© 2015 VMware Inc. All rights reserved.
vRealize Automation 7.0What’s New | Spotlight Features
Erik Bussink
Solution Architect
bussink.ch | @ErikBussink
The Impact of the Accelerating Pace of Business
Applications
Drive competitive advantage
Enable new business opportunity
Applications
IT Operations
Shorter release cycles
Agile development processes
DEMAND
Increased demand
Faster delivery expectations
The Business
RESULT
Lower customer satisfaction
Growing use of shadow IT
Large application backlog
Perceived as barrier to progress
Increased risk
Missed opportunity
Hybrid Cloud
(Private / Public)
Physical
Software-Defined Data Center (SDDC) Cloud Management Platform enables the One Cloud, Any Application Approach
3
SOFTWARE-DEFINED DATA CENTER
Compute Network Storage
End-User Computing
Extensibility
Applications
Cloud Management Platform
Business OperationsAutomation
Virtualized Infrastructure
Compute Network Storage
Automating is key to a scalable and sustainable SDDCSDDC requires a new management paradigm
4
Prodigious Level of Automation
• Logical construct of users and resources
(IT and financial)
• Policy-based life cycle management
• Self-service capabilities
Explosive Growth
• New SDDC objects (e.g. VMs, NSX controllers,
VSAN datastores)
• Management scope expands across virtual and
physical
Task timeWait time
Full Automation Eliminates Wait Time
Semi-Automated
Service Blueprints
Policy-driven
Automation
Dev Test Prod On Premise
Infrastructure
Verification
Build VMs – New
or Clone
Get IP
Install, Setup, Configure Load Balancer Entries /
Firewall Changes
Web Server Configuration
1- 2 days 3- 5 days 3 – 5 days
1 – 2 days 4 – 7 days 2 – 3 days 2 – 5 days
Developer
Request
External Interface & Integration
IT Processes
Ticket
5
Application
Services
Simplified Virtual Appliances HA Landscape
8
6.X
vRA VA vRA VA
Data Store
Data Store
Application
Services
vRO
vRO
Identity Identity
IaaS Load
Balancer
vRA Load Balancer
AD, LDAP,
SAML,
2FA
7.0
• Fewer Services to Deploy
• Fewer VA’s to Manage
• Fewer External Dependencies
• Happy Customers
• All services automatically clustered when deployed in an HA configuration
1. vRA Core Services
2. Embedded vRealize Orchestrator Instance
3. vIDM (SSO) Services
4. vPostgres DB
SINGLE VIP NEEDED FOR ALL
THESE SERVICES IN HA!
IaaS Services (win)
vRA VA vRA VAvRA Core
vIDM
vRO
vPostgres DB
RabbitMQ
Load Balancer
Load BalancerLoad Balancer
External ServicesFabric Endpoints*
DEM 1Web
Service 1DEM 2
Web
Service 2Agent 1 Agent 2
Model
Mgr 2
Model
Mgr 1
* not all represented
AD | LDAP
vRealize Automation 7.0 Deployment Architecture
HA | Distributed
Installing vRealize Automation 7.0 - Highlights
10
• Completely Revamped Installation Process
• Everything starts with a single download of the vRA VA (OVA)
• Installation wizard offers two different types of installs
– Simple Install – wizard-driven walk through for installing vRA in a monolithic (non-distributed) instance
– Enterprise Install – wizard-driven walk through for installation all components in a distributed, highly-available vRA instance.
• Wizard locates IaaS installation candidates, leverages new management agent.
Deployment Options: Minimal vs. Enterprise
• Minimal assumes a POC like environment
– 1 vRealize Automation Appliance
– 1 Windows Server
• Enterprise assumes a fully distributed install
– Advises user on load balancer use
– Creates and places certs
– Creates database
11
IaaS Components: Assignment of Server Roles
• Wizard will detect and show available machines in the deployment
• Allows user to assign roles to specific machines
• Machine discovery requires management agent to be pre-installed
• A stand-alone pre-req checker is available
vIDM - Enhanced Authentication Service
14
• Embedded Service in vRA appliance (no separate VAs)
• Integrated UI with common Look and Feel
• Enable new Enterprise use cases
• Features Enabled by vIDM
– Multiple domains to single tenant
– Single domain to multiple tenants
– Full OTB branding capabilities
– OTB 3rd party SAML Token Support
– OTB Smart Card Support
– Multi-factor authentication
– Login Auditing
– Major Scalability Improvements
– HA support (configured by wizard)
Active Directory
vRA Appliance
Auth
Services
Auth Services
connecting to
multiple ADs
vIDM – Additional Features
Tenant and Directory Management
• Tenant isolation
• Tenant boundary is flexible, not bound by AD domains
• Sync the directory content to the local database
• Faster searches and logins
• Can sync only part of the directory
• Sync based on schedule or manually
• Define mapping of attributes
Support for Local Users
• AD is not required
• Basic operations for users add/remove/edit
• Local users are per tenant
15
vIDM – Per-Tenant Branding
• Branding configured per-Tenant
• Customize login screen wallpaper and color pallet
• vRA UI global branding and color pallet
16
Powered'by'VMware'Identity'Manager™
Converged Blueprint (CBP) DesignerSimplified Blueprint Authoring for IaaS and Applications
• Unified graphical canvas for designing machines, software components and application stacks
• Ability to extend or define external integrations in the canvas through XaaS(a.k.a ASD)
• Enable team collaboration by enhancing and introducing fine grain roles
• Avoid App Services complexity that often lead to longer sales cycle or reduced opportunity
App Authoring - Software Components Library
• The Software Architect (new role) authors software components for use in the CBP Designer – no more external tools.
• Once published, software components are shared across Business Groups, but not across Tenants
• Once Published, software components cannot be requested on their own – they are only consumable in the CBP Designer
• Typical Application Creation Workflow:
– Create and publish software components, properties, dependencies, etc.
– Application design with published software components using CBP
– Complete networking configuration for app blueprint
– Complete security configuration for app blueprint
– Publish, add to catalog, entitle, add EBS subscriptions (optional)
– Optionally Export App Blueprint (or Import others)
App Authoring - Significant Converged Capabilities
Added Feature / Function Details
Unified Canvas • Single model to author machines, applications, software components, and
XaaS blueprints.
• Consolidation of roles between vRA and AppServices
Machine Authoring • Author machine with standard configuration
• Use Puppet/Chef based configuration
Software Authoring • Author script based software
• Author Puppet/Chef content
Multi-Tier and Composite
Applications
• Authoring multi-tier application blueprints with dependencies and cross
node binding
• Author composite blueprints with individual sub-application blueprints
• Author blueprints using preconfigured XaaS service blueprints
Integrated Networking and
Security (NSX)
• NSX integration for single machine and multi-tier applications
• On-demand networks, security groups, and load balancing for single and
multi-tier blueprints (vSphere only)
Declarative Format • Declarative format for machine, software, application, and XaaS blueprints
• Import/Export a blueprint and save it in source control repository
(CloudClient)
vRA 7.0 Out of the Box Content
vRA 7 will ship with out-of-the-box application blueprints for quick start and TTV (top customer requests):
1. Windows System: Windows 2012 R2, IIS, MSSQL, .NET (#1 customer request)
2. LAMP Stack: RHEL and Apache Load Balancer
3. Micro Services App: This will mimic an e-commerce app that will replace the existing Duke’s Bank example
4. Ruby on Rails App: 3-tier app with Apache LB, Ruby on Rails, Oracle DB
21
• OOTB Blueprints are embedded in the vRA VA and imported into vRA using CloudClient
• Additional application blueprints will be made available for download from the Solutions Exchange:
• Multi-tier complex app, retail store use case• Big Data app, Java app, Sharepoint 2013
Blueprints as Code
22
• Ability to read and create blueprints with a text editor of choice.
• Save it in source control like Git
• Machine blueprint in YAML format
• Application & Software blue prints currently in JSON format moving to YAML by GA
• Import/Export in same or multiple vRA instances
• Complete Blueprint is exported into a zip compressed format similar to the current ASD export
© 2015 VMware Inc. All rights reserved.
vRealize Automation 7NSX + vRA 7
Cloud Management Technical Marketing
Application Deployment with On-Demand Networking & Security
• Logical switches and routers are created on demand by NSX when the user creates an application
• Single machine, single-tier or multi-tier topologies
• Supports NAT and routed topologies
• Automated IP addressing of both VMs and subnets
• On-demand security groups built per app and per tier with VMs placed into groups
• App isolation option
• Security policies applied to dynamically created groups
• Load-balancer configuration dynamically deployed and dedicated to application
24CONFIDENTIAL
Web/App
Database
VM VM
VM
Application Deployment with On-Demand Micro-Segmentation
• Networking is pre-created by NSX admin
• VMs placed on pre-created logical switches
• On-demand security groups created when application is deployed
• Security policies applied to dynamically created groups
• Micro-segmentation on larger L2 networks
• Load-balancer configuration dynamically deployed
• VMs and security groups removed when app destroyed but networking remains
25CONFIDENTIAL
Web/AppDatabase
VM VMVM
Application Deployment into Existing Network and Security Services
• Pre-created logical switches and routers defined by the NSX admin - VMs are wired to pre-created switches
• Security Groups pre-defined to match security tags for each tier of application
• When a cloud user selects a catalog item VMs are wired to NSX switches and tagged with appropriate security tags
• Enforcement is based on combining the tag with the rules in the security group
• Applications can be single tier or multi-tier –typically routed topologies
26CONFIDENTIAL
Web/App
Database
VM VM
VM
Simplified Application Centric Network and Security
Web
App
Database
VM VM
VM VM VM
VM
27
• Applications configured with dedicated or shared virtual switches and routers depending on needs
• Application level micro-segmentation security
• Dynamic configuration of application specific load balancers without expensive physical hardware
VM
• Networks configured to meet unique performance needs of each application
VM VM
VM VM
VM VM VM
Dynamically Configure NSX Network and Micro-segmentation unique for each application
CBP - Networking and Security Integration
• Automated connectivity to existing or on-demand networks
• Micro-segmentation for application stack
• Automated security policy enforcement thru NSX security policies, groups and tags
• On-demand dedicated NSX load balancer
• Parent component only, not application-level
28
NSX Integration for Blueprint Authoring & Deployment
LifeCycle Extensibility – Ecosystem Automation
30
• No need of any additional development tools
• No need of deep knowledge how the core functionality works
• Centrally create and manage extensibility for all IaaS services
• Increase TTV with quick-n-easy extensibility use cases
• Quickly leverage existing workflows from within the vRA UI
• Scalable model
Create vRO WF Subscribe for Event1 2
Customize & Extend vRA using Event broker
LifeCycle Extensibility – Centralized Policy ManagementEnable OOTB extensibility for IaaS and Application Services dynamically by leveraging the Event Broker
• Enable OTB extensibility for IaaSand Application Services dynamically by leveraging the Event Broker Service (EBS)
• Invoke workflows based on a policy-based trigger configured for a specific “interesting” event
“Invoke vRO Workflow to integrate with a custom service based on the NAME of a blueprint, Custom Property Value, Requestor ID, or machine and platform type….GO!”
LifeCycle Extensibility – Event Broker (EBS) High-Level View
XaaS
Postgres
Sql
IaaS
Cloud, Physical, virtual
vCA, AWS , Azure, Softlayer, …..
Event Broker Service (EBS)
Approvals Identity SW service SW agent
Resource Governance
• Compute, Storage,
Network
• Reservation
• Reservation Policies
Infrastructure Abstraction LayerCompute Network Storage
Orchestration Engine
• State Machine
• Life Cycle Workflows
• Data Collection
Plu
gg
ab
le F
ram
ew
ork
3rd party
management
systems
• CMDB
• IPAM / DNS /
DHCP
• Load Balancers /
Networking
• Service Desk
• Monitoring
Systems
• Storage
Management
• Databases
• Web Services
• …
vR
ea
lize
Orc
he
stra
tor
Introducing the [new] vRO Control Center
The vRO 7.0 Control Center
• Embedded + External
• New modern UI for vRO setup, configuration, workflow monitoring, troubleshooting, and other useful information.
• Collect metrics for workflow execution
• Analyze running workflows
• General troubleshooting
• Manage, Import/Export central DB
• WAY more slick than previous “legacy” UI
New Plugin Management UI
• Install and Management Plugins
• Debugging + Logging Granularity Per-Plugin
• View Plugin Status, Enable / Disable as needed
• Switch to Legacy UI if this is all too much for you
Runtime Metrics and Monitoring
• Global View of all Running Workflows
• Manage Workflow Execution
• Search by Workflow Name and Token ID
• View Multiple Workflows Simultaneously
Entitlements
• As with 6.x, Services, Catalog Items, and Actions can be added to an Entitlement
• In 7.0, the list of Catalog Items includes Catalog types
• Adding a Catalog Item type will entitle users to objects built off of that type.
6.x 7.0
Entitlements
• As with 6.x, Actions and Approvals can be added to Entitlements.
– Entitlement dictates what the user can see & do
– Limit what actions a user can perform to the actions in the entitlement that enabled the user to provision the resource.
• Actions are bound to Entitlements
– For actions to apply to a Resource, they must be granted in the same entitlement as the relevant Catalog Items or Services
• This wasn’t always the case
– In 7.0, Actions are bound to the entitlement resource was provisioned from
– In 6.x, if a user was entitled to an action - that action was available to all items regardless of the entitlement it was provisioned from.
VMware’s CMP Automates SDDC at Scale
39
DEFINE
Define Business Groups and Allocate Budget
CREATE
Create Reservations & Policies
Create Single Machine, Multi-tier Application, or other
custom service blueprints
REQUEST AND DEPLOY
Standardize Requests and Deploy Infrastructure Across Private, Public, and Hybrid
Clouds
METER
Meter and Correlate Consumer Usage and Costs
MONITOR
Collaborate Across Infra and Ops Teams; Monitor
Infrastructure Across Private, Public, and Hybrid Clouds
MANAGE
Remediate, Optimize, and Reclaim Infrastructure Based
on Policies and Cost
1
2
3
4
5
6
Recommended