In the Name text box, enter SLLin.
Task 6: Create Reservation Policies
You create reservations policies for compute and storage.
In the Goal Navigator pane, click Create Reservations.
Click Reservation Policies.
In the Reservation Policies pane, click New.

In the Name text box, enter Fin-RP.
In the Description text box, enter Reservation Policy for the Finance Tenant.
Click OK.
Task 7: Create Network Profiles
You create a network policy to assign to blueprints.
Click Network Profiles.
In the Network Profiles pane, select New > External.
In the Name text box, enter BL-Application-NP.
In the Description text box, enter Network Profile for the existing BL-
Application network.
In the Subnet mask text box, enter 255.255.255.0.
In the Gateway text box, enter 10.20.102.1.
In the Primary DNS text box, enter 172.20.14.1.
In the DNS Suffix text box, enter vclass.local.
In the DNS Search Suffix text box, enter vclass.local.
Click New.
In the Name text box, enter BL-Application-Range.
In the Description text box, enter IP Range for the BL-Application Network.
In the Starting IP address text box, enter 10.20.102.100.
In the Ending IP address text box, enter 10.20.102.200.
Click OK.
The list of IP addresses is populated in the IP Addresses pane.
Click OK.
Verify that the external network appears in the Network Profiles pane.
In the Name text box, enter BL-Data-NP.
In the Description text box, enter Network Profile for the existing BL-Data
network.

Click New.
In the Name text box, enter BL-Data-Range.
In the Description text box, enter IP Range for the BL-Data Network.
Click OK.
Click OK.
In the Name text box, enter SL-Application-NP.
In the Description text box, enter Network Profile for the SL-Application
network.
Click New.
In the Name text box, enter SL-Application-Range.
In the Description text box, enter IP Range for the SL-Application Network.
Click OK.
Click OK.
In the Name text box, enter SL-Data-NP.
In the Description text box, enter Network Profile for the SL-Data network.
Click New.
In the Name text box, enter SL-Data-Range.
In the Description text box, enter IP Range for the SL-Data Network.
Click OK.
Click OK.

Click New.
Click OK.
Click OK.
network.
Click New.
Click OK.
Click OK.
network.
Click New.
Click OK.
Click OK.

Click New.
Click OK.
Click OK.
Click New.
Click OK.

Click OK.
network.
Click New.
Click OK.
Click OK.
network.

Click New.
Click OK.
Click OK.
Click New.
Click OK.
Click OK.
Task 8: Create Business Groups

You create business groups for Sales and Billing. You also assign the business
group managers who monitor the resource use for the group and approve catalog
requests from users.
In the Goal Navigator, click Back to My Goals > Tenant Configuration > Create
Business Group and click New.
In the Name text box, enter Billing.
In the Description text box, enter Billing group for the Finance tenant.
In the Send manager emails to text box, enter BL-BGMGRs@vclass.local.
Click Next.
In the Group manager role text box, enter BL-BGMGRs, press Enter, and select
BL- BGMGRs@vclass.local from the drop-down menu of matching users.
In the Support role text box, enter BL-BGMGRs, press Enter, and select BL-
BGMGRs@vclass.local from the drop-down menu of matching users.
In the User role text box, enter BL-User, press Enter, and select BL-
User@vclass.local from the drop-down menu of matching users.
Click Next.
From the Default machine prefix drop-down menu, select BLWin.
In the Active Directory container text box, enter ou=BL,dc=vclass,dc=local.
Click Finish.
Verify that the business group appears on the Business Groups page.
Click New.
In the Name text box, enter Sales.
In the Description text box, enter Sales group for the Finance tenant.
In the Send manager emails to text box, enter SL-BGMGRs@vclass.local.
Click Next.
In the Group manager role text box, enter SL-BGMGRs, press Enter, and select
SL- BGMGRs@vclass.local from the drop-down menu of matching users.
In the Support role text box, enter SL-BGMGRs, press Enter, and select SL-
BGMGRs@vclass.local from the drop-down menu of matching users.
In the User role text box, enter SL-User, press Enter, and select SL-
User@vclass.local from the drop-down menu of matching users.
Click Next.
From the Default machine prefix drop-down menu, select SLWin.
In the Active Directory container text box, enter ou=SL,dc=vclass,dc=local.

Click Finish.
Verify that the business group appears on the Business Groups page.
Task 9: Create Reservations
You create a vRealize Automation reservation to allocate provisioning resources in

the fabric group to a specific business group.
Click Reservations.
Select New > vSphere.
In the Name text box, enter BL-Res.
Verify that the tenant appears as Fin.
If the tenant is not Fin, select Fin from the drop-down menu.
From the Business group drop-down menu, select Billing.
From the Reservation policy drop-down menu, select Fin-RP.
In the Priority text box, enter 1.
From the Compute resource drop-down menu, select SA Compute-01 (vCenter).
In the This Reservation text box, enter 4.
This option is to the right of the Memory pane.
In the Storage Paths pane, select SA-Shared01 Remote.
In the This reservation reserved text box, enter 60.
Click OK.
These settings overcommit resources.
In the Network pane, select vxw-dvs-40-virtualwire-10-sid-5009-BL-Data.
From the Network Profile drop-down menu to the right of the network path,
select BL-Data-NP.
In the Network pane, select vxw-dvs-40-virtualwire-9-sid-5008-BL-Application.
select BL-Application-NP.
Click OK.
In the Reservations pane, select New > vSphere.
In the Name text box, enter SL-Res.
Verify that the tenant appears as Fin.
If the tenant is not Fin, select Fin from the drop-down menu.
From the Business group drop-down menu, select Sales.
From the Reservation policy drop-down menu, select Fin-RP.
From the Compute resource drop-down menu, select SA Compute-01 (vCenter).
In the This Reservation text box, enter 4
This option is in the Memory pane.
In the Storage Paths pane, select the SA-Shared-01 Remote.
In the This reservation reserved text box, enter 60.
Click OK.
These settings overcommit resources.
In the Network pane, select vxw-dvs-40-virtualwire-7-sid-5006-SL-Application.
select SL-Application-NP.
In the Network pane, select vxw-dvs-40-virtualwire-8-sid-5007-SL-Data.
select SL-Data-NP.
Click OK.
Verify that both reservations appear in the Reservations list.

Click to enlarge
Click Logout.
Lab 10 - Creating Blueprints for a Single Machine
Create a Blueprint for a Single Machine

Publish a Blueprint for a Single Machine
Task 1: Create a Blueprint for a Single Machine
You create a blueprint for use in machine provisioning.

password VMware1!.
Confirm that vclass.local is the selected domain.
Log in to vclass.local domain as Infrastructure administrator account user name

RD-User01 and the password VMware1!.
Click Blueprints.
Click New.
In the Name text box, enter RD-AppSrvr.
The ID text box autopopulates.
In the Description text box, enter Linux Application Server for RD.
Click OK.
The design canvas appears.
From the Categories pane, drag the vSphere Machine component to the design
canvas.
The vSphere_Machine component configuration panel appears.
In the ID text box, enter RD-AppSrvr.
In the Description text box, enter Linux DB Server for RD.
From the Reservation Policy drop-down menu, select Eng-RP.
From the Machine prefix drop-down menu, select RDLin.
In the Instance column, enter 2 in the Maximum box.
Click the Build Information tab.
From the Action drop-down menu, select Clone.
Click the browse button next to Clone from.

Click to enlarge
Select Centos-Template and click OK.
In the Customization spec text box, enter Lin-Cust.
Click the Machine Resources tab.
In the Machine Resources tab, specify the resource values for the blueprint.
Option Action
CPUs
Enter 1 in the Minimum box and 2 in the Maximum box.
Memory (MB)
Storage (GB)
Click Save.
Click a blank space on the design canvas to close the vSphere machine dialog
box.
In the Categories pane, click Network & Security.
Drag the Existing Network component to the design canvas.
The Existing_Network_1 configuration panel opens.
Click the browse button next to Existing network,
Select RD-Data-NP.
Click OK.
Click a blank spot in the design canvas to close the Network dialog.
In the design canvas, click the vSphere Machine component.
The vSphere Machine component is selected and the Design information panel
appears.
Click New.
From the Network drop-down menu, select RDDataNP.
Click OK.
You do not set an IP address.
Click Save.
Click Finish.
Task 2: Publish a Blueprint for a Single Machine
You publish the Linux blueprint so that you can configure it as catalog item or use
it as a blueprint component in the design canvas.
In the Blueprints pane, select RD-AppSrvr.
You must select the blueprint, not click its name. Clicking the name of a
blueprint opens the blueprint for editing.
Click Publish.
Verify that the status of the blueprint changes to Published.
Click Logout.
Lab 11 - Creating Blueprints with Multiple Machines
Create a Blueprint with One Machine
Create a Blueprint with Multiple Machines
Task 1: Create a Blueprint with One Machine
You create a blueprint for one virtual machine connected to an existing network.

password VMware1!.

Click Blueprints.
Click New.
The New Blueprint Window appears.
In the Name text box, enter RD-WebSrvr.
The ID text box autopopulates.
In the Description text box, enter Linux Web Server for RD.
Click OK.
From the Categories pane, drag the vSphere Machine component to the design
canvas.
The vSphere_Machine component configuration panel appears.
In the ID text box, enter RD-WebSrvr.
In the Description text box, enter Linux Web Server for RD.
From the Reservation Policy drop-down menu, select ENG-RP.
From the Machine prefix drop-down menu, select RDLin.
In the Instance column, enter 2 in the Maximum box.
Click the Build Information tab.
From the Action drop-down menu, select Clone.
Click the browse button next to Clone from.

Click to enlarge
Select Centos-Template and click OK.
In the Customization spec text box, enter Lin-Cust.
Click the Machine Resources tab.
In the Machine Resources tab, specify the resource values for the blueprint.
Option Action
CPUs
Memory (MB)
Storage (GB)
Click Save.
Click a blank space on the design canvas to close the vSphere machine dialog
box.
In the Categories pane, click Network & Security.
Drag the Existing Network component to the design canvas.

The Existing_Network_1 configuration panel opens.
Click the browse button next to Existing network.
Select RD-Data-NP.
Click OK.
Click a blank space on the design canvas to close the network dialog box.
Click the vSphere Machine component.
The vSphere Machine component is selected and the design panel appears.
Click New.
From the Network drop-down menu, select RDDataNP.
Click OK.
Do not set an IP address.
Click Save.
Click Finish.
In the Blueprints pane, select RD-WebSrvr.
Click Publish.
Task 2: Create a Blueprint with Multiple Machines
You combine two blueprints with one machine each to create a blueprint with
multiple machines.
In the Blueprints pane, click New.
In the Name text box, enter RD-Multi Machine App.
In the Description text box, enter Web and DB Multi-Machine App for RD.
Click OK.
In the Categories pane, click Blueprints.

Click to enlarge
Drag the RD-WebSrvr blueprint to the design canvas.
Depending on the screen resolution, you might need to decrease the

magnification to see more of the canvas.
Click to enlarge
In the ID text box, enter RDWebSrvr_Multi.
Click Save.
Click a clear spot on the design canvas to close the vSphere Machine dialog
box.
Drag the RD-AppSrvr blueprint to the design canvas.
In the ID text box, enter RDAppSrvr_Multi.
Click Save.
Click a clear spot on the design canvas to close the vSphere Machine dialog
box.
You can see the complete blueprint.
Click Finish.
In the Blueprints pane, select RD-Multi Machine App.
Click Publish.
Click Logout.
Lab 12 - Adding Published Items to the Service Catalog
Create and Configure a Service
Create and Configure an Entitlement
Task 1: Create and Configure a Service
You create and configure a service for an existing blueprint.

password VMware1!.


Select Catalog Management > Services.
Click New.
The New Service pane appears.
In the Name text box, enter RD-AppSrvr-Service.
On the right side of the Icon text box, click Browse.
In the Choose File to Upload dialog box, browse to the C:\Materials\Graphics.
Select Linux.png.
Click Open.
Confirm that Active is selected in the Status drop-down menu.
In the Owner text box, enter RD-BGMGRs, press Enter, and select RD-
BGMGRs@vclass.local from the list.
In the Support Team text box, enter RD-BGMGRs, press Enter, and select RD-
BGMGRs@vclass.local from the list.
Click OK.
In the left navigation pane, click Catalog Items.
In the Catalog Items pane, select RD-AppSrvr.
Click Configure.
Scroll down to see the Service drop-down menu.
From the Service drop-down menu, select RD-AppSrvr-Service.
Click Finish.
Task 2: Create and Configure an Entitlement
You create and configure an entitlement for the service that you configured.
In the left navigation pane, click Entitlements.
In the Entitlements pane, click New.
In the Name text box, enter RD-DBSrvr-Entl.
In the Description text box, enter Entitlement for RD Linux App Server.
From the Status drop-down menu, select Active.
In the Business Group drop-down menu, select RD.
In the Users & Groups text box, enter RD-User, press Enter, and select RD-
User@vclass.local from the list.
Click Next.
Click the green plus sign (+) next to Entitled Services.
In the Add Services dialog box, select RD-AppSrvr-Service.
Click OK.
Click the green plus sign next to Entitled Items.
In the Add Items dialog box, select RD-AppSrvr.
Click OK.
Click the green plus sign next to Entitled Actions.
In the Add Actions dialog box, select actions from the list.
Name Type
Create Snapshot
Virtual Machine
Delete Snapshot
Virtual Machine
Destroy
Virtual Machine
Register VDI
Virtual Machine
Revert To Snapshot
Virtual Machine
Unregister VDI
Virtual Machine
Click OK.
Click Finish.
Verify that the RD-AppSrvr service appears in the service catalog.
Click Logout.
Lab: VMware vRealize Automation: Install, Configure, Manage [V7.0]

Time Remaining: 26 days
Lab 13 - Managing Virtual Machines
Request a Service on Behalf of an Employee
Modify a Virtual Machine’s Resource Settings
Create and Delete Snapshots
Task 1: Request a Service on Behalf of an Employee
You log in as a business group manager and request a new service to deploy a new
Linux database server virtual machine on behalf of one of the employees.

password VMware1!.
Log in to vclass.local domain as Business Group Manager account user name QA-
Click the red X to the right of the On behalf of text box.
In the On behalf of text box, enter QA-User13, press Enter, and select QA-
user13@vclass.local from the list.
In the All Service pane, click Request for the QA-DB service.
In the Description text box, enter On behalf of QA-user13@vclass.local.
In the Reason for request text box, enter QA-user13 database test.
Click Submit.
Click OK.
Click Refresh.
Click to enlarge
Monitor the status of the virtual machine request until Status changes to
Successful.
The deployment takes about 5 minutes. You might need to click Refresh
periodically.
Task 2: Modify a Virtual Machine’s Resource Settings
As a business group manager, you manage one of the employee’s machines by modifying
virtual machine settings and changing the power state of the machine.
From the Owned by drop-down menu, select All Groups I Manage.

Click to enlarge
The virtual machine that you deployed in task 1 appears in the deployments
pane.
Select, but do not open, the deployment.
Click View Components.
In the left pane, click Machines.
In the Machines pane, select, but do not open, the virtual machine.
From the Actions drop-down menu, select Power Off.

Click to enlarge
Click Submit.
Click OK.
Click the refresh icon at the bottom of the right pane and monitor Status until
it changes to Off.
This operation takes about 1 minute to complete. You might need to click the
refresh icon periodically.
Select, but do not open, the virtual machine.
From the Actions drop-down menu, select Reconfigure.
The view changes to the Items tab and a New Request to Reconfigure a machine
pane appears.
In the General tab, modify the resource values for the blueprint.
Option Action
CPUs
Enter 2.
Memory (MB)
Enter 1040.
Click Submit.
Click OK.
Click the refresh icon until Status changes to Successful.
This operation takes about 4 minutes to complete. The reconfigure request is

shown at the top of the pane.
From the Actions drop-down menu, select Power On.
Click Submit.
Click OK.
Click the refresh icon and monitor Status until it changes to On.
This operation takes about 1 minute to complete. You might need to click the
Task 3: Create and Delete Snapshots
As a business group manager, you manage one of the employee’s machines and create
and delete a snapshot.
From the Actions drop-down menu, select Create Snapshot.
The Create Snapshot dialog box appears.
In the Snapshot name text box, click the X to the right of the text box.
You might have to click the text box to make the X appear.
In the Snapshot name text box, enter Snapshot 001 before DB upgrade.
In the Snapshot description text box, enter QA-User13 upgrade of database.
Click Submit.
Click OK.
Click the refresh icon and monitor the request until Status changes to
Successful.
This operation takes about 1 minute to complete.You might need to click the
Click Items.

Click View Details.
The Item Details dialog box appears.
Click the Snapshots tab.
Record the snapshot name.
In the Actions pane, click Delete Snapshot.
Refresh the browser if Delete Snapshot option doesn't appear in the Actions
pane
The Delete Snapshot dialog box appears.
Click Select.
Select the current snapshot.
This snapshot is the snapshot whose name you recorded in step 14.
Click Select.
Verify that the snapshot appears in the Snapshot pane.
Click Submit.
Click OK.
Click the Request tab.
Click Refresh and monitor Status until it changes to Successful.
You might need to click the refresh icon periodically.
The Item Details pane appears.
Click the Snapshots tab.
Verify that no snapshot is listed.
In the Actions pane, click Destroy.
Click Submit.
Click OK.
Click Refresh and monitor Status until it changes to Successful.
This operation takes about 2 minutes to complete.You might need to click the

An error message reports that the virtual machine cannot be found.
Click Close.
You might have to scroll down on the screen to see the Close button.
Verify that no virtual machine appears in the Machines pane.
Click Logout.
Lab 14 - Creating Approval Policies
Create an Approval Policy
Test an Approval Policy
Process an Approval Policy
Task 1: Create an Approval Policy
You assign an approval policy administrator to the tenant. The approval policy
administrator creates approval policies for use in the tenant when a user requests
a virtual machine with more memory.

password VMware1!.
Confirm that the domain is set to vclass.local.
Log in to vclass.local domain as business group administrator account user name

QA-User02 and the password VMware1!.
Click Approval Policies.
Click New.
In the New Approval Policy dialog box, scroll down and select Service-Catalog-
Catalog Item Request-Virtual Machine.
Click OK.
In the Name text box, enter QA-MoreRAM.
In the Description text box, enter Approval needed for virtual machines with
more RAM.
On the Pre-Approval tab, click the green plus sign (+).

In the Name text box, enter More RAM requested than default of 1024MB.
In the Description text box, enter Any request for a virtual machine with more
RAM than 1024MB requires approval.
Under When is approval required?, click Required based on conditions.
From the Clause drop-down menu, select Memory (MB).
From the drop-down menu that appears to the right of the Memory (MB) text box,
select > (the greater-than sign).
From the Value drop-down menu, select Constant.
In the Value text box, enter 1024.
In the search box under Approvers, enter QA-BGSuper, press Enter, and select
QA-BGSuper@vclass.local from the search results.
Click OK.
Verify that the new level appears in the Pre-Approval pane.
Click OK.
In the left pane, click Catalog Management.
Click Entitlements.
Select, but do not open, QA-Data-Entitlement.
Click Edit.
Click the Items and Approvals tab.
Under Entitled Items, select Modify Policy from the drop-down menu to the right
of the QA-DB text box.
The Modify Policy dialog box appears.
Click Show all.
From the Apply this policy drop-down menu, select QA-MoreRAM [Service Catalog -
Catalog Item Request - Virtual Machine].
Click OK.
Click Finish.
Click Logout.
Task 2: Test an Approval Policy
You submit a request from the catalog as a user. You verify that the request enters
a pending state as a business group administrator and you approve the request.
Log in to vclass.local domain as no administrator roles account user name QA-
In the QA-DB pane, click Request.
In the Description text box, enter DB VM with 1054 MB.
In the Reason for request text box, enter DB required with larger memory
requirements.
In the left pane under the QA-DB blueprint, click the QA-DB virtual machine.
Click to enlarge
In the Memory (MB) box, click the up arrow to increase the value of memory to
1056.
Click to enlarge
Click Submit.
Click OK.
Verify that Status appears as Pending Approval.
If Status does not appear as Pending Approval, click Refresh.
Select, but do not open, the request.
Click View Details.
In the left request pane, click Pending under Approval Status.
Q. Who is the approver for this request listed on the left side of the pane?
ANSWER: QA-BGSuper
Click OK.
Click Logout.
Task 3: Process an Approval Policy
You log in as the assigned approver. You then process and approve a request for a
virtual machine with increased memory, according to the approval policy. Finally,
you log in as the user who requested the virtual machine with increased memory to
verify that the request is approved.
Log in to vclass.local domain as Business Group administrator account user name

Click the Inbox tab.

In the Approvals pane, verify that the request shown has a status of Active.
Click the number of the approval request (approval request number 1).
The number is a link that will open the request.
In the Approvals pane, verify that Requester matches the user that requested
the QA-DB blueprint.
Under Status Active, click View Request.
Click the QA-DB virtual machine in the left pane of the Request details dialog
box.
Q. Does the Memory (MB) value match the amount previously requested?
ANSWER: Yes.
Scroll down and click Close.
In the Justification text box, enter Approved, this machine requires increased
memory.
Click Approve.
Click Logout.
Log in to vclass.local domain as no administrator roles account user name QA-

Click Refresh and monitor the status of the request until Status appears as
Successful.
This operation might take up to 3 minutes to complete. You might have to click
Refresh several times.
Ignore any Expire error messages. These messages relate to a expiration problem
that will be corrected in a later lab.
Select, but do not open, the request for more memory.
Click View Details.
In the Request Details pane, click Approved.
Verify that Approver matches the user that you used to approve the request and
click OK.
Click Logout.
Lab 15 - Creating Property Definitions

Create a Property Definition
Create Another Property Definition
vRealize® Automation™ system.

password VMware1!.
Use Internet Explorer to select vRA Web Console - Eng Tenant from the vRA
favorites menu.
Log in to vclass.local domain as tenant administrator account user name QA-

Task 2: Create a Property Definition
You create a property definition.
Click Property Dictionary.
Click Property Definitions.
Click New.
In the Name text box, enter VirtualMachine.Network0.NetworkProfileName.
Enter the name of the property definition exactly as specified. The name of the
property definition is used in blueprints and in VMware vRealize® Orchestrator™
workflows.
In the Label text box, enter Network Profile.
In the Description text box, enter Allow end users to select which network they
will connect to their virtual machine.
Do not set an Order index.
From the Datatype drop-down menu, select String.
From the Required drop-down menu, select Yes.
From the Display advice drop-down menu, select Dropdown.
Select Predefined values.
Click New in the Predefined values pane.
In the Name text box, enter QA Data Network.

In the Value text box, enter QA-Data-NP.
You must enter the value exactly as specified. The text that you enter in the
Value text box must match the name of a vRealize Automation network profile. The
value is case-sensitive.
Click OK.
In the Name text box, enter QA Application Network.
In the Value text box, enter QA-Application-NP.
Click OK.
In the Name text box, enter QA Production Network.
In the Value text box, enter Production-NP.
Click OK.
The new property definition should match the screenshot:

Click to enlarge
Click OK.
Task 3: Create Another Property Definition
You create a second property definition.
Click New.
In the Name text box, enter VirtualMachine.Admin.ThinProvision.
In the Label text box, enter Thin Provision.
In the Description text box, enter Allow end users to select the disk format of
their virtual machine.
Do not set an order index.
From the Datatype drop-down menu, select Boolean.
From the Display advice drop-down menu, select Yes/No.
The new custom property definition should match the screenshot:

Click to enlarge
Click OK.
Click <Administration to return to the main administration menu.
Do not logout.
Lab 16 - Creating a Property Group
Create a Property Group
If you are still logged in to vRealize Automation, skip to task 2.

password VMware1!.
Log in to vclass.local domain as Tenant administrator account user name QA-

Task 2: Create a Property Group
You create a property group.
Click Property Groups.
Click New.
In the Name text box, enter QA.VMProperties.
In the Description text box, enter Group together the custom properties that
users will need to deploy virtual machines.
Click New in the Properties pane.
In the Name text box, enter VirtualMachine.Network0.NetworkProfileName.
You must enter the name exactly as specified. The text that you enter in the
Name text box must match the name of an existing custom property. The name is case-
sensitive. Many custom property names also have periods in the names for
readability. These periods must be entered exactly as specified.
As you enter text, you see the names of similar custom properties appear below
the Name text box. Only properties defined in the property dictionary appear. This
feature helps you enter the name correctly. You can click the correct value and
press Enter to load it into the Name text box.
When you finish entering the name, press Enter.

Pressing Enter moves the cursor to the Value text box.
Do not enter a value in the Value text box and do not click OK.
Leave Overridable selected.
Select Show in Request.
Click OK.
Click New in the Properties pane.
In the Name text box, enter VirtualMachine.Admin.ThinProvision.
In the Value text box, enter Yes.
Select Show in Request.
The new property group should match the screenshot:

Click to enlarge
Click OK.
Click OK.
Click Logout.
Lab 17 - Deploying a Blueprint That Uses Custom Properties
Create a Blueprint That Uses Custom Properties
Add a Service for the Blueprint
Add an Entitlement for the Blueprint
Test the Custom Property
Clean Up to Save Lab Resources

password VMware1!.
If a security certificate warning appears, click Continue to this website.

Task 2: Create a Blueprint That Uses Custom Properties
You create a blueprint that uses custom properties.
Select, but do not open, the QA-DB blueprint.
Click Copy.
In the Name text box, enter QA-DB-CustomProperty.
In the Description text box, enter Linux DB Server for QA that uses custom
properties.
Click OK.
Click the QA-DB virtual machine.
Click the Properties tab.
Click the Property Groups tab.
Click Add.
Select QA.VMProperties.
Click OK.
Click a clear area in the Design Canvas to close the virtual machine dialog
box.
Select the QADataNP network.
Click the red X to delete the QADataNP network.
Click Yes.
Click Save.
Click Finish.
Select, but do not open, the QA-DB-CustomProperty blueprint.
Click Publish.
Task 3: Add a Service for the Blueprint
You add a service for the new blueprint.

Click Catalog Management.
If the Administration pane shows Property Dictionary menu items, you must click
<Administration to see Catalog Management in the main Administration menu.
Click Services.
Click New.
In the Name text box, enter QA-General-Services.
In the Description text box, enter A collection of Linux virtual machines for
QA.
Click Browse and select the Linux.png icon from the C:\Materials\Graphics
directory.
Select Active in the Status drop-down menu.
In the Owner text box, enter QA-B and click the search icon.
Select QA-BGMGRs.
In the SupportTeam text box, enter QA-S and click the search icon.
Select QA-Support.
Click OK.
Select, but do not open, the QA-General-Services service.
Click Manage Catalog Items.
Click the New icon (+) next to Catalog Items.
Select the QA-DB-CustomProperty blueprint and click OK.
Click Close.
Task 4: Add an Entitlement for the Blueprint
You add an entitlement for the new blueprint.
Click Entitlements.
Click New.
In the Name text box, enter QA-General-Entitlement.
In the Description text box, enter Entitlements QA Users.
From the Business Group drop-down menu, select QA.
In the Users & Groups text box, enter QA-U and click the search icon.
Select QA-User.
Click Next.
Click the new icon (+) for Entitled Services.
Select QA-General-Services and click OK.
Click the new icon (+) for Entitled Items.
Select QA-DB-CustomProperty and click OK.
Click the new icon (+) for Entitled Actions.
Select the check box next to Name to select all actions.
Click OK.
Click Finish.
Task 5: Test the Custom Property
You deploy a blueprint and test the custom property.
Click QA-General-Services.
In the QA-General-Services pane, click Request for the QA-DB-CustomProperty

service.
In the Description text box, enter Test of New custom properties.
Click QA-DB in the left pane.
A red asterisk next to QA-DB indicates that the item requires user input.
From the Network Profile drop-down menu, select QA Application network.
From the Thin Provision drop-down menu, select No.
Click Submit and click OK.
Click Requests and monitor the progress of the request until the status is
Successful.
You can click the refresh icon as needed.
Select the request.
Click View Details.
Click the Execution Information icon in the upper right corner of the pane.
Click to enlarge
You must wait until the execution is successful.
Record the name of the virtual machine that you created.

You examine the virtual machine that you deployed.
Open a new tab in the Internet Explorer browser.
Select vSphere Web Client from the Infrastructure favorites menu and log in as
administrator@vsphere.local with the password VMware1!.
Select the virtual machine.
Right-click the virtual machine and select Edit Settings.
Expand Hard disk 1.
The type of the hard disk should be Thick provision lazy zeroed because you
selected No on the custom property controlling thin disk provisioning in task 5.
Click Cancel.
Expand VM Hardware in the center pane and expand Network adapter 1.
The network that the virtual machine is connected to should be the QA-
Application network that you specified when you requested this virtual machine.
Task 7: Clean Up to Save Lab Resources
You destroy the virtual machine to save lab resources.
Click the vRealize Automation tab in Internet Explorer.
Select, but do not open, the QA-DB-CustomProperty.
Select Destroy from the Actions drop-down menu.
Click Submit.
Click OK.
Click the Requests tab and monitor the progress of the request until the status
is Successful.
Log out of the vRealize Automation console.
Lab 18 - Adding VMware NSX Features to an Existing Blueprint

Create a Network Profile
Copy a Blueprint
Modify the Blueprint
Add a Service and an Entitlement for the Blueprint

password VMware1!.
Confirm that the domain is set to vclass.local.
Log in to vclass.local domain as Fabric administrator account user name RD-

Task 2: Create a Network Profile
You create a network profile in the vRealize Automation default tenant. Before you
can add an on-demand network address translation network to a blueprint, you must
have a NAT network profile in the default tenant.
Click Reservations.
Start Network Profiles.
Click New.
Select NAT.
In the Name text box, enter RD-NAT-NP.
In the Description text box, enter Network profile for on-demand NAT network in
the RD business group.
From the External network profile drop-down menu, select Production-NP.
From the NAT type drop-down menu, select One-to-Many.

Confirm that the configuration values are set.

Option Value
Primary DNS
172.20.11.10
DNS suffix
vclass.local
DNS search suffix
vclass.local
Click New.
In the Name text box, enter RD-NAT-Range.
In the Ending IP address text box, enter 10.10.108.50 and click OK.
Click OK.
Log out of the default tenant.
You use Internet Explorer from the student desktop to log in to the vRealize
Automation system.
In Internet Explorer, select vRA Web Console - Eng Tenant from the vRA
favorites menu.
Select vclass.local and click Next.

Task 4: Copy a Blueprint
You copy a blueprint in vRealize Automation. vRealize Automation blueprints can

combine virtual machine and network components. You copy a Linux database server
blueprint.

If you open this blueprint instead of selecting it, click Cancel and discard
the changes.
The QA-DB blueprint remains selected.
Click Copy.
In the Name text box, enter RD-DB-On-Demand-NAT.
In the Description text box, enter Linux DB Server for RD.
Click the NSX Settings tab.
From the Transport zone drop-down menu, select Datacenter (vCenter).
From the Routed gateway reservation policy drop-down menu, select Eng-RP and
click OK.
The new RD-DB-On-Demand-NAT blueprint opens.
Task 5: Modify the Blueprint
You remove the existing network from this blueprint and add VMware NSX® on-demand
NAT network.
In the design canvas, select the QADataNP network.
Click the red delete icon to delete the network.
Click Yes to confirm the deletion.
In the Categories panel, click Network & Security.
In the Categories panel, select On-Demand NAT Network and drag it to the design
canvas.
In the Name text box, enter RD-On-Demand-NAT.
Click Parent Network profile.
Select the RD-NAT-NP network profile.
Click OK.
Click the DHCP tab.
In the IP range start text box, enter 10.10.108.60.
In the IP range end text box, enter 10.10.108.80.
Click Save.
Click a blank spot in the design canvas to close the network dialog box.
In the design canvas, select the QA-DB virtual machine.
Click the General tab.

Enter RD-DB in the ID text box.
Select the RDLin machine prefix in the Machine prefix drop-down menu.
Click New.
From the Network drop-down menu, select RDNATNP.
From the Assignment Type drop-down menu, select DHCP.
Click OK.
Click Save.
Click Finish.
Select the RD-DB-On-Demand-NAT blueprint and click Publish.
Task 6: Add a Service and an Entitlement for the Blueprint
You add a service and an entitlement to enable users to deploy virtual machines and
on-demand networks from their catalog.
Click Services.
Click New.
In the Name text box, enter RD-On-Demand-NAT-Service.
In the Description text box, enter Linux VM with on-demand NAT network
connected to the Production network.
Click Browse and select the Linux.png graphic icon from the
C:\Materials\Graphics directory.
Confirm that Active is selected in the Status drop-down menu.
In the Owner text box, enter RD-B and click the search icon.
Select RD-BGMGRs.
In the Support Team text box, enter RD-S and click the search icon.
Select RD-Support.
Click OK.
Select the RD-On-Demand-NAT-Service.
Click the new Catalog Items icon (+).

Select the RD-DB-On-Demand-NAT blueprint and click OK.
Click Entitlements.
Click New.
In the Name text box, enter Entitlements for RD-Users.
In the Description text box, enter Entitlements for RD-Users.
From the Business Group drop-down menu, select RD.
In the Users & Groups text box, enter RD-U and click the search icon.
Select RD-User.
Click Next.
Click the plus icon to add an entitled service.
Select RD-On-Demand-NAT-Service and click OK.
Click the plus icon to add an entitled item.
Select RD-DB-On-Demand-NAT and click OK.
Click the plus icon to add entitled actions.
Click OK.
Click Finish.
Lab 19 - Deploying a Virtual Machine That Includes VMware NSX Features
Request a Service
Track the Request
Examine the Virtual Machine and On-Demand NAT Network
Destroy the Deployment to Save Lab Resources
Track the Request
If you are still logged in to the vRealize Automation console, skip to task 2.

password VMware1!.
Log in to vclass.local domain with RD-User group account user name RD-User01
You request a service that has an on-demand NAT network included.
Click Request in the RD-DB-On-Demand-NAT service.
Enter a description as Test for VMware NSX Features.
Enter a reason for the request.

need this server and network. Most requests are automatically approved and do not
require manual intervention from administrators.
You track the requested service from vRealize Automation.
Progress should be displayed.
Select the request.
Click View Details.
Examine the details of the request and click OK.
If you do not have an Internet Explorer tab open with the VMware vSphere® Web
Client, then open a tab.
Open a new tab on the Internet Explorer browser.
Select vSphere Web Client from the Infrastructure favorites menu and log in
as administrator@vsphere.local with the password VMware1!.
In the bottom-right corner of the Recent Tasks pane, click More Tasks.
Track the progress of changes to the network architecture.
Track the progress of the virtual machine as it is cloned, customized, and

powered on.
Click the refresh icon at the top center of vSphere Web Client periodically
until you see the Customize virtual machine guest OS task complete message in the
Recent Tasks pane.
Click the Home icon and select Networking & Security.
Select NSX Edges.
Select the new VMware NSX® Edge™ device.
The name should include RDDBOnDemandNAT.
Double-click the new NSX Edge device.
Do not change any of the settings on the new NSX Edge device.
Click the Manage tab.
Click the DHCP tab and examine the DHCP settings.
The Start IP should be set to 10.10.108.60. and the End IP should be set to
10.10.108.80.
Open a remote console to the virtual machine that you just deployed.
Log in with user root and a password of VMware1!.
Use ifconfig -a command to confirm that this virtual machine has an IP address
from the DHCP range of 10.10.108.60 to 10.10.108.80.
Enter the command ping 172.20.10.10.
The ping command should be successful.
Press Ctrl+C to stop the ping command.
Close the remote console.
Click the vRealize Automation tab in the Internet Explorer browser to return to
Task 4: Examine the Virtual Machine and On-Demand NAT Network

The virtual machine and on-demand network are an item in vRealize Automation.
The request should be the bottom item in the Deployments list. The name of the
item should begin with the text string RD-DB-On-Demand-NAT, followed by an eight-
digit number.
Select the item.
Click View Details.
Examine the information and click Close in the lower right of the pane.
In the Deployments list to the left of the RD-DB-On-Demand-NAT item is an

expansion icon.
Expand the RD-DB-On-Demand-NAT item.
Examine the components that are included with the item.
The components should include an NSX Edge device and a VMware NSX® network.
Reduce the deployment item to a single line.
Task 5: Destroy the Deployment to Save Lab Resources
You order vRealize Automation to destroy the virtual machine and on-demand network.
The request should be the bottom item in the Deployments list. The name of the
item should begin with the text string RD-DB-On-Demand-NAT, followed by an eight-
digit number.
Select the deployment item.
Click Actions.
Select Destroy.
Click Submit.
Click OK.
This Destroy action powers off and destroys all of the items included in this
deployment. Destroyed items include the virtual machine, the new NSX Edge device,
and the new distributed port group on the SA Production network.
You track the requested action from vRealize Automation. Actions such as Destroy
can be tracked like requests.
Using what you have learned, track the request to destroy the virtual machine
in vSphere Web Client and in the vRealize Automation console.
When the virtual machine is powered off and deleted, log out of the vRealize
Automation console and vSphere Web Client.
Lab 20 - Adding a VMware NSX On-Demand Routed Network to a Blueprint
Create a Network Profile for the Transport Network
Create a Network Profile for the Routed On-Demand Network
Modify the RD Business Group Reservation
Copy a Blueprint
Modify the Blueprint
Add a Service and an Entitlement for the Blueprint

password VMware1!.
Log in to vclass.local domain as Member of RD-User account user name RD-User01

Task 2: Create a Network Profile for the Transport Network
can add an on-demand routed network to a blueprint, you must have a network profile
in the default tenant for the transport network that the on-demand network will
connect to.
Select Reservations in the left navigation pane.
Select Network Profiles in the left navigation pane.
Click New.
Select External.
In the Name text box, enter RD-Transport-NP.

Enter Network profile for the RD transport network in the Description text box.
Enter 255.255.255.0 in the Subnet mask text box.
Enter 172.20.16.1 in the Gateway text box.
Enter 172.20.16.1 in the Primary DNS text box.
Enter vclass.local in the DNS suffix text box.
Enter vclass.local in the DNS search suffix text box.
Click OK.
Task 3: Create a Network Profile for the Routed On-Demand Network
can add an on-demand routed network to a blueprint, you must have a routed network
profile in the default tenant.
Click New to create a new network profile.
Select Routed.
In the Name text box, enter RD-Routed-NP.
In the Description text box, enter Network profile for on-demand Routed network
in the RD business group.
From the External network profile drop-down menu, select RD-Transport-NP.
In the Range Subnet mask text box, enter 255.255.255.128.
In the Base IP text box, enter 10.10.110.1.
Confirm that the configuration values are set.

Option Value
Primary DNS
172.20.16.1
DNS suffix
vclass.local
DNS search suffix
vclass.local

Click New.
In the Name text box, enter RD-Routed-Range-1.
Click New.
In the Name text box, enter RD-Routed-Range-2.
Click OK.
Task 4: Modify the RD Business Group Reservation
You modify the reservation for the RD business group. The network profile for the
transport network and the routed network must be identified in the reservation
before you can use them.
Click Reservations.
Click RD-Res.
Scroll down and locate the network path named vxw-dvs-40-virtualwire-variable

number and SID-RD-Transport. Select this network path.
Use the Network Profile drop-down menu to select the RD-Transport-NP network
profile.
Click to enlarge
Scroll down to the Routed gateways pane.
Select the RD-DLR gateway.
Use the Network Path drop-down menu to select the RD-Transport-Interface

network path.
Use the Network Profile drop-down menu to select the RD-Transport-NP network
profile.
Click to enlarge
Click OK.
Click Logout.
You copy a blueprint in vRealize Automation. vRealize Automation blueprints can

combine virtual machine and network components. You copy a Linux database server
blueprint.

Select the QA-DB blueprint.
If you open this blueprint instead of selecting it, click Cancel and discard
the changes.
The QA-DB blueprint remains selected.
Click Copy.
In the Name text box, enter RD-DB-On-Demand-Routed.
In the Description text box, enter Linux DB server for RD.
From the Transport zone drop-down menu, select Datacenter (vCenter).
From the Routed gateway reservation policy drop-down menu, select Eng-RP and
click OK.
The new RD-DB-On-Demand-NAT blueprint should open.
Task 6: Modify the Blueprint
You remove the existing network from this blueprint and add a VMware NSX® on-demand
NAT network.
In the design canvas, select the QADataNP network.
Click the red X icon to delete the network.

Click to enlarge
Click Yes to confirm the deletion.
In the Categories panel, click Network & Security.
In the Categories panel, select an On-Demand Routed Network and drag it to the
design canvas.
In the Name text box, enter RD-On-Demand-Routed.
Click the Parent Network profile browse button.
Select RD-Routed-NP.
Click OK.
Click Save.
Click a blank space on the design canvas to close the network dialog box.
In the design canvas, select the QA-DB virtual machine.
Enter RD-DB in the ID text box.
Select RDLin in the Machine prefix drop-down menu.
Click New.
From the Network drop-down menu, select RDRoutedNP.
From the Assignment Type drop-down menu, select Static IP.
Click OK.
Click Save.
Click Finish.
Select the RD-DB-On-Demand-Routed blueprint and click Publish.
Task 7: Add a Service and an Entitlement for the Blueprint
You add a service and an entitlement to enable users to deploy virtual machines and
on-demand networks from their catalog.
Click Services.
Click New.
In the Name text box, enter RD-On-Demand-Routed-Service.
In the Description text box, enter Linux VM with on-demand Routed network.
Click Browse and select the Linux.png graphic icon from the
C:\Materials\Graphics directory.
Verify that the Status drop-down menu has Active selected.
In the Owner text box, enter RD-B and click the search icon.
Select RD-BGMGRs.
In the Support Team text box, enter RD-S and click the search icon.
Select RD-Support.
Click OK.
Select the RD-On-Demand-Routed-Service.

Click the add new Catalog items icon (+).
Select the RD-DB-On-Demand-Routed blueprint and click OK.
Click Close.
Click Entitlements.
Click New.
In the Name text box, enter RD-On-Demand-Routed-Entitlement.
In the Description text box, enter Entitlement for Linux VM with on-demand
routed network.
From the Business Group drop-down menu, select RD.
In the Users & Groups text box, enter RD-U and click the search icon.
Select RD-User.
Click Next.
Click the plus icon to add an entitled service.
Select RD-On-Demand-Routed-Service and click OK.
Click the plus icon to add an entitled item.
Select RD-DB-On-Demand-Routed and click OK.
Click the plus icon to add entitled actions.
Click OK.
Click Finish.
Lab 21 - Deploying a Virtual Machine That Includes a VMware NSX On-Demand Routed
Network
Request a Service
Track the Request
Destroy the Deployment

If you are already logged in to the vRealize Automation console, skip to task
2.

password VMware1!.
Log in to vclass.local domain as member of RD-User account user name RD-User01

You request a service that has an on-demand Routed network included.
Click Request in the RD-DB-On-Demand-Routed-Service.
Enter a description as VM for OD routed network.
Enter a reason for the request.

need this server and network. Most requests are automatically approved and do not
require manual intervention from administrators.
You track the requested service from vRealize Automation.
Progress should be displayed.

You examine the virtual machine that you deployed.
Open a new tab in the Internet Explorer browser.
Select vSphere Web Client from the Infrastructure favorites menu and log in as
administrator@vsphere.local with the password VMware1!.
Select the Virtual machine that you deployed in task 2.
Expand Network adapter 1 in the VM Hardware pane.
The network that the virtual machine is connected to should be a long name that
contains the string RDRoutedNP
Click to enlarge
Examine the summary of the virtual machine. You should see a hardware address
that is in the 10.10.110.0/24 network.
Click Launch Remote Console.
Log in to the virtual machine with the root user name and a password of
VMware1!.
Enter the following command.
ping 172.20.11.10
The ping command should be successful
Press Ctrl + C to stop the ping.
Task 5: Destroy the Deployment
You order vRealize Automation to destroy the virtual machine and on-demand network.
The request should be listed in the Deployments list. The name of the item
should begin with the text string RD-DB-On-Demand-Routed, followed by an eight-
digit number.
Select the item.
Click Actions.
Select Destroy.
Click Submit.
Click OK.
Lab 22 - Creating Software Blueprints
Prepare the Linux Template
Install the vRealize Automation Agents
Modify the vRealize Automation Agent Configuration for Red Hat
Create a Software Components Blueprint
Create a Combined Blueprint
Add a Service
Add an Entitlement
Task 1: Prepare the Linux Template
You prepare a template to use with a combined blueprint for applications in VMware
vRealize® Automation™.

password VMware1!.
Use Internet Explorer to start VMware vSphere® Web Client from the
Infrastructure favorites menu and Log in as user administrator@vsphere.local and
the password VMware1!.
In vSphere Web Client, Click VMs and Templates.
Select the Centos-Temp-Noguest template.
Convert the template to a virtual machine hosted on the SA Compute-01 cluster.
Right click Centos-Temp-Noguest template and select Convert to Virtual

Machine.
In Select a compute resource pane, select SA-Compute-01.
Click Next and click Finish
Power on the Centos-Temp-Noguest virtual machine.
After the Centos-Temp-Noguest virtual machine starts up, open a remote console.
Log in as root with the VMware1! password.
At this point you would use the yum install –y Red_Hat_package_name command to
install the following packages:
openssh
wget
perl
telnet
nc
In the lab environment this Linux template already has these packages
installed.
Run the command.
nano /etc/sysconfig/selinux
Confirm that the SELINUX= entry is set to SELINUX=disabled.
Press Ctrl+X to exit.
If you made changes to the file, enter Y to save the changes.
Task 2: Install the vRealize Automation Agents
You install the vRealize Automation agents.
Download the guest agent prepare script from the vRealize Automation appliance.
wget https://sa-vra-
01.vclass.local:5480/service/software/download/prepare_vra_template.sh --no-check-
certificate
The command must be entered on a single line. The command is case-sensitive.
Make the script executable.
chmod +x prepare_vra_template.sh
Run the script.
./prepare_vra_template.sh
Press Enter to accept the default of a VMware vSphere® cloud provider.
Enter sa-vra-01.vclass.local as the Host name of the vRealize Appliance.
Enter sa-IaaS-01.vclass.local as the Host name of the Manager Service Server.
Enter n to disable certificate checking.
Press Enter to accept the default of a 300-second timeout.
Enter y to install Java.
Enter y to start the installation.
The Installation Completed Successfully message should appear. If the message

does not appear, repeat from step 2 through to 9.
Task 3: Modify the vRealize Automation Agent Configuration for Red Hat
You modify the vRealize Automation agent configuration to support CentOS, which is
a Red Hat version of the Linux operating system.
Customize the agent script for the CentOS operating system.
nano /opt/vmware-appdirector/agent-bootstrap/vmware_vra_software_agent
Use the down arrow key to scroll until you locate the following lines.
# Source init.d function library
if [ -f /etc/rc.d/init.d/functions ]; then
. /etc/rc.d/init.d/functions
elif [ -f /etc/init.d/functions ]; then
. /etc/init.d/functions
fi
Press Ctrl+K on each line to delete the line.
Press Ctrl+X to exit and save the file.
Delete the symbolic link and replace it with the new agent.
rm /etc/init.d/vmware_vra_software_agent
Replace it with the new agent.
cp /opt/vmware-appdirector/agent-bootstrap/vmware_vra_software_agent
/etc/init.d/vmware_vra_software_agent
You must enter th cp command on a single line. What looks like a slash (/)
followed by a carriage return is /etc/init.d/vmware_vra_software_agent.
Click to enlarge
Right-click the Centos-Temp-Noguest virtual machine and select Power > Shutdown
Guest OS and click Yes when prompted.
Wait for the virtual machine to shut down.
Convert the virtual machine back into a template.
Right-click the Centos-Temp-Noguest virtual machine and select Template >

Convert to Template.
Click Yes to Confirm Convert.
Do not change the name of the template. The name of the template must remain
Centos-Temp-Noguest. This template name is registered in the vRealize Automation
inventory. If you change the name, you will have to rerun data collection on the
vSphere inventory.
Task 4: Create a Software Components Blueprint

You create a software components blueprint to install the Apache Web server.
Open a new tab in internet explorer and select vRA Web Console - Eng Tenant
from the vRA favorites menu.
Log in to vclass.local domain as Software architect account user name QA-User02

Select Software Components.
Click the New icon to create a new component blueprint.
Enter Apache Web Server in the Name text box.
Enter This is an Apache Web server for CentOS Linux machines in the Description
text box.
Confirm that Machine is selected from the Container drop-down menu.
Click Next.
Do not add any custom properties.
Click Next.
Confirm that Bash is selected from all four ScriptType drop-down menus.
Click Click here to edit for the Install action.
Enter the script for the Install action.
#!/bin/bash
yum install -y httpd
The script should take two lines and look exactly like the script in the
screenshot.
Click to enlarge
Click OK.
The script appears like a single line, but the script is still two lines.
Do not enter a script for the Configure action.
Enter the script for the Start action.
#!/bin/bash
/bin/systemctl start httpd.service
Click OK.
Enter the script for the Uninstall action.
#!/bin/bash
yum remove -y httpd
Click OK.
When you finish entering all three scripts, the Actions pane should look like
the screenshot.
Click to enlarge
Scripts are unique to each operating system. In Windows systems, you use batch
command scripts and Windows PowerShell scripts. In some versions of Linux, the
scripts are bash commands, but the commands might vary. For example, in Ubuntu
Linux systems you use apt-get install -y apache2 to install the Apache Web server
instead of yum install -y httpd. The best practice is to always have a unique
software blueprint for each operating system, even if you are installing exactly
the same software.
Click Next.
Click Finish.
Select the Apache Web Server blueprint.
Click Publish.
Log out of the Eng tenant.
Task 5: Create a Combined Blueprint
You create a software components blueprint to install the Apache Web server.
In the internet explorer, select vRA Web Console - Eng Tenant from the vRA
favorites menu
Log in to vclass.local domain as Infrastructure architect account user name QA-

The infrastructure architect can use software component blueprints created by

the software architect in the same tenant.
Select Blueprints.
Click New to create a blueprint.
Enter QA-Apache-Web-Server in the Name text box.
Select Datacenter (vCenter) from the Transport zone drop-down menu.
Select Eng-RP from the Routed gateway reservation policy drop-down menu.
Click OK.
Use what you learned in previous labs to create a vSphere machine

blueprint.
Refer Lab 11 Task 1.
Option Action
Existing Network
Select ProductionNP
vSphere Machine ID
Enter QA-Apache-Web-Server
Reservation Policy
Select Eng-RP
Machine prefix
Select QALin
Build Information Action
Select Clone
Clone from
Select Centos-Temp-Noguest
Customization Spec
Enter Lin-Cust
Network
Select ProductionNP
Network Assignment Type
Select Static IP
Network Address
Leave blank. The static IP address is assigned from the IP pool.
Click Save when the machine blueprint is configured.
Do not click Finish.
The blueprint should look like the blueprint in the screenshot.

Click to enlarge
Select Software Components in the left pane.
Drag the Apache Web Server component into the QA-Apache-Web-Server machine.
Click Save.
The combined blueprint should look like the blueprint in the screenshot.
Click to enlarge
Click Finish.
Select QA-Apache-Web-Server and select Publish.
Task 6: Add a Service
You create a service for the Apache Web server.
Select Catalog Management.
Select Services.
Add a service.
Refer Lab 12 Task 1

Option Action
Name
Enter QA-Apache-Web-Server-Service
Description
Enter Apache Web Server on CentOS for QA
Icon
Browse to C:\materials\graphics\vCAC6IconPack\OperatingSystems\centos-logo-
200.png
Status
Select Active
Owner
Enter QA-BGSuper
Support Team
Enter QA-Support
Click OK.
Select QA-Apache-Web-Server-Service and click Manage Catalog Items.
Add the QA-Apache-Web-Server blueprint service.
Do not add the Apache Web Server software service.
Click OK.
Task 7: Add an Entitlement
You create an entitlement for the Apache Web server.
Select Entitlements.
Add an entitlement.
Refer Lab 12 Task 2

Option Action
Name
Enter QA-Apache-Web-Server-Entitlement
Description
Enter Apache Web server on CentOS for QA
Status
Select Active
Business Group
Select QA
Users & Groups
Enter QA-User
Entitled Services
Click QA-Apache-Web-Server-Service
Entitled Items
Click QA-Apache-Web-Server
Entitled Actions
Click All actions
Click Finish.
Do not log out of vRealize Automation.
Lab 23 - Deploying Applications
Request the Service
Test the Web Server
Uninstall the Web Server
Verify the Uninstallation of the Web Server
Task 1: Request the Service
You deploy a Web server by requesting a service from VMware vRealize® Automation™.
If you are not logged in, log in to the vRealize Automation console.
Use Internet Explorer on the student desktop and select vRA Web Console -
Eng Tenant from the vRA favorites menu
Log in to vclass.local domain as Infrastructure architect account user name

Select the QA-Apache-Web-Server service and click Request.
Enter Apache Web Server in the Description text box.
Click Submit.
Click OK.
Monitor the progress of the request in Requests tab.
When the request is successful and a State changed to On message appears in the
Audit Log, go to task 2.
Task 2: Test the Web Server
You test the Web server.
Select the most recent request.

The item should be QA-Apache-Web-Server.
Click View Details.
Click the Execution information icon.

Click to enlarge
View the Details column to determine the name of the created virtual machine.
Click to enlarge
Switch to vSphere Web Client.
Go to VMs and Templates.
Select the Web server virtual machine.
Determine the IP address that is assigned to the virtual machine.

Click to enlarge
Open a new tab in Internet Explorer.
Enter the http://IP_address URL.
The test Web page of the new Web server should appear.
Click to enlarge
Do not close the tab.
Task 3: Uninstall the Web Server
You uninstall the Web server while leaving the virtual machine intact.
Switch to the vRealize Automation Web console for the Eng tenant.
If you are not still logged in as QA-User01 with the password VMware1!, log
back in.
Expand the QA-Apache-Web-Server deployment until you can see the Apache Web
Server component.
Click to enlarge
Select Apache Web Server.
Click Actions.
Select Destroy.
Click Submit.
Click to enlarge
Click OK.
Monitor the request until you see a status of Successful.
Task 4: Verify the Uninstallation of the Web Server

You verify that the Web server software was uninstalled while leaving the virtual
machine intact.
Switch to the tab on Internet Explorer where you tested the Web server’s
default page in task 2.
Refresh the browser tab.
The default Web page should no longer be available.
Switch to vSphere Web Client.
Verify that the virtual machine still exists and is still running.
Open a remote console to the virtual machine.
Log in as root with the VMware1! password.
Run the service httpd status command to verify the uninstallation of the http
daemon.
You should see four status entries:
Starting the Apache HTTP Server
Started the Apache HTTP Server
Stopping the Apache HTTP Server
Stopped the Apache HTTP Server
You should also see a message that indicates that the httpd service is not
found ( Reason: No such file or directory) and that the httpd service is inactive
(dead).
Use what you have already learned to destroy the QA-Apache-Web-Server

deployment in vRealize Automation to conserve resources.
Do not destroy any deployment except the QA-Apache-Web-Server deployment.
Lab 24 - Monitoring Resources
Analyze Resources Allocated in Reservations
Analyze IP Resources Allocated in Network Profiles
Examine Events and Logs
Examine System Event Logs

If you are already logged in to the vRealize Automation console in the Eng
tenant, log out.
Use Internet Explorer and select vRA Web Console - Default Tenant from the vRA
favorites menu.
Log in to vclass.local domain as Fabric administrator account user name QA-

Task 2: Analyze Resources Allocated in Reservations
You analyze the amount of resources that are already allocated in reservations.
Click Reservations.
Click Reservations.
If resources are not available, requests will fail. To fulfill the request, the
assigned reservation must have enough machines, quota, memory, and storage
available to process the request.
Examine the listed reservations.
Q. How much storage is available in the QA-Res reservation?
ANSWER: Answers vary.
Q. How much memory is allocated in the QA-Res reservation?
Task 3: Analyze IP Resources Allocated in Network Profiles
You analyze the amount of unallocated IP addresses in a network profile.
If resources are not available, requests will fail. If a machine in a blueprint

is connected to a network and a static IP address is required, then the network
profile used by the blueprint must have IP addresses available in the IP ranges
that have been assigned.
Double-click the QA-Data-NP network profile.
This action opens the network profile in editing mode.
CAUTION: Do not make changes to the profile.
Click IP Ranges.
Examine the listed IP addresses.
Q. How many IP addresses are allocated?
Q. Are IP addresses available?
If a machine managed by vRealize Automation is destroyed and it has a static IP

address assigned to it, that IP address is returned to the IP range address pool.
However, it takes time for the IP address to be returned to an unallocated status.
Task 4: Examine Events and Logs
You examine various types of events and logs.
Click <Infrastructure.
Click Recent Events.
The QA-User01 account is a member of the tenant administrator, infrastructure

architect, IaaS administrator, and fabric administrator roles. Any one of these
roles entitles this user to view the Recent Events pane. The events currently in
the Recent Events pane are mainly events of information-level severity that were
generated by specific requests made by the QA-User01 user. If you are logged in as
a different user who is entitled to view the Recent Events pane, you will not see
some of these events.
Click Monitoring.
The monitoring panes (Audit Log, DEM Status, Log, and Workflow History) are
available only to users who are assigned the IaaS administrator role.
Click Workflow History.
Workflow History includes information from various types of workflows, such as

IaaS workflows and VMware vRealize® Orchestrator™ workflows.
From the Multiple Attempts drop-down menu, select Yes.
Q. Did any workflows have multiple attempts?
From the Multiple Attempts drop-down menu, select No.
In the Result Details text box, enter Workflow failed.
Examine the workflows that failed.
Click the filter icon.
From the Filter drop-down menu, select Save as.
In the Name text box, enter Workflow failed and click Save.
From the Filter drop-down menu, select Clear.
From the Result drop-down menu, select Stopped.
Q. Were any workflows stopped?
In the left pane, click Log.
The Log Viewer pane includes log information of various types from multiple
sources, including Distributed Execution Manager (DEM) workers, agents, vRealize
Orchestrator, and various vRealize Automation subsystems. This information is some
of the most comprehensive and valuable information for troubleshooting
configuration and communications problems in vRealize Automation.
Click DEM Status.
DEM status includes information on scheduled and currently executing DEM

workflows.
Click Audit Log.
The audit log in the Audit Log Viewer pane provides details about the status of
managed virtual machines and activities performed on these machines during
reconfiguration. The log includes information about machine provisioning,
reclamation, and reconfigure actions.
Task 5: Examine System Event Logs
You use the system administrator role to analyze vRealize Automation system-level
events.
Start Internet Explorer on the student desktop and select vRA Web Console -
Default Tenant from the vRA favorites menu.
Click Sign in from different domain.
Select vsphere.local and click Next.
Log in to vsphere.local domain as default administrator account user name

administrator and the password VMware1!.
Click Event Logs.
Examine the event logs.
Select any event and click View Details.
The system administrator event logs cover high-level events in the vRealize
Automation system. Only users with system administrator-level authority can examine
these events.
Click OK.
Log out of the default tenant.

Lab 25 - Reclaiming Resources
Find Machines to Reclaim
Respond to a Reclamation Request
Examine User Responses to Reclamation Requests
Modify the Machine Lease Period
Destroy a Machine
Use Internet Explorer on the student desktop and select vRA Web Console - Eng
Tenant from the vRA favorites menu.
Verify that vclass.local domain is selected

Task 2: Find Machines to Reclaim
You find a machine to reclaim and request reclamation.
Click Reclamation.
Click Tenant Machines.
Examine the machines listed for the Eng tenant.
Click the expansion icon (double down arrow) in the upper-right part of the
pane to display the advanced search options.
Enter 13 in the Owner name contains text box.
Click the search icon in the bottom-right part of the pane.
Select the machines owned by QA-User13.
Click Reclaim Virtual Machine.
Q. Why can you not reclaim QALin003?
ANSWER: The machine has expired but is not scheduled to be destroyed yet.
Deselect all machines.
Select QALin006.
Click Reclaim Virtual Machine.
Enter 1 in the New lease length (days) text box.
Enter 1 in the Wait before forcing lease (days) text box.
Enter We are low on resources. Are you using this? in the reason for Request
text box.
Click Submit.
Click Close.
Click Logout.
Task 3: Respond to a Reclamation Request
You respond to a reclamation request.
Log in to vclass.local domain as user account name QA-User13 and the password
VMware1!.
Click Inbox.
Click Reclamation Requests.
In the right pane, click on the number of the reclamation request to open it.
Click Item In Use.
Click Logout.
Task 4: Examine User Responses to Reclamation Requests
You examine a user’s response to the reclamation request.
Log in to vclass.local domain as user account name QA-User01 and the password
VMware1!.
Click Reclamation.
Click Reclamation Requests.
Examine the response to the reclamation request.

Click Logout.
Task 5: Modify the Machine Lease Period
You modify a machine lease.
Log in to vclass.local domain as Business manager administrator account user

name QA-User02 and the password VMware1!.
The business manager of a business group has the power to modify the leases of
deployed machines and to destroy deployed machines.
Click Deployments.
From the Owned by drop-down menu, select QA.
In the Search text box, enter 13.
Click the search icon.
Select a deployment owned by QA-user13 that never expires.
From the Actions drop-down menu, select Change Lease.
Select today’s date as the expiration date.
Select the current time as the expiration time.
Task 6: Destroy a Machine
You destroy a machine in the business group.
Click Deployments.
From the Owned by drop-down menu, select QA.
Select a machine.
The machine must have the following characteristics:
It is owned by QA-User13.
The expiration date is in the past.
The destroyed date is in the future.

From the Actions drop-down menu, select Destroy.
Click Submit.
Click OK.
Click Logout.
Lab 26 - Using vRealize Orchestrator
Configure Windows PowerShell on the Domain Controller
Configure vRealize Orchestrator for Windows PowerShell
Create a vRealize Orchestrator Workflow
Add a Schema, Parameters, and Scripting to the Workflow
Add a Workflow Element to the vRealize Orchestrator Workflow
Configure Binding for the Invoke a Windows PowerShell Workflow Element
Test the vRealize Orchestrator Workflow
Add the vRealize Orchestrator Workflow to an XaaS Blueprint
Test the vRealize Orchestrator Workflow from the XaaS Blueprint
Task 1: Configure Windows PowerShell on the Domain Controller
You configure Windows PowerShell settings on the domain controller. The domain
controller is also the local DNS server.
Start the Remote Desktop Connection Manager from the shortcut on the taskbar.
Double-click the DC (vclass.local) item in the left pane.
Click the Windows Start button on the taskbar of dc.vclass.local.
Under Windows System, select Command Prompt.
At the command prompt on dc.vclass.local, run the command to switch winrm to

basic authentication.
winrm set winrm/config/service/auth @{Basic=”true”}
The Windows Remote Management (WinRM) service is a SOAP-based protocol that is

used by VMware vRealize® Orchestrator™ to send Windows PowerShell commands to a
Windows server. The command enables vRealize Orchestrator to authenticate with
basic authentication.
WinRM should respond to the command with a list of authentication settings,

including Basic = true.
Switch to unencrypted communication.
winrm set winrm/config/service @{AllowUnencrypted="true"}
Unencrypted communication means that vRealize Orchestrator can use the HTTP
protocol instead of the HTTPS protocol while communicating with the Windows
PowerShell host. Encrypted communication requires an exchange of valid digital
certificates.
WinRM should respond to the command with a list of configuration settings,

including AllowUnencrypted = true.
Close the Command Prompt window.
Click the Windows PowerShell icon on the taskbar of dc.vclass.local.
Enable vRealize Orchestrator to remotely execute Windows PowerShell commands.
set-executionpolicy bypass
Enter Y.
A bypass execution policy in Windows PowerShell enables vRealize Orchestrator

to send commands to this Windows server without scripts being signed by digital
certificates. This configuration is acceptable for lab or test environments.
Production systems should always use valid digital certificates that are signed by
trusted certificate authorities.
Close the Windows PowerShell window.
Minimize the remote desktop application, but remain logged in to the

dc.vclass.local server.
Task 2: Configure vRealize Orchestrator for Windows PowerShell
You add a Windows PowerShell host to the configuration of vRealize Orchestrator.
Double-click the Orchestrator Client shortcut on the Student-a-01 desktop.
The shortcut is on the desktop. If you have any other applications open, for
example, Internet Explorer, you will have to minimize those applications first.
Click Continue to proceed with an untrusted connection.
Log in to vRealize Orchestrator with the administrator@vsphere.local user

account with the password VMware1!.
Verify that Run is selected from the VMware vRealize Orchestrator mode drop-
down menu.
This selection puts vRealize Orchestrator in the correct mode of operation.
In the left pane, click the WorkFlows tab.

Click to enlarge
Expand Library > PowerShell > Configuration and select Add a PowerShell host.
In the top of the right pane, click the Start workflow icon (green triangle).
Enter DomainController in the Name text box.
Enter dc.vclass.local in the Host / IP text box.
Enter 5985 in the Port text box.
Click Next.
Leave the Host Type drop-down menus set to their default selections.
Option Default Selection
PowerShell remote host type
WinRM
Transport protocol
HTTP
Authentication
Basic
Click Next.
Leave Shared Session selected in the Session mode drop-down menu.
Enter administrator@vclass.local in the User name text box.
Enter VMware1! in the Password text box.
Click Submit.
When the workflow runs successfully, you should see a green check mark in the
left pane next to Add a PowerShell host. If you do not see a green check mark,
repeat the steps 6 through to 17.
Task 3: Create a vRealize Orchestrator Workflow
You create a vRealize Orchestrator workflow to add a DNS host record to a DNS
domain.
Select Design from the vRealize Orchestrator mode drop-down menu.
Right-click administrator@sa-vra-01.vclass.local in the left pane and select

Add folder.
Enter vRA Custom Workflows in the Folder name text box and click OK.
Right-click the vRA Custom Workflows folder in the left pane and select New
Workflow.
Enter Add DNS-Host in the Workflow name text box and click OK.
Click the Inputs tab.
Click the Add parameter icon (right arrow) under Parameters.
Click arg_in_0.
Enter hostName in the Choose attribute name text box and click OK.
Use camel case for all parameter and attribute names in vRealize Orchestrator.
In vRealize Orchestrator, scripting items such as parameters and attributes are

given names spelled in camel case. In a camel-case string, the first word is always
lowercase. In a multiword string, the second and subsequent words begin with a
capital letter. For example, a parameter that is a host name is written in the form
hostName, not HostName or hostname.
To use the supplied script later in this lab, you must use the precise name
that is specified for each parameter. The name is case-sensitive. If you do not use
the precise name provided, the workflow does not work.
Enter Name of new host in DNS in the Description text box.
Repeat steps 7 through 10 to add the ipAddress and zoneName parameters.
Enter a description of IP address of new host in DNS and DNS zone name for
the ipAddress and zoneName parameters.
In the VMware vRealize® Automation™ UI, most panels have an OK button which
must be clicked to save changes. In vRealize Orchestrator, the UI does not have an
OK or Finish button on many windows. After you make changes or enter new parameters
and attributes, you can click another tab without losing the work.
In the bottom pane, click the Add attribute (A+) icon.
You have to scroll down to the bottom of the window to see the Attributes
panel.
Click to enlarge
Click att0 and change the attribute name to cmdletName.
Click OK.
Enter Add-DnsServerResourceRecordA in the Value text box of cmdletName.
The value of the Windows PowerShell cmdletName attribute is case-sensitive and

must appear in this precise form. You must include the capital “A” at the end of
the value for the cmdletName attribute. You will add a DNS A record type.
Add a second attribute with the name pshellCommand.
Do not assign a value to pshellCommand.
Task 4: Add a Schema, Parameters, and Scripting to the Workflow
You add a schema, parameters, and scripting to the workflow.

Click the Schema tab.
Drag a scriptable task from the left pane to the center of the new workflow in
the right pane, placing the scriptable task element between the green start element
and the end element.
Click to enlarge
Click the scriptable task.
Click the Edit icon (pencil).
The VMware vRealize Orchestrator window opens for the scriptable task.
Enter Build Command in the Name text box.
Click the IN tab in the VMware vRealize Orchestrator scriptable task window.
Click the Bind to workflow parameter/attribute icon.

Click to enlarge
Select the items to bind.
Select hostName.
Select ipAddress.
Select zoneName.
Select cmdletName.
Click to enlarge
Click Select.
Click the OUT tab.
Select the pshellCommand item to bind.
Click Select.
Click the Visual Binding tab.
Verify that the visual binding looks like the screenshot.

Click to enlarge
Click Scripting.
Do not enter a script at this time.
The objective is to create a command that is a single string. The use of single
and double quotation marks with variables should produce a command string that
looks like the model.
Add-DnsServerResourceRecordA -Name "hostName" -ZoneName "zoneName" -CreatePtr

-IPv4Address "ipAddress"
Assume, for example, that the input parameters have the following values:
hostname = "QALin007"
zoneName = "vclass.local"
ipAddress = "172.20.11.192"
The command that goes to Windows PowerShell looks like the following example:
Add-DnsServerResourceRecordA -Name "QALin007" -ZoneName "vclass.local"

-CreatePtr -Ipv4Address "172.20.11.192"
Instead of trying to enter this complicated script, you will copy and paste it
in the following steps.
Click Close.
Leave the vRealize Orchestrator client open.
Click the File Explorer icon on the taskbar of the student A desktop.
Go to C:\Materials\Powershell.
Double-click the PowerShell-String.txt file.
Click Edit.
Click Select All.
Press Ctrl+C.
Close the Notepad window.
Click the vRealize Orchestrator client icon on the student A desktop

taskbar to return to the vRealize Orchestrator client.
Select the Build Command icon in the schema.
Click the Edit icon (pencil).
The Scripting tab should be open.
Click in the right pane.
Press Ctrl+V to paste the script.
Variables and parameters appear in purple. String items appear in green. the
script should look like the example.
pshellCommand = cmdletName +' -Name "' + hostName + '" -ZoneName "' + zoneName
+ '" -CreatePtr -IPv4Address "'+ipAddress+'"'
Click Close.
Click Save.

Task 5: Add a Workflow Element to the vRealize Orchestrator Workflow
You add a workflow element to the vRealize Orchestrator workflow.
Drag a workflow element from the left pane to the schema, placing the workflow
element between the Build Command icon and the End workflow element.
Enter powershell in the Search box.
Double-click Invoke a PowerShell script.

Click to enlarge
Click Setup on the question, Do you want to add the activity’s parameters as
input/output to the current workflow?.
Before you add values in this pane it is a good idea to increase the size of
the window. Carefully move the mouse to the bottom-right corner and click the
corner. Then grab the corner and drag to the lower right to increase the size of
the window.
Select Value for the host parameter.

Click to enlarge
Click Input value.

Click to enlarge
Expand PowerShell in the left pane of the Select (PowerShell:PowerShellHost)

window.
Select DomainController in the left pane of the Select

(PowerShell:PowerShellHost) window.
Click Select.
Click Promote.
Task 6: Configure Binding for the Invoke a Windows PowerShell Workflow Element
You configure binding to properly handle input and output parameters in the new
workflow element.
Point to Invoke a PowerShell and click the Edit icon (pencil).
Point to the line that connects script in the In Parameters pane to script in
the center pane.
Click the red X to remove the binding.
Drag pshellCommand in the In Attributes pane to the script string in the center
pane.
The visual binding should look like the screenshot.

Click to enlarge
Click Close.
Click the Validate icon (check mark) above the right pane.
An error message indicates that you have an unused parameter.
Click Delete parameter in the Quick fix action column.
The Workflow is valid message should appear.
Click Close.
Click Save and Close.
Click Increase version.
Task 7: Test the vRealize Orchestrator Workflow
You test the vRealize Orchestrator workflow.
Click the Remote Desktop Connection Manager icon on the student A desktop
taskbar.
Click the Start button on the dc.vclass.local desktop and select Administrative
Tools.
Double-click DNS.
Expand Forward Lookup Zones.
In the left pane, select vclass.local.
In the right pane, click the Name column to sort the host records by name.
Scroll down the list of records and confirm that no Host (A) record for a host
named QALin777 exists.
Click the vRealize Orchestrator client icon on the student A desktop taskbar.
Select Run from the Realize Orchestrator mode drop-down menu.
In the left pane, select the Add DNS-Host workflow in the vRA Custom Workflows
folder.
Click the Start Workflow icon above the right pane.
Use the parameters to test the new vRealize Orchestrator workflow.

Option Action
Name of new host in DNS
Enter QALin777
IP address of new host in DNS

Enter 172.20.11.57
DNS Zone name
Enter vclass.local
Click Submit.
The workflow takes a few seconds to run. The end element (target) should turn
green.
taskbar.
Click the vclass.local forward lookup zone.
Click the refresh icon in the DNS Manager window.
Examine the vclass.local forward lookup zone and confirm that a Host (A) record
for QALin777 with an IP address of 172.20.11.57 exists.
Automation system.
Minimize the Remote Desktop Connection and vRealize Orchestrator.
Use Internet Explorer on the student desktop and select vRA Web Console - Eng
Tenant from the vRA favorites menu.
Log in to vclass.local domain as XaaS administrator account user name QA-User01

Task 9: Add the vRealize Orchestrator Workflow to an XaaS Blueprint
You add the vRealize Orchestrator workflow to an anything-as-a-service (XaaS)

blueprint. vRealize Orchestrator, combined with Windows PowerShell, can automate a
wide variety of IT operations.
Click XaaS.
Click XaaS Blueprints.
Click the New (+) icon.
Expand Orchestrator.
Expand vRA Custom Workflows.
Select Add DNS-Host.
Click Next.
Enter This blueprint will add a DNS Host (A) record to the DNS server running
on dc.vclass.local in the Description text box.
Enter 1.0.0 in the Version text box.
Click Next.
Click Next.
Click Finish.
Use what you learned in previous labs to complete the tasks.
Refer Lab 11 and Lab 12
Publish the Add DNS-Host blueprint.
Create an Add DNS-Host service.
Add the Add DNS-Host blueprint catalog item to the Add DNS-Host service.
Create an Add DNS-Host entitlement.
Task 10: Test the vRealize Orchestrator Workflow from the XaaS Blueprint
You test the vRealize Orchestrator workflow by requesting an XaaS blueprint

service.
Click Request in Add DNS-Host.
Enter Test of DNS Workflow in the Description text box.
Click Next.
Use the parameters to test the vRealize Orchestrator workflow.

Option Action
Name of new host in DNS
Enter QALin888
IP address of new host in DNS
Enter 172.20.11.58
DNS Zone name
Enter vclass.local
Click Submit.
Click OK.
Track the request status and wait for its successful completion.
taskbar.
Click the vclass.local forward lookup zone.
Click the refresh icon in the DNS Manager window.
Examine the vclass.local forward lookup zone and confirm that a Host (A) record
for QALin888 with an IP address of 172.20.11.58 exists.
Close the DNS Manager window on the dc.vclass.local desktop.
Close the Administrative Tools window on the dc.vclass.local desktop.
Press Alt+F4 and log out of dc.vclass.local.
Close the Remote Desktop Connection Manager.
Log out of vRealize Automation.
Lab 27 - Examining Blueprints
Install vRealize CloudClient
Use vRealize CloudClient to Export a Blueprint
Examine the Blueprint
Task 1: Install vRealize CloudClient
You install vRealize CloudClient on the student A desktop.

password VMware1!.
Click the Windows Explorer shortcut on the desktop taskbar to open Windows
Explorer.
Browse to C:\Materials\Downloads\VMware.
Right-click cloudclient-4.0.0-3343843-dist.zip and select Extract All.
Enter C:\Materials\ in the destination folder.
Click Extract.
Right-click the cloudclient-4.0.0-3343843 folder and select Rename.
Enter cloudclient.
Click the command prompt icon on the taskbar to open a Command Prompt window.
Enter cd c:\materials\cloudclient\bin.
Click the C:\ icon in the upper-left corner of the Command Prompt window to
change the properties of the Command Prompt window.
Click to enlarge
Select Properties.
Click the Layout tab.
Set the Window size width to 140 and click OK.
Enter cloudclient.bat.
Press the spacebar multiple times to scroll through the license agreement.
Enter Y.
The screen should look like the screenshot.

Click to enlarge
Leave vRealize CloudClient running for the next task.
Task 2: Use vRealize CloudClient to Export a Blueprint
You use vRealize CloudClient to export a blueprint.
Enter the commands to use vRealize CloudClient to log in to VMware vRealize®

Automation™ with qa-user01 (a tenant administrator for the Eng tenant).
Cloudclient:
vra login userpass --tenant Eng
vRA Server (IP or hostname):
sa-vra-01.vclass.local
vRA username:
qa-user01@vclass.local
vRA Password for qa-user-01@vclass.local:
VMware1!
The screen should look like the screenshot.

Click to enlarge
Enter vra content list command to list all of the blueprints.

Click to enlarge
You might need to widen the Command Prompt window to clearly see the ID string
for each blueprint. If a width of 140 is not wide enough, try 160 or 180. You can
use the up arrow to repeat the vra content list command.
Locate the QA-DB blueprint in the name column (third column).

Click to enlarge
Identify the corresponding contentID in the second column.
Click to enlarge
Record the contentID of the QA-DB blueprint.
The contentID of the QA-DB blueprint should be QADB.
Identify the contentTypeID.

Click to enlarge
The contentTypeID of the QA-DB blueprint should be composite-blueprint.
Enter vra content export --content-id blueprintID --type type --path

c:\materials\cloudclient.
For example:
vra content export --content-id QADB --type composite-blueprint --path

c:\materials\cloudclient
Click to enlarge
Enter exit to log out of vRealize CloudClient.
Close the Command Prompt window.
Task 3: Examine the Blueprint
You examine the exported blueprint.
Click the Windows Explorer icon on the taskbar of the student A desktop.
Browse to c:\materials\cloudclient.
Right-click the QADB-composite-blueprint.zip file and select Extract All.
Click Extract.
Right-click the metadata.yaml file and select Open with.
Click More options.
Scroll down and select WordPad.
Examine the high-level YAML code.
Close WordPad.
In Windows Explorer, double-click composite-blueprint to open the subdirectory.
Right-click QADB.yaml and select Open with.
Select WordPad.
Examine the YAML code for the blueprint.
Q. Which template is used to create the QA-DB virtual machine?

ANSWER: Centos-Template
Q. Which network profile is connected to the QA-DB virtual machine?
ANSWER: QA-Data-NP
Q. Which workflow is used to provision the QA-DB virtual machine?
ANSWER: CloneWorkflow
Close WordPad.
Close Windows Explorer.
Lab 28 - Using XaaS for Day-2 Operations
Log In to vRealize Orchestrator
Create a Workflow
Copy a Blueprint
Add the Blueprint to an Existing Service and Entitlement
Create a XaaS Resource Action
Configure Target Criteria for the XaaS Resource Action
Configure the Form for the XaaS Resource Action
Add the Resource Action to an Existing Entitlement
Deploy a New Virtual Machine
Test the Resource Action
Verify the Resource Action
Clean Up for the Next Lab
Task 1: Log In to vRealize Orchestrator
You use the vRealize Orchestrator Client shortcut from the student desktop to log
in to the VMware vRealize® Orchestrator™ system.
Double-click the Orchestrator Client shortcut on the student-a desktop.
Click Continue to proceed with an untrusted connection.
Wait for the login screen to appear.

Use the VMware vRealize Orchestrator mode drop-down menu to switch vRealize
Orchestrator to Design mode.
Task 2: Create a Workflow
You create a workflow to add a disk drive and more memory to a provisioned virtual
machine.
Click the Workflows tab in the left pane.
Expand the vRA ICM Class Workflows folder in the left pane.
Right-click the Copy of Day-2-Bigger-VM workflow and select Duplicate workflow.
Enter XaaS Day-2-Bigger-VM in the New workflow name text box.
Click vRA ICM Class Workflows in the Workflow folder box.
Enter vRA Custom in the Search box.
Double-click vRA Custom Workflows.
Do not copy the version history.
Select No.
Click Submit.
Minimize the vRealize Orchestrator client.
Switch back to Internet Explorer.
Log in to vclass.local domain as XaaS administrator account user name QA-User01

You copy an existing blueprint for use in day-2 operations.
Automation system.
Click Design.

Click Copy.
Enter QA-DB-Day-2 in the Name text box.
Click OK.
Click Save.
Click Finish.
Select, but do not open, the QA-DB-Day-2 blueprint.
Click Publish.
Task 5: Add the Blueprint to an Existing Service and Entitlement
You add the blueprint to an existing service and an entitlement.
Click Services.
Select, but do not open, the QA-General-Services.
Click the green plus (+) to add a new catalog item to this service.
Select QA-DB-Day-2.
Click OK.
Click Close.
Click Entitlements.
Click QA-General-Entitlement.
Click Items & Approvals.
Click Entitled Items +.
Select QA-DB-Day-2 and click OK.
Click Finish.
Task 6: Create a XaaS Resource Action
You create a XaaS resource action.
Click Design.
Click XaaS.
Click Resource Actions.

Click New.
Select Orchestrator > vRA Custom Workflows > XaaS Day-2-Bigger-VM.
Examine the Input parameters pane.
The input parameters here match the input parameters in the vRealize
Orchestrator workflow.
Click Next.
Verify that IaaS VC VirtualMachine is selected for the Resource type and vm for
Input parameter drop-down menu.
Click Next.
Enter Add a second disk drive and change the RAM setting on the virtual machine
in the Description text box.
Enter 1.0.0 in the Version text box.
Task 7: Configure Target Criteria for the XaaS Resource Action
You configure the target criteria for the XaaS resource action. This controls which
blueprints can use this action.
Select Available based on conditions for the Target criteria.
Click Clause... in the drop-down menu.
Select Blueprint name.
Select Contains in the drop-down menu.
Select Constant in the Value drop-down menu.
Enter Day-2 in the text box.
Click Next.
Task 8: Configure the Form for the XaaS Resource Action
You configure the form for the XaaS resource action. The form is used to guide end
users on the selection of appropriate values.
In the center pane, click inside the Disk index box.
In the right pane, scroll down and select Value... in the Default value box.
Select Constant.
Enter 1 in the text box.
Click the Constraints tab.
Select Constant in the visible box and select No from the drop-down menu.
Click Apply
In the center pane, click Search in the Disk persistence mode box.
In the right pane scroll down and select Value... in the Default value box.
Select Constant.
Enter independent_persistent in the text box.
Click Constant in the Visible drop-down menu.
Select No.
Click Apply.
In the center pane, click inside the SCSI controller bus number box.
In the right pane, scroll down and select Value... in the Default value box.
Select Constant.
Enter 0 in the text box.
Click Constant in the Visible drop-down menu.
Select No.
Click Apply.
Click Finish.
Task 9: Add the Resource Action to an Existing Entitlement
You add the resource action to an existing entitlement.
Select, but do not open, the XaaS Day-2-Bigger-VM resource action.
Click Publish.
Click Entitlements.
Click the Items & Approvals tab.
Click Entitled Actions +.
Select XaaS Day-2-Bigger-VM and click OK.

Click Finish.
Task 10: Deploy a New Virtual Machine
You deploy a new virtual machine to test the new resource action.
In the QA-General-Services pane, click Request for the QA-DB-Day-2 service.
In the Description text box, enter Test of new resource action.
Click Submit.
Click OK.
Wait for the status of the request to change from In Progress to Successful.
Task 11: Test the Resource Action
You test the resource action.
Expand the QA-DB-Day-2 deployment.
Select XaaS Day-2-Bigger-VM from the Actions drop-down menu.
Enter Larger VM in the Description text box
Enter I need an additional 10 GB drive and RAM to be set to 2 GB in the Reasons

text box.
Click Next.
Click Select+ in the Datastore in which to put the virtual disk file box.
Expand https://sa-vcsa-01.vclass.local:443/sdk > Datacenters > SA Datacenter >

datastore and select the SA-Shared-01 Remote check box.
Click Select.
Enter 10 in the Disk size (in GB) text box.
Enter 2048 in the Memory size in MB text box.
Click Submit.
Click OK.
Wait for the status of the request to change from In Progress to Successful.
Task 12: Verify the Resource Action
You examine the virtual machine you just changed.
If closed, open a new tab and select vSphere Web Client from Infrastructure
drop-down menu and log in with user name administrator@vsphere.local and the
password VMware1!.
Verify that you have a second hard disk of size 10 GB and that the RAM is now
set to 2048 MB.
Task 13: Clean Up for the Next Lab
You destroy the virtual machine you just requested to save resources.
Return to the vRealize Automation console.
Select the most recent deployment.
Use the Actions drop-down menu to select Destroy.
Lab 29 - Controlling the Lifecycle of a Machine
Log In to vRealize Orchestrator
Create a Workflow
Configure Input Parameters & Attributes for Workflow
Create the Examine Payload Scriptable Task
Verify a Property Definition
Verify a Property Group
Modify a Blueprint
Add Blueprint to a Service and Add an Entitlement
Create a Subscription
Add Conditions to the Subscription
Select a Workflow and Details for the Subscription
Test the Subscription and Workflow
Examine the Log in vRealize Orchestrator
Task 1: Log In to vRealize Orchestrator
You use the VMware vRealize® Orchestrator™ client shortcut from the student desktop
to log in to the vRealize Orchestrator system.
Minimize the Remote Desktop Connection.
Double-click the vRealize Orchestrator Client shortcut on the student-a

desktop.
Click to enlarge
To see the vRealize Orchestrator shortcut on the desktop, you might have to
minimize other items such as Internet Explorer.
Click Continue to proceed with an untrusted connection and wait for the login
window to appear.

Verify that Run is selected from the VMware vRealize Orchestrator drop-down
menu.
Click to enlarge
Task 2: Create a Workflow
You create a workflow to add a virtual machine to the DNS server.
Select Design from the VMware vRealize Orchestrator drop-down menu.
Expand the vRA ICM Class Workflows folder in the left pane.
Right-click the Copy of Add DNS Host workflow and select Duplicate workflow.
You must right-click the name of the workflow to produce a menu.
Enter EBS Add DNS-Host in the New workflow name text box.
Click vRA ICM Class Workflows under the Workflow folder.
Enter vRA Custom in the search box.
Double-click the vRA Custom Workflows folder.
Click No to not copy the version history.
Click Submit.
Verify that the EBS Add DNS-Host workflow is selected in the left pane and
click the edit icon (pencil) above the right pane.
If the value for the host attribute for PowerShell:PowerShellHost is Not Found,
set the PowerShell host.
Click to enlarge
Click Not found in the Value column.
Expand PowerShell.
Select DomainController.
Click Select.
Click Save and close.
Task 3: Configure Input Parameters & Attributes for Workflow
You configure input parameters and attributes for the workflow to use it with the
event broker service.
Click the edit icon (pencil) in the right pane to edit the workflow.
Click the Inputs tab.
Select the hostName parameter by clicking to the right of the parameter name.
Clicking the parameter name opens a dialog box that enables you to change the
name. Do not change the name of these parameters.
If you accidentally open the attribute name dialog box, click Cancel.
Click the Move as attribute (A+) icon.

Click to enlarge
This operation converts the hostName parameter from an input parameter to a

general attribute. Input parameters are expected to have a value passed into
vRealize Orchestrator when the workflow starts. General attributes are general
purpose variables that can be used throughout the workflow, but which do not need
to have an input value when the workflow starts.
Select the ipAddress parameter.
Select the zoneName parameter.
Click the Add parameter (right arrow +) icon.
Click arg_in_0.
Enter payload in the Attribute name text box and click OK.
Click string.
Enter properties in the Filter text box and click Accept.
This action converts the new payload input parameter from a string type
variable to a properties type variable. vRealize Automation requires a single input
parameter of a properties type to pass an array of custom properties from the event
broker service to vRealize Orchestrator when the workflow is called by the vRealize
Automation event broker subscription. The input parameter can have any name. In
this workflow, you use the name payload. There should only be one properties type
variable defined as an input parameter in a workflow that is called by the event
broker service.
Enter vclass.local in the Value text box of the zoneName parameter.
Click Save.
You will see a message about errors. Ignore it. Those errors will be resolved
in the next task.
Task 4: Create the Examine Payload Scriptable Task
You modify the new workflow to use it with the event broker service by adding a new
scriptable task.
Click the Schema tab.
Drag a scriptable task from the left pane into the workflow and place it
between the start arrow and the Build Command scriptable task.
Click to enlarge
Point to the new scriptable task and click the pencil icon to open the task for
editing.
Click the Info tab.
Enter Examine Payload in the Name text box.
Click the IN tab.

Click to enlarge
Select payload.
Select hostName.
Select ipAddress.
Click Select.
Click the Out tab.

Select hostName.
Select ipAddress.
Click Select.
the visual binding should look like the screenshot.

Click to enlarge
Click Close.
The script must be entered exactly as shown. Use the text file on the student
desktop in C:\Materials\CutAndPaste\Lab24-LifecycleEBS.txt. You can copy and paste
the script from the text file into the Scripting pane.
Here is a copy of the script in the workflow.
var machine = payload.get("machine");
vCACVMProperties = machine.get("properties") ;
NetworkName=vCACVMProperties.get("VirtualMachine.Network0.Name");
System.debug("Network name is "+NetworkName);
var
networkProfile=vCACVMProperties.get("VirtualMachine.Network0.NetworkProfileName");
ipAddress=vCACVMProperties.get("VirtualMachine.Network0.Address");
hostName=machine.get("name");
System.debug("Profile Name is "+networkProfile);
System.debug("Network Address is " + ipAddress);
System.debug("Host name is " + hostName);
You must open the C:\Materials\CutAndPaste\Lab24-LifecycleEBS.txt file and copy

the entire script in to clipboard. You can start the selection with var machine =
payload.get("machine"); and select to the end of the file.
Return to the vRealize Orchestrator client.
Open the Examine Payload item for editing.
Click the Scripting tab.
Paste the script in the Scripting pane.
Click Close.
Click Validate.
The workflow should report that it is valid.

Click Close.
Click Save and close.
Minimize vRealize Orchestrator.
Task 5: Verify a Property Definition
You verify the configuration of a property definition.
Switch back to Internet Explorer and select vRA Web Console - Eng Tenant from
the vRA favorites menu.

Click Administration.
Click Property Definitions.
Verify that you have a VirtualMachine.Network0.NetworkProfileName property

definition that matches this property:
Click to enlarge
Click Cancel.
Task 6: Verify a Property Group
You verify the configuration of an existing property group.
Click Property Groups.
Verify that you have an existing QA.VMProperties group that matches this group:
Click to enlarge
Click Cancel.
Task 7: Modify a Blueprint
You modify a blueprint to add DNS information to the DNS server after the virtual
machine is provisioned.
Click Design.
Click Copy.
Enter QA-DB-Add-DNS in the Name text box.
Click OK.
Click the QA-DB virtual machine.
Click the Properties tab.
Click the Property Groups tab.
Click Add.
Select QA.VMProperties.
Click OK.
Click the Custom Properties tab.
Click New.
Enter
Extensibility.Lifecycle.Properties.VMPSMasterWorkflow32.MachineProvisioned in the
Name text box.
Enter the name of the property exactly as specified. You can use the text file
on the student desktop in C:\Materials\CutAndPaste\Lab24-LifecycleEBS.txt. You can
copy and paste the text string in the Name text box.
Enter a value of * in the Value text box.
This action passes all of the custom properties to this blueprint during the
VMPSMasterWorkflow32 workflow Machine Provisioned event.
Click OK.
Click Save.
Click any clear space in the design canvas to close the virtual machine in the
blueprint.
Click the QADataNP network in the blueprint.
Click the delete icon (red x) for the QADataNP network.
Click Yes.
This change leaves the blueprint with no network. The network is selected when
the service is requested.
Click Save.
Click Finish.
Select, but do not open, the QA-DB-Add-DNS blueprint.
Click Publish.
Task 8: Add Blueprint to a Service and Add an Entitlement
You add the blueprint to a service and add an entitlement.

Click <Administration to return to the main Administration pane.
Click Services.
Select, but do not open, the QA-General-Services.
Click Catalog Items + to add a new catalog item to this service.
Select QA-DB-Add-DNS.
Click OK.
Click Close.
Click Entitlements.
Click Items & Approvals.
Click Entitled Items +.
Select QA-DB-Add-DNS and click OK.
Click Finish.
Task 9: Create a Subscription
You create a subscription to run the vRealize Orchestrator workflow after the
virtual machine is provisioned.
Click <Administration.
This action returns you from Catalog Management to the main Administration tab.
Click Events.
Click Subscriptions.
Click New.
Select Machine provisioning.
Click Next.
Task 10: Add Conditions to the Subscription
You add conditions to control the subscription.
Select Run based on conditions.
Select All of the following from the Clause drop-down menu.

Click Clause.
Select Data > Lifecycle state > Lifecycle state name from the Clause drop-down
menu.
Click to enlarge
Select Equals from the new drop-down menu.
Select Constant from the new drop-down menu.

Click to enlarge
Select VMPSMasterWorkflow32.MachineProvisioned from the bottom drop-down menu.
This operation should create a logical condition that is equivalent to Data >
Lifecycle state name equals VMPSMasterWorkflow32.MachineProvisioned.
Click Add expression.
From the Clause drop-down menu, select Data >Lifecycle state > State phase.
Select Equals from the new drop-down menu.
Select POST from the bottom drop-down menu.
Click Add expression.
Select Data > Blueprint name from the Clause drop-down menu.
Select Contains from the new drop-down menu.
Enter Add-DNS in the text box.
The condition should look like the screenshot.

Click to enlarge
Click Next.
Task 11: Select a Workflow and Details for the Subscription
You select a workflow and the details for the subscription.
Select the Orchestrator > vRA Custom Workflows > EBS Add DNS-Host workflow.
Click Next.
Select the Blocking check box.
Enter 5 in the Timeout (min) text box.
Click Finish.
Select, but do not open, the EBS Add DNS-Host subscription.

Click Publish.
Task 12: Test the Subscription and Workflow
You test the subscription and workflow.
In the QA-General-Services pane, click Request for the QA-DB-Add-DNS service.
In the Description text box, enter Test of new subscription.
Click QA-DB.
From the Network Profile drop-down menu, select QA Data network.
Click Submit.
Click OK.
Click the Requests tab and wait for the status of the request to change from In
Progress to Successful.
Select the request and click View Details.
Click the Execution Information icon.

Click to enlarge
Record the name of the virtual machine that was deployed.
Click the Remote Desktop Connection Manager icon and return to the session with
DC.vclass.local.
Click the refresh icon on the DNS Manager task bar.
Expand Forward Lookup Zone > vclass.local.
Verify that an entry is present for the virtual machine and that it has an
address listed in the 10.10.103.0 subnet.
Close the Remote Desktop Connection manager.
Task 13: Examine the Log in vRealize Orchestrator
You examine the vRealize Orchestrator workflow log.
Return to the vRealize Orchestrator client.
Select Run from the VMware vRealize Orchestrator menu.
In the left pane, expand vRA Custom Workflows > EBS Add DNS-Host.
Select the EBS Add DNS-Host entry with the green check mark that indicates the
most recent completion of this workflow.
You might need to click the refresh icon in the vRealize Orchestrator client.
In the right pane, click the Logs tab.
Select the Debug log from the drop-down menu.
You should see output that reports the information that the script dumped using
the System.debug commands. The report should be similar to the screenshot.
Click to enlarge
Exit the vRealize Orchestrator client.
Lab 30 - Installing vRealize Automation
Shut Down the vRealize Automation IaaS Server
Shut Down the vRealize Automation Appliance
Start the vRealize Automation Installation Wizard
Install the Management Agent
Start the Prerequisite Checker
Generate Security Certificates
Validate the Installation Settings and Prerequisites
Complete the Installation
Run the Initial Setup
Answer the Manual User Action Request
Examine the New Configuration
Task 1: Shut Down the vRealize Automation IaaS Server
You shut down the VMware vRealize® Automation™ Information-as-a-Service (IaaS)

server. When the vRealize Automation IaaS server is shut down, no interference is
caused by this server when you install a new configuration of vRealize Automation
using a different vRealize Information IaaS server.
Log out of the vRealize Automation Web console.
Shut down Internet Explorer by closing all tabs.
Click the Remote Desktop Manager shortcut on the Student-A desktop taskbar.
Double-click the sa-IaaS-01 server.
You must connect to sa-IaaS-01. Do not connect to sa-IaaS-02.
When the Remote Desktop Manager completes the login, click the desktop of the
sa-IaaS-01 server.
Press Alt+F4.
Select Shut down from the drop-down menu and click OK.
Click Yes.
Minimize, but do not close, the Remote Desktop Manager.
Task 2: Shut Down the vRealize Automation Appliance
You shut down the vRealize Automation appliance. When the vRealize Automation
appliance is shut down, no interference is caused by this server when you install a
new configuration of vRealize Automation.
Click the MTPuTTY shortcut on the Student-A desktop taskbar.
Double-click the sa-vRA-01 item in the left pane.
You must connect to sa-vRA-01. Do not connect to sa-vRA-02.
Enter shutdown -h now command.
Close the MTPuTTY application.
Task 3: Start the vRealize Automation Installation Wizard
You start the vRealize Automation installation wizard.
Return to the Remote Desktop Manager application on the Student-A desktop.
Double-click the sa-IaaS-02 - Logon as a Service server.
You must connect to sa-IaaS-02 - Logon as a Service. Do not connect to sa-IaaS-

01 or to sa-IaaS-02.
Click to enlarge
Examine the information on the desktop to verify that you are logged in to the
sa-IaaS-02 server with the User Name vra.service.
Click to enlarge
Click the Windows Start button on the sa-Iaas-02 server.
Click the Internet Explorer browser shortcut.
Connect to https://sa-vra-02.vclass.local:5480.
Maximize the Internet Explorer pane to full screen.
Click Continue to this website (not recommended).
Log in with the root account and the password VMware1!.
The first time anyone connects to the vRealize Automation appliance on port
5480, the installation wizard starts. As long as you have the prerequisites done on
IaaS, SQL Server, and Active Directory (including the creation and configuration of
the service account), the wizard steps you through the process.
Verify that the installation wizard is running. You should see this screen:
Click to enlarge
Click Next.
Select the I accept the terms of this agreement check box to accept the license
agreement.
Click Next.
Leave the default Minimal deployment clicked and click Next.
Task 4: Install the Management Agent
You install the vRealize Automation management agent on the vRealize Automation
IaaS server.
Click vCAC-IaaSManagementAgent-Setup.msi.
Click Save.
Click Run.
Click Next to start the vRealize Automation management agent installation.
Select the I accept the terms of this agreement check box to accept the license
agreement and click Next.
Click Next to keep the default destination folder.
Enter https://sa-vra-02.vclass.local:5480 in the vRA appliance address text

box.
Enter root in the Root username text box.
Click Load to load the SHA1 fingerprint.
A best practice is to confirm the SHA1 fingerprint before proceeding. To save

time in this lab, you will not confirm the fingerprint.
Select the I confirm the fingerprint matches the Management Site Service SSL
certificate check box.
Click Next.
Enter the password VMware1! for the VCLASS\vra.service user account and click
Next.
Click Install.
Click Yes to allow the management agent setup program to change the server.
Wait for the installation of the management agent to complete and click Finish.
Close the current Internet Explorer tab (labeled Certificate Error Navigation)
and return to the VMware vRealize Appliance tab.
This action should return you to the Installation Prerequisites page of the
vRealize Automation Installation wizard.
Click to enlarge
Click the Use Time Server radio button.
Enter the address 172.20.11.10 in the Time Server text box.
This address uses the vclass.local domain controller as the local network time
server.
Click Next.
Task 5: Start the Prerequisite Checker
You start the vRealize Automation installation wizard prerequisite checker.
Click Run to execute the prerequisite checker and wait for the host to trigger
the prerequisite check.
Click Run. Do not click Next. If you click Next instead of Run you will skip
the prerequisite checker.
The prerequisite checker will start. You might have to wait for five minutes
before you see changes.
When you see the status OK with a green check mark, click Next.
Enter sa-vra-02.vclass.local in the vRealize Address text box and click Next.
Enter VMware1! in the Administrator password text box.
Enter VMware1! in the Confirm password text box.
The password that you enter becomes the password of the vRealize Automation
system administration account in the default vsphere.local tenant. This password
should be entered carefully and recorded.
Click Next.
Enter sa-iaas-02.vclass.local in the IaaS Web Address text box.
Enter vclass\administrator in the Username text box.
You must enter the account in the form domain-name\user-name. Do not use a
simple user name (with no domain). Do not enter the user name in the form user-
name@domain-name.
Failure to enter the user name in the correct format results in an installation
failure.
Enter VMware1! in the Security Passphrase text box.

Enter VMware1! in the Confirm Passphrase text box.
The database security passphrase must be carefully entered and recorded. You
cannot recover the database security passphrase if you lose it.
Click Next.
Enter sa-sqlserver-01.vclass.local in the Server name text box.
Enter vratwo in the Database name text box.
Do not use the default database name vra. A vra database already exists on this
SQL Server instance that was used in the earlier installation. You must create a
database for the this lab.
Accept the other defaults and click Next.
Accept the defaults for the Distributed Execution Managers and click Next.
Enter vcsa-endpoint in the Endpoint text box.
The name that you use for the VMware vCenter Server® endpoint is critical.
Record the endpoint name. In several other places in vRealize Automation, you must
know the name that you assigned to the vCenter Server endpoint. The default
endpoint name is vCenter. But if you use multiple vCenter Server endpoints, each
endpoint must have a unique name.
Accept the other defaults for the agents and click Next.
Task 6: Generate Security Certificates
You generate SSL security certificates for vRealize Automation.
Keep the default selection of Generate Certificate for the vRealize appliance
certificate.
Enter VMware in the Organization text box.
Enter VMware Education in the Organization Unit text box.
Enter +1 as country code in the Country Code text box.
Click Save Generated Certificate.
The wizard generates a security certificate and changes the Certificate Action
selection from Generate Certificate to Keep Existing. Keep the default of the new
selection of Keep Existing.
Wait for the server to generate a security certificate and click Next.
Keep the default Generate Certificate selection for the Web certificate.
Enter VMware in the Organization text box.
Enter VMware Education in the Organization Unit text box.
Enter +1 as country code in the Country Code text box.

Click Save Generated Certificate.
The wizard will generate a security certificate and change the Certificate
Action selection from Generate Certificate to Keep Existing. Keep the default of
the new selection of Keep Existing.
Wait for the server to generate a security certificate and click Next.
Click Next to accept the default Manager Service Certificate.
Task 7: Validate the Installation Settings and Prerequisites
You validate the installation settings and prerequisites.
Click Validate.
The validation process can take up to 30 minutes. The progress bar does not
show smooth progress. Periods of no activity are followed by jumps of 10 to 30
percent. You should see the first progress update within 10 minutes.
If the Validation is in progress message is visible, you do not need to click

the Validate button a second time.
Do not leave the session. If you are not present to respond when the validation
process finishes, the installation wizard can time out.
When the validation process completes and all items are listed with a green
check mark and the Succeeded status, click Next.
Click Next to skip the Create Snapshots message.
Click Install to begin the actual installation process.
Task 8: Complete the Installation
You complete the installation.
A GetEval Licenses powershell shortcut is present on the Student-A desktop
When the installation process completes, click Next.
The installation process should take less time than the prerequisite checks,
but it can still take up to 45 minutes. You must use the scroll bar to monitor the
progress of the final steps in the installation.
Enter the new license key in the New License Key text box and click Submit Key.
Licenses
Click Next.
Deselect the Enable Customer Experience Improvement Program check box and click
Next.
Enter VMware1! in the Password text box to set the password for the
configurationadmin account.
Enter VMware1! in the Confirm password text box.
Click Create Initial Content and wait for the initial content configuration to
complete.
You are not required to use the Create Initial Content wizard for a successful
installation. You will use the Create Initial Content wizard in this lab to
demonstrate its capabilities.
Click Next.
Click Finish.
Close the Remote Desktop Connection Manager application.
Task 9: Run the Initial Setup
You use the configurationadmin account to run the initial setup.
Click the Internet Explorer shortcut on the Student-A desktop taskbar.
Use the vRA > Install Lab > vRA Web Console (vRA-02) - Default Tenant to
connect to https://sa-vra-02.vclass.local/vcac.
Log in as user account configurationadmin with the password VMware1!.
Click Request in the vSphere Initial Setup service.
Select No from the Do you want to use the current tenant? drop-down menu.
Select Yes from the Do you want to create a new tenant? drop-down menu.
Enter VMware1! in the System tenant administrator password text box.
Use the scroll bar to scroll down.
Enter Production in the Tenant name text box.
Enter a first name of the choice in the First name text box.
Enter a last name of the choice in the Last name text box.
Enter the email address prod-admin@vclass.local in the Email address text box.
Enter the user name prod-admin in the Username text box.
Enter the password VMware1! in the Password text box and click Next.
Enter vcsa-endpoint in the Endpoint name text box.
This endpoint name must match the endpoint defined in the proxy agent. The
default endpoint name is vCenter, but this name can be changed to any name by
manually installing the proxy agent. In task 5, you should have used an endpoint
name of vcsa-endpoint.
Enter sa-vcsa-01.vclass.local in the Endpoint host text box.
Enter SA Compute-01 in the Endpoint compute resource text box.
Enter administrator@vsphere.local in the Username text box.
Task 10: Answer the Manual User Action Request
You answer the manual user action request to complete the initial setup.
Click the Inbox tab.
Click Manual User Action.
Use the refresh icon to periodically check for a new manual user action to
appear.
A new manual user action should appear in 5 to 15 minutes.

Click to enlarge
Click the number 1 to open the manual user action.
Select Centos-Template.
Select Win8-Template.
Scroll down and select SA-Shared-01 Remote from the Select reservation storage
drop-down menu.
From the Select reservation resource pool drop-down menu, select <None>.
From the Select reservation network drop-down menu, select pg-SA Production.
To see pg-SA Production, you might have to select a different network and then
click the Select reservation network drop-down menu a second time.
Click Submit.
Click the Requests tab and monitor the progress of the request.
When the request is Successful, log out of the default tenant.
Log out of the configurationadmin user account.
Task 11: Examine the New Configuration
You examine the initial setup that was created for you by the initial setup
workflow.
Click the Internet Explorer shortcut on the Student-A desktop taskbar.

Use the vRA > Install Lab > vRA Web Console - Production Tenant to connect to
https://sa-vra-02.vclass.local/vcac.
The login screen has no option to sign in to a different domain because the new
Production tenant is not yet connected to any other directory. Only the local
directory vsphere.local is available.
Log in as user account prod-admin with the password VMware1!.
Q. Which blueprints are already defined?
ANSWER: Clone_Centos-Template and Clone_Win8-Template.
Click the Administration tab and select Catalog Management > Catalog Items.
Q. Which services are offered?
ANSWER: Clone_Centos-Template and Clone_Win8-Template.
Select Reservations > Reservations.
Click Reservation InitContent[Production][SA Compute-01] to examine the default

reservation.
Q. What storage resource do you have?
ANSWER: SA-Shared-01 Remote.
Q. What network path is available?
ANSWER: pg-SA Production.
Q. Do you have any network profiles configured?
ANSWER: No.
Module 2 - vRealize Automation Overview

Lab

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Lab

Загружено:

Авторское право:

Доступные форматы

Lab 1 - Installing Licenses and Configuring the Lab Environment

In this lab, you will perform the following tasks:

Log In to the Lab Environment

Verify vCenter Server, Hosts, & NSX Manager Licenses

License vRealize Log Insight and Configure vSphere Integration

Prepare to Deploy Agents

Install the vRealize Log Insight Agent on Critical Infrastructure Servers

License the vRealize Automation System

Open the NSX Manager console.

Verify if the boot process is completed or not. If the process is incomplete,

Press Enter to continue the boot process.

Task 1: Log In to the Lab Environment

Log in to the Student-a-01 desktop as user vclass\administrator with the

Task 2: Verify vCenter Server, Hosts, & NSX Manager Licenses

This lab environment uses self-signed certificates. Digital certificates should

Log in to vsphere.local domain administrator user name

If the host state is Disconnected, reconnect the ESXi host.

In the left pane, expand the inventory.

In the Reconnect host window, click Yes.

Verify the status of the NSX Controller.

In the left pane, select Installation.

Verify the status of NSX host Agent.

Click the Host Preparation tab.

Note: Please verify the above information at every login.

Task 3: License vRealize Log Insight and Configure vSphere Integration

License the vRealize Log Insight system.

In the left pane, select License.

Configure vSphere integration in the Log Insight administration interface.

vSphere should already be configured with the following settings:

Verify that ESXi hosts to send logs to Log Insight is selected.

Click Test Connection and verify that the test passes.

Click Save and click OK.

Task 4: Prepare to Deploy Agents

You download the vRealize Log Insight agent installer.

In the left pane, click Agents.

Close the download panel.

Do not click Run.

Close the installers list.

Minimize the Internet Explorer browser.

Double-click the Materials network drive shortcut on the desktop.

Open the Downloads directory.

Right-click the VMware-Log-Insight-Agent windows.msi installation package and

Click Run to accept the security warning.

Confirm that the host is sa-loginsight-01.vclass.local and click Install.

Log out of dc.vclass.local

Use the Remote Desktop Connection Manager to connect to the sa-SQLServer-01

Double-click the Materials network drive shortcut on the desktop.

Open the Downloads directory.

Right click the VMware-Log-Insight-Agent windows.msi installation package and

Click Run to accept the security warning.

Verify that the host is sa-loginsight-01.vclass.local and click Install.

Log out of sa-SQLServer-01.

Minimize the Remote Desktop Connection Manager.

Return to the vRealize Log Insight Web console in Internet Explorer.

Click Hosts in the left panel.

This action refreshes the console.

Click Agents in the left panel.

Confirm that two agents are listed.

One agent should be connected to dc.vclass.local, and one agent should be

In Internet Explorer, close the vRealize Log Insight tab.

Task 6: License the vRealize Automation System

You install a license key for vRealize Automation.

Log in as root with a password of VMware1!.

Enter the new vRealize Automation license key.