Archive for Part 1

vRealize Automation large scale deployment Part 1 Identity and vRA appliance install

January 7, 2016 Part 1, vRA Distributed Deployment v6.2.3 No comments

vRARobot2

vRA Distributed deployment.

This series will cover a larger distributed deployment of vRealize Automation 6.2.3

Software required

vRAD1

Components

Only the Identity and vRA appliances are covered in this blog. The rest will be covered in the series to follow.

  • 1 x Identity appliance
  • 2 x vRA appliances (Postgres Database only)
  • 2 x IaaS servers
  • 2 x Manager Servers
  • 1 x Orchestrator appliance
  • 1 x F5 Load Balancer

Important

  • DNS must be configured for all servers/appliances you use and test it
  • Whatever you use for time sync must be identical for all servers/appliances you use

F5 Load Balancer setup and information

  • http://kaloferov.com/blog/configuring-vrealize-automation-load-balancing-using-f5-big-ip/

Certificates

Please follow one of my other blogs for generating and importing certificates into vRA appliances and servers

http://www.electricmonk.org.uk/2015/12/03/installing-vra-6-x-certificates/

Step 1 – Deploying the Identity Appliance

  • In the vSphere client or web client select File > Deploy OVF Template

vRAD2

  • Check the details

vRAD3

  • Accept the license agreeement
  • Put in a name for the vRA Identity appliance

vRAD4

  • Choose your storage

vRAD5

  • Leave the defaults for storage

vRAD6

  • Check the details and click Finish

vRAD7

  • Note: The identity appliance cannot be clustered but can be put on a vSphere HA cluster to provide redundancy in the event of hardware failure but not in the event of the Identity appliance having an issue.
  • You may need to go into the vCenter console for the machine and set a root password
  • You will then see this screen where you can see the web browser link to log into the Identity appliance

vRAD8

  • Log into the web link

vRAD9

  • Set the time zone

vRAD10

  • Set the SSO password

vRAD11

  • It should then look like the below screenprint

vRAD12

  • Click on host settings and put in the name of the identity appliance
  • Make sure there is a DNS entry for the identity appliance

vRAD14

  • Click on Network then the Address tab and put in the relevant details

vRAD16

  • You will then need to reboot and relogin
  • Next click on SSO > SSL
  • Generate a certificate for now. Example below

vRAD39PNG

  • Click on Active Directory and put in your details

vRAD15

  • It will then look like the below

vRAD17

  • Go to the Admin tab and click Admin
  • Tick SSH service enabled and Administrator SSH login enabled

vRAD18

  • Click on Time settings and adjust if you have a time server. I left mine on Use host time

vRAD19

  • This should now be complete.
  • Note: You may want to adjust the CPU and RAM depending on customer requirements
  • Note. It might be wise at this point to shutdown the appliance and take a snapshot

Step 2 Deploy 2 vRealize Automation Appliances

Note: Follow the below steps for each appliance

  • In the vSphere client or vSphere Web Client click File > Deploy OVF template

vRAD20

  • Check the details

vRAD21

  • Accept the license agreement
  • Put in a name

vRAD22

  • Choose your storage

vRAD23

  • Choose your storage options

vRAD24

  • Next you will need to type in the hostname, ssh enabled, IP address, subnet mask, gateway and DNS servers

vRAD25

  • Click Next and check all your details

vRAD26

  • Once this is deployed, make sure you have a DNS entry added
  • Log into the appliance
  • Change the time settings first

vRAD27

  • Click on the Network tab and select Host Settings.
  • Fill in your details

vRAD36PNG

  • Reboot the appliance

vRAD37PNG

  • Click on the vRA Host Settings
  • Add in your host settings – this should be your load balanced name
  • Import your certificate in which should have been pre-created from the instructions in my previous vRA certificate blog

vRA233

  • Click on SSO
  • Put in the SSO details (The identity appliance details)
  • If everything is ok then you will see a certificate message

vRAD40PNG

  • Click Save Settings and note the SSO seems to take a long time

vRAD50

  • You should see the following

vRAD51

  • You should slowly see the services begin to come up
  • Note:  To monitor service startup run the following command:
  • tail -f /var/log/vcac/catalina.out

vRAD52

  • Do exactly the same process on the second appliance
  • Add your license in – Go to vRA Settings > Licensing

vRA234

  • Next please go to Part 2 for the Postgres clustering of the vRA appliances

http://www.electricmonk.org.uk/2016/01/07/vrealize-automation-large-scale-deployment-part-2-clustering-the-postgres-databases-on-the-vra-appliances-v6-0-2/

Licensing Problems

I had an issue where my license suddenly became invalid which was a little bizarre as it is test non expiring one.

However I followed the steps in the below article on both appliances and it came back fine

Thanks @ vmguru 🙂

https://www.vmguru.com/2015/09/downgrade-the-vrealize-automation-license/