© 2015 VMware Inc. All rights reserved.

vRealize Automation 7.0What’s New | Spotlight Features

Erik Bussink

Solution Architect

ebussink@vmware.com

bussink.ch | @ErikBussink

The Impact of the Accelerating Pace of Business

Applications

Drive competitive advantage

Enable new business opportunity

Applications

IT Operations

Shorter release cycles

Agile development processes

DEMAND

Increased demand

Faster delivery expectations

The Business

RESULT

Lower customer satisfaction

Growing use of shadow IT

Large application backlog

Perceived as barrier to progress

Increased risk

Missed opportunity

Hybrid Cloud

(Private / Public)

Physical

Software-Defined Data Center (SDDC) Cloud Management Platform enables the One Cloud, Any Application Approach

3

SOFTWARE-DEFINED DATA CENTER

Compute Network Storage

End-User Computing

Extensibility

Applications

Cloud Management Platform

Business OperationsAutomation

Virtualized Infrastructure

Compute Network Storage

Automating is key to a scalable and sustainable SDDCSDDC requires a new management paradigm

4

Prodigious Level of Automation

• Logical construct of users and resources

(IT and financial)

• Policy-based life cycle management

• Self-service capabilities

Explosive Growth

• New SDDC objects (e.g. VMs, NSX controllers,

VSAN datastores)

• Management scope expands across virtual and

physical

Task timeWait time

Full Automation Eliminates Wait Time

Semi-Automated

Service Blueprints

Policy-driven

Automation

Dev Test Prod On Premise

Infrastructure

Verification

Build VMs – New

or Clone

Get IP

Install, Setup, Configure Load Balancer Entries /

Firewall Changes

Web Server Configuration

1- 2 days 3- 5 days 3 – 5 days

1 – 2 days 4 – 7 days 2 – 3 days 2 – 5 days

Developer

Request

External Interface & Integration

IT Processes

Ticket

5

vRealize Automation 7.0What’s New | Spotlight Features

6CONFIDENTIAL

Accelerate Time to Value (TTV)

• New Deployment Architecture

• Wizard-Based Automated Installation

Application

Services

Simplified Virtual Appliances HA Landscape

8

6.X

vRA VA vRA VA

Data Store

Data Store

Application

Services

vRO

vRO

Identity Identity

IaaS Load

Balancer

vRA Load Balancer

AD, LDAP,

SAML,

2FA

7.0

• Fewer Services to Deploy

• Fewer VA’s to Manage

• Fewer External Dependencies

• Happy Customers

• All services automatically clustered when deployed in an HA configuration

1. vRA Core Services

2. Embedded vRealize Orchestrator Instance

3. vIDM (SSO) Services

4. vPostgres DB

SINGLE VIP NEEDED FOR ALL

THESE SERVICES IN HA!

IaaS Services (win)

vRA VA vRA VAvRA Core

vIDM

vRO

vPostgres DB

RabbitMQ

Load Balancer

Load BalancerLoad Balancer

External ServicesFabric Endpoints*

DEM 1Web

Service 1DEM 2

Web

Service 2Agent 1 Agent 2

Model

Mgr 2

Model

Mgr 1

* not all represented

AD | LDAP

vRealize Automation 7.0 Deployment Architecture

HA | Distributed

Installing vRealize Automation 7.0 - Highlights

10

• Completely Revamped Installation Process

• Everything starts with a single download of the vRA VA (OVA)

• Installation wizard offers two different types of installs

– Simple Install – wizard-driven walk through for installing vRA in a monolithic (non-distributed) instance

– Enterprise Install – wizard-driven walk through for installation all components in a distributed, highly-available vRA instance.

• Wizard locates IaaS installation candidates, leverages new management agent.

Deployment Options: Minimal vs. Enterprise

• Minimal assumes a POC like environment

– 1 vRealize Automation Appliance

– 1 Windows Server

• Enterprise assumes a fully distributed install

– Advises user on load balancer use

– Creates and places certs

– Creates database

11

IaaS Components: Assignment of Server Roles

• Wizard will detect and show available machines in the deployment

• Allows user to assign roles to specific machines

• Machine discovery requires management agent to be pre-installed

• A stand-alone pre-req checker is available

Federated Identity VMware Identity Management (vIDM)

vIDM - Enhanced Authentication Service

14

• Embedded Service in vRA appliance (no separate VAs)

• Integrated UI with common Look and Feel

• Enable new Enterprise use cases

• Features Enabled by vIDM

– Multiple domains to single tenant

– Single domain to multiple tenants

– Full OTB branding capabilities

– OTB 3rd party SAML Token Support

– OTB Smart Card Support

– Multi-factor authentication

– Login Auditing

– Major Scalability Improvements

– HA support (configured by wizard)

Active Directory

vRA Appliance

Auth

Services

Auth Services

connecting to

multiple ADs

vIDM – Additional Features

Tenant and Directory Management

• Tenant isolation

• Tenant boundary is flexible, not bound by AD domains

• Sync the directory content to the local database

• Faster searches and logins

• Can sync only part of the directory

• Sync based on schedule or manually

• Define mapping of attributes

Support for Local Users

• AD is not required

• Basic operations for users add/remove/edit

• Local users are per tenant

15

vIDM – Per-Tenant Branding

• Branding configured per-Tenant

• Customize login screen wallpaper and color pallet

• vRA UI global branding and color pallet

16

Powered'by'VMware'Identity'Manager™

Converged Blueprints (CBP)Redefining Services Design

Converged Blueprint (CBP) DesignerSimplified Blueprint Authoring for IaaS and Applications

• Unified graphical canvas for designing machines, software components and application stacks

• Ability to extend or define external integrations in the canvas through XaaS(a.k.a ASD)

• Enable team collaboration by enhancing and introducing fine grain roles

• Avoid App Services complexity that often lead to longer sales cycle or reduced opportunity

App Authoring - Software Components Library

• The Software Architect (new role) authors software components for use in the CBP Designer – no more external tools.

• Once published, software components are shared across Business Groups, but not across Tenants

• Once Published, software components cannot be requested on their own – they are only consumable in the CBP Designer

• Typical Application Creation Workflow:

– Create and publish software components, properties, dependencies, etc.

– Application design with published software components using CBP

– Complete networking configuration for app blueprint

– Complete security configuration for app blueprint

– Publish, add to catalog, entitle, add EBS subscriptions (optional)

– Optionally Export App Blueprint (or Import others)

App Authoring - Significant Converged Capabilities

Added Feature / Function Details

Unified Canvas • Single model to author machines, applications, software components, and

XaaS blueprints.

• Consolidation of roles between vRA and AppServices

Machine Authoring • Author machine with standard configuration

• Use Puppet/Chef based configuration

Software Authoring • Author script based software

• Author Puppet/Chef content

Multi-Tier and Composite

Applications

• Authoring multi-tier application blueprints with dependencies and cross

node binding

• Author composite blueprints with individual sub-application blueprints

• Author blueprints using preconfigured XaaS service blueprints

Integrated Networking and

Security (NSX)

• NSX integration for single machine and multi-tier applications

• On-demand networks, security groups, and load balancing for single and

multi-tier blueprints (vSphere only)

Declarative Format • Declarative format for machine, software, application, and XaaS blueprints

• Import/Export a blueprint and save it in source control repository

(CloudClient)

vRA 7.0 Out of the Box Content

vRA 7 will ship with out-of-the-box application blueprints for quick start and TTV (top customer requests):

1. Windows System: Windows 2012 R2, IIS, MSSQL, .NET (#1 customer request)

2. LAMP Stack: RHEL and Apache Load Balancer

3. Micro Services App: This will mimic an e-commerce app that will replace the existing Duke’s Bank example

4. Ruby on Rails App: 3-tier app with Apache LB, Ruby on Rails, Oracle DB

21

• OOTB Blueprints are embedded in the vRA VA and imported into vRA using CloudClient

• Additional application blueprints will be made available for download from the Solutions Exchange:

• Multi-tier complex app, retail store use case• Big Data app, Java app, Sharepoint 2013

Blueprints as Code

22

• Ability to read and create blueprints with a text editor of choice.

• Save it in source control like Git

• Machine blueprint in YAML format

• Application & Software blue prints currently in JSON format moving to YAML by GA

• Import/Export in same or multiple vRA instances

• Complete Blueprint is exported into a zip compressed format similar to the current ASD export

© 2015 VMware Inc. All rights reserved.

vRealize Automation 7NSX + vRA 7

Cloud Management Technical Marketing

Application Deployment with On-Demand Networking & Security

• Logical switches and routers are created on demand by NSX when the user creates an application

• Single machine, single-tier or multi-tier topologies

• Supports NAT and routed topologies

• Automated IP addressing of both VMs and subnets

• On-demand security groups built per app and per tier with VMs placed into groups

• App isolation option

• Security policies applied to dynamically created groups

• Load-balancer configuration dynamically deployed and dedicated to application

24CONFIDENTIAL

Web/App

Database

VM VM

VM

Application Deployment with On-Demand Micro-Segmentation

• Networking is pre-created by NSX admin

• VMs placed on pre-created logical switches

• On-demand security groups created when application is deployed

• Security policies applied to dynamically created groups

• Micro-segmentation on larger L2 networks

• Load-balancer configuration dynamically deployed

• VMs and security groups removed when app destroyed but networking remains

25CONFIDENTIAL

Web/AppDatabase

VM VMVM

Application Deployment into Existing Network and Security Services

• Pre-created logical switches and routers defined by the NSX admin - VMs are wired to pre-created switches

• Security Groups pre-defined to match security tags for each tier of application

• When a cloud user selects a catalog item VMs are wired to NSX switches and tagged with appropriate security tags

• Enforcement is based on combining the tag with the rules in the security group

• Applications can be single tier or multi-tier –typically routed topologies

26CONFIDENTIAL

Web/App

Database

VM VM

VM

Simplified Application Centric Network and Security

Web

App

Database

VM VM

VM VM VM

VM

27

• Applications configured with dedicated or shared virtual switches and routers depending on needs

• Application level micro-segmentation security

• Dynamic configuration of application specific load balancers without expensive physical hardware

VM

• Networks configured to meet unique performance needs of each application

VM VM

VM VM

VM VM VM

Dynamically Configure NSX Network and Micro-segmentation unique for each application

CBP - Networking and Security Integration

• Automated connectivity to existing or on-demand networks

• Micro-segmentation for application stack

• Automated security policy enforcement thru NSX security policies, groups and tags

• On-demand dedicated NSX load balancer

• Parent component only, not application-level

28

NSX Integration for Blueprint Authoring & Deployment

Mission:ExtensibleLifeCycle Extensibility (LE) Redefines Ecosystem Integration

CDK

LifeCycle Extensibility – Ecosystem Automation

30

• No need of any additional development tools

• No need of deep knowledge how the core functionality works

• Centrally create and manage extensibility for all IaaS services

• Increase TTV with quick-n-easy extensibility use cases

• Quickly leverage existing workflows from within the vRA UI

• Scalable model

Create vRO WF Subscribe for Event1 2

Customize & Extend vRA using Event broker

LifeCycle Extensibility – Centralized Policy ManagementEnable OOTB extensibility for IaaS and Application Services dynamically by leveraging the Event Broker

• Enable OTB extensibility for IaaSand Application Services dynamically by leveraging the Event Broker Service (EBS)

• Invoke workflows based on a policy-based trigger configured for a specific “interesting” event

“Invoke vRO Workflow to integrate with a custom service based on the NAME of a blueprint, Custom Property Value, Requestor ID, or machine and platform type….GO!”

LifeCycle Extensibility – Event Broker (EBS) High-Level View

XaaS

Postgres

Sql

IaaS

Cloud, Physical, virtual

vCA, AWS , Azure, Softlayer, …..

Event Broker Service (EBS)

Approvals Identity SW service SW agent

Resource Governance

• Compute, Storage,

Network

• Reservation

• Reservation Policies

Infrastructure Abstraction LayerCompute Network Storage

Orchestration Engine

• State Machine

• Life Cycle Workflows

• Data Collection

Plu

gg

ab

le F

ram

ew

ork

3rd party

management

systems

• CMDB

• IPAM / DNS /

DHCP

• Load Balancers /

Networking

• Service Desk

• Monitoring

Systems

• Storage

Management

• Databases

• Web Services

• …

vR

ea

lize

Orc

he

stra

tor

vRealize Orchestrator

Updates | Features

Introducing the [new] vRO Control Center

The vRO 7.0 Control Center

• Embedded + External

• New modern UI for vRO setup, configuration, workflow monitoring, troubleshooting, and other useful information.

• Collect metrics for workflow execution

• Analyze running workflows

• General troubleshooting

• Manage, Import/Export central DB

• WAY more slick than previous “legacy” UI

New Plugin Management UI

• Install and Management Plugins

• Debugging + Logging Granularity Per-Plugin

• View Plugin Status, Enable / Disable as needed

• Switch to Legacy UI if this is all too much for you

Runtime Metrics and Monitoring

• Global View of all Running Workflows

• Manage Workflow Execution

• Search by Workflow Name and Token ID

• View Multiple Workflows Simultaneously

Entitlements

• As with 6.x, Services, Catalog Items, and Actions can be added to an Entitlement

• In 7.0, the list of Catalog Items includes Catalog types

• Adding a Catalog Item type will entitle users to objects built off of that type.

6.x 7.0

Entitlements

• As with 6.x, Actions and Approvals can be added to Entitlements.

– Entitlement dictates what the user can see & do

– Limit what actions a user can perform to the actions in the entitlement that enabled the user to provision the resource.

• Actions are bound to Entitlements

– For actions to apply to a Resource, they must be granted in the same entitlement as the relevant Catalog Items or Services

• This wasn’t always the case

– In 7.0, Actions are bound to the entitlement resource was provisioned from

– In 6.x, if a user was entitled to an action - that action was available to all items regardless of the entitlement it was provisioned from.

VMware’s CMP Automates SDDC at Scale

39

DEFINE

Define Business Groups and Allocate Budget

CREATE

Create Reservations & Policies

Create Single Machine, Multi-tier Application, or other

custom service blueprints

REQUEST AND DEPLOY

Standardize Requests and Deploy Infrastructure Across Private, Public, and Hybrid

Clouds

METER

Meter and Correlate Consumer Usage and Costs

MONITOR

Collaborate Across Infra and Ops Teams; Monitor

Infrastructure Across Private, Public, and Hybrid Clouds

MANAGE

Remediate, Optimize, and Reclaim Infrastructure Based

on Policies and Cost

1

2

3

4

5

6