Home » VMware

Category: VMware

vRealize Automation enabling the VMware Identity Manager GUI

In this blog post, I am going to show you how to enable the VMware Identity Manager GUI when it is located inside vRealize Automation. I am going to explain why you sometimes should and how the procedure is performed.

For some who don’t know, VMware vRealize Automation (vRA) is using under the covers VMware Identity Manager (vIDM). By default is the VMware Identity Manager GUI disabled after the vRealize Automation installation process. If you want to configure parts of vIDM you are configuring it through the vRealize Automation GUI.

Let’s get everybody on the same page: So you are talking about two GUIs the vRealize Automation GUI and the VMware Identity Manager GUI? Who is who, explain it to me!

vRealize Automation GUI - Displaying Active Directory Users
Here is the vRealize Automation (vRA) GUI – Displaying multiple Active Directory users

VMware Identity Manager GUI - Displaying Active Directory User
Here is the VMware Identity Manager (vIDM) GUI – Displaying an Active Directory user (by the way: the name Dick is a common name in The Netherlands)

Keep in mind: I’m not completely sure what will happen if you would configure items with the vIDM GUI. Because you are bypassing the default vRealize Automation GUI. I have done some tests and no problems were caused in my Lab environment but it might cause issues later on… So why do you enable it then? Because of the large amount of information provided throughout the vIDM GUI. The vRealize Automation GUI is only showing a small peace and not the big picture.

Product support: I have tested this procedure on vRealize Automation version 7.3 and vRealize Automation 7.3.1. I would expect it to work on newer and older vRealize Automation 7.X releases.

Enable the vIDM Interface

This procedure is for enabling the interface:

  • Step 01: Connect with an SSH session to the vRealize Automation Appliance. Use for example Putty.
  • Step 02: Login with the root credentials.
  • Step 03: Run the following command to start the VMware Identity Manager Interface: (vcacvami horizon ui enable).
  • Step 04: Open a web browser and navigate to the following URL:(https://%FQDN%/SAAS/admin/).
VMware Identity Manager (vIDM) interface enable
VMware Identity Manager (vIDM) interface enable

Disable the vIDM Interface

This procedure is for disabling the interface:

  • Step 01: Connect with an SSH session to the vRealize Automation Appliance. Use for example Putty.
  • Step 02: Login with the root credentials.
  • Step 03: Run the following command to stop the VMware Identity Manager Interface: (vcacvami horizon ui disable).
  • Step 04: When you navigate to the following URL no page should appear: (https://%FQDN%/SAAS/admin/).
VMware Identity Manager (vIDM) Interface/GUI disable
VMware Identity Manager (vIDM) interface disable

Status of the vIDM Interface

This procedure is for viewing the vIDM Interface status:

  • Step 01: Connect with an SSH session to the vRealize Automation Appliance. Use for example Putty.
  • Step 02: Login with the root credentials.
  • Step 03: Run the following command to view the current status of the VMware Identity Manager Interface: (vcacvami horizon ui status).
  • Step 04: When you navigate to the following URL no page should appear: (https://%FQDN%/SAAS/admin/).
VMware Identity Manager (vIDM) interface status
VMware Identity Manager (vIDM) interface status

VMware Identity Manager URLs

The following URLs are available when the GUI is enabled (there are probably more URLs available than listed below):

  • Main page: https://%vRA-Appliance-FQDN%:8443
  • Tenant-specific page (Tenant vSphere.local): https://%vRA-Appliance-FQDN%/SAAS/t/vsphere.local
  • Tenant-specific page (Tenant Production): https://%vRA-Appliance-FQDN%/SAAS/t/production
  • Tenant-specific page (Tenant Development): https://%vRA-Appliance-FQDN%/SAAS/t/development

vRealize Automation Internal Proxy Explained

To explain what happens under the covers is the following: When you run the command to start or stop vIDM interface the reverse proxy configuration located in vRealize Automation Appliance (vRA) is changed. The command adds or removes some configuration files. Then the proxy daemon is reloaded to pick up the changes. At that point, the vIDM webpage becomes available or unavailable depending on the given command. Under the covers, vRealize Automation uses HAProxy for IT guys working in container or web hosting environments that might be a very familiar product. Here is a quote from the HAProxy website to explain what HAProxy is capable of:

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic websites and powers quite a number of the world’s most visited ones. Over the years it has become the de-facto standard opensource load balancer, is now shipped with most mainstream Linux distributions, and is often deployed by default in cloud platforms. Since it does not advertise itself, we only know it’s used when the admins report it.

https://www.haproxy.org/#desc

VMware Identity Manager GUI Advantages

The main advantages of enabling the GUI:

  • You can view the currently logged in users in vRealize Automation.
  • When logging into the default tenant in the vIDM GUI you can view the total amount of users and groups that are identified by vIDM (counters are from all tenants combined).
  • You can view the health status of VMware Identity Manager (vIDM).
  • You can view the user login history based on the last days and you have reporting functionality.

Final word

In this blog post, I explained how to enable and disable the VMware Identity Manager interface on a vRealize Automation Appliance. As noted before be careful! I personally only use this method for troubleshooting Identity Manager related problems with authentication and viewing user activity.

Share this:

VMware vExpert NSX 2018

VMware vExpert NSX 2018 - Badge

I am happy to announce that as of today I entered the VMware vExpert NSX sub-program. Thanks, VMware for the award and congratulations to everyone else who also made it! Also an extraordinary achievement for our team at ITQ, we managed to get seven consultants in the vExpert NSX 2018 sub-program! This year VMware awarded 169 people worldwide for the vExpert NSX sub-program.

vExpert NSX:

  • Since when does the vExpert NSX sub-program exist?
    • The VMware vExpert NSX sub-program was introduced in the year 2016 and announcements are made every year.
  • So what is the difference between the vExpert NSX sub-program and vExpert program?
    • The program is built upon the vExpert program. To apply you must be a current vExpert as well as evangelizing VMware NSX.
  • What is VMware expecting of a vExpert NSX?
    • Each of these vExperts has demonstrated significant contributions to the community and a willingness to share their expertise with others. Contributing is not always blogging or Twitter as there are many public speakers, book authors, scriptwriters, VMUG leaders, VMTN community moderators and internal champions among this group.

Related links

Share this:

vRealize Orchestrator Client and High-Resolution Screens

Share this:

VMware VCAP6.5-DCV Design Exam Experience

VMware VCIX6.5-DCV Badge At VMware EMPOWER 2018 in Vienna, I passed the VMware Certified Advanced professional 6.5 Data center Virtualization Design exam or in sort VCAP6.5-DCV. This exam was already for a very long on my certification list, to be more precise for about four years. Because of the large number of new products VMware released the last couple of years, my priorities shifted many times because Data center Virtualization was not really too interesting to study anymore… (sorry Data center Virtualization for calling you not interesting). My experience with VMware vSphere started more than ten years ago and over the years I have been responsible for designing multiple infrastructures for customers.

The VMware way of describing the VMware Certified Advanced Professional 6.5 – Data Center Virtualization Design certification:

“The VCAP6.5-DCV Design certification validates advanced knowledge of simplifying data center operations through virtualization with vSphere 6.5 and its related components, and is able to recommend and design VMware solutions to meet specific goals and requirements. This industry-recognized certification improves your credibility among your peers and proves that you have a deep understanding of data center virtualization design principles and methodologies.”

 

So where is the exam about: The exam is about the VMware Design Methodology used for designing a VMware vSphere infrastructure the right way. To pass the exam you need to know everything about the following items and make sure you can apply them in real-life examples/use cases:
– AMPRS (Availability, Manageability, Performance, Recoverability and Security).
– RCAR (Requirement, Constraint, Assumption and Risk)
– Non-functional and functional requirements
– RPO (Recovery Point Objective)
– RTO (Recovery Time Objective)
– Conceptual, Logical and Physical Designs
– vSphere 6.5 features, what did the release of vSphere 6.5 provide to each feature and what are the requirements and constraints for implementation.
– vSAN 6.5 features, design and architecture
– Site Recovery Manager features, design and architecture
– vSphere Replication features, design and architecture

Preparation

For me, the preparation of the exam started with a couple of sessions about the vSphere Design Methodology. Jeffrey Kusters was so kind to host a couple of sessions in his spare time about the subject for all the ITQ colleges. Jeffrey Kusters is one of our VMware VCDXs that works at our firm and has a lot of years of experience designing vSphere Infrastructure as an IT architect.

Study Materials

I have used many different material/sources to prepare myself for the exam but watch out. There is so much information available that you can study until 2020 and then you are still not able to read all the information. Focus on the items listed above and you will have a good chance of passing. Important note, sometimes information on a blog or book is a couple of years old and you might expect it to be not relevant. This is not the case the VMware Design Mythology has not changed over the years.

Material list:
Blog – Jeffrey Kusters – Breaking down the conceptual design, RCARs and AMPRS …. VCDX style
Blog – Jeffrey Kusters – Passed VCAP6.5-DCV Design … Yes! Finally VCDX6
Course – VMware – VMware vSphere: Design Workshop [V6.5]
Documentation – VMware – vSphere 6.5 Availability Guide
Documentation – VMware – vSphere 6.5 Installation Setup Guide
Documentation – VMware – vSphere 6.5 Platform Services Controller Administration Guide
Documentation – VMware – vSphere 6.5 Security Guide
Documentation – VMware – vSphere 6.5 Upgrade Guide
– Ebook – VMware vSphere Design Second Edition by Scott Lowe, Forbes Guthrie and Kendrick Coleman
– Ebook – VMware vSphere 6.X Datacenter Design Cookbook SE by Hersey Cartwright
– Ebook – vSphere Design Pocketbook 2.0 Blog Edition
– Exam Guide – VMware – Link
Video – Pluralsight – What’s New in vSphere 6.5
Video – Youtube – vBrownbag – VCAP-DCV Design
White Paper – VMware – Storage Protocol Comparison

Conclusion

I passed the exam on the first attempt with a good score. The questions are decent around 12 drag en drop and 48 multiple choices. The questions are decent and require you to have deep knowledge of the products. So basically you know the answer or you just don’t. For me passing the VCAP6.5-DCV Design made me a VCIX6.5-DCV, so I was extra pleased with the result.

Special thanks to Jeffrey Kusters! You have been an absolute help!

Share this:

vRealize Suite Lifecycle Manager Internet Proxy URLs

Recently I was deploying the vRealize Suite Lifecycle Manager (vRSLCM) at a customer. One of there requirement was that the appliance only could reach the internet with their internet proxy configured. The deployment was based on the latest version of the vRSLCM appliance version 1.2. The main use case for deploying this appliance at the customer was to reduce the time spend on Lifecycle Management. The appliance is able to maintain vRealize Automation (vRA), vRealize Business (vRB), vRealize Log Insight (vRLI) and vRealize Operations Manager (vROPS).

So for the proxy configuration, we need to identify which URLs are required. Luckily in the VMware Documentation, there is a list of URLs and ports which the vRealize Suite Lifecycle Manager uses. So I configured the URLs but it appeared to be not working. The vRSLCM was complaining about the URL (https://my.vmware.com). So after analyzing the proxy logging, I could conclude that the URL list was not complete. Below this section, I display the difference between the official statement and what was required to get it working.

Proxy URLs – Official List:

This is the official URL list from the vRealize Suite Lifecycle Manager (vRSLCM) v1.2 documentation:

PortsPort NumberBase URLs
My VMware443https://apigw.vmware.com
Solutions Exchange443https://marketplace.vmware.com
Updates443https://vapp-updates.vmware.com
Compatibility443https://vapp-updates.vmware.com

Proxy URLs – Unofficial List:

This is the list that was required to get vRSLCM working through the proxy, keep in mind there are a lot of different functionalities in the vRSLCM appliance and I was not using the entire set of functionalities. There might be even more URLs required…

PortsPort NumberBase URLs
My VMware443https://apigw.vmware.com
Solutions Exchange443https://marketplace.vmware.com
Updates443https://vapp-updates.vmware.com
Compatibility443https://simservice.vmware.com
My VMware443https://my.vmware.com
vConnect443https://vconnect.vmware.com
Download location443https://download2.vmware.com
Download location443https://download3.vmware.com
Icons for marketplace 443https://marketplace-download.vmware.com

Proxy Configuration

In the steps below I explain the proxy configuration in the vRealize Suite Lifecycle Manager web interface:

  1. Open the a web browser.
  2. Navigate to the vRSLCM URL (https://%FQDN%).
  3. Log in with an administrator account (admin@localhost).
  4. Navigate to the following page (Settings > My VMware).
  5. Toggle the Configure Proxy to enabled.
  6. Enter the following proxy information:
    1. Proxy Server: %FQDN% or %IP%
    2. Proxy Port: %Port Number%
    3. Proxy Username: %Username%
    4. Proxy Password: %Password%
  7. Click on the Submit button.
  8. Verify if the My VMware communication is working and the appliance is able to download the media.

Note:

  • vRealize Suite Lifecycle Manager (vRSLCM) requires ICMP communication with the internet proxy. When configuring a proxy in vRSLCM version 1.3 the configuration validation fails without allowing ICMP.

Documentation:

– vRealize Suite Lifecycle Manager 1.2 Installation, Upgrade, and Management
vRealize Suite Lifecycle Manager 1.3 Installation, Upgrade, and Management

Article Update:

– 2018-07-16: Added additional proxy URLs for the vRealize Suite Lifecycle Manager version 1.3.
– 2018-07-16: Added link for the vRealize Suite Lifecycle Manager manual version 1.3.
– 2018-07-16: Added additional note about ICMP.

Share this:

Cannot Remove Content Library in VCSA 6.5 Update 1

Share this:

Opening vSphere Web Client (Flash) on Windows Server 2016

Share this:

No Workflow Output in vRealize Orchestrator (vRO) 7.4

Share this:

Removing a Virtual Machine from vRealize Automation with the vRealize CloudClient

Share this:

The VMware vSAN 2017 Specialist Exam

VMware vSAN 2017 Specialist - Badge
VMware vSAN 2017 Specialist – Badge

This afternoon I took the VMware vSAN 2017 Specialist and I passed with a score of 456 points. The exam is about… guess what Virtual SAN (vSAN)! To be more precise the latest version of vSAN version 6.6. The exam is a mix of deployment & design questions. In my opinion it is a smaller version of the separated Deploy & Design exams as in the major exam tracks (DCV, NV, CMA, DTM). The questions were really good and realistic, some examples: like about space efficiency, cluster sizing and some customer use cases. The exam contains 60 questions and you have 105 minutes to complete the exam.

Over the years I have done a lot of vSAN deployments, starting in the vSAN 5.5 days. So personally it was not the most difficult exam to pass but a good one to add to my résumé.

Exam description

The official exam description from VMware: “The VMware vSAN 2017 Specialist badge holder is a technical professional who understands the vSAN 6.6 architecture and its complete feature set, knows how to conduct a vSAN design and deployment exercise, can implement a live vSAN hyper-converged infrastructure environment based on certified hardware/software components and best practices, and can administer/operate a vSAN cluster properly.”

The Specialist Exams

At VMworld 2017 three new specialist exams were announced by VMware Education:

  • VMware vRealize Operations 2017 Specialist
  • VMware vSAN 2017 Specialist Exam
  • VMware Validated Designs for Software-Defined Data Center 2017

Currently the remaining two are on my “To Do” list because they all cover my area of expertise. The vSAN Specialist exam is the only one of the three that is done at a test center, the other two are online exams.

Study Material:

There is a lot of free vSAN 6.6 content available, especially the VMworld 2017 sessions are full of useful information. Take a look Duncan Epping his YouTube Channel (the URL listed below).

Share this: